Chris Pollett> Old Classses >
CS174
( Print View )

Student Corner:
[Final Exam-PDF]

[Submit Sec1]
[Grades Sec1]

[Lecture Notes]
[Discussion Board]

Course Info:
[Texts & Links]
[Description]
[Course Outcomes]
[Outcomes Matrix]
[Course Schedule]
[Grading]
[Requirements/HW/Quizzes]
[Class Protocols]
[Exam Info]
[Regrades]
[University Policies]
[Announcements]

HW Assignments:
[Hw1] [Hw2] [Hw3]
[Hw4] [Hw5] [Quizzes]

Practice Exams:
[Midterm] [Final]

HW#5 --- last modified November 27 2020 18:07:48.

Solution set.

Due date: Dec 7

Files to be submitted:
Hw5.zip

Purpose: Experiment with web security exploits and their mitigations.

Related Course Outcomes:

The main course outcomes covered by this assignment are:

CLO3 -- Write server-side scripts that process HTML forms.

CLO4 -- Write client-side scripts that validate HTML forms.

Description:

For this homework, I want you to implement three of the web site attacks given on the November 23 lecture. Put these in the files attack_1.php, attack_2.php, attack_3.php. For each attack, I then want you to modify the site you create showing the attack, to make another site which prevents the attack. Put these modified sites in the files: fix_1.php, fix_2.php, and fix_3.php. For each of site pair, I want you to have an explanation file which says what attack you were trying to demonstrate, how to see the file to observe the attack, and how your prevention site prevents the attack. Store these explanations in the files: explanation_1.txt, explanation_2.txt, explanation_3.txt. At least one of your attacks should involve a database attack.

Point Breakdown
Files attack_1.php, attack_2.php, attack_3.php have exploits as described.	3pts
Files fix_1.php, fix_2.php, fix_3.php are the same as their corresponding attack file but fix the exploit.	3pts
Files explanation_1.php, explanation_2.php, explanation_3.php clearly provide the information asked in the HW description.	3pts
At least one of your attacks should involve a database attack.	1pt
Total	10pts