lex939
commented
3 days ago Hello, could you please specify which Lecture Topic this issue refers to? Thank you.
Open noel-vargas opened 3 days ago
lex939
commented
3 days ago Hello, could you please specify which Lecture Topic this issue refers to? Thank you.
noel-vargas
commented
3 days ago "Software’s Complexity" and "Process Planning" from "The Nature of the Design Process" lectures.
Objective:
Identify potential security vulnerabilities in the authentication system by performing automated scans using established security tools.
Task Description:
Use the configured security tools to run automated scans on the SafeRUM sign-in/log-in system. The scans will check for common vulnerabilities such as SQL injection, cross-site scripting (XSS), insecure authentication protocols, and improper session management. The goal is to compile a list of detected issues that require further analysis or remediation.
Implementation:
Use OWASP ZAP and Burp Suite to perform full scans of the authentication endpoints. Configure scans to target the login page, registration page, password reset functionality, and any API endpoints related to authentication. Ensure that scans are comprehensive and include checks for all common web vulnerabilities. Subtasks:
Plan the Scans:
Identify all authentication-related endpoints and functionalities to be scanned. Configure the scope of the scans in the tools. Execute Scans:
Run initial scans and monitor for any issues or interruptions. Adjust settings as needed for thorough coverage. Collect Results:
Export scan reports for analysis. Organize findings by severity and type. Testing and Debugging:
Verify that scans complete without crashing the application or the testing environment. Address any tool configuration issues that prevent the scan from completing. Deadline:
Completion Date: [Set a date approximately one week after Task 8a completion]Objective:
Identify potential security vulnerabilities in the authentication system by performing automated scans using established security tools.
Task Description:
Use the configured security tools to run automated scans on the SafeRUM sign-in/log-in system. The scans will check for common vulnerabilities such as SQL injection, cross-site scripting (XSS), insecure authentication protocols, and improper session management. The goal is to compile a list of detected issues that require further analysis or remediation.
Implementation:
Use OWASP ZAP and Burp Suite to perform full scans of the authentication endpoints. Configure scans to target the login page, registration page, password reset functionality, and any API endpoints related to authentication. Ensure that scans are comprehensive and include checks for all common web vulnerabilities. Subtasks:
Plan the Scans:
Identify all authentication-related endpoints and functionalities to be scanned. Configure the scope of the scans in the tools. Execute Scans:
Run initial scans and monitor for any issues or interruptions. Adjust settings as needed for thorough coverage. Collect Results:
Export scan reports for analysis. Organize findings by severity and type. Testing and Debugging:
Verify that scans complete without crashing the application or the testing environment. Address any tool configuration issues that prevent the scan from completing. Deadline:
Completion Date: October 25 2024