Question Details

Application 5 Charting Dependencies and Drawing Conclusions

Question posted by Greg
  • Budget: $20 Normal
  • Subjects: Computer Science | Painting |
  • Due on 17 Jan, 2018 06:21:00
  • Asked on 16 Jan, 2018 06:51:56
  • Past Due (date has already expired)

Application 5 Charting Dependencies and Drawing Conclusions

Bugzilla provides extensive, detailed documentation of the level of known vulnerability of any application's code. The problem that this raises for your CISO is that, because there are always a lot of bugs in any product, the reports coming out of Bugzilla are far too extensive and technical for any of the business managers to understand. So they want you to use Bugzilla to answer a simple question clearly: "How insecure are we?"

To begin your assignment:

 

•Go to Bugzilla and search for "insecure."

•Sort your results by "severity" (by selecting the heading labeled "Sev"). Be sure to take a screenshot of your sorted results.

•Choose two items on the list that have a severity ranking of "blocker," "critical," or "major." Then examine their details by selecting the ID number next to each item. Try to understand the mechanics of each vulnerability (e.g., what causes the vulnerability and how does the vulnerability represent a risk at the program level?)

Then, answer the following questions in a 2- to 3-page paper:

 

•In lay terms, briefly describe the two vulnerabilities you have selected. Include in your description what causes the vulnerabilities and how they represent a risk at the program level?

•Explain to the managers what types of tests and reviews should be deployed in order to determine the company's exact status on each item. For example, if cross-site scripting is one of your chosen issues, how do you propose to detect cross-site scripting problems? What are some sample testing or review approaches you might employ to determine whether the company is vulnerable to such an issue?

•Assume that the CISO has told you that the company only has resources to correct one of these vulnerabilities. What specific testing and/or review approach would you suggest in order to determine which one to correct? Provide a practical business justification for your proposal that examines the assumed resource commitment for the testing versus any known effect of each vulnerability.

Be sure to include the screenshot of your sorted results as an appendix to your paper.

Available Solutions
Charting Dependencies and Drawing Conclusions Application 5 Scored 100%

StudyAcer
  • Purchased: 5 times.
  • Submitted: 16 Jan, 2018 07:52:41

Since there are no standards defined right now, so we cannot restrict this behaviour unless it can be made impossible for attackers to specify valid application URLs. It will require information related to the user session to be contained in valid URLs. This is not known to the attacker and theref...

Buy now to view full solution.

Ratings

There is no rating for this solution.
Facebook Comments