Professional Documents
Culture Documents
SCSV Lab Manual 2023
SCSV Lab Manual 2023
vulnerability
Lab Manual
Department of Computer Science and Engineering
The NorthCap University, Gurugram
SCV|2
Session 2021-2022
SCV|3
Published by:
© Copyright Reserved
Copying or facilitating copying of lab work comes under cheating and is considered as use of
unfair means. Students indulging in copying or facilitating copying shall be awarded zero marks
for that particular experiment. Frequent cases of copying may lead to disciplinary action.
Attendance in lab classes is mandatory.
Labs are open up to 7 PM upon request. Students are encouraged to make full use of labs beyond
normal lab hours.
PREFACE
SCV|4
Secure Coding and Software Vulnerability Lab Manual is designed to meet the course and
program requirements of NCU curriculum for B.Tech IIIsemester students of CSE Cyber
Security Specialization . The concept of the lab work is to give brief practical experience for
basic lab skills to students. It provides the space and scope for self-study so that students can
come up with new and creative ideas.
The Lab manual is written on the basis of “teach yourself pattern” and expected that students
who come with proper preparation should be able to perform the experiments without any
difficulty. Brief introduction to each experiment with information about self-study material is
provided.
The Laboratory includes common softwarevulnerabilities and how to find them, as well as how
the vulnerabilities can be exploited usingreverse engineering &its tools. It also includes how
buffer overflow attack happens and howattackers utilize it to gain access to the vulnerable
system. Finally, at the end popular web SQLinjection attack, and their common defense is
implemented.At the start of each experiment a question bank for preparation and practice is
suggested which may be used to test the basic understanding of the students about the
experiment. Students are expected to come thoroughly prepared for the lab. General disciplines,
safety guidelines and report writing are also discussed.
The lab manual is a part of curriculum for the TheNorthCap University, Gurugram. Teacher’s
copy of the experimental results and answer for the questions are available as sample guidelines.
We hope that lab manual would be useful to students of CSE, IT, ECE and BSc branches and
author requests the readers to kindly forward their suggestions / constructive criticism for further
improvement of the workbook.
Author expresses deep gratitude to Members, Governing Body-NCU for encouragement and
motivation.
Authors
The NorthCap University
Gurugram, India
CONTENTS
Syllabus VI-IX
1 Introduction X
2 Lab Requirement XI
COURSE TEMPLATE
6. Type of Course
Programme Core Programme Elective Open Elective
(Check one):
9. Brief Syllabus:
This course deals with security architecture elements within modern object-oriented programming
languages that create the framework for secure programming. This course would cover the design
and implementation of secure systems. Coding Standards, best practices, guidelines and style will
further enhance the ability to develop secure code. This course includes common software
vulnerabilities and how to find them, as well as how the vulnerabilities can be exploited using
reverse engineering & its tools. It also includes how buffer overflow attack happens and how
attackers utilize it to gain access to the vulnerable system. Finally, at the end popular web SQL
injection attack, and their common defenseis implemented.
Total lecture, Tutorial and Practical Hours for this course (Take 15 teaching weeks per
semester): 90
Practice
Lectures: 30 hours
Tutorials: 15 hours Lab Work: 45 hours
10. Course Outcomes (COs)
Possible usefulness of this course after its completion i.e. how this course will be practically
useful to him once it is completed
Understand the need for secure coding and follow fundamental secure coding
CO 1
guidelines.
Describe and compare software engineering practices and apply reverse engineering on
CO 2
vulnerable software.
Develop skills to find the low-level vulnerabilities in software application and exploit
CO 3
these vulnerabilities using buffer overflow attack.
CO 4
Identify the vulnerabilities of database in the web application and fix these
SCV|7
vulnerabilities.
