Hour ya know if I can 846884vj

Assignment due Monday, May 11, 2026 by 11:59pm

ICS 432 – Assignment 3

Part A: Conceptual Questions

Answer each question concisely (approx. 150-200 words each). Clarity and the use of specific, real-world examples are key to earning full marks.

• CIA Triad in Practice
  • Define the Confidentiality, Integrity, and Availability components of the CIA triad. For each component, provide one distinct real-world example of a security breach and briefly explain how the principle was violated.

• SQL Injection & XSS
  • Describe, step-by-step, how an attacker could exploit a SQL injection vulnerability in a web application’s login form to bypass authentication. Provide the parameterised query (using a Python DB-API placeholder style like %s) that would prevent this attack.
  • Explain a Stored (Persistent) XSS attack. Then, recommend one specific output-encoding defence (e.g., HTML escaping) and describe what it does to neutralise the threat.

• Threat Modelling in Agile
  • Outline the four main steps of a streamlined threat modelling process suitable for Agile development. Apply these steps to a simple “to-do list” web application by identifying at least two potential threats.

• Secure Design Patterns
  • Compare and contrast the Secure Defaults and Principle of Least Privilege (PoLP) design patterns. Provide one concrete example of how each can be implemented within a micro-services architecture (e.g., database credentials, API permissions).

• Insecure Deserialisation
  • Describe how an attacker can exploit insecure deserialisation in a Python application (e.g., using the pickle module) to achieve remote code execution (RCE). Recommend and briefly explain two primary mitigation strategies.

Part B: Hands-On Exercises

1. Code Review & Remediation

You are given the following Python Flask snippet:

##

from flask import Flask, request

import pickle

import base64

app = Flask(__name__)

@app.route(‘/unpack’, methods=[‘POST’])

def unpack_data():

data = request.form['data']decoded_data = base64.b64decode(data)# Deserialise the data to reconstruct the objectreconstituted_object = pickle.loads(decoded_data)return "Object deserialised!", 200

if __name__ == ‘__main__’:

(debug=True)

##

(a) Identify: Identify the critical security flaw(s) in this code. State the CWE (Common Weakness Enumeration) identifier if known.

(b) Exploit Description: Describe, with a code example, how an attacker could craft a malicious payload to exploit this flaw.

(c) Fix the Code: Rewrite the /unpack endpoint to securely handle the data. Your solution must use JSON for serialisation and include strict schema validation using a library like Pydantic or Marshmallow. Include comments in your code.

(d) Explanation: Explain why your fix effectively prevents the original vulnerability.

2. Fuzz Testing Lab

A vulnerable Python function is designed to process user-provided strings but contains a flaw.

##

def vulnerable_parser(input_string):

"""A supposedly safe function that processes a string."""# This condition is intended to check for a specific, safe commandif input_string.startswith("SAFE:"):    command = input_string[5:]  # Get the part after "SAFE:"    # Intended to split the command, but has a flaw    parts = command.split('|')    if len(parts) == 2:        # Simulate a command execution (this is a vulnerability)        return f"Executing {parts[0]} with arg {parts[1]}"return "Invalid command

##

(a) Set up: Briefly outline the steps to configure a Python fuzzer (e.g., Atheris or pythonfuzz) to fuzz this function. What would be a good initial corpus of test inputs?

(b) Crash Analysis: Suppose the fuzzer reports a crash when the input string is “SAFE:” + “A” * 1000. Hypothesise the type of vulnerability that might be present (e.g., denial-of-service via excessive resource consumption, command injection) and explain why the crash occurs.

(c) Mitigation: Rewrite the vulnerable_parser function to safely handle arbitrary input. Your fix should address the hypothesised vulnerability and include input validation and safe processing logic.

3. CI/CD Security Integration

You are tasked with integrating security checks into an existing GitLab CI/CD pipeline for a Python project.

(a) Static Analysis: Name two open-source Static Application Security Testing (SAST) tools suitable for Python (e.g., Bandit, Semgrep). Justify your choice for one. Then, provide a YAML snippet to integrate one of these tools into a .gitlab-ci.yml file, defining a job named sast.

(b) Dynamic Scanning: Propose how to integrate the fuzzing test from Exercise 2 into the pipeline. Sketch the CI stage definition (YAML snippet) for a job named fuzz-test. Assume the fuzzer is set to run for a fixed duration (e.g., 5 minutes).

(c) Policy Enforcement: Describe how you would configure the sast and fuzz-test jobs to fail the pipeline if any high-severity security issues or crashes are detected, respectively.

