Two organizations focus on improving software security and thus track the various vulnerabilities on a continual basis. They are (1) Common Weakness Enumeration (CWE) by SANS/Mitre https://cwe.mitre.org/index.html), and (2) The Open Web Application Security Project (OWASP) (see https://www.owasp.org/index.php/About_OWASP ). I am attaching two documents here, CWE Top 25 and OWASP Top 10. Please note the vulnerabilities or the type of vulnerabilities are not the same in these two lists. This is because, OWASP’s focuses only on web applications. Also, the two lists are also not exactly the same as the above bulleted list. They do, however, overlap.
In this exercise, you will investigate two vulnerabilities of your choice, one each from the two lists above. For each of the two vulnerabilities you have chosen, you will explain the vulnerability including.
(i) Where it occurs (e.g., C language, database, web browser, etc.),
(ii) An example attack that exploited it.
(iii) Describe how the vulnerability can be minimized, prevented or mitigated.
Note: All the description should be in your own words. You may use code excerpt to illustrate the vulnerability or remove the flaw that is the source of the vulnerability.
Your report should be two pages long for each vulnerability.
You need to consult at least four references for each vulnerability.
The assignment will be graded using the following rubric:
• Description of the Vulnerability:
• Mitigation/Prevention Techniques:
• Bibliography:
• Grammar/English:
The links above has been downloaded in pdf format below.
OWASP Top 10 – 2013.pdf
2011_cwe_sans_top25.pdf
