Below is the criteria I am using to write this.

1. Select 2 CWE/SANS Top 25 vulnerabilities under the category of Porous Defenses from one of

these specific issues:

a. Missing Encryption of Sensitive Data

b. Use of Hard-coded Credentials

c. Missing Authorization

d. Missing Authentication for Critical Function

e. Incorrect Permission Assignment for Critical Resource

f. Incorrect Authorization

g. Execution with Unnecessary Privileges

h. Reliance on Untrusted Inputs in a Security Decision

2. Write unique, full example for each of the 2 vulnerabilities in this

category. Note: by unique and full I mean, this should not just be a code snippet. It should be

part of a small application.

3. Demonstrate for each of the two applications they are vulnerable to this attack. You need to

show explicitly the attack you use and demonstrate the impact of the vulnerability. The

demonstration should occur through screen shots and detailed walkthrough of the steps you

performed.

4. Finally, using the information in the CWE/SANS Top 25 vulnerabilities, fix the issues in each of

the two examples you created in step 2