SIT382 System Security Assignment 2 – Technical Report Trimester 2 2020 Objectives: - To understand the most widespread and top-rated software errors - To demonstrate the capability of exploiting security vulnerabilities, verifying experimental outcomes, and proposing technical solutions to rectify them - To gain experiences in writing a technical report for the conducted exploitation attacks Due Date: 8pm Thursday October 8, 2020 Delays caused by computer downtime cannot be accepted as a valid reason for late submission without penalty. Students must plan their work to allow for both scheduled and unscheduled downtime. Submission Details: You must submit an electronic copy of your assignment solutions in Microsoft Word (.doc or .docx) via CloudDeakin. The PDF format may cause issues in the Turnitin system. So please avoid to use PDF format. It is the student's responsibility to ensure that they understand the submission instructions. If you have ANY difficulties, ask the teaching team for assistance (prior to the submission date). Copying, Plagiarism Issues: This is an individual assessment. You are not permitted to work as a part of a group when writing this assignment. Plagiarism is the use of other people’s words, ideas, research findings or information without acknowledgement, that is, without indicating the source. Plagiarism is regarded as a very serious offence in Western academic institutions and Deakin University has procedures and penalties to deal with instances of plagiarism. In order not to plagiarise, all material from all sources must be correctly referenced. It is necessary to reference direct quotes, paraphrases and summaries of sources, statistics, diagrams, images, experiment results and laboratory data - anything taken from sources. When plagiarism is detected, penalties are strictly imposed. Details on plagiarism can be viewed online at https://www.deakin.edu.au/students/studying/academic-integrity. SIT382 Assignment 2 Total marks: 40 The SANS institute released the newest version of CWE/SANS Top 25 Most Dangerous Software Errors in 2019. The list consists of top-rated and critical software weaknesses that may lead to vulnerabilities being exploited by attackers. In this assignment, you are required to choose a subset of CWE/SANS Top 25 Most Dangerous Software Errors listed on SANS website (https://www.sans.org/top25- software-errors) and identify these vulnerabilities in selected systems. You need to complete a technical report to document your experimental outcomes and findings. The report should consist of 3000-3500 words (minimum 3000 words, single spaced, 12pt font, on the A4-sized paper). The findings should include exploitation of minimal 3 software errors chosen from the top 25 list. Each error should have a different CWE ID. This report needs to consist of following items: an overview of the chosen software errors description of the hacking environment description of technical findings and supporting evidence in screenshots critical analysis of technical findings discussion and justification of potential remedy actions based on findings You are free to use the NetLab environment and any online pen testing platforms and follow any instructions. The requirement is you will need to conduct the attacks by yourself. If we find any content (e.g., screenshots) copied from lab instructions or online resources, we will consider it as plagiarism. Marking Criteria for Assignment 2
欢迎咨询51作业君
