Assignment 1 You are working in a small software development shop, which is buil
ID: 3901268 • Letter: A
Question
Assignment 1
You are working in a small software development shop, which is building web applications for
the customers. As a security analyst, you are aware of all problems, which occur when customers
use the software of your organization. There are several security issues, which occurred very
recently and required your immediate attention:
?
The customers store very expensive copyrighted images on the website. The users of the
website can purchase the images and download them at their convenience. Lately the
customers realized that some users were able to download more images that they have
paid for. Please, identify the problem and provide the best possible solution. (Note: the
names of the files are known and there are naming conventions customer uses for the file
names)
?
Another customer decided to use XML documents to store sensitive information,
including usernames, groups and permissions. Somehow, there was a leak of this
information from the website to the media. Try to investigate the situation and come out
with the solution, which may identify and prevent future breaches
?
The other customer of your firm is trying to integrate the remote communication
mechanisms to deliver services to their clients. The requirement is a full security of the
connection, single point of authentication (they presently use ASP.NET authentication)
and proper use of error handling which may occur. Describe the solution, which will
work well for this customer.
Explanation / Answer
1) In first customers store develop website.
Problem : website may have bug. bug may be database related , API related also possible frontend side something goes wrong.
Solution: This problem can be solved by managing the preferences user in a table and by providing an image count in the same way as the pricing.
2) Another customer decided to use XML documents to store sensitive information
Problem : if we publish data carelessly, users can use common knowledge to infer more information from the published data, causing leakage of sensitive information.
The amount of leaked information depends on the number and type of regulating queries, the number and type of constraints, and the number of nodes satisfying the conditions in the constraints.
Our proposed techniques can measure how much sensitive data is leaked, and can also compute a valid partial document without information leakage.
Solution : the effect of data inference using common knowledge (represented as XML constraints) on data security in XML publishing.
We for- mulated the process how users can infer data using three types of common XML constraints.
We showed that there is a unique, maximal document that contains all possible inferred documents.
We developed algorithms for finding a partial document of a given XML document without causing information leakage.
Our experiments on real data sets showed that effect of inference on data security, and how the proposed techniques can avoid such leakage.
3) if customer integrate the remote communication mechanisms to deliver services to their clients in ASP.NET then this system have full security beacause Remote communication has more Benefits
like Cost savings, Security, Flexibility, Mobility, Increased collaboration, Quality control, Disaster recovery, Loss prevention, Automatic software updates, Sustainability.
This system never hack by hacker bcz website have SSL security between client and server.