11. UNIT WISE DETAILS No. of Units: 4
Testing methodologies
http://packetstormsecurity.nl/programming-tutorials/
http://irccrew.org/~cras/security/c-guide.html
http://www.dwheeler.com/secure-programs/
www.securecoding.org/
Text Books:
1. Gray R.,"Software Security, “Building Security In", Addison-Wesley Software Security, 2nd
Edition, 2006
2. Dafydd stuttard, Marcus Pinto, “The Web Application Hacker's Handbook", Wiley Publishing,
2nd Edition, 2011
Reference Books:
1. Kenneth van Wyk, Mark Graff, “Secure Coding: Principles and Practices”, O'Reilly Media 2nd
Edition, 2003
2. Robert C. Seacord, "Secure Coding in C and C++ ", SEI Series in Software Engineering, 2nd
Edition, 2013
3. Michael Howard, David LeBlanc, "Writing Secure Code", 2nd Edition, 2003
Reference Websites: (nptel, swayam, coursera, edx, udemy, lms, official documentation
weblink)
https://nptel.ac.in/noc/individual_course.php?id=noc19-cs29
https://www.cybrary.it/course/cryptography/
https://nptel.ac.in/courses/106106199/
https://www.cybrary.it/course/secure-coding/
eBooks:
secure coding in JAVA
https://medium.com/set1-interview-questions
https://www.sanfoundry.com/cyber-security-questions-answers-buffer-overflow-1/
SCV|10
1. INTRODUCTION
To familiarize the students with the basic concepts, of secure programming and the
take home laboratory assignments mainly implementation-oriented which includes
threats, mitigation and detection techniques. The lab sessions will be based on
exploring the concepts discussed in class.
Observing Security problems in Software Programs
Reporting and analysing the security threats and exploits in programs.
Hands on experience on mitigation techniques
SCV|11
1. LAB REQUIREMENTS
Requirements Details
Hardware Requirements Windows and Linux: Intel 64/32 or AMD Athlon 64/32,
or AMD Opteron processor
16 GB RAM
256 GB hard disk space
Required Bandwidth NA
SCV|12
3. GENERAL INSTRUCTIONS
Students must turn up in time and contact concerned faculty for the experiment they
are supposed to perform.
Students will not be allowed to enter late in the lab.
Students will not leave the class till the period is over.
Students should come prepared for their experiment.
Experimental results should be entered in the lab report format and certified/signed
by concerned faculty/ lab Instructor.
Students must get the connection of the hardware setup verified before switching on
the power supply.
Students should maintain silence while performing the experiments. If any necessity
arises for discussion amongst them, they should discuss with a very low pitch
without disturbing the adjacent groups.
Violating the above code of conduct may attract disciplinary action.
Damaging lab equipment or removing any component from the lab may invite
penalties and strict disciplinary action.
3.2 Attendance
Students should come to the lab thoroughly prepared on the experiments they are
assigned to perform on that day. Brief introduction to each experiment with
information about self study reference is provided on LMS.
Students must bring the lab report during each practical class with written records
of the last experiments performed complete in all respect.
Each student is required to write a complete report of the experiment he has
performed and bring to lab class for evaluation in the next working lab. Sufficient
space in work book is provided for independent writing of theory, observation,
calculation and conclusion.
SCV|13
Students should follow the Zero tolerance policy for copying / plagiarism. Zero
marks will be awarded if found copied. If caught further, it will lead to disciplinary
action.
Refer Annexure 1 for Lab Report Format
SCV|14
1. LIST OF EXPERIMENTS
1. LIST OF PROJECTS
SCV|16
2. RUBRICS
Marks Distribution
Continuous Evaluation(50 Marks) End Semester Exam (20 Marks)
Each experiment shall be evaluated for 10 End semester practical evaluation including
marks and at the end of the semester carries 20 marks.
proportional marks shall be awarded out of
50.
Following is the breakup of 10 marks for each
4 Marks: Observation & conduct of
experiment. Teacher may ask questions about
experiment.
3 Marks: For report writing
3 Marks: For the 15 minutes quiz to be conducted
in every lab.
Annexure1
(CSL 283)
Roll No.:
Semester:
Group:
Session 2021-2022
INDEX
S.No Experiment Page Date of Date of Marks CO Signature
No. Experiment Submission Covere
d
Experiment No. 1
Objective
To familiarize the students about the secure coding Concepts
Program Outcome
The students will understand the concepts of vulnerabilities and coding securely
Problem Statement
Prepare a report on software vulnerabilities? Types of software Vulnerabilities? Name atleast 3 Latest
Software vulnerabilities.
Background Study:
A software vulnerability is a defect in software that could allow an attacker to gain control of a
system. These defects can be because of the way the software is designed, or because of a flaw in
the way that it’s coded.
WhatCan Cause a Software Vulnerability?There are two main things that can cause a software
vulnerability. A flaw in the program’s design, such as in the login function, could introduce a
vulnerability. But, even if the design is perfect, there could still be a vulnerability if there’s a mistake
in the program source code.
