Scenario
In Project One, you applied for a Software Engineer position at a large investment company called SNHU Investments. Recently, they have been trying to move their legacy code into a cloud-based application. You were selected to participate in a proficiency test as part of the interview process. In the proficiency test, you demonstrated your ability to reverse engineer code.
For the next part of the proficiency test, you have been asked to identify and explain security vulnerabilities within the client management application. You will identify multiple security vulnerabilities within blocks of assembly code, explain the vulnerabilities, and describe recommendations to fix the vulnerabilities.
Directions
Using the C++ (CPP file) that you created in Project One, you will identify multiple security vulnerabilities, explain the vulnerabilities, and describe recommendations to fix the security vulnerabilities.
Identify where multiple security vulnerabilities are present within the blocks of C++ code. Use the first section in the Project Two Security Report Template, located in the Supporting Materials section, to map each security vulnerability to the block of C++ code. Comment within the C++ code (CPP file) to indicate where the security vulnerabilities are identified. Explain the security vulnerabilities that are found in the blocks of C++ code. Use the second section of the Project Two Security Report Template to explain in detail how and why these are security vulnerabilities. Describe recommendations for how the security vulnerabilities can be fixed. Use the third section of the Project Two Security Report Template to complete this step. Fix some of the security vulnerabilities within the “main” function. Correct the C++ code to fix the security vulnerabilities. There will be security vulnerabilities which you cannot correct by adjusting the C++ code. Determine which vulnerabilities you are able to fix by adjusting the C++ code, and fix them. You are not required to fix the others. Comment within the C++ code to indicate how the security vulnerabilities were fixed. Convert the CPP file to a binary file (O file).