Section 1.1 Question 1: 1. What is the difference between a vulnerability and an attack surface? Section 1.2 Vulnerable Sandbox In this Lab, you will analyze a documented vulnerability in an online Python compiler (You will use the same compiler in Lab-6) 1. Navigate to the online Python compiler on https://repl.it/languages/python3. You can type your Python code on the left part; and you can see the compiled code on the right. You run Python from a Linux shell or command prompt on your personal computer, depending on the operating system you use. There must be an underlying operating system that runs the online Python complier. The critical point is whether it has been successfully isolated from the anonymous Internet users or not. 2. As shown in the window below, when you write a simple code and run the compiler, you drop to the operating system’s bash shell that runs the online Python compiler. This vulnerability has been patched. Please dont try it on your computer. Background There are two critical databases for categorizing and tracking vulnerabilities. These are CWE and CVE; the MITRE organization maintains both. CWE stands for Common Weakness Enumeration. CVE stands for Common Vulnerabilities and Exposures. CWE is a category system for software weaknesses and vulnerabilities. It is maintained by a community project to understand flaws in software and create automated tools that can be used to identify, fix, and prevent those underlying flaws (Wikipedia). CWE has nothing to do with the instance of a vulnerability within a product or system; this is where CVE comes in. CVE indexes vulnerabilities of the products or systems, not the underlying flaw. Questions 1. You can explore the list of software CWEs here: https://cwe.mitre.org/data/definitions/699.html Find the category of vulnerability on the online Python compiler. Provide your justifications in a short paragraph. 2. Below is the list of top-25 most dangerous CWEs: https://cwe.mitre.org/data/definitions/1200.html Pick 2 CWEs and find one corresponding CVE for each. (The instance of the flaw described in CWE) You can use the page below to search CVEs: https://cve.mitre.org/cve/search_cve_list.html Provide your justifications in a short paragraph.
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.Read more
Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.Read more
Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.Read more
By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.Read more