Chris Pollett > Old Classes >
CS174
( Print View )

Student Corner:
  [Grades Sec1]
  [Grades Sec2]

  [Submit Sec1]
  [Submit Sec2]

  [Class Sign Up Sec1]
  [Class Sign Up Sec2]

  [Lecture Notes]
  [Discussion Board]

Course Info:
  [Texts & Links]
  [Topics/Outcomes]
  [Outcomes Matrix]
  [Grading]
  [HW Info]
  [Exam Info]
  [Regrades]
  [Honesty]
  [Additional Policies]
  [Announcements]

HW Assignments:
  [Hw1]  [Hw2]  [Hw3]
  [Hw4]  [Hw5]  [Hw6]

Practice Exams:
  [Mid1]  [Final] 

                           












HW#5 --- last modified February 28 2019 22:29:02..

Solution set.

Due date: Nov 24

Files to be submitted:
  Hw5.zip

Purpose: To gain experience with creating web sites which are secure against attacks.

Related Course Outcomes:

The main course outcomes covered by this assignment are:

(1) [Write HTML documents containing standard HTML elements including forms, tables, client-side scripts, and server-side scripts.]

(3)[Write server-side scripts that process HTML forms.]

(5) [Develop and deploy web applications that involve components, web services, and databases. ]

Specification:

For the first part of this assignment, you should write the following test pages (these pages are allowed to use auxiliary pages): xss.php, no_xss.php, csrf.php, no_csrf.php, and sql_inject.php, no_sql_inject.php. The first version of each pair of pages should be an initial page you could go to that demonstrates a site with the given vulnerability. So xss.php would be a landing page for a site that is vulnerable to cross-site scripting. The no version of each pair of pages should be a fixed version of the same site that is not vulnerable to the attack. You should have a file readme.txt , which explains to the grader how to test out the vulnerable-ness of the site.

For the second part of the homework. I want you to download openssl, and try creating your own self-signed certificate. You should include your server.key, server.csr, and server.crt files in your submitted zip file. You should also include a certificate.log file which should have a transcript of what you did at the command prompt when you made the certificate.

For the last part of the assignment, I want you to download Subversion. Again, I want you to make a transcript file of what you do, subversion.log, which you include in the submitted ZIP file. Using subversion, I want you to create a new repository with directories trunk, branch, and tags. Then I want you to check out two instances of it and for now work in the trunk subdirectory. You should add a text file to the repository, in one of these two instances, check it in. Next svn up in the other local repository to see what it says. Now edit the file in the other repository and create a patch. Try applying the patch to the first local repository. Continuing in this fashion I want you to modify the test file in such a way that after you check it in when you svn up in the other repository you see a conflict. Resolve this conflict. Lastly, do an experiment creating a branch and merging it back to trunk.

Point Breakdown

Attack tests and mitigations as described (2 pts for each) 6pts
openssl experiment 2pts
subversion experiment 2pts
Total10pts