Coding errors could introduce several types of vulnerabilities, which include the following:Buffer
overflows – These allow someone to put more data into an input field than what the field is supposed
to allow. An attacker can take advantage of this by placing malicious commands into the overflow
portion of the data field, which would then execute.
Questions
SCV|4
Q2. Which phase of software development life cycle needs to be made secure?
Q3. What is Static and Dynamic analysis of code? What are the different tools
SCV|5
An attacker first finds out if a system has a software vulnerability by scanning it. The scan can
tell the attacker what types of software are on the system, are they up to date, and whether any
of the software packages find that out, he and she will have a better idea of what types of
attacks to launch against the system. A successful attack would result in the attacker being able
to run malicious commands on the target system.
Secure coding, the principle of designing code that adheres to code security best practices,
safeguards and protects published code from known, unknown and unexpected vulnerabilities
such as security exploits, the loss of cloud secrets, embedded credentials, shared keys,
confidential business data and personally identifiable information.
Buffer overflow, stack overflow, command injection and SQL injections are the most common
attacks on the software.
Buffer and stack overflow attacks overwrite the contents of the heap or stack respectively by
writing extra bytes.
SCV|6
What is static and dynamic analysis of code? What are the different tools
Dynamic code analysis – also called Dynamic Application Security Testing (DAST) – is
designed to test a running application for potentially exploitable vulnerabilities. DAST
tools to identify both compile time and runtime vulnerabilities, such as configuration
errors that only appear within a realistic execution environment.
Static analysis tools refer to a wide array of tools that examine source code,
executables, or even documentation, to find problems before they happen; without
actually running the code.
User restrictions must be properly enforced. If they are broken, it can create a software
vulnerability. Untrustworthy agents can exploit that vulnerability.
2. Cryptographic Failures
3. Injection
Injection flaws occur when untrusted data is sent as part of a command or query. The
attack can then trick the targeted system into executing unintended commands. An
attack can also provide untrustworthy agents access to protected data.
4. Insecure Design
Insecure design refers to risks related to design flaws, which often includes the lack of
at least one of the following:
• Threat modeling
SCV|7
W3AF is a free and open-source tool known as Web Application Attack and
Framework. This tool is an open-source vulnerability scanning tool for web
applications. It creates a framework which helps to secure the web application by
finding and exploiting the vulnerabilities. This tool is known for user-friendliness.Along
with vulnerability scanning options, W3AF has exploitation facilities used for penetration
testing work as well.
Moreover, W3AF covers a high-broaden collection of vulnerabilities. Domains that are
attacked frequently, especially with newly identified vulnerabilities, can select this tool.
(2.) Nmap :-
Nmap is one of the well-known free and open-source network scanning tools among
many security professionals. Nmap uses the probing technique to discover hosts in the
network and for operating system discovery.This feature helps in detecting
vulnerabilities in single or multiple networks. If you are new or learning with
vulnerabilities scanning, then Nmap is a good start.
(3.) Intruder :
Intruder is a paid vulnerability scanner specifically designed to scan cloud-based
storage. Intruder software starts to scan immediately after a vulnerability is released.
The scanning mechanism in Intruder is automated and constantly monitors for
vulnerabilities.
Intruder is suitable for enterprise-level vulnerability scanning as it can manage many
devices. In addition to monitoring cloud-storage, Intruder can help identify network
vulnerabilities as well as provide quality reporting and suggestions.
(4.) Aircrack :-
Aircrack also is known as Aircrack-NG, is a set of tools used for assessing the WiFi
network security. These tools can also be utilized in network auditing, and support
multiple OS’s such as Linux, OS X, Solaris, NetBSD, Windows, and more.
The tool will focus on different areas of WiFi security, such as monitoring the packets
and data, testing drivers and cards, cracking, replying to attacks, etc. This tool allows
you to retrieve the lost keys by capturing the data packets.
SCV|8
(1.) Injection :-
Injection occurs when an attacker exploits insecure code to insert (or inject) their own
code into a program. Because the program is unable to determine code inserted in this
way from its own code, attackers are able to use injection attacks to access secure
areas and confidential information as though they are trusted users. Examples of
injection include SQL Injections, command injections, CRLF injections, and LDAP
injections. Application security testing can reveal injection flaws and suggest
remediation techniques such as stripping special characters from user input or writing
parameterized SQL queries.
If authentication and access restriction are not properly implemented, it's easy for
attackers to take whatever they want. With broken access control flaws,
unauthenticated or unauthorized users may have access to sensitive files and systems,
or even user privilege settings.
