The requirements for assessment 1:
Too many developers are prioritising functionality and performance over security. Either that, or they just don’t come from a security background, so they don’t have security in mind when they are developing the application, therefore leaving the business vulnerable.
Your task for this assignment is to implement five dangerous software errors (vulnerable code), exploit and fix, and based on your implementation then write a secure software development framework/guideline that discusses those implemented five dangerous software errors (such as Buffer Overruns). Your framework/guideline should include the following for each software error:
- a) demonstrate how the vulnerability can be exploited with code examples?
- b) demonstrate how the code was tested to identify vulnerability?
- c) how to mitigate, what security measures were put into place?
- d) test again to make sure the code is resilient to the chosen attack
Your framework should also include general discussion about:
- a) the importance of Security Development Life Cycle
- b) product risk assessment and risk analysis
You should include all implemented source code in the appendix of your report. Note that the appendix does not count towards your report word count.
You should carefully consider the following when writing your report:
- Style – suitable to be quickly read and comprehended.
- Content – relevant, clearly explained, logically organised.
- Authority – discussed concepts and ideas will need evidence in support.
- Practical understanding – your own practical examples, advice and demonstrations should be included.
- Technical understanding – understanding of the discussed system and consideration of comparison products.
- Comprehensiveness – you need to cover what you consider to be all the key topics.
- Helpfulness – practical examples, advice and demonstrations should be included
Special instructions
You need to submit two files – one is your report (a Microsoft Word document file) and other is a zip file containing all implemented source code.
Submit your source files (just one compressed zip file). The compressed zip file should be named according to the convention
CT6042 2022-23 001 StudentNumber SOURCECODE
e.g. CT6042 2022-23 001 1608131 SOURCECODE
Submit report (just one Word document) named according to the convention
CT6042 2022-23 001 StudentNumber REPORT
e.g. CT6042 2022-23 001 1608131 REPORT
Assessment 1 criteria
You need to achieve at least 40% to pass this assessment. Below a guide to the level of practical content and report required for the assignment.
Grade | Content |
To achieve <30 | Some requirements met, but very limited and not recoverable. Copyright violation. |
To achieve <40 | Deliverables partially complete, e.g. incorrect database models or failure to submit report. |
To achieve 40+ | Discussed
· Any 3 of the most dangerous software errors with examples |
To achieve 50+ | Discussed
· Any 3 of the most dangerous software errors with examples · Security Development Life Cycle
· Some code examples used in the report were implemented by yourself |
To achieve 60+ | Discussed
· Any 4 of the most dangerous software errors with examples · Security Development Life Cycle
· Most code examples used in the report were implemented by yourself |
To achieve 70+ | Discussed
· Any 5 of the most dangerous software errors with examples · Security Development Life Cycle
· All code examples used in the report were implemented by yourself |
The maximum size for the report is 3000 words.
Assesses learning outcomes (1), (2), (3) and (4)
Note that the overall grade will be determined by the application of the School of Business & Technology Assessment Criteria Grid.