Secure coding

The requirements for assessment 1:

 

Too many developers are prioritising functionality and performance over security. Either that, or they just don’t come from a security background, so they don’t have security in mind when they are developing the application, therefore leaving the business vulnerable.

Your task for this assignment is to implement five dangerous software errors (vulnerable code), exploit and fix, and based on your implementation then write a secure software development framework/guideline that discusses those implemented five dangerous software errors (such as Buffer Overruns). Your framework/guideline should include the following for each software error:

  1. a)    demonstrate how the vulnerability can be exploited with code examples?
  2. b)    demonstrate how the code was tested to identify vulnerability?
  3. c)    how to mitigate, what security measures were put into place?
  4. d)    test again to make sure the code is resilient to the chosen attack

Your framework should also include general discussion about:

  1. a)    the importance of Security Development Life Cycle
  2. b)    product risk assessment and risk analysis

 

You should include all implemented source code in the appendix of your report. Note that the appendix does not count towards your report word count.

 

You should carefully consider the following when writing your report:

 

  • Style – suitable to be quickly read and comprehended.
  • Content – relevant, clearly explained, logically organised.
  • Authority – discussed concepts and ideas will need evidence in support.
  • Practical understanding – your own practical examples, advice and demonstrations should be included.
  • Technical understanding – understanding of the discussed system and consideration of comparison products.
  • Comprehensiveness – you need to cover what you consider to be all the key topics.
  • Helpfulness – practical examples, advice and demonstrations should be included

 

 

Special instructions

You need to submit two files – one is your report (a Microsoft Word document file) and other is a zip file containing all implemented source code.

 

Submit your source files (just one compressed zip file). The compressed zip file should be named according to the convention

CT6042 2022-23 001 StudentNumber SOURCECODE

      e.g. CT6042 2022-23 001 1608131 SOURCECODE

 

Submit report (just one Word document) named according to the convention

CT6042 2022-23 001 StudentNumber REPORT

            e.g. CT6042 2022-23 001 1608131 REPORT

 

Assessment 1 criteria

You need to achieve at least 40% to pass this assessment. Below a guide to the level of practical content and report required for the assignment.

 

Grade Content
To achieve <30 Some requirements met, but very limited and not recoverable. Copyright violation.
To achieve <40 Deliverables partially complete, e.g. incorrect database models or failure to submit report.
To achieve 40+ Discussed

·       Any 3 of the most dangerous software errors with examples

To achieve 50+ Discussed

·       Any 3 of the most dangerous software errors with examples

·       Security Development Life Cycle

 

·       Some code examples used in the report were implemented by yourself

To achieve 60+ Discussed

·       Any 4 of the most dangerous software errors with examples

·       Security Development Life Cycle

  • Discussion of product risk assessment and risk analysis

 

·       Most code examples used in the report were implemented by yourself

To achieve 70+ Discussed

·       Any 5 of the most dangerous software errors with examples

·       Security Development Life Cycle

  • Discussion of product risk assessment and risk analysis

 

·       All code examples used in the report were implemented by yourself

 

The maximum size for the report is 3000 words.

Assesses learning outcomes (1), (2),  (3) and (4)

 

Note that the overall grade will be determined by the application of the School of Business & Technology Assessment Criteria Grid.