Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Question 4 3 0 Marks Study the scenario and complete the questions that follow: E - Commerce Platform You are a cybersecurity analyst tasked with

Question 4
30 Marks
Study the scenario and complete the questions that follow:
E-Commerce Platform
You are a cybersecurity analyst tasked with conducting a code review for an authentication and access controlsystem implemented in Python, Bash, and JavaScript. The system is responsible for verifying user identities andenforcing access permissions to sensitive resources. Your objective is to identify security vulnerabilities in thecode and develop comprehensive mitigation strategies to enhance the system's security posture.
Conduct a detailed code review of one of the implementations (Python, Bash, or JavaScript)
(Choose anylanguage of your choice as they are identical but different syntax)
to identify potential vulnerabilities.
Evaluate the severity and potential impact of the identified vulnerabilities, considering factors such as thelikelihood of exploitation and the impact on the confidentiality, integrity, and availability of the system.
Finally, develop comprehensive mitigation strategies to address the identified vulnerabilities, incorporating bothtechnical measures (e.g., code fixes, security controls) and non-technical measures (e.g., user training, securitypolicies).
Evaluate the code of your choice and discuss based on the below Criteria:
Part A:
Code Review for Vulnerabilities
Part B:
Severity and Impact Evaluation
Part C:
Mitigation Strategies and Recommendation
Use the below Topic for your Answer Demonstration:
Code 1 Python from flask import Flask, request, session, redirect, url_for, render_template_string
import sqlite3
app = Flask(__name__)
app.secret_key = 'supersecretkey'
def get_db():
conn = sqlite3.connect('database.db')
return conn
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
# Potential SQL Injection Vulnerability
conn = get_db()
cursor = conn.execute("SELECT * FROM users WHERE username ='{}' AND password ='{}'".format(username, password))
user = cursor.fetchone()
if user:
session['user']= user[0]
return redirect(url_for('dashboard'))
else:
return "Invalid credentials"
return render_template_string(LOGIN_PAGE)
@app.route('/dashboard')
def dashboard():
if 'user' in session:
return f"Welcome {session['user']}"
return redirect(url_for('login'))
if __name__=='__main__':
app.run(debug=True)

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Students also viewed these Databases questions