Configuration errors and insecure access control practices are hard to detect as
automated processes cannot always test for them. Penetration testing can detect
missing authentication, but other methods must be used to determine configuration
problems. Weak access controls and issues with credentials
management are preventable with secure coding practices, as well as preventative
measures like locking down administrative accounts and controls and using multi-factor
authentication.
Deserialization, or retrieving data and objects that have been written to disks or
otherwise saved, can be used to remotely execute code in your application or as a door
to further attacks. The format that an object is serialized into is eitherstructured or binary
text through common serialization systems like JSON andXML. This flaw occurs when
an attacker uses untrusted data to manipulate an application, initiate a denial of service
(DoS) attack, or execute unpredictable code to change the behavior of the application.
SCV|9
SCV|10
Experiment No. 2
Objective
To familiarize the students about the various software models and methodology
Program Outcome
The students will understand the Basics of Software Engineering
Problem Statement
(ii) Explain and compare different SDLC models (waterfall, Incremental, Spiral, RAD, Iterative)
Background Study:
Security is an important part of any application that encompases critical functionality. This can
be as simple as securing your database from attacks by nefarious actors or as complex as
applying fraud processing to a qualified lead before importing them into your platform.
Security applies at every phase of the software development life cycle (SDLC) and needs to be at
the forefront of your developers’ minds as they implement your software’s requirements. In this
article, we’ll explore ways to create a secure SDLC, helping you catch issues in requirements
before they manifest as security problems in production.
SCV|11
Questions
Algorithm/Flowchart/Code/Sample Outputs
Introduction
The software development life cycle (SDLC) is a process used by software development teams to
plan, design, build, test, and deploy software. The SDLC provides a structured approach to
software development and can be broken down into several phases:
The team gathers and analyzes information about the software project to determine what needs to be
built. This phase involves interviewing stakeholders and end-users, reviewing existing systems, and
gathering information about the business needs and objectives of the project. For example, a team
SCV|13
developing a new e-commerce platform would gather information about the types of products that
will be sold, the payment methods that will be supported, and the shipping options that will be
available.
Stage 2 . Design:
The team creates a detailed design of the software, including its architecture, user interface, and data
structures. During this phase, the team develops a blueprint of the system that defines how the
various components of the software will interact with each other. For example, a team designing a
new mobile app would create wireframes and mockups of the app's user interface, and develop a plan
for how the app will access data from a remote server.
Stage 3. Implementation:
The team writes code to implement the software based on the design. This phase involves writing the
actual code for the software and integrating it with any external systems or libraries. For example, a
team implementing a new e-commerce platform would write the code for the website's shopping
cart, and integrate it with a payment gateway to support online transactions.
Stage 4 . Testing:
The team tests the software to ensure that it meets the requirements and is free of bugs. This phase
involves conducting various types of testing, such as unit testing, integration testing, and acceptance
testing. For example, a team testing a new mobile app would conduct testing on multiple devices to
ensure that the app is compatible with different screen sizes and operating systems.
SCV|14
Stage 5. Deployment:
The software is deployed to production and made available to users. This phase involves installing the
software on the target systems and configuring it for production use. For example, a team deploying a
new e-commerce platform would install the software on a web server, configure the database, and
test the system to ensure that it is running smoothly.
Stage 6 . Maintenance:
After the software is deployed, the team continues to maintain and support it, addressing any issues
that arise and making updates as needed. This phase involves monitoring the system for errors, fixing
bugs, and implementing new features as required. For example, a team maintaining a new mobile app
would release updates to fix any bugs that are reported, and add new features to enhance the user
experience.
SDLC Models
There are various software development life cycle models defined and designed which are followed
during the software development process. These models are also referred as Software Development
Process Models". Each process model follows a Series of steps unique to its type to ensure success in
the process of software development.
Following are the most important and popular SDLC models followed in the industry.
1. Waterfall Model
The Waterfall model is a linear, sequential approach to software development. Each phase of
the SDLC is completed in its entirety before moving on to the next phase. The Waterfall model
is best suited to projects with well-defined requirements and a clear end goal.
SCV|15
2. Incremental Model
3. Spiral Model
Spiral model is one of the most important Software Development Life Cycle models, which
provides support for Risk Handling. In its diagrammatic representation, it looks like a spiral
with many loops. The exact number of loops of the spiral is unknown and can vary from
project to project. Each loop of the spiral is called a Phase of the software development
process.
