OWASP Top 10 DevSecOps Research and Mitigation Testing

Problem Statement

Assessment Description

OWASP top 10 DevSecOps research and mitigation testing You work for a company called, Anglia DevSecOps Solutions. They have contacted you to research the latest threats in IT and specifically, are interested in, the OWASP Top 10 vulnerabilities. Your job, is to test for and document, THREE of the the following vulnerabilities:

·A1 Injection

·A2 Broken Authentication

·A3 Sensitive Data Exposure

·A4 XML External Entities (XXE)

·A5 Broken Access Control

·A6 Security Misconfiguration

·A7 Cross-Site Scripting (XSS)

·A8 Insecure Deserialization

·A9 Using Components with Known Vulnerabilities

·A10 Insufficient Logging & Monitoring

Explain the Vulnerabilities and Mitigation

Explain to the business executives, why these vulnerabilities matter, including the potential risk to the business. You should link these vulnerabilities into the OWASP TOP 10 2017. You are expected to provide real world examples for each vulnerability discussed and code that has issues, with then the student correcting it/suggesting better alternatives The report is specifically for higher ups in the business and needs to be readable by laymen (non-technical person). Please explain things in this technical report carefully.

You should explain how you have tested for each vulnerability, and how you exploited each vulnerability. You should also explain why the vulnerability exists, and what is needed to mitigate it. Provide fully annotated example code to support your mitigation argument. The report should outline your test environment, such as an annotate network diagram, and justify the tools selected for testing.

·Cover page

·Contents page

·Executive summary

·OWASP Vulnerability one

oVulnerability

oMitigation

·OWASP Vulnerability Two

oVulnerability

oMitigation

·OWASP Vulnerability Three

oVulnerability

oMitigation

All you work should be supported with full in-text Harvard referencing. Please create sub-headings under these so your work is easier to read for an executive or laymen (legal term for someone a person without professional or specialized knowledge in a particular subject specific area.)

Marking Scheme

·10% Explain the first vulnerability of choice in the OWASP Top 10.

o(such as pick an OWASP Top 10 vulnerability, Then why it exists, how it works and what code it effects) good marks will be awarded for correct identification of code that has been explained and annotated correctly as well as referenced, using Harvard referencing.

·20% Using real world code that you have developed, mitigate the issue selected

o(such as linking the code from the first part of this question) Show your test environment, fixing the code and show threats have been mitigated correctly. Annotations are also required for the code as well as referenced using Harvard referencing.

·20% Using real world code that you have developed, mitigate the issue selected

·10% Report presentation

omust be in the form of a technical format, written in ONLY 3rd PERSON with headings, sub-headings and diagrams/tables/code labeled correctly. The work must be written in English and be spelling + grammar checked before submission. This report must be written so that a laymen can understand it (non-technical person) Please note:

Marks for in-text Harvard referencing is included in each question. No in-text Harvard references may result in very low marks in those sections or failing this work out right. The student will automatically be awarded a fail if the:

·Report is not submitted within the University agreed timescales (this can be found below or on E-Vision)

·Content of the report is meaningless in terms of the assignment (please read the assessment correctly)

·Work is not the work of the author and is presented as such (Work must be yours or referenced correctly)

Get instant help from 5000+ experts for