Software dev, network analysis and risk assessment. (code & report 1500-2000 words) - repost

CLOSED
Bids
5
Avg Bid (USD)
$520
Project Budget (USD)
$30 - $250

Project Description:
Task consists of software development task, an network analysis task and a risk

assessment. It will test the following module level learning outcomes:


Task details Instructions

Read the entire Task specification sheet thoroughly.

Task specification

You must choose one of the projects detailed below and use that for their

Task, unless you have been given permission otherwise.



Each Candidate must identify at least 4 security issues with their chosen project and fix at

least 2 major issues. You find and fix more security issues if you wish and credit will be

given for the range of security issues that you have identified. Credit will also be given

for finding vulnerabilities that nobody else has found

The security issues may be design issues, implementation issues or a mixture of the

two.

All fixes must be implemented in a secure manner. The design, implementation and

testing of the fixes must be given in your final report.

All Candidates must perform a pen test of their DVL VM (with all the services running)

using, as far as possible, the framework given in the lecture (some stages will obviously

not be appropriate and you may omit those stages).

All Candidates must present a technical and a management report of their findings. The

reports should contain the following

o An overall summary of what the software chosen does (both reports)

o An overall summary of the results of the pentest (both reports)

o A high level design of the software (technical report)

o A detailed design of changes made (technical report)

o A detailed justification of changes made, showing how they comply with secure

coding guidelines (technical report)

o A detailed list of services running on DVL (technical report)

o A detailed summary of the implications of the vulnerabilities found in the pentest,

grouped in a logical manner (technical report)

o A high level list of recommended actions to take to resolve the vulnerabilities

(management report)

o A detailed list of recommended actions to take to resolve the vulnerabilities

(technical report)

o A discussion of implications of not fixing the vulnerabilities (both pentest and

software) and of the resources required to fix the issues (management report)

All Candidates must hand in a short additional reflective report, reflecting on their learning

experience


Project choice

For this piece of Task you are expected to develop a system that closely follows the secure coding requirements. You can choose any of the following three projects:

Shimmer http://shimmer.sourceforge.net/

Shimmer is a pair of small programs (a client and a server) that provide an

alternative to port knocking program and are used to hide a valuable port (such as

a hidden web server or SSH) on a public IP address.

Unlesbar http://sourceforge.net/projects/unlesbar/

Unlesbar is thought to be an electronic safe for sensitive data you want to keep in

a safe place.

OpenStego http://openstego.sourceforge.net/

OpenStego is the free Steganography solution. Steganography is the science of

hiding secret message inside another larger and harmless looking message. You

should use the latest version of OpenStego



These projects have been chosen because they are known to have security issues. If you want to choose a different project altogether, you will need to get approval from Faye Mitchell or Mark Green in advance. Note that Task submissions that have not been approved will be severely marked down for not obeying Task guidelines.

Submission details

You must submit paper and electronic copies of the technical and management reports and electronic copies of the code and reflective report.
Electronic copies of the original code and your modifications (clearly commented)

The Technical report

The Management report

The reflective report

55% of the marks will be allocated to the software aspects. 35%of the marks to the penetration aspect. 10% to the reflective report.

Please see attachment.

Skills required:
Java, Software Architecture, Software Development, Technical Writing, Web Security
Hire mhumerfarooq
Project posted by:
mhumerfarooq United Kingdom
Verified
Public Clarification Board
Bids are hidden by the project creator. Log in as the employer to view bids or to bid on this project.
You will not be able to bid on this project if you are not qualified in one of the job categories. To see your qualifications click here.


$ 618
in 15 days
$ 673
in 7 days
$ 555
in 3 days
Hire OsgKqnWjTSca
$ 155
in 3 days
$ 600
in 10 days