CSN lab 6 Daniil Sinelnik

:::success # Lab 6: Static Code Analyses #### Name: Daniil Sinelnik ::: :::info In this lab your task is simple, you have a list of vulnerable projects and you are required to an automated static code analysis (SAST). Below you will a list of vulnerable applications/projects as well as a list of suggested SAST solutions. pick at least 2 applications/projects and scan them with one of the suggested SAST solution. ::: I have decided to pick next projects: 1. [DVJA](https://github.com/appsecco/dvja) 2. [InsecureShop](https://github.com/hax0rgb/InsecureShop) After that i have researched and found [SonarCloud](https://sonarcloud.io) Imported these 2 projects into SonarCloud after authorization. <center> ![](https://hackmd.io/_uploads/rkFqkUE-6.png) </center> It analyzed and repositories and i received such report <center> ![](https://hackmd.io/_uploads/S1g2Z8VZ6.png) </center> There are 40 bugs in DVJA repository and 1 bug in InsecureShop repository. ## Vulnerabilities of DVJA <center> ![](https://hackmd.io/_uploads/HyviQIEba.png) There are a lot of possible vulnerabilities. </center> <center> ![](https://hackmd.io/_uploads/S1kqVUVba.png) Password related issue. </center> <center> ![](https://hackmd.io/_uploads/Sy11HUV-T.png) SQL injection possibility. </center> <center> ![](https://hackmd.io/_uploads/r1AxrIN-6.png) </center> ## Vulnerabilities of Insecure shop <center> ![](https://hackmd.io/_uploads/S1QdHI4-T.png) Security Hotspot. </center> Possible risks: Clear-text protocols such as ftp, telnet, or http lack encryption of transported data, as well as the capability to build an authenticated connection. It means that an attacker able to sniff traffic from the network can read, modify, or corrupt the transported content. These protocols are not secure as they expose applications to an extensive range of risks: * sensitive data exposure * traffic redirected to a malicious endpoint * malware-infected software update or installer * execution of client-side code * corruption of critical information * Even in the context of isolated networks like offline environments or segmented cloud environments, the insider threat exists. Thus, attacks involving communications being sniffed or tampered with can still happen. For example, attackers could successfully compromise prior security layers by: * bypassing isolation mechanisms * compromising a component of the network * getting the credentials of an internal IAM account (either from a service account or an actual person) * In such cases, encrypting communications would decrease the chances of attackers to successfully leak data or steal credentials from other network components. By layering various security practices (segmentation and encryption, for example), the application will follow the defense-in-depth principle. Note that using the http protocol is being deprecated by major web browsers. In the past, it has led to the following vulnerabilities: CVE-2019-6169 CVE-2019-12327 CVE-2019-11065