Ask Software Engineering Expert

Assignment Lab - Statement of Work

Client: Liberty Vacation Planning Inc. (LVP)

Project: Website Assessment

1. Project Objectives

With this statement of work, LVP is engaging you to conduct a website assessment to determine whether our new online Vacation Destinations application was developed following current Web application best practices. Specifically, the assessment should identify any security flaws in the code for the search function and the Check Availability page. The objectives of this assessment are as follows:

  • Identify any cross site scripting (XSS) flaws in the application using Skipfish or a manual source code review.
  • Identify any SQL injection flaws in the application by conducting a source code review.
  • Verify that the SQL injection flaws will cause a MySQL database error message to occur in the live application.

Note: The objective of this Statement of Work is to identify (not exploit) the vulnerabilities.

2. Project scope

The scope of the website assessment project is as follows:

  • The Vacation Destinations application hosted on our internal Kali Linux web server.
  • The Vacation Destinations code (Source_Code_Review.txt) located on the desktop of the provided Kali machine.

Note: Any items not listed here are considered out of scope for this project; the addition of out of scope items to the project scope will not be made without prior approval and authorization from LVP and will be handled through change requests or as separate SOWs.

3. Project deliverables

The deliverable(s) for this project are as follows:

a. Proof of XSS vulnerability

This proof will be provided in the following manner:

A screenshot of either a Skipfish report showing an XSS condition, or of a JavaScript pop-up window caused by a web request with an XSS payload

b. Proof of SQL injection in the code

This proof will be provided in the following manner:

  • A screenshot of the source code reviewed with the vulnerable HTTP parameter and SQL query parameter highlighted or circled.
  • A brief paragraph describing why the course code is vulnerable and how it could be misused.

c. Proof of SQL injection in the application

This proof will be provided in the following manner:

  • A screenshot showing a database error message, which proves a SQL injection condition.

LAB WEBSITE ASSESSMENT INSTRUCTIONS -

1. Use the lab virtual environment for this assignment where specific instructions for tasks and deliverables are located. After completing the lab, write a lab report that includes all of the required deliverables, screen shots of each operation, and any additional information you gathered.

2. You are also required to include at least one page of written content with a minimum of 2 referenced citations that discusses your findings from each of the lab operations. This can include reasons why the findings are important, actions the organization can take to solve any discovered problems, and any other pertinent information you discovered. This content can be included anywhere in your lab report as long as you meet the one page requirement.

3. Your report must also include Biblical integration that relates a Bible verse, passage, or concept to the assignment. This will count as one of your required citations.

Note - Need to complete virtual lab. Can you do it using team viewer?

Attachment:- Assignment File.rar

Software Engineering, Computer Science

  • Category:- Software Engineering
  • Reference No.:- M93134273
  • Price:- $180

Guranteed 48 Hours Delivery, In Price:- $180

Have any Question?


Related Questions in Software Engineering

In this assignment you will answer the following questions

In this assignment, you will answer the following questions related to Android platform and Android security design. 1. Describe Android architecture in detail by explaining the four conceptual layers. 2. Describe Androi ...

The research paper for this course is about some of the

The research paper for this course is about some of the best sources of digital evidence for child abuse and exploitation, domestic violence, and gambling according to the National Institute of Justice. Research commerci ...

Research projectin the course we have covered various

RESEARCH PROJECT In the course, we have covered various security and privacy issues that arise in the cyberspace field. We have learned to identify these risks and have discussed the current approaches and developments f ...

Overviewyou are required to modify and logically extend

Overview You are required to modify and logically extend the functionality of a provided code base to implement a game. This requires you to modify the code base as well as create documentation and implement various user ...

Address the following integrating biblical perspectives

Address the following, integrating biblical perspectives where appropriate: Define a hate crime and describe how white supremacist groups use the Internet to spread their message of hate. Explain why hate crime legislati ...

In this assignment you will answer the following review

In this assignment, you will answer the following review questions from the reading materials of the module/week. 1. "What are the key components of a typical P2P application? Describe their functions." 2. "What are the ...

Write reply to this article with references with apa

Write reply to this article with references with APA bibliography. Hate Crimes Over the past couple of years, hate crimes have been on the rise in America's largest cities. Studies show that there were sharp spikes in th ...

Reply to this article with apa referencehate crimes

Reply to this article with APA reference. Hate crimes According to Merriam-Webster, hate crime is any of various crimes (such as assault or defacement of property) when motivated by hostility to the victim as a member of ...

Proposaldesign of an efficient gps tracking system tag for

Proposal Design of an efficient GPS Tracking System (tag) for monitoring small species IMPLEMENTING EMBEDDED SYSTEMS USING SYSML Task Using PapyrusSysML Software (Downloadable online - Evaluation Copy- Latest Version) Mo ...

Write review on this article with apa formatgovernment

Write review on this article with APA format. Government surveillance is a major issue in the United States and globally. Surveillance refers to any collection and processing of personal data, whether, identifiable or no ...

  • 4,153,160 Questions Asked
  • 13,132 Experts
  • 2,558,936 Questions Answered

Ask Experts for help!!

Looking for Assignment Help?

Start excelling in your Courses, Get help with Assignment

Write us your full requirement for evaluation and you will receive response within 20 minutes turnaround time.

Ask Now Help with Problems, Get a Best Answer

Why might a bank avoid the use of interest rate swaps even

Why might a bank avoid the use of interest rate swaps, even when the institution is exposed to significant interest rate

Describe the difference between zero coupon bonds and

Describe the difference between zero coupon bonds and coupon bonds. Under what conditions will a coupon bond sell at a p

Compute the present value of an annuity of 880 per year

Compute the present value of an annuity of $ 880 per year for 16 years, given a discount rate of 6 percent per annum. As

Compute the present value of an 1150 payment made in ten

Compute the present value of an $1,150 payment made in ten years when the discount rate is 12 percent. (Do not round int

Compute the present value of an annuity of 699 per year

Compute the present value of an annuity of $ 699 per year for 19 years, given a discount rate of 6 percent per annum. As