4. Rad Model
RAD is a linear sequential software development process model that emphasizes a concise
development cycle using an element based construction approach. If the requirements are
well understood and described, and the project scope is a constraint, the RAD process enables
a development team to create a fully functional system within a concise time period.
When the system should need to create the project that modularizes in a short span time (2-3
months).
When there's a necessity to make a system, which modularized in 2-3 months of period.
It should be used only if the budget allows the use of automatic code generating tools.
5. Iterative Model
The Iterative Model allows the accessing earlier phases, in which the variations made
respectively. The final output of the project renewed at the end of the Software Development
Life Cycle (SDLC) process.
SCV|18
Other related methodologies are Agile Model, RAD Model, Rapid Application Development and
Prototyping Models.
SCV|19
Agile Methodology
Agile model believes that every project needs to be handled differently and the existing methods
need to be tailored to best suit the project requirements. In Agile, the tasks are divided to time boxes
(small time frames) to deliver specific features for a release.
Iterative approach is taken and working software build is delivered after each iteration. Each build is
incremental in terms of features; the final build holds all the features required by the customer.
Working software − Demo working software is considered the best means of communication
with the customers to understand their requirements, instead of just depending on
documentation.
DevOps Methodology
SCV|21
DevOps defines an agile relationship between operations and Development. It is a process that is
practiced by the development team and operational engineers together from beginning to the final
stage of the product.
Learning DevOps is not complete without understanding the DevOps lifecycle phases. The DevOps
lifecycle includes seven phases as given below:
1) Continuous Development
This phase involves the planning and coding of the software. The vision of the project is decided
during the planning phase. And the developers begin developing the code for the application. There
are no DevOps tools that are required for planning, but there are several tools for maintaining the
code.
2) Continuous Integration
This stage is the heart of the entire DevOps lifecycle. It is a software development practice in which
the developers require to commit changes to the source code more frequently. This may be on a daily
or weekly basis. Then every commit is built, and this allows early detection of problems if they are
present. Building code is not only involved compilation, but it also includes unit testing, integration
testing, code review, and packaging.
SCV|22
3) Continuous Testing
This phase, where the developed software is continuously testing for bugs. For constant testing,
automation testing tools such as TestNG, JUnit, Selenium, etc are used. These tools allow QAs to test
multiple code-bases thoroughly in parallel to ensure that there is no flaw in the functionality. In this
phase, Docker Containers can be used for simulating the test environment.
SCV|23
4) Continuous Monitoring
Monitoring is a phase that involves all the operational factors of the entire DevOps process, where
important information about the use of the software is recorded and carefully processed to find out
trends and identify problem areas. Usually, the monitoring is integrated within the operational
capabilities of the software application.
5) Continuous Feedback
The application development is consistently improved by analyzing the results from the operations of
the software. This is carried out by placing the critical phase of constant feedback between the
operations and the development of the next version of the current software application.
6) Continuous Deployment
In this phase, the code is deployed to the production servers. Also, it is essential to ensure that the
code is correctly used on all the servers.
SCV|24
The new code is deployed continuously, and configuration management tools play an essential role in
executing tasks frequently and quickly. Here are some popular tools which are used in this phase, such
as Chef, Puppet, Ansible, and SaltStack.
7) Continuous Operations
All DevOps operations are based on the continuity with complete automation of the release process
and allow the organization to accelerate the overall time to market continuingly.
SCV|25
Experiment No:3
Objective
To familiarize the students about the secure coding language.
Program Outcome
The students will understand the how to write a secure code in C/C++
Problem Statement
Write a secure program in C/C++ using string functions to compare two strings.
Background Study:
Secure coding is the practice of developing computer software in a way that guards against the
accidental introduction of security vulnerabilities. Defects, bugs and logic flaws are consistently
the primary cause of commonly exploited software vulnerabilities.
1. Validate input.
2. Heed compiler warnings.
3. Architect and design for security policies.
4. Keep it simple.
5. Default deny.
6. Adhere to the principle of least privilege.
7. Sanitize data sent to other systems.
8. Practice defense in depth.
9. Use effective quality assurance techniques.
10. Adopt a secure coding standard.
SCV|26
E.g.
Questions
Q2. Which phase of software development life cycle needs to be made secure?
Q3. What all work has been done in direction of making the code secure?