Part C: Threat Model & Design Pattern Proposal

Working in teams of 2-3, choose a simple web service (e.g., a file-sharing app, a secure note-taking API, or a user profile manager). Deliver a 2-page maximum report that includes:

1. Threat Model Diagram (5 marks): A data flow diagram (DFD) of your chosen system with clearly labeled components, data flows, and at least five distinct trust boundaries.

1. Threat Enumeration (5 marks): A table listing four distinct threats, each mapped to its corresponding STRIDE category.

1. Mitigation via Design Patterns (5 marks): For each threat, propose one specific mitigation using one of the following secure-by-design patterns:

• Secure Defaults
• Principle of Least Privilege
• Secure Contract (e.g., input validation schemas)

1. CI/CD Security Gate (5 marks): Define one automated check (static or dynamic) that could be integrated into a CI/CD pipeline to enforce one of your proposed mitigations at build time. Justify your choice.

Report Guidelines:

• The report must be concise and well-structured.
• Cite all external sources (APA or IEEE style).
• Include both team member names and student IDs on the cover page.

Submission Guidelines

Submit your assignment as 2 submissions.

• The primary submission is a PDF document for the report named ICS432_Assignment3_Group_[YourGroupNumber].pdf

• The secondary submission is a ZIP file named ICS432_Assignment3_Group_[YourGroupNumber].zip. The ZIP file must contain separate, well-commented Python source code files (.py) for the fixed code in Part B.1 and the fuzzing lab in Part B.2.

Can you use the template. you have already answered my question in a different question.

TO KNOW ABOUT COMPUTER FUNDAMENTAL FROM BASIC TO ADVANCED

THE FULL THEORY OF COMUTER TO BECOME A BEST CONTOLING COMPUTER .THE THEORY HAS GIVEN BESIC TO ADVANCED TO KNOW ABOUT FULL DETAILS OF COMPUTER.THIS NOTES IS VERY USEFULL FOR ADVANCED LEVEL OF COMPUTER.

Overview:

In this lab, students will present a research paper using Google Scholar on an advanced NLP topic, specifically focusing on Topic Modeling techniques such as Latent Dirichlet Allocation (LDA). The goal is to understand and communicate how topic modeling can be applied to extract meaningful themes from large collections of academic research papers.

Instructions:

1. Paper Selection: Choose a research paper that discusses an advanced topic in NLP, such as a novel application of topic modeling or improvements to existing algorithms.
2. Understanding and Summarization: Thoroughly read and understand the selected research paper. Summarize the key contributions, methodologies, and findings of the paper.
3. Presentation Preparation: Prepare a presentation that explains the paper’s significance, the problem it addresses, the methods used, and the results obtained. Include visual aids such as diagrams and charts to enhance understanding.
4. Discussion on Applications: Discuss potential applications of the topic modeling techniques described in the paper. Highlight how these methods can be used in real-world scenarios such as academic research, market analysis, or content recommendation systems.
5. Q&A Session: Conduct a Q&A session following the presentation to engage with the audience and address any questions or points of clarification.
6. Submission and Feedback: Submit the presentation slides and a summary report according to the NLP Research Paper Presentation Lab Rubric. Incorporate feedback from peers and instructors to improve understanding and presentation skills.

Which is the main city in kashmir.

Ilmu komputer adalah bidang yang mempelajari cara komputer memproses data, menyelesaikan masalah, dan menjalankan program.

Konsep Utama

Algoritma: langkah-langkah sistematis untuk menyelesaikan masalah

Pemrograman: menulis kode/instruksi untuk komputer

Struktur Data: cara menyimpan dan mengatur data (array, list, dll.)

Komponen Sistem Komputer

Hardware: perangkat fisik (CPU, monitor, keyboard)

Software: program/aplikasi

Brainware: pengguna

Bidang dalam Ilmu Komputer

Pemrograman (Programming)

Jaringan Komputer (Networking)

Keamanan Siber (Cybersecurity)

Kecerdasan Buatan (AI)

Basis Data (Database)

Tujuan

Memecahkan masalah dengan teknologi

Mengolah data menjadi informasi

Membuat aplikasi atau sistem yang berguna

bagus dan mengesankan

I have developed a specialized tool and a corresponding website for my project, and Im looking to take it to the next level. I want to enhance the tool’s professional capabilities and establish a seamless integration with the web interface.

The Workflow:

The goal is to automate the process so that as soon as a scan is initiated and completed by the tool, the status updates automatically on the website under the “Final Reports” section. Once the scan is finished, I should be able to click on the report to open a dedicated page that displays all the findings and data.

About the Tool (VAF):

To give you a better idea of what the tool does: It is a Vulnerability Assessment Framework (VAF) designed for deep network scanning and risk identification. It goes beyond simple scanning by: