Programming Secure Software Systems Case Study: Safe programming issues
Related outcomes from the unit outline:
1. Analyse the existence of vulnerabilities inherent in insecure software products
2. Assure quality by using elements of a secure framework
3. Judge the effectiveness of mitigation strategies for security vulnerabilities
Case Description: Vulnerability Detection, Analysis and Mitigation
The problem space is the File Transfer Protocol (FTP). You will be given some code samples to evaluate. You should:
- Provide a short discussion (2-3 pages) of the existing vulnerabilities in the protocol.
- Clearly identify vulnerabilities in the code samples.
- Describe and implement (i.e., modify the code) mitigations.
- Amend the code (without introducing new vulnerabilities) by providing commandline parameters in place of the existing interface.
- Referring back to the first point, demonstrate that, whilst your code may be now secure, the protocol itself is still insecure.
- Discuss and implement (if possible) a secure implementation of the protocol by adding to your code. The objective is not to write new code, but to use existing libraries.
- Ensure that your code compiles/links with gcc and runs within the Linux environment supplied in the unit.
You must:
- Provide a zip file containing your assignment as a Word document. The assignment should contain your code. No other compression formats accepted. No other document formats accepted.
Document Style
- Your document must be in MS-Word format (.doc/.docx), body text 12 point Arial font, double spaced, fully justified and include page numbers.
Attachment:- Assignment Files.zip