Question

Include a summation of why the code reveals vulnerabilities to broken access control Try {            ...

Include a summation of why the code reveals vulnerabilities to broken access control

Try {

            Switch ($_SESSION[“security-level”]{

                        Case “0”: // This code is insecure

                        $lEnableHTMLControls = False;

                              $lUseTokenizatization = False;

                        $lEncodeOutput = False;

                        $lProtectAgainstMethodTampering = False;

            Break;

Homework Answers

Answer #1

The above code reveals vulnerabilities to broken access control because the values set below all are set to False instead which should be set to True.

$lEnableHTMLControls = True;
If this is enabled then data would be formatted into HTML and those would be isolated from invalid/unnecessary or malicious inputs to be passed to system. This would avoid better output formatted and direct access can be prevented.

$lUseTokenizatization = True;
This method also needs to be set to True to manage better access control. Less vulnerabilities would be available as the input will be passed in the form of tokens which could avoid direct access to all objects and references. A set of token would be passed as input to the application in encoded format and same will be accepted by the end system if and only if it is in correct and expected format as assured. Else it will be rejected as invalid token. This would assure passage of input in secure way from the source to destination and from destination to source system.

$lEncodeOutput = True;
This should be set to True as data returned should be formatted or outputted to be HTML format. HTML output will use HTML encoding because this will help in masking hiding data or misuse by someone not intended will can be avoided.

$lProtectAgainstMethodTampering = True;
This needs to be set to True as protection has to be enabled for avoiding or preventing unwanted execution of executable files or any other bat files in unexpected way,inputs etc. To avoid identification of the resources to the attacker those needs to be masked and its original identity not to be revealed to the unauthorized user or attacker.


Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
Construct a flowchart based on this code and write its equivalent algorithms. #include <stdio.h> int main()...
Construct a flowchart based on this code and write its equivalent algorithms. #include <stdio.h> int main() { int x,y; float result; char ch; //to store operator choice printf("Enter first number: "); scanf("%d",&x); printf("Enter second number: "); scanf("%d",&y); printf("Choose operation to perform (+,-,*,/): "); scanf(" %c",&ch); result=0; switch(ch) { case '+': result=x+y; break; case '-': result=x-y; break; case '*': result=x*y; break; case '/': result=(float)x/(float)y; break; case '%': result=x%y; break; default: printf("Invalid operation.\n"); } printf("Result: %d %c %d = %.2f\n",x,ch,y,result); // Directly...
C++ #include<iostream> #include<string> #include<fstream> #include<cstdlib> using namespace std; const int ROWS = 8; //for rows in...
C++ #include<iostream> #include<string> #include<fstream> #include<cstdlib> using namespace std; const int ROWS = 8; //for rows in airplane const int COLS = 4; void menu(); //displays options void displaySeats(char[][COLS]); void reserveSeat(char [ROWS][COLS]); int main() { int number=0; //holder variable char seatChar[ROWS][COLS]; for (int i = 0; i < ROWS; i++) { for (int j = 0; j < COLS; j++) { seatChar[i][j] = '-'; } } int choice; //input from menu bool repeat = true; //needed for switch loop while (repeat...
I have run huge piece of code. I need a UML for it. I dont what...
I have run huge piece of code. I need a UML for it. I dont what a UML is, but my professor said he needs it. Please help. Thanks. import java.io.File; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.PrintWriter; import java.util.Scanner; public class CreditCardValidation { private String inputFileName; private String outputValidCardFileName; private String outputInvalidCardFileName; public static void main(String[] args) { CreditCardValidation ccValidationObj = new CreditCardValidation(); ccValidationObj.readFile(); } //Deafult Constrictor to inilialize instance variable public CreditCardValidation () { this.inputFileName = "data.txt"; this.outputValidCardFileName =...
//evil_server.cpp #include <string> #include <cstdlib> #include <iostream> #include "evil_server.h" using namespace std; EvilServer :: EvilServer() {...
//evil_server.cpp #include <string> #include <cstdlib> #include <iostream> #include "evil_server.h" using namespace std; EvilServer :: EvilServer() {    hacked[0] = hacked[1] = hacked[2] = false;    passwords[agent_index(MrMean)] = random_pw(MrMean);    passwords[agent_index(MsChief)] = random_pw(MsChief);    passwords[agent_index(DrEvil)] = random_pw(DrEvil); } void EvilServer :: change_pw(EvilAgent agent, string new_pw) {    int index = agent_index(agent);    if (new_pw == passwords[index])        return;    hacked[index] = false;    passwords[index] = new_pw; } string EvilServer :: random_pw(EvilAgent agent) {    string password;    int length;   ...
This is my code and can you please tell me why it's not working? By the...
This is my code and can you please tell me why it's not working? By the way, it will work if I reduce 10,000,000 to 1,000,000. #include <iostream> using namespace std; void radixSort(int*a, int n) { int intBitSize = sizeof(int)<<3; int radix = 256; int mask = radix-1; int maskBitLength = 8;    int *result = new int[n](); int *buckets = new int[radix](); int *startIndex = new int[radix]();    int flag = 0; int key = 0; bool hasNeg =...
Can someone please edit my code so that it satisfies the assignments' requirements? I pasted the...
Can someone please edit my code so that it satisfies the assignments' requirements? I pasted the codes below. Requirement: Goals for This Project:  Using class to model Abstract Data Type  OOP-Data Encapsulation You are asked to write an app to keep track of a relatively small music library. The app should load song information from a data file once the app is started. It should allow user to view, add, remove, and search for songs. The app should...
USING C++ Topics: Friend functions Copy constructor ----------------------------------------------------------------------------------------------------------------------------------------- Lab 3.1 Create your objects in the stack...
USING C++ Topics: Friend functions Copy constructor ----------------------------------------------------------------------------------------------------------------------------------------- Lab 3.1 Create your objects in the stack (not on the heap). Add a friend function, kilotopound, which will convert kilograms to pounds. Change your weight mutator to ask whether weight is input in kilograms or pounds. If it is kilograms, call the friend function kilotopound to convert it to pounds and return pounds. There are 2.2 pounds in one kilogram. Create an object on the stack with the following information:     ...
I'm currently stuck on Level 3 for the following assignment. When passing my program through testing...
I'm currently stuck on Level 3 for the following assignment. When passing my program through testing associated with the assignment it is failing one part of testing.   Below is the test that fails: Failed test 4: differences in output arguments: -c input data: a b c -c expected stdout: b observed stdout: a b expected stderr: observed stderr: ./test: invalid option -- 'c' Unsure where I have gone wrong. MUST BE WRITTEN IN C++ Task Level 1: Basic operation Complete...
Homework Draw class diagrams for your HW4 - the Tetris Game shown below: Part 1: UML...
Homework Draw class diagrams for your HW4 - the Tetris Game shown below: Part 1: UML As a review, Here are some links to some explanations of UML diagrams if you need them. • https://courses.cs.washington.edu/courses/cse403/11sp/lectures/lecture08-uml1.pdf (Links to an external site.) • http://creately.com/blog/diagrams/class-diagram-relationships/ (Links to an external site.) • http://www.cs.bsu.edu/homepages/pvg/misc/uml/ (Links to an external site.) However you ended up creating the UML from HW4, your class diagram probably had some or all of these features: • Class variables: names, types, and...
QUESTION 1 Advanced Security Inc. was hired by the Treasury Bank Inc. for securing their systems....
QUESTION 1 Advanced Security Inc. was hired by the Treasury Bank Inc. for securing their systems. The first thing they did was implement the best practice if separation of domains. As a result of this The bank had to get a new domain name. any change made in the records points to only one party who could have made that change. If you are a technical person, you must have office in a particular area of the building. accessing outside...
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT