Below is the criteria I am using to write this.
1. Select 2 CWE/SANS Top 25 vulnerabilities under the category of Porous Defenses from one of
these specific issues:
a. Missing Encryption of Sensitive Data
b. Use of Hard-coded Credentials
c. Missing Authorization
d. Missing Authentication for Critical Function
e. Incorrect Permission Assignment for Critical Resource
f. Incorrect Authorization
g. Execution with Unnecessary Privileges
h. Reliance on Untrusted Inputs in a Security Decision
2. Write unique, full example for each of the 2 vulnerabilities in this
category. Note: by unique and full I mean, this should not just be a code snippet. It should be
part of a small application.
3. Demonstrate for each of the two applications they are vulnerable to this attack. You need to
show explicitly the attack you use and demonstrate the impact of the vulnerability. The
demonstration should occur through screen shots and detailed walkthrough of the steps you
performed.
4. Finally, using the information in the CWE/SANS Top 25 vulnerabilities, fix the issues in each of
the two examples you created in step 2
Hi there! Click one of our representatives below and we will get back to you as soon as possible.