Scribd Logo
Upload

Welcome to Scribd!

  • Software Requirements Specification: Prepared By

    Uploaded by

    PS NaraYanan
    34 views8 pages
    This is an SRS Template

    Original Title

    Srs Template.doc

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This is an SRS Template

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    34 views8 pages

    Software Requirements Specification: Prepared By

    Uploaded by

    PS NaraYanan
    This is an SRS Template

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 8

    Software

    RequirementsSpecificationforViPER

    Page1

    SoftwareRequirements
    Specification
    for

    ViPER

    Preparedby,

    PS.NarayananU314BCA043

    AkhilMahendraU314BCA007

    AnanthankrishnanNairU314BCA013

    GokulGopinathPU314BCA025

    College:AmritaViswaVidyapeetham,Amritapuri

    August1stMonday

    SoftwareRequirementsSpecificationforViPER

    Page2

    TableofContents
    TableofContents
    RevisionHistory
    1. Introduction
    1.1 Purpose
    1.2 ProjectScope
    1.3 References

    2. OverallDescription
    2.1
    2.2
    2.3
    2.4
    2.5
    2.6
    2.7

    ProductPerspective

    ProductFeatures

    UserClassesandCharacteristics
    OperatingEnvironment
    DesignandImplementationConstraints
    UserDocumentation

    AssumptionsandDependencies

    3. SystemFeatures

    3.1 Reconnaissance
    3.2 InformationDisclosure
    3.3 Webvulnerabilitiescheck

    4. ExternalInterfaceRequirements
    4.1 UserInterfaces

    4.2 SoftwareInterfaces

    4.3 CommunicationsInterfaces

    5. OtherNonfunctionalRequirements
    5.1
    5.2
    5.3
    5.4

    PerformanceRequirements
    SafetyRequirements
    SecurityRequirements
    SoftwareQualityAttributes

    SoftwareRequirementsSpecificationforViPER

    1.

    Introduction

    Page3

    ThepurposeofthissectionistoprovidetheReaderwithageneral,backgroundinformationabout
    thepenetrationtestingtoolViPER.

    1.1

    Purpose

    ThisdocumentistheSoftwareRequirementSpecificationfortheViPERTool.ThisSRSdescribes
    thefunctionsandperformancerequirementsoftheViPERTool.Thisprojectaimsatdevelopinga
    toolforautomatingpenetrationtestingforwebapplications.Themainobjectiveofthistoolisto
    analysealmosteverypartoftheapplicationandtogivetheuserafeedbackbasedontheanalysis.

    1.2

    ProjectScope

    ViPERwillautomatethemanualreconnaissancetechniquesandalsochecksforanyweb
    vulnerabilities.Thistoolcomeswithawebinterface,soitwillbemoreeasytoreadthedata
    comparedtocommandlineinterface.

    1.3

    References

    OWASPhttps://www.owasp.org/index.php/Crosssite_Scripting_(XSS)

    SQLInjectionthroughHTTPheaders
    http://resources.infosecinstitute.com/sqlinjectionhttpheaders/

    Pathtravesalhttps://www.owasp.org/index.php/Path_Traversal

    Pythonhttps://www.python.org/doc/

    Djangohttps://docs.djangoproject.com/en/1.10/

    SoftwareRequirementsSpecificationforViPER

    2.

    OverallDescription

    2.1

    ProductPerspective

    Page4

    ViPERisdesignedtoautomaticallydetectsecurityissuesinwebapplications.Allitexpectsisthe
    URLofthetargetwebsiteandafterawhileitwillpresentyouwithitsfindings.Fromthesimple
    commandlineutilityscannertotheintuitiveanduserfriendlyWebinterfaceandcollaboration
    platform,ViPERfollowstheprincipleofleastsurpriseandprovidesyouwithplentyoffeedback
    andguidance.Fromausersoracomponentdeveloperspointofvieweverythingappearssimple
    andstraightforwardallthewhileprovidingpower,performanceandflexibility.

    2.2

    ProductFeatures

    Viperscansawebsitefromtheusergivenurlandanalysealmosteverypartofthe
    applicationandgenerateadetailedreporttotheuser.Itwillcoverallthebasicreconnaissanceand
    alsochecksforwebapplicationvulnerabilities.

    2.3

    UserClassesandCharacteristics

    Themajoruserclassesthatareexpectedtousethisproductareasfollows:

    2.3.1 PenetrationTesters

    Penetrationtestsersaretheactualusersofthistool.Theyusethesekindoftoolstoautomatetheir
    pentestingwhichwillsavealotoftimeandeffort.

    2.3.2 WebappTesters

    Webapplicationtestersusethistooltocheckwhethertheirwebappishavinganyvulnerability.

    2.3.3 SecurityEnthusiasts

    Thegeekswilluseourproducttoincreasetheirunderstandingofthepenetrationtestingtoolsand
    maycontributeonthesekindsofprojects.

    SoftwareRequirementsSpecificationforViPER

    2.4

    Page5

    OperatingEnvironment

    Asthistoolisalsohavingawebinterface,itmakesthetoolacrossplatformappandcanbeusedin
    anyoperatingsystem.However,thecommandlineinterfaceofthisappisavailabletoboth
    windowsandlinux(providedpythoninstalled).

