Virtual Environment Resources with Lab Overview

4.05 Virtual Environment Resources with Lab Overview
The labs in this module are to be done using the Virtual Machine file (Links to an external site.). To begin, follow the installation directions on the Importing an Existing Virtual Machine into VirtualBox page (Links to an external site.).

For this assignment, you will continue the work you began in earlier modules of the course where you are acting as a software creator. Given the same design project idea in Modules 1 and 2, you will now create an activity diagram and a network diagram.
When you’re done with the activity, title your document using the following filename convention: LastnameFirstname_4_third_party.
Note: Only your Final submission attempt will be graded and the submission must be in by the due date. There are multiple submission attemps allowed for any technical difficulties or if you’d like to update your assignmenr prior to the due date.
________________________________________
Scenario and Directions
You work for a SaaS company that is creating software for various homeowners associations. Various HOAs will use your software to maintain their subdivisions.
For this assignment, you have been tasked with testing the software and it was deemed that those tests will include SAST testing. To complete your work, make sure you use OWASP’s dependency checker output file Download OWASP’s dependency checker output file. While this is a great list, a giant list of vulnerabilities won’t help anyone. Instead, do the following:
• Curate a list and give an overview of the vulnerabilities found– roll them up where reasonable
• Create a document explaining what you believe the top vulnerabilities are and why they are a concern
o This should be a very readable document; write this as if it is going to an executive
o If you have a suggested solution (or multiple!), please offer that also and describe what it/they is/are and how it/they could be resolved
4.06 Activity 1: Third-Party Testing Lab

For this assignment, you will continue the work you began in earlier modules of the course where you are acting as a software creator. Given the same design project idea in Modules 1 and 2, you will now create an activity diagram and a network diagram.
When you’re done with the activity, title your document using the following filename convention: LastnameFirstname_4_third_party.
Note: Only your Final submission attempt will be graded and the submission must be in by the due date. There are multiple submission attemps allowed for any technical difficulties or if you’d like to update your assignmenr prior to the due date.
________________________________________
Scenario and Directions
You work for a SaaS company that is creating software for various homeowners associations. Various HOAs will use your software to maintain their subdivisions.
For this assignment, you have been tasked with testing the software and it was deemed that those tests will include SAST testing. To complete your work, make sure you use OWASP’s dependency checker output file Download OWASP’s dependency checker output file. While this is a great list, a giant list of vulnerabilities won’t help anyone. Instead, do the following:
• Curate a list and give an overview of the vulnerabilities found– roll them up where reasonable
• Create a document explaining what you believe the top vulnerabilities are and why they are a concern
o This should be a very readable document; write this as if it is going to an executive
o If you have a suggested solution (or multiple!), please offer that also and describe what it/they is/are and how it/they could be resolved

4.07 Activity 2: DAST Testing Lab

For this assignment, you will continue the work you began in earlier modules of the course where you are acting as a software creator. Now, you will test the software you have developed using DAST testing. Information on how to use these programs will be in the reading or the videos that were provided earlier in this module. Also, feel free to research more about them on your own to figure out how they work.
When you’re done with the activity, title your document using the following filename convention: LastnameFirstname_4_DAST.
Note: Only your Final submission attempt will be graded and the submission must be in by the due date. There are multiple submission attemps allowed for any technical difficulties or if you’d like to update your assignmenr prior to the due date.
________________________________________
Scenario and Directions
You work for a SaaS company that is creating software for various homeowners associations. Various HOAs will use your software to maintain their subdivisions.
For this assignment, do the following:
1. Using the virtual machine, connect to the http://localhost/DVWA (Links to an external site.) website and run the following scans:
• Burp Suite (report)
o Open browser in the proxy tab
o Click around the website
o The credentials to the website are: admin, password
• Owasp ZAP (automated scan)
o Run an automated scan
o Look at the results at the bottom under the Alerts tab
• Nikto (scan)
o nikto -h http://localhost/DVWA (Links to an external site.)
• Save screenshots of the reports as the following naming conventions:
• LastnameFirstname_04_burp_report
• LastnameFirstname_04_zap_report
• LastnameFirstname_04_nikto_report
• When done, curate a list and give an overview of the vulnerabilities found– roll them up where reasonable
• Create a document explaining what you believe the top vulnerabilities are and why they are a concern
• This should be a very readable document; write this as if it is going to an executive
• If you have a suggested solution (or multiple!), please offer that also and describe what it/they is/are and how it/they could be resolved
4.08 Activity 3: SAST Testing Lab
Start Assignment
For this assignment, you will continue the work you began in earlier modules of the course where you are acting as a software creator. Now, you will test the software you have developed using SAST testing. Information on how to use these programs will be in the reading or the videos that were provided earlier in this module. Also, feel free to research more about them on your own to figure out how they work.
When you’re done with the activity, title your document using the following filename convention: LastnameFirstname_4_SAST.
Note: Only your Final submission attempt will be graded and the submission must be in by the due date. There are multiple submission attemps allowed for any technical difficulties or if you’d like to update your assignmenr prior to the due date.
________________________________________
Scenario and Directions
You work for a SaaS company that is creating software for various homeowners associations. Various HOAs will use your software to maintain their subdivisions.
For this assignment, do the following:
1. Using the virtual machine, use the directory/home/student/Documents/git/ and its recursive subdirectories to run the following scans:
o Bandit
 cd /home/student/Documents/git/
 bandit -r . > python_audit.out
o Npm audit
 cd /home/student/Documents/git/dvna
 npm audit –json > npm_audit.out
2. Save screenshots of the reports as the following naming conventions:
o LastnameFirstname_04_bandit_report
o LastnameFirstname_04_npm_report
3. When done, curate a list and give an overview of the vulnerabilities found– roll them up where reasonable
4. Create a document explaining what you believe the top vulnerabilities are and why they are a concern
o This should be a very readable document; write this as if it is going to an executive
o If you have a suggested solution (or multiple!), please offer that also and describe what it/they is/are and how it/they could be resolved