Your Perfect Assignment is Just a Click Away
We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!

How It Works
Order Now
glass
pen
clip
papers
heaphones

Lab 7: Static Source Code Analysis

Jun 29, 2022 | Computer Science | 0 comments

Jun 29, 2022 | Computer Science | 0 comments

Lab 7: Static Source Code Analysis

Lab 7: Static Source Code Analysis

Introduction
Binary analysis and fuzzing are essential testing techniques for finding vulnerabilities. These kinds of techniques can be regarded as black-box testing/analysis techniques. Because testers don’t see the source code. (Black-box testing is a method of software testing that examines an application’s functionality without peering into its internal structures or workings-Wikipedia) Web application penetration testing is another example of black-box testing. You will be doing web application penetration testing labs in Modules 10, 11, and 12.

Another essential software testing is the static source code analysis (aka static code analysis or source code analysis). Source code analysis is a white box testing technique. There are many ways of performing source code analysis. It can be done without using any special tools; this is also known as peer-review. It can be done by using tools or by integrating both methods (hybrid way). Source code analysis is an integral part of the SDLC. In today’s modern cloud environments, cloud-based source code analysis services are integrated into CI/CD pipelines in a fully automated way, including submitting tickets to project management tools (such as Azure Boards) and assigning the tasks to the developers. Companies can find and subscribe to these services in marketplaces of cloud providers and the places like GitHub.

In this lab, you will use an open-source command-line tool called bandit to analyze the source code of a web service written in Python. (https://pypi.org/project/bandit/)

Resources – Optional
To learn more about Github Marketplace, check out this link: https://openclassrooms.com/en/courses/5671626-manage-your-code-project-with-git-github/6152331-enhance-your-github-experience-with-extra-tools#/id/r-6225566

Lab Environment
This virtual machine hosts the source codes of a project named Vulpy. (https://github.com/fportantier/vulpy) Vulpy is a vulnerable web application developed in Python. In this lab, you will analyze the source of the Vulpy project.

1. Open a terminal by clicking the terminal icon on the left menu.

2. Type “ll” to see the Vulpy project folder in the directory content. It has already been cloned to Ubuntu virtual machine using the following command:

git clone https://github.com/portantier/vulpy

3. Type bandit -r vulpy > result.txt to start source code analysis. It will take a couple of seconds to complete the analysis, and the results will be written in the results.txt file.

4. Open the results.txt file using an editor and take a screenshot of the beginning part of the report. You can use gedit (GUI), nano, or vi to open the file.

Questions
1. Submit the screenshot.

2. Choose one of the vulnerabilities within Bandit results and describe the countermeasure(s) to mitigate the vulnerability.

3. Determine the CWE (https://cwe.mitre.org/) that describes the vulnerability that you chose. Explain the CWE.

4. Summarize the vulnerability and the corresponding action as if you are explaining it to a non-technical person.

Order Solution Now

Our Service Charter

1. Professional & Expert Writers: Homework Free only hires the best. Our writers are specially selected and recruited, after which they undergo further training to perfect their skills for specialization purposes. Moreover, our writers are holders of masters and Ph.D. degrees. They have impressive academic records, besides being native English speakers.

2. Top Quality Papers: Our customers are always guaranteed of papers that exceed their expectations. All our writers have +5 years of experience. This implies that all papers are written by individuals who are experts in their fields. In addition, the quality team reviews all the papers before sending them to the customers.

3. Plagiarism-Free Papers: All papers provided by Homework Free are written from scratch. Appropriate referencing and citation of key information are followed. Plagiarism checkers are used by the Quality assurance team and our editors just to double-check that there are no instances of plagiarism.

4. Timely Delivery: Time wasted is equivalent to a failed dedication and commitment. Homework Free is known for timely delivery of any pending customer orders. Customers are well informed of the progress of their papers to ensure they keep track of what the writer is providing before the final draft is sent for grading.

5. Affordable Prices: Our prices are fairly structured to fit in all groups. Any customer willing to place their assignments with us can do so at very affordable prices. In addition, our customers enjoy regular discounts and bonuses.

6. 24/7 Customer Support: At Homework Free, we have put in place a team of experts who answer to all customer inquiries promptly. The best part is the ever-availability of the team. Customers can make inquiries anytime.

Homework Free Org

Your one stop solution for all your online studies solutions. Hire some of the world's highly rated writers to handle your writing assignments. And guess what, you don't have to break the bank.

© 2020 Homework Free Org

SERVICES OFFERED

Movie and Book Reviews
Online Essay Paper Help
Online Essay Paper Help
Help Choose Dissertation Topics
Dissertation Writing Help
Cheap Custom Research Papers

SERVICES OFFERED

PowerPoint Presentation Assignments
Resume Writing
Term Paper Writing
Top Rated Essay Writing Services
Dissertation Writing Services UK
Best Online Essay Writing Services