#include <stdio.h>
#include <string.h>
int main()
int result, i;
gets(Str1);
gets(Str2);
SCV|28
else
return 0;
}
SCV|29
#include<stdio.h>
#include<string.h>
int main()
gets(a);
gets(b);
if( strcmp(a,b) == 0 )
else
return 0;
}
SCV|30
Experiment No: 4
Date:13-2-23
Faculty Signature:
Remarks:
Objective
To familiarize the students about the vulnerabilities in the software codes.
Program Outcome
The students will understand what non-complaint codes are and how the vulnerabilities in the code
can lead to exploitation.
Problem Statement
Find the Non-complaint codes in C/C++ or Java and write the complaint codes for the same with its
vulnerability and mitigation.
Background Study:
Let us examine rule Close files when they are no longer needed. The C++ rule exists because C++
provides a technique to simplify compliance, as follows:
Questions
Q3. How can non complaint code affect the Software and the company?
SCV|33
// Greedy approach
class FractionalKnapSack {
SCV|34
return 1;
else
return -1;
}
});
else {
return totalValue;
}
// Driver code
public static void main(String[] args)
{
// Function call
System.out.println(maxValue);
}
}
SCV|39
SCV|40
Experiment No: 5
Objective
To familiarize the students about the Security Analysis Tools.
Program Outcome
The students will understand the Static and Dynamic analysis of Software codes
Problem Statement
Prepare a report on the Security Tools used for Security analysis of Codes (Static and Dynamic
Tool).
Background Study:
Dynamic analysis adopts the opposite approach and is executed while a program is in
operation. Dynamic application security testing (DAST) looks at the application from the outside in
— by examining it in its running state and trying to manipulate it in order to discover security
vulnerabilities. The dynamic test simulates attacks against a web application and analyzes the
SCV|41
Having originated and evolved separately, static and dynamic analysis have, at times, been
mistakenly viewed in opposition. There are, however, a number of strengths and weaknesses
associated with both approaches to consider.
Questions
Q1. How can you secure the code? What are the methods and techniques to secure it?
Q2. Show the latest trend of vulnerability increase till year 2020 with the help of graph?
Q3. Present different case studies of latest attacks on software due to vulnerable software
Dynamic
Static
Static code analysis also known as Static Application Security
Testing or SAST – is the process of analyzing computer software
without actually running the software. Developers use static code
analysis tools to find and fix vulnerabilities, bugs, and security risks in
their new applications while the source code is in its ‘static’ state –
meaning when it is not being run.
Dynamic code analysis also called Dynamic Application Security
Testing (DAST) – is designed to test a running application for
potentially exploitable vulnerabilities. DAST tools to identify both
compile time and runtime vulnerabilities, such as configuration errors
that only appear within a realistic execution environment.
SonarQube
SonarQube is one of the more popular static code analysis tools out
there. It is an open-source platform for continuous inspection of code
quality and performs automatic reviews via static code analysis. In
SCV|44
addition, it can detect and report bugs, code smells, and numerous other
security vulnerabilities.
SonarQube integrates with multiple platforms
It also supports an impressive 25+ programming languages, including
C#, Python, Cobol, PHP, and Java
This tool helps developers observe a three-pronged attack on their code
by avoiding bugs or undefined behavior, breaches or attacks, and easing
code updates
Checkmarx SAST
Synopsys Coverity
It is an easy-to-use, accurate, and scalable tool that irons out bugs in the
early stages of an SDLC.
The tool hits the ground running as it can immediately start spotting and
fixing bugs right out of the box – with no tuning required.
SCA helps developers find and fix security defects in real-time while
they code, thanks to it integrating into IDEs like Eclipse or Visual
Studio.
SCV|46
SCA also integrates well with numerous solutions and platforms – with a
few examples including Visual Studio, Bamboo, GitHub, Jira, Slack,
and SAP.
Smartbear
Smartbear is a test automation and performance testing platform
that ensures the highest quality with a suite of tools available to help
you ensure your application is functional and secure. They provide
tools like Test Complete, BitBar, Load Ninja, and Cucumber.
gcov
gcov is a tool you can use in conjunction with GCC to test code
coverage in your programs. It helps you determine what area of
your code needs to be optimized. You can use gcov as a profiling tool
to help discover where your optimization efforts will best affect
your code.
gcov creates a log file called sourcefile.gcov, which indicates how
many times each line of a source file sourcefile.c has been executed.
