Security testing and Vulnerability Analysis -- 2
Thanh toán khi bàn giao
Task 1. Security Testing and Vulnerability Analysis
For this task, you should use the ZAP project to conduct automated and manual security testing of
the project. Describe in detail the steps of your testing and discuss the outcomes of the testing
results. You may discuss whether a testing approach is more effective and what you have done to
enhance the number and/or the accuracy of the detected vulnerabilities.
You are required to analyze 3 potential security vulnerabilities. The 3 vulnerabilities you identify
should be of 3 different classes, and you should classify them using 3 distinct CWE codes. Higher
marks will be given to vulnerabilities that cover a broader range or are very different in nature.
For each of the vulnerabilities, you should write a short report discussing the following:
• How the vulnerability was detected, e.g., through one method or a combination of multiple
• A description of the vulnerability, including
o typical example(s) of the vulnerability with explanations,
o how the vulnerability may be exploited, e.g., example inputs from malicious users that
can trigger the attack, and
o consequences of the vulnerability being exploited.
• A justification of why the vulnerability you identified in the project is indeed a security
vulnerability corresponding to the CWE classification. You may achieve this by one or more of
o Verify the vulnerability by trying to exploit it and describe in detail what action you
o Perform a code review to identify the source code instance, describe where it appears
in the project, and provide the code snippets.
o Conduct some research and cite references to support your claims.
• A recommendation of remediation that would fix the vulnerability or a discussion on why
remediation is challenging. Ideally, a fix is provided specific to the project, e.g., by revising the
You should not write more than 2 pages for each vulnerability and use an appendix if necessary. The
report format for each vulnerability should contain the following headings.
• CWE Code:
o Verification (optional):
o Code Source (optional):
o Supporting Data (optional):
ID dự án: #37257050
Về dự án
15 freelancer chào giá trung bình$45 cho công việc này
Hello, I can help you with the Security texting and Vulnerability analysis and reporting. Kindly text me over the chats we discuss further. Thank you