Assignment 1

You are working in a small software development shop, which is building web applications for

the customers. As a security analyst, you are aware of all problems, which occur when customers

use the software of your organization. There are several security issues, which occurred very

recently and required your immediate attention:

?

The customers store very expensive copyrighted images on the website. The users of the

website can purchase the images and download them at their convenience. Lately the

customers realized that some users were able to download more images that they have

paid for. Please, identify the problem and provide the best possible solution. (Note: the

names of the files are known and there are naming conventions customer uses for the file

names)

?

Another customer decided to use XML documents to store sensitive information,

including usernames, groups and permissions. Somehow, there was a leak of this

information from the website to the media. Try to investigate the situation and come out

with the solution, which may identify and prevent future breaches

?

The other customer of your firm is trying to integrate the remote communication

mechanisms to deliver services to their clients. The requirement is a full security of the

connection, single point of authentication (they presently use ASP.NET authentication)

and proper use of error handling which may occur. Describe the solution, which will

work well for this customer.