Question: #654

Application 5 Charting Dependencies and Drawing Conclusions

Bugzilla provides extensive, detailed documentation of the level of known vulnerability of any application's code. The problem that this raises for your CISO is that, because there are always a lot of bugs in any product, the reports coming out of Bugzilla are far too extensive and technical for any of the business managers to understand. So they want you to use Bugzilla to answer a simple question clearly: "How insecure are we?"

To begin your assignment:

 

•Go to Bugzilla and search for "insecure."

•Sort your results by "severity" (by selecting the heading labeled "Sev"). Be sure to take a screenshot of your sorted results.

•Choose two items on the list that have a severity ranking of "blocker," "critical," or "major." Then examine their details by selecting the ID number next to each item. Try to understand the mechanics of each vulnerability (e.g., what causes the vulnerability and how does the vulnerability represent a risk at the program level?)

Then, answer the following questions in a 2- to 3-page paper:

 

•In lay terms, briefly describe the two vulnerabilities you have selected. Include in your description what causes the vulnerabilities and how they represent a risk at the program level?

•Explain to the managers what types of tests and reviews should be deployed in order to determine the company's exact status on each item. For example, if cross-site scripting is one of your chosen issues, how do you propose to detect cross-site scripting problems? What are some sample testing or review approaches you might employ to determine whether the company is vulnerable to such an issue?

•Assume that the CISO has told you that the company only has resources to correct one of these vulnerabilities. What specific testing and/or review approach would you suggest in order to determine which one to correct? Provide a practical business justification for your proposal that examines the assumed resource commitment for the testing versus any known effect of each vulnerability.

Be sure to include the screenshot of your sorted results as an appendix to your paper.

Solution: #663

Charting Dependencies and Drawing Conclusions Application 5 Scored

Since there are no standards defined right now, so we cannot restrict this behaviour unless it can be made impossible for attackers to specify valid application URLs. It will require information related to the user session to be contained in valid URLs. This is not known to the attacker and theref...

Tutormaster
Rating: A+ Purchased: 11 x Posted By: Studyacer
Jackie

A+ - Thank you!

Studyacer

Thanks for the positive feedback!

Related Solutions
Busypapers
CIS510 Case Study 3 : Advising About a Software Purchase
Busypapers
CIS500 Assignment 1 Predictive Policing
Busypapers
CIS500 Assignment 2 4G Wireless Networks
Busypapers
CIS500 Assignment 3 Mobile Computing and Social Networking
Busypapers
CIS510 Technical Paper: Final Project Plan
Comments
Posted by: Studyacer
Studyacer
Studyacer
Senior Journalist
Budget: $20 Ready
Sell Your Solution Report Solution Support Center

Online Users

Top Tutors