Secure Programming - Assignment 1 ================================================== Due date: Sunday 25 th April 2021 Value: 15% of final subject mark Task: Based on the coursework to date and your...

Question 1
This code is used to get username and password from the user. In this code it has used the query to select all the users where the username and password values matches. The first thing which we can do is to keep the username and password variables as the private variables. It would be easier for anyone to inject the SQL code into it and access the values for the username and password because they're not declared as the private and they will be accessible. The code can be sent even if we have encrypted the data. It would be easier for the attacker to inject the code and execute the query to get all the information about usernames and passwords which are present in the database. This is known as SQL injecting. All the variables in this code are public and they are accessible despite of the encryption used for storing the data. The data reader executed until the data has rows so it will be easier for the attacker to get all the username and passwords which are present in the database.
The SQL injection can be defined as the type of attack which needs to be avoided as it will make it possible for the attacker to execute malicious SQL statements. These statements will be able to control the database server by the web application. The attackers will use SQL injection vulnerabilities to break the security measures of the application. They can also go for the authentication and authorization for the web application of the webpage and will be able to retrieve all the information present in the SQL database. They can use the SQL injection for adding, modifying or deleting the records present in the database. To perform the SQL injection attack, it is important that attacker is able to find the vulnerable user inputs present in the webpage or the web application. As we have already discussed that the code has public username and password variables, and they can make it possible for the attacker to enter into the database. The web application which has the SQL injection vulnerabilities generally uses the user input directly in the SQL query. The attacker is able to create the input content and this content is known as the malicious payload. Once the attacker sends this content then the malicious SQL commands can be executed in the database. The SQL query language is designed for managing the data present in the relational database. It allows us to access, modified delete the data present in it. The SQL injection attack can have very serious consequences over the database and system.
Private var username = Request.Form["username"];
Private var password = Request.Form["password"];
var sqlString = "SELECT * FROM Users WHERE username ='" + username + "' AND password = HASHBYTES('SHA2_512', '" + password + "'+ salt)" ;
var connString = WebConfigurationManager.ConnectionStrings ["NorthwindConnectionString"].ConnectionString;
using (var conn = new SqlConnection(connString))
{ var command = new SqlCommand(sqlString, conn);
var dataReader = command.ExecuteReader(CommandBehavior.SingleResult);
if (dataReader.HasRows)
{ loggedIn = true; }
dataReader.Close();
}
Question 2
Hashlib is a hashing function present in the Python And it takes variable length of the bytes and then convert them into the fixed length sequence. It is just the single wave function. It means that we will have a message which can be hashed, and it will provide us the fixed land sequence. It is not possible to get the original message out of the fixed length sequence. In this course the developer has used this function, but it would not be possible to get the actual password entered by the user. In this case we will get only a fixed length password whether it is correct or not. If the user enters a long password, then it will be reduced as per the sequence and would not be possible for the tester to find out the actual issue if it has been the attack by the attacker. In this go case we will not be able to get the actual password which is entered by the user to test it for the authenticity. The hash algorithm is considered as the better solution when we perform the cryptography. It is considered as the better solution because it does not allow to decrypt the hash message into the original message. Which means that if we have hashed a message then it will provide us only the fixed length sequence. And it is not possible to get the original message out of those fixed length sequence. Even if we change a single byte...