- Review the .NET OWASP Top 10.
- Review your midterm project and do a security vulnerability review.
- create a
vulnerability-report.md
file to document your identified vulnerabilities. - Uncover minimum 4 different vulnerabilities.
- If you are unable to uncover the minimum vulnerabilities, report on:
- what a vulnerability would like (provide code examples specific for .NET),
- how to identify it
- what code is required to fix it.
- Is this an issue in .NET Core?
- Do not just copy and paste the vulnerability specific text . Put it in your own words, explain it, learn from it.
- Reference any resources that you used to assist with the vulnerability report
- If you are unable to uncover the minimum vulnerabilities, report on:
We found an instance of [vulnerability 1] by typing some relevant code into some vulnerable field OR by doing some edge-case thing.
By exploiting [this vulnerability], we were able to retrieve XYZ attributes from the site / access to some unauthorized part of the site / something else valuable.
problem_file1.cs and problem_file2.cshtml contained the vulnerability. We were able to fix the first with the following adjustment(s):
[specific fixes here]
Some body of relevant code that solves our problem
- Resource 1
- Resource 2
- fork this repository
- write all of your code in a branch named lab-#; + e.g. lab34-amanda
- push to your repository
- submit a pull request to this repository
- submit a link to your PR in canvas