Question $4$

$30$ Marks

Study the scenario and complete the questions that follow:

E$-$Commerce Platform

You are a cybersecurity analyst tasked with conducting a code review for an authentication and access controlsystem implemented in Python, Bash, and JavaScript. The system is responsible for verifying user identities andenforcing access permissions to sensitive resources. Your objective is to identify security vulnerabilities in thecode and develop comprehensive mitigation strategies to enhance the system's security posture.

Conduct a detailed code review of one of the implementations $($Python$,$ Bash, or JavaScript$)$

$($Choose anylanguage of your choice as they are identical but different syntax$)$

to identify potential vulnerabilities.

Evaluate the severity and potential impact of the identified vulnerabilities, considering factors such as thelikelihood of exploitation and the impact on the confidentiality, integrity, and availability of the system.

Finally, develop comprehensive mitigation strategies to address the identified vulnerabilities, incorporating bothtechnical measures $($e$.$g$.,$ code fixes, security controls$)$ and non$-$technical measures $($e$.$g$.,$ user training, securitypolicies$).$

Evaluate the code of your choice and discuss based on the below Criteria:

Part A:

Code Review for Vulnerabilities

Part B:

Severity and Impact Evaluation

Part C:

Mitigation Strategies and Recommendation

Use the below Topic for your Answer Demonstration:

Code $1$ Python from flask import Flask, request, session, redirect, url$\_$for, render$\_$template$\_$string

import sqlite$3$

app $=$ Flask$(\_\_$name$\_\_)$

app.secret$\_$key $=$ 'supersecretkey'

def get$\_$db$()$:

conn $=$ sqlite$3.$connect$(\text{'}$database$.$db$\text{'})$

return conn

@app.route$(\text{'}/$login$\text{'},$ methods$=[\text{'}$GET$\text{'},$ 'POST'$])$

def login$()$:

if request.method $==$ 'POST':

username $=$ request.form$[\text{'}$username$\text{'}]$

password $=$ request.form$[\text{'}$password$\text{'}]$

# Potential SQL Injection Vulnerability

conn $=$ get$\_$db$()$

cursor $=$ conn.execute$("$SELECT $*$ FROM users WHERE username $=\text{'}\{\}\text{'}$ AND password $=\text{'}\{\}\text{'}".$format$($username$,$ password$))$

user $=$ cursor.fetchone$()$

if user:

session$[\text{'}$user$\text{'}]=$ user$[0]$

return redirect$($url$\_$for$(\text{'}$dashboard$\text{'}))$

else:

return "Invalid credentials"

return render$\_$template$\_$string$($LOGIN$\_$PAGE$)$

@app.route$(\text{'}/$dashboard$\text{'})$

def dashboard$()$:

if 'user' in session:

return f$"$Welcome $\{$session$[\text{'}$user$\text{'}]\}"$

return redirect$($url$\_$for$(\text{'}$login$\text{'}))$

if $\_\_$name$\_\_==\text{'}\_\_$main$\_\_\text{'}$:

app.run$($debug$=$True$)$