Submission
The security analysis must be uploaded to Moodle as a single docx or pdf file before Friday Week 8, March 17 1pm. Harvard referencing must be used where applicable. It must be treated as an individual piece of work. The University rules concerning plagiarism, collusion and contract cheating apply. The module guide contains advice on the topic of academic integrity and a link to a training course that you might find useful.
CW1: Security analysis
The purpose of your first coursework is to see whether you can discover and fix security flaws in other people’s code, before you then attempt to build secure software from scratch for your second coursework.
The program you have been given has several security flaws and is intended to enable lecturers to view and store marks for students on modules. It reads in a file pwds.txt containing for each lecturer their passwords (encrypted) and the modules (up to five) that they are working on. It authenticates the user by asking them for a name and password and then presents them with a list of their modules. The user can then select a module, see a list of marks for each student and change the marks for a student. You may assume that pwds.txt is vulnerable to unauthorised writes but that the other files are not.
Get Free Quote!
361 Experts Online