Programming Secure Software Systems Case Study: Safe programming issues

Related outcomes from the unit outline: 

1. Analyse the existence of vulnerabilities inherent in insecure software products

2. Assure quality by using elements of a secure framework

3. Judge the effectiveness of mitigation strategies for security vulnerabilities

Case Description: Vulnerability Detection, Analysis and Mitigation

The problem space is the File Transfer Protocol (FTP).  You will be given some code samples to evaluate.  You should:

• Provide a short discussion (2-3 pages) of the existing vulnerabilities in the protocol.
• Clearly identify vulnerabilities in the code samples.
• Describe and implement (i.e., modify the code) mitigations.
• Amend the code (without introducing new vulnerabilities) by providing commandline parameters in place of the existing interface.
• Referring back to the first point, demonstrate that, whilst your code may be now secure, the protocol itself is still insecure.
• Discuss and implement (if possible) a secure implementation of the protocol by adding to your code. The objective is not to write new code, but to use existing libraries.
• Ensure that your code compiles/links with gcc and runs within the Linux environment supplied in the unit.

You must:

• Provide a zip file containing your assignment as a Word document. The assignment should contain your code. No other compression formats accepted. No other document formats accepted.

Document Style

• Your document must be in MS-Word format (.doc/.docx), body text 12 point Arial font, double spaced, fully justified and include page numbers.

Attachment:- Assignment Files.zip