This annotated source file can be used with gprof, another profiling
tool, to extract timing information about the program.
Code Pulse
Code Pulse is a free real-time code coverage tool for penetration
testing activities. This tool automatically detects coverage
information while tests are being conducted and will make it
possible to understand the overlaps and boundaries of the different
tool coverage.
Code Pulse presents coverage information visually to make it easy to
understand which parts of an application have been covered and
how much.
SCV|48
Experiment No: 6
Link to Code:
Date:
Faculty Signature:
Remarks:
Objective
To familiarize the students about the Big Block of RAM.
Program Outcome
The students will understand the memory layout of C program in block of RAM
Problem Statement
Write C codes to find the size of the memory that varies in text, data and BSS of RAM with change in
initialized and uninitialized variables of global and static variables.
Background Study:
Text
Data (initialized /Uninitialized)
Stack
Heap
Kernel
SCV|50
Questions
Experiment No: 7
Objective
To familiarize the students about the programming done for licensed software.
Program Outcome
The students will understand programming done for developing a licensed version software.
The students will understand the role of debugger
Problem Statement
Installation of Olly Debugger
Write a custom C program to check valid purchased key for a software.
Write a C program and find addresses using Olly Debugger
Background Study:
Olly Debugger (OllyDbg) is a 32-bit assembler level analyzing debugger for Microsoft Windows.
Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
Questions
Q4. What is the difference between 32-bit and 64-bit assembler? Do they both work similarly?
Experiment No: 8
Objective
To familiarize the students with the concept of Reverse Engineering using Algorithm Manipulation.
Program Outcome
The students will understand the Reverse Engineering.
The students will be able to reverse engineer any EXE to crack the licensing problem in the
software.
Problem Statement
Perform the steps to crack licensed version of PowerISO.exe using reverse engineering
Questions
Q1. What is Reverse Engineering? What is the difference between forward engineering and Reverse
engineering?
Q3. When company release the product or software, do they provide software code along with it? Why?
Experiment No: 9
Objective
To familiarize the students with the concept of hash.
Program Outcome
The students will be able to understand the concept of hash in C programming using various hash
algorithms.
Problem Statement
Write different messages by changing different characters and by adding spaces and find its hash
using miraclesalad.com
Background Study:
A hash algorithm is a function that converts a data string into a numeric string output of fixed
length. The output string is generally much smaller than the original data. Hash algorithms are
designed to be collision-resistant, meaning that there is a very low probability that the same string
would be created for different data.
Two of the most common hash algorithms are the MD5 (Message-Digest algorithm 5) and the
SHA-1 (Secure Hash Algorithm). MD5 Message Digest checksums are commonly used to validate
SCV|58
Questions
Q6. How can we identify what type of hashing technique has been applied on the digest by just seeing it?
SCV|59
Experiment No: 10
Objective
To familiarize the students with the concept of Reverse Engineering via File Manipulation for different
software.
Program Outcome
The students will be able to reverse engineer a software which are hash protected.
Problem Statement
Follow the process of reverse engineering using File manipulation to make a crack of SMAC 2.0
Questions
Q4. Should license Key should be stored in encrypted form in the code?
Experiment No: 11
Objective
To familiarize the students the concept of Low Level-Buffer Overflow vulnerabilities in Code
Program Outcome
The students will be able identify the Buffer Overflow vulnerability of the software code.
Problem Statement
Background Study:
A buffer is a temporary area for data storage. When more data (than was originally allocated to be
stored) gets placed by a program or system process, the extra data overflows. It causes some of that
SCV|63
data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.
SCV|64
Experiment No: 12
Objective
To familiarize the students the concept of Low Level-Buffer Overflow vulnerabilities in Code
Program Outcome
The students will be able secure the Buffer Overflow vulnerability in a software code
Problem Statement
Background Study:
Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a
user’s input.
SCV|66
Questions
SCV|67
Q2. What are the tools that can be used to remove this type of vulnerability?
Q3. How will the output vary for non-complaint and complaint code?
Experiment No: 13
Objective
To familiarize the students the concept of buffer Overflow
Program Outcome
The students will be able to exploit the vulnerability of the software using debugger and Metasploit
Problem Statement
Exploit the vulnerability in the software application using immunity debugger and Metasploit
Background Study:
A buffer is a temporary area for data storage. When more data (than was originally allocated to be
stored) gets placed by a program or system process, the extra data overflows. It causes some of that
data to leak out into other buffers, which can corrupt or overwrite whatever data they were holding.
