cs 405 final project
.I. Executive Summary: Provide a high-level overview of the contents of your report for the leadership team. Include your findings on major security flaws uncovered and the impact vulnerabilities pose. II. Summary of Methods In this section, you will describe the various methods used to identify vulnerabilities in the source code. A. Describe how and when you used methods to visually inspect the code to identify the vulnerabilities you found. [CS-405-01] B. Describe how and when you used the compiler errors or warnings to identify the vulnerabilities you found. [CS-405-01] C. Explain how and when you used a static analysis tool to identify the vulnerabilities you found. [CS-405-01] III. Vulnerability Findings In this section, you will assess the identified weaknesses in the following areas: ï‚· String-formatted output ï‚· Memory management ï‚· Pointers ï‚· Integer arithmetic ï‚· Code quality Provide the following for each indicated weakness: A. An evaluative description that explains why the code is insecure and details the implications of the weakness [CS-405-02] B. Remediation recommendations as modified code that corrects the weakness or reduces the vulnerability [CS-405-03] IV. Depth of Audit: You will be graded on the percentages of weaknesses and vulnerabilities that you identify in your secure code audit report. These sections should adhere to best practices and industry standards.
Part II: Case Study Analysis Based on the provided documentation on the following two case studies from Predicting Software Assurance Using Quality and Reliability Measures, provide a brief analysis of the two case studies. I. Case One: Database Vulnerabilities (Apple Coding Vulnerability, found on page 19) Given the particular scenario pertaining to the database system, evaluate security aspects of program designs and architectures for defending against attacks: A. Explain the security issues present, indicating the potential risks that the issues pose. [CS-405-04] B. Recommend testing types or processes necessary to identify the vulnerabilities. [CS-405-04] II. Case Two: Architecture-Specific Vulnerabilities (Heartbleed Vulnerability, found on page 21) Given the particular scenario pertaining to a server, evaluate security aspects of program designs and architectures for defending against attacks: A. Explain the security issues present, indicating the potential risks that the issues pose. [CS-405-04] B. Recommend testing types or processes necessary to identify the vulnerabiliti