Skip to content

Security Exercise - Mandatory #106

Description

@emigiusto

The following general steps will guide you through a security assessment. Consider using them as steps in a report. The report will become a section in your final project report.

A. Risk Identification

Identify assets (e.g. web application)
Identify threat sources (e.g. SQL injection)
Construct risk scenarios (e.g. Attacker performs SQL injection on web application to download sensitive user data)

B. Risk Analysis

Determine likelihood
Determine impact
Use a Risk Matrix to prioritize risk of scenarios
Discuss what are you going to do about each of the scenarios

C. Pen-Test Your System
Try to test for vulnerabilities in your project by using wmap, zaproxy, or any of the tools in the list of OWASP vulnerability scanning tools)
Fix at least one vulnerability that you find; ideally one that is high in your prioritization cf. to your risk analysis

Pen testing:
Group o group o -[checks]-> Group s Group S
Group s Group S -[checks]-> Group t our group name

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions