Longin system using PHP and connects to a MySQL backend database.

Secure Programming 1 Assignment 1 The purpose of this assignment is to give you some practical experience in attacking vulnerable source code and also experience in trying to secure this insecure code. You will be supplied with a simple Web application. The app is coded using PHP and connects to a MySQL backend database. There are two parts to the assignment, both worth the same (50/50). You need to find weaknesses, exploit them and finally fix them. For the first part of your assignment you need to analysis the code and look for possible weaknesses. You then need to try exploit any weakness you think you have identified. If you think a form field is vulnerable to XSS, then perform some attack to show the weakness. (Only one example, per location, each field, is required to show that it is vulnerable). For the second part of the assignment you need to try secure the code, by correcting any flaws you find by writing new secure code. Setup Firstly you’ll need to get the code running so you can test it. You’ll need to setup a webserver and a database, I suggest using WAMP which is the easiest solution to automatically set everything up for you. You’ll also need to create a database and a table. The easiest way to do this is using MyPHPAdmin create a database (test) and then run the SQL script I’ve included with the source to create and set up a table. Once up and running you can start your assignment. Section 1 (50%) OK you have some source code to review and try to break. There are plenty of basic errors in the code so you should be able to find some. You need to list each weakness that you think you have found and briefly mention what type of weakness it is. You should also try and exploit each weakness, with some real world hacking. You should highlight exactly what you did to exploit each weakness. If you find a possible weakness but fail to exploit it, then you should still include it, and mention anything you tried in your attempt to exploit it. Section 2 (50%) The second part of your project is to correct the source code to fix as many of the identify weaknesses as you can. Your final corrected code must still run without changes needed by me. You must correct the code I give you, not just hand me back a completely different app. If you tried to fix a bit of code but it won’t compile or gives errors, then include it in your source code, so I can see what you tried and where. In your documentation you need to include a brief mention of each bit of code you tried to correct and how your code fixes the problem. Deliverables A zipped file with your completed report and all of the corrected source code uploaded to Moodle by the 8th of November (Sunday). Note: MAX word count should be between 2,500 and 3,000 words, but reports can be considerably less. I don’t want a history of vulnerabilities in your report. Just what vulnerabilities you found, how you found them and how you fixed them in code.