Access Millions of academic & study documents

Sdev 460 Homework 3

Content type
User Generated
Subject
Computer Science
Type
Homework
Showing Page:
1/11
Surname 1
Name
Professor
Course
Date
SDEV 460 Homework 3
In modern system applications, it is a common practice to use role-based authentication
in managing access to system resources. However, in some cases, there may be challenges in
role-based authentication due to poor setting up of roles, poor log in procedures, poor
CAPTCHA usage, and poor encryption of security credentials (F. OWASP). This homework
discussion provides a series of test cases, test results and description of major challenges
involved during the authentication process. Additionally, the discussion will outline basic control
mechanisms for the encountered challenges.
Test Role Definitions
The roles listed in the application include manager, administrator, staff and customer. To
test these roles, I logged in with the provided credentials, accessed the files (to determine the
read permission). I tried to modify the files to determine the write, update permissions. These
roles are documented in the roles matrix below:
Role
Object
Permission to Action
Constraint
Manager
Customer file
Read, update,
Can only access and
manipulates objects
that fall in their
functional units only.
Administrator (Admin)
Customer files
Read, update, write, delete
Admin has all
permissions on the
customer class

Sign up to view the full document!

lock_open Sign Up
Showing Page:
2/11
Surname 2
Staff
Customer file
Read
Can read customer
records that are
assigned to them by
the manager
Customer (normal user)
Customers
files
Read and update
User can read and
update their own
record
Test User Registration Process
This test involves performing various test cases that aim at evaluating the processing of
authenticating users to the system. This test is important because it helps to verify the accuracy,
appropriateness and validity of the process of adding a new user to the application. It also helps
to verify that the requirements for adding a user to the system comply with the security and
business requirements (F. OWASP).
Answer to OWASP testing guide:
Can anyone register for access? Yes, any user can access the registration panel and enter
their details for registration. The screenshot below shows the panel for login for all
guests:

Sign up to view the full document!

lock_open Sign Up
Showing Page:
3/11

Sign up to view the full document!

lock_open Sign Up
End of Preview - Want to read all 11 pages?
Access Now
Unformatted Attachment Preview
Surname 1 Name Professor Course Date SDEV 460 Homework 3 In modern system applications, it is a common practice to use role-based authentication in managing access to system resources. However, in some cases, there may be challenges in role-based authentication due to poor setting up of roles, poor log in procedures, poor CAPTCHA usage, and poor encryption of security credentials (F. OWASP). This homework discussion provides a series of test cases, test results and description of major challenges involved during the authentication process. Additionally, the discussion will outline basic control mechanisms for the encountered challenges. Test Role Definitions The roles listed in the application include manager, administrator, staff and customer. To test these roles, I logged in with the provided credentials, accessed the files (to determine the read permission). I tried to modify the files to determine the write, update permissions. These roles are documented in the roles matrix below: Role Manager Object Customer file Administrator (Admin) Customer files Permission to Action Read, update, Constraint Can only access and manipulates objects that fall in their functional units only. Read, update, write, delete Admin has all permissions on the customer class Surname 2 Staff Customer file Customer (normal user) Customers files Read Read and update Can read customer records that are assigned to them by the manager User can read and update their own record Test User Reg ...
Purchase document to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Studypool
4.7
Indeed
4.5
Sitejabber
4.4