    2.5

    DesignandImplementationConstraints

    Afterscanningaurlnoissuesdoesntmeanthewebappiscompletelysecured.Newthreatsare
    borndailyso,thereisnoguarenteethatthistooloranyothertoolcancompletelysecureaweb
    application.

    2.6

    UserDocumentation

    Toassisttheuserinunderstandingtheproductbetterandtoassisttheminbetterutilizationofthe
    productanditsfeatures,wewillbeprovidingausermanual.Wealsowillbegivingalinktothe
    userswheretheycanpostqueriesandquestionsregardingtheproductanditsfunctionality.Auser
    tutorialwillalsobeprovidedtoassisttheuseringettingstartedwiththeproduct.

    2.7

    AssumptionsandDependencies

    Currentlyallthemodulesarewritteninpython.Thereforepythonisrequiredtoruncommandline
    interfaceofthetool.

    3.

    SystemFeatures

    Thetoolconsistof2userinterfaces,acommandlineinterfaceforadvancedusersandaweb
    interfaceforallothers.Boththeseuserinterfacecontainallthemodules.

    3.1

    Reconnaissance

    3.1.a HTTPHeaderchecks
    3.1.b HTTPenabledmethodscheck(CrossSiteTracing)
    3.1.c Cookiechecks(decodesbase64automatically)

    3.1.1

    DescriptionandPriority

    Reconnaissanceorpreliminarysurveyingorresearchisdonefirst.Thisgivestheuserabasic
    overviewoftheirwebappaswellassomebasicreconchecksmentionedabove.
    Intotalthereconnaissncemodulewillgivetheuseranoverviewabouttheresponseheaderandalso
    basicreconresultsincludingCSSchecksandcookiechecks.

    SoftwareRequirementsSpecificationforViPER

    3.1.2

    Page6

    Stimulus/ResponseSequences

    Stimulus:
    Response:
    Stimulus:
    Response:

    Userinputsaurlofthewebapp.
    Systemasksforreconnaissanceoptions.
    Usergivesspecificoptions
    Systemscanstheurlwiththeoptionsandgivesdetailedreportofthescan.

    3.2

    InformationDisclosure

    3.2.a
    3.2.b
    3.2.c
    3.2.d

    Robots.txtAnalysis
    .htaccesspublicaccesscheck
    .svn/entriespublicaccesscheck
    MicrosoftIIS,internalIPdisclosurecheck

    3.2.1 DescriptionandPriority
    Informationdisclosureenablesanattackertogainvaluableinformationaboutasystem.The
    informationcollectedcanbeusedtoattackthewebsites.

    3.2.2

    Stimulus/ResponseSequences

    Stimulus:
    Response:
    Stimulus:
    Response:

    Userinputsaurlofthewebapp.
    SystemasksforInformationdisclosuresuboptions.
    Usergivesspecificoptions
    Systemscanstheurlwiththeoptionsandgivesdetailedreportofthescan.

    3.3Webvulnerabilitiescheck

    3.3.a ErrorbasedSQlinjection
    3.3.bCrossSiteScripting
    3.3.c OtherURLbasedattacks

    3.3.1 DescriptionandPriority

    Thismodulewillcheckforallpossiblewebbasedattacksandifanywebvulnerabilities
    found,alinkabouthowtoexploitthevulnerabilityisgivenbacktouser.

    3.2.2

    Stimulus/ResponseSequences

    Stimulus:
    Userinputsaurlofthewebapp.
    Response:
    Systemasksforwebattacksuboptions.
    Stimulus:
    Usergivesspecificoptions
    Response:
    Systemperformsspecificattacksintheurlwiththeoptionsandgives
    detailedreportofthescan.

    SoftwareRequirementsSpecificationforViPER

    Page7

    4.

    ExternalInterfaceRequirements

    4.1

    UserInterfaces

    Basicallytherewillbetwointerfacesi.e.,acommandlineinterfaceandawebuserinterface.The
    commandlineinterfaceisforadvanceduserswhichgivesthemmorecontroloverthetool.Theweb
    interfacewillprovidethesamefunctionsbuttherewillbelesscontrolcomparedtothecommand
    line.Thisismainlyforthenormalusers.

    4.2

    SoftwareInterfaces

    Softwarewilldependonthesecurityfeaturesprovidedbytheoperatingsystemandthelanguage
    python.

    4.3

    CommunicationsInterfaces

    ThistooluseswebbrowsertodisplaythewebUI.Latestversionoffirefoxorgooglechromeis
    recommended.

    5.

    OtherNonfunctionalRequirements

    5.1

    PerformanceRequirements

    Inordertogetmaximumperformanceofthetool,thecommandlineuserinterfaceislimitedtouse
    only3optionsatatime.

    5.2

    SafetyRequirements

    Usingthistooltoscanwebsiteswithouttheirpriorknowledgeisconsideredasblackhatactivity
    anddoingsoisacriminaloffence.

    5.3

    SecurityRequirements

    ThesafetypartofthesystemwillbebasedonthefacilitiesprovidedbytheOSandtheinherent
    securityfeaturesprovidedbythePythonlanguage.

    SoftwareRequirementsSpecificationforViPER

    5.4

    SoftwareQualityAttributes

    Page8

    ThetoolisbasedonPython,whichmakesitscalableandeasytomaintain.Secondlythesystemwill
    providetheuserwitheasytouseandunderstandableGUIinterface.Usercaneasilyinteractwith
    thetoolwithmenusandtextareas.

    You might also like