In a buffer-overflow attack, the extra data sometimes holds specific instructions for actions
intended by a hacker or malicious user; for example, the data could trigger a response that damages
files, changes data or unveils private information.
Attacker would use a buffer-overflow exploit to take advantage of a program that is waiting on a
user’s input. There are two types of buffer overflows: stack-based and heap-based. Heap-based,
which are difficult to execute and the least common of the two, attack an application by flooding
the memory space reserved for a program. Stack-based buffer overflows, which are more common
among attackers, exploit applications and programs by using what is known as a stack: memory
space used to store user input.
SCV|70
Questions
Q5. What are the other tools that are used in exploitation in buffer overflow?
Experiment No: 14
Objective
To familiarize the students the concept of Low Level-Stack Overflow vulnerabilities in Code
Program Outcome
The students will be able identify the Stack Overflow vulnerability in a software code
Problem Statement
Background Study:
A stack overflow is an undesirable condition in which a particular computer program tries to use
more memory space than the call stack has available. In programming, the call stack is a buffer
that stores requests that need to be handled
SCV|73
Questions
Experiment No: 15
Objective
To familiarize the students the concept of Low Level-Stack Overflow vulnerabilities in Code
Program Outcome
The students will be able secure the Stack Overflow vulnerability in a software code.
Problem Statement
Background Study:
Stack is a special region of our process’s memory which is used to store local variables used
inside the function, parameters passed through a function and their return addresses. Whenever a
new local variable is declared it is pushed onto the stack. All the variables associated with a
function are deleted and memory they use is freed up, after the function finishes running. The
user does not have any need to free up stack space manually. Stack is Last-In-First-Out data
structure.
SCV|77
Questions
Q2. Explain buffer overflow using a sample C code and show how overflow of stack will happen.
SCV|78
Experiment No: 15
Objective
To familiarize the students with the concept of Low Level-Integer Overflow vulnerabilities in Code
Program Outcome
The students will be able secure the Integer Overflow vulnerability in a software code.
Problem Statement
Background Study:
Integer overflow vulnerabilities are caused when a value is moved into a variable type too small
to hold it. One example is downcasting from a long (which has eight bytes allocated to it) to an
int (which uses two or four bytes). This is accomplished by cutting the value down to a small
enough size that it fits in the smaller value. If any of the bits that are dropped are non-zero, then
the value suddenly becomes a lot smaller.
Integer overflows can also occur when typecasting from an unsigned to a signed variable type.
Both a signed and an unsigned short are stored in two bytes, but the most significant bit of a
signed short indicates whether it is positive or negative. An unsafe cast from unsigned to signed
of a value with a one in the most significant bit changes it from a large positive number to a
negative one.
SCV|80
Questions
SCV|81
Q1. Write a code for Integer Overflow then some questions on that same code including unsigned
int and signed int (according to the code as I had written a simple code which does the addition
of INT_MAX value to overflow it). They even modified the code a bit then asked me the overflowed
value in the case of integer overflow like for example: UINT_MAX + 2 = ?? like that.
Q2. Difference between structure and union and calculate the size of the structure and union in
Student Work
Algorithm/Flowchart/Code/Sample Outputs
SCV|83
Experiment No: 17
Objective
Program Outcome
The students will be able secure the website from SQL injection.
Problem Statement
Background Study:
SQL injection is a web security vulnerability that allows an attacker to interfere with the queries
that an application makes to its database. It generally allows an attacker to view data that they are
not normally able to retrieve. This might include data belonging to other users, or any other data
that the application itself is able to access. In many cases, an attacker can modify or delete this data,
causing persistent changes to the application's content or behavior.
In some situations, an attacker can escalate an SQL injection attack to compromise the underlying
server or other back-end infrastructure, or perform a denial-of-service attack.
A successful SQL injection attack can result in unauthorized access to sensitive data, such as
passwords, credit card details, or personal user information. Many high-profile data breaches in
recent years have been the result of SQL injection attacks, leading to reputational damage and
regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's
systems, leading to a long-term compromise that can go unnoticed for an extended period.
SCV|84
Questions
Algorithm/Flowchart/Code/Sample Outputs
SCV|85
Roll No.:
Semester:
Group:
Table of Contents
S.No Page
No.
1. Project Description
2. Problem Statement
3. Analysis
4. Design
6. Output (Screenshots)