Scribd
Upload
533 views

19ECS448P Secure Software Engineering - Lab Manual

This document contains a lab manual for secure software engineering experiments. It lists 10 interactive coding tasks from Code Bashing related to security issues like forceful browsing, SQL injection, command injection, and cross-site scripting. It also lists 8 Python experiments and 10 Java experiments for testing code security using the Snyk tool. The experiments cover topics like user input validation, SQL authentication, file operations, and string operations. The goal is to help students learn about common security vulnerabilities and how to write more secure code.

Uploaded by

Gowthami
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
533 views

19ECS448P Secure Software Engineering - Lab Manual

This document contains a lab manual for secure software engineering experiments. It lists 10 interactive coding tasks from Code Bashing related to security issues like forceful browsing, SQL injection, command injection, and cross-site scripting. It also lists 8 Python experiments and 10 Java experiments for testing code security using the Snyk tool. The experiments cover topics like user input validation, SQL authentication, file operations, and string operations. The goal is to help students learn about common security vulnerabilities and how to write more secure code.

Uploaded by

Gowthami
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

GITAM UNIVERSITY

(DEEMED TO BE UNIVERSITY) GITAM GITAM School of Technology

Department of Computer Science and Engineering

19ECS448P: SECURE SOFTWARE ENGINEERING

LAB MANUAL
List of experiments
P.
S.No Experiments No

INTERACTIVE TASKS FROM CODE BASHING

1. 1Android Application - Forceful Browsing

2. iOS Application - Forceful Browsing

3. Secure Cookie Flag

4. SQL Injection

5. Command Injection

6. No Server-Side Validation

7. Stack Overflows

8. Broken Object Level Authorization

9. Broken Function Level Authorization

10. Cross-Site Scripting


Secure Code Testing in SNYK (Python)

1. 1Evaluating user-supplied input

2. Authentication check using SQL

3. F.read function Check

4. Evaluation of Post Function

5. Evaluation of Read Function

6. Fetch Data Function

7. Search Function

8. Arguments

Secure Code Testing in SNYK (Java)

9. File Operations

10. String Operations


Ex. 1 Android Application - Forceful Browsing
Ex. 2 iOS Application - Forceful Browsing
Ex. 3 Secure Cookie Flag
Ex. 4 SQL Injection
Ex. 5 Command Injection
Ex. 6 No Server-Side Validation
Ex. 7 Stack Overflows
Ex. 8 Broken Object Level Authorization
Ex. 9 Broken Function Level Authorization
Ex. 10 Cross-Site Scripting
Secure Code Testing in SNYK (Python)
Ex. 1 Evaluating user-supplied input

1- from flask import Flask, request

app = Flask(__name__)

@app.route('/run_command', methods=['POST'])
def run_command():
cmd = request.form.get('cmd')
result = eval(cmd) # VULNERABILITY: Evaluating user-supplied input as code is a dangerous practice
return result

if __name__ == '__main__':
app.run()
Ex. 2 Authentication check using SQL

2-import mysql.connector
def get_user_info(username):
conn = mysql.connector.connect(user='user', password='password', host='host',
database='database')
cursor = conn.cursor()
query = "SELECT * FROM users WHERE username='" + username + "'"
cursor.execute(query)
results = cursor.fetchall()
cursor.close()
conn.close()
return results
username = input("Enter your username: ")
print(get_user_info(username))
Ex. 3 F.read function Check

3-def process_input(user_input):
with open(user_input, "r") as f:
content = f.read()
print(content)
user_input = input("Enter a file name: ")
process_input(user_input)
Ex. 4 Evaluation of Post Function

4- from flask import Flask, request app = Flask(__name__)


@app.route('/transfer', methods=['POST']) def transfer():

amount = request.form.get('amount')
recipient = request.form.get('recipient')
# Transfer the funds...
return 'Funds transferred successfully!'

if __name__ == '__main__':
app.run()
Ex. 5 Evaluation of Read Function

5-def read_credit_card_number():
card_number = input("Enter your credit card number: ")
# do something with card_number return card_number

def process_payment(card_number):
# process payment with card_number pass
card_number = read_credit_card_number()
process_payment(card_number)
Ex. 6 Fetch Data Function

6-import requests
def fetch_data_from_url(url):
response = requests.get(url)
data = response.text
exec(data)
url = input("Enter a URL: ")
fetch_data_from_url(url)
Ex. 7 Search Function

7- from flask import Flask, request


app = Flask(__name__)
@app.route('/search')
def search():
query = request.args.get('q')
return f'Search results for: {query}'
if __name__ == '__main__':
app.run()
Ex. 8 Arguments

import os
import urllib
from flask import Flask, request
from django.db import connection, models
from django.db.models.expressions import RawSQL

app = Flask(__name__)

@app.route("/code-execution")
def code_execution():
code1 = request.args.get("code1")
exec("setname('%s')" % code1)
return a

@app.route("/open-redirect")
def open_redirect():
redirect_loc = request.args.get('redirect')
return redirect(redirect_loc)
@app.route("/sqli/<username>")
def show_user(username):
with connection.cursor() as cursor:
cursor.execute("SELECT * FROM users WHERE username = '%s'" % username)

if __name__ == '__main__':
app.run(host='0.0.0.0', port=9000)
Secure Code Testing in SNYK (Java)
Ex. 9 File Operations

9-import java.io.*;
public class UnvalidatedInput {
public static void main(String[] args) {
String filename = args[0];
File file = new File(filename);
try (FileReader reader = new FileReader(file)) {
char[] buffer = new char[(int) file.length()];
reader.read(buffer);
System.out.println(buffer);

} catch (IOException e) { System.out.println("Error reading file");


}
}
}
Ex. 10 String Operations

10- import java.sql.*;


import java.util.Scanner;
public class SqlInjection {

public static void main(String[] args) { Scanner scanner = new


Scanner(System.in); System.out.print("Enter username: "); String
username = scanner.nextLine(); System.out.print("Enter password:
"); String password = scanner.nextLine();
try (Connection connection =
DriverManager.getConnection("jdbc:postgresql://localhost/mydb",
"user", "pass")) {

String query = "SELECT * FROM users WHERE username = '" + username + "' AND
password = '" + password + "'";

Statement statement = connection.createStatement(); ResultSet resultSet =


statement.executeQuery(query);
if (resultSet.next()) {
System.out.println("Login successful");
} else {
System.out.println("Login failed");
}
} catch (SQLException e) {
System.out.println("Error connecting to database");
}
}
}

You might also like