IN300M3-3: Recommend methods for securing data in each language.
Purpose
The purpose of this assessment is to explore best practices for writing secure code. You will discover common vulnerabilities and countermeasures. Also, you will translate insecure code and provide suggestions for fixes.
Instructions
Securing Data
You must have Java, Eclipse, Python, PyCharm, R, and RStudio installed to perform this assessment. The free editions should have been installed earlier in the course.
Complete the following:
For each of the following actions, use the appropriate language to complete a solution.
Please copy the numbered action into your Microsoft Word® document.
For items 1–5 below, respond to each item.
Start a next action on a new page.
-
- Using the Java code below, describe the vulnerability that exists in the query and what can be done to fix the issue(s).
import java.util.Scanner;
public class IN300_Unit5_A1 {
public static void main(String[] args) {
Scanner sc = new Scanner(System.in);
System.out.println(“Enter employee name”);
String employee = sc.nextLine();
String query = “SELECT * FROM Employee where employeeName = ‘” + employee + “‘”;
System.out.println(“The query is: ” + query);
}
}
Output:
Enter employee name
Bob’ or ‘1’=’1
The query is: SELECT * FROM Employee where employeeName = ‘Bob’ or ‘1’=’1′
Describe the vulnerability that exists in the query and what can be done to fix the issue(s).
-
-
- Given the below Python code and execution, describe the results and what input validation countermeasures you might use to ensure you get the proper results:
-
Code:
result = input(“Do you want to continue [Yes] or [No]: “)
print(result)
Execution 1:
$ python3 IN300_Unit5_A2.py
Do you want to continue [Yes] or [No]: No
No
Execution 2:
$ echo ” NO ” + exec(subprocess.run([“ls”, “-l”]))” | python3
IN300_Unit5_A2.py
Do you want to continue [Yes] or [No]: NO ” +
exec(subprocess.run([“ls”, “-l”]))
-
- In two paragraphs, describe the best practice of running code with least privilege. You can include some vulnerabilities and countermeasures as examples.
- In two paragraphs, describe the best practice of not trusting infrastructure. You can include some vulnerabilities and countermeasures as examples.
- In one paragraph, describe the best practice of avoiding security by obscurity. You can include some vulnerabilities and countermeasures as examples.
Your submission for this part should meet any stated specifications listed above.
For the mastery requirements for this Competency Assessment, complete the following boldfaced item:
Develop a 1–2-page report discussing how improper coding can lead to SQL injection issues in a web application.
The post IN300M3-3: Recommend methods for securing data in each language.
Purpose
The pu appeared first on GET HELP WITH PAPERLINQ.