This week, you will look at the
infrastructure of secure programs and some of the components that
provide security. Using your online lectures, experience, and research,
respond to the following questions:
Input validation is a
layer of indirection between what a user enters and what is executed in a
program. Why is this a significant concern on the web? What
circumstances involving web pages make this a unique platform for
entering malicious input? Give at least two examples of vulnerabilities
for web applications that result from users entering malicious input
into form fields.
What steps can be taken
for input validation in cases in which the entry does not meet regular
criteria, such as a phone number in which the pattern can be predicted?
What is an example of input that does not have a regular pattern? How
could this be protected by input validation?
Some web deployments call on precompiled components
or libraries, such as NetBeans and C executables. How could these
systems be protected from injection by users? Why might this be
Choose a programming language (such as Java,
and South University Online Library resources to answer the following
What are the primary security issues reported for this language?
Are there any known compiler or interpreter issues that introduce security vulnerabilities to this language?
How does this language handle bounds checking for arrays? Does this prevent or facilitate buffer overflows?
How does this language process strings from the user? Does this leave any security holes?
Is this language compiled or interpreted?
How is this language affected by deployment? Justify your answer.
Can the vulnerabilities of this language be corrected by defensive programming? Justify your answer.
Does this language provide authentication mechanisms?
Is the source code of this language accessible to the end user?
Is access control possible with this language? Why or why not?