Scribd
Upload
34 views

19ecs448p Secure Software Engineering Lab Manual

Uploaded by

sweetysundarraj
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
34 views

19ecs448p Secure Software Engineering Lab Manual

Uploaded by

sweetysundarraj
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

lOMoARcPSD|46418962

19ECS448P Secure Software Engineering - Lab Manual

Secure Software Engineering (Gandhi Institute of Technology and Management


(Deemed to be University))

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university


Downloaded by M. Anitha ([email protected])
lOMoARcPSD|46418962

GITAM UNIVERSITY
(DEEMED TO BE UNIVERSITY) GITAM GITAM School of Technology

Department of Computer Science and Engineering

19ECS448P: SECURE SOFTWARE ENGINEERING

LAB MANUAL

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

List of experiments
P.
S.No Experiments No

INTERACTIVE TASKS FROM CODE BASHING

1. 1Android Application - Forceful Browsing

2. iOS Application - Forceful Browsing

3. Secure Cookie Flag

4. SQL Injection

5. Command Injection

6. No Server-Side Validation

7. Stack Overflows

8. Broken Object Level Authorization

9. Broken Function Level Authorization

10. Cross-Site Scripting

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Secure Code Testing in SNYK (Python)

1. 1Evaluating user-supplied input

2. Authentication check using SQL

3. F.read function Check

4. Evaluation of Post Function

5. Evaluation of Read Function

6. Fetch Data Function

7. Search Function

8. Arguments

Secure Code Testing in SNYK (Java)

9. File Operations

10. String Operations

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 1 Android Application - Forceful Browsing

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 2 iOS Application - Forceful Browsing

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 3 Secure Cookie Flag

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 4 SQL Injection

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 5 Command Injection

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 6 No Server-Side Validation

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 7 Stack Overflows

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 8 Broken Object Level Authorization

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 9 Broken Function Level Authorization

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 10 Cross-Site Scripting

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Secure Code Testing in SNYK (Python)

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 1 Evaluating user-supplied input

1- from flask import Flask, request

app = Flask(__name__)

@app.route('/run_command', methods=['POST'])
def run_command():
cmd = request.form.get('cmd')
result = eval(cmd) # VULNERABILITY: Evaluating user-supplied input as code is a dangerous practice
return result

if __name__ == '__main__':
app.run()

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 2 Authentication check using SQL

2-import mysql.connector
def get_user_info(username):
conn = mysql.connector.connect(user='user', password='password', host='host',
database='database')
cursor = conn.cursor()
query = "SELECT * FROM users WHERE username='" + username + "'"
cursor.execute(query)
results = cursor.fetchall()
cursor.close()
conn.close()
return results
username = input("Enter your username: ")
print(get_user_info(username))

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 3 F.read function Check

3-def process_input(user_input):
with open(user_input, "r") as f:
content = f.read()
print(content)
user_input = input("Enter a file name: ")
process_input(user_input)

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 4 Evaluation of Post Function

4- from flask import Flask, request app = Flask(__name__)


@app.route('/transfer', methods=['POST']) def transfer():

amount = request.form.get('amount')
recipient = request.form.get('recipient')
# Transfer the funds...
return 'Funds transferred successfully!'

if __name__ == '__main__':
app.run()

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 5 Evaluation of Read Function

5-def read_credit_card_number():
card_number = input("Enter your credit card number: ")
# do something with card_number return card_number

def process_payment(card_number):
# process payment with card_number pass
card_number = read_credit_card_number()
process_payment(card_number)

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 6 Fetch Data Function

6-import requests
def fetch_data_from_url(url):
response = requests.get(url)
data = response.text
exec(data)
url = input("Enter a URL: ")
fetch_data_from_url(url)

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 7 Search Function

7- from flask import Flask, request


app = Flask(__name__)
@app.route('/search')
def search():
query = request.args.get('q')
return f'Search results for: {query}'
if __name__ == '__main__':
app.run()

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 8 Arguments

import os
import urllib
from flask import Flask, request
from django.db import connection, models
from django.db.models.expressions import RawSQL

app = Flask(__name__)

@app.route("/code-execution")
def code_execution():
code1 = request.args.get("code1")
exec("setname('%s')" % code1)
return a

@app.route("/open-redirect")
def open_redirect():
redirect_loc = request.args.get('redirect')
return redirect(redirect_loc)
@app.route("/sqli/<username>")
def show_user(username):
with connection.cursor() as cursor:
cursor.execute("SELECT * FROM users WHERE username = '%s'" % username)

if __name__ == '__main__':
app.run(host='0.0.0.0', port=9000)

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Secure Code Testing in SNYK (Java)

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 9 File Operations

9-import java.io.*;
public class UnvalidatedInput {
public static void main(String[] args) {
String filename = args[0];
File file = new File(filename);
try (FileReader reader = new FileReader(file)) {
char[] buffer = new char[(int) file.length()];
reader.read(buffer);
System.out.println(buffer);

} catch (IOException e) { System.out.println("Error reading file");


}
}
}

Downloaded by M. Anitha ([email protected])


lOMoARcPSD|46418962

Ex. 10 String Operations

10- import java.sql.*;


import java.util.Scanner;
public class SqlInjection {

public static void main(String[] args) { Scanner scanner = new


Scanner(System.in); System.out.print("Enter username: "); String
username = scanner.nextLine(); System.out.print("Enter password:
"); String password = scanner.nextLine();
try (Connection connection =
DriverManager.getConnection("jdbc:postgresql://localhost/mydb",
"user", "pass")) {

String query = "SELECT * FROM users WHERE username = '" + username + "' AND
password = '" + password + "'";

Statement statement = connection.createStatement(); ResultSet resultSet =


statement.executeQuery(query);
if (resultSet.next()) {
System.out.println("Login successful");
} else {
System.out.println("Login failed");
}
} catch (SQLException e) {
System.out.println("Error connecting to database");
}
}
}

Downloaded by M. Anitha ([email protected])

You might also like