Problem
You will look at the infrastructure of secure programs and some of the components that provide security. Using your online lectures, experience, and research, respond to the following questions:
1) Input validation is a layer of indirection between what a user enters and what is executed in a program. Why is this a significant concern on the web? What circumstances involving web pages make this a unique platform for entering malicious input? Give at least two examples of vulnerabilities for web applications that result from users entering malicious input into form fields.
2) What steps can be taken for input validation in cases in which the entry does not meet regular criteria, such as a phone number in which the pattern can be predicted? What is an example of input that does not have a regular pattern? How could this be protected by input validation?
3) Some web deployments call on precompiled components or libraries, such as NetBeans and C executables. How could these systems be protected from injection by users? Why might this be necessary?
Choose a programming language (such as Java, JavaScript, C, C#, C++, Python, PHP, etc.) and research using the Internet and South University Online Library resources to answer the following questions:
1) Is this language compiled or interpreted?
2) What are the primary security issues reported for this language?
3) Are there any known compiler or interpreter issues that introduce security vulnerabilities to this language?
4) How does this language handle bounds checking for arrays? Does this prevent or facilitate buffer overflows?
5) How does this language process strings? Does this leave any security holes?
6) Can the vulnerabilities of this language be corrected by defensive programming? Justify your answer.
Read this online lectures on DevOps and DevSecOps, then research DevSecOps tools and select one. Based on your study of DevOps and DevSecOps from the online lectures, and what you found from your research on tools, address the following tasks:
1) Briefly describe the specific features supported by the tool you selected.
2) Explain how you would use this tool under the DevSecOps model.