WeChat:lovexc60
The list of tasks for assignment 1
1. Study about Cross-site scripting (XSS) and Cross-site Request Forgery (CSRF)
2. Identify 3 source code files in open-source GitHub repositories. Each type of
● The programming languages must be either Java, JavaScript, or PHP
3. Include the following artifacts about each file you have found in the report:
● Link to the file
4. Pinpoint the code lines within the source code files you have identified that contain
5. Also enter the information you have found in tasks 3 and 4 into the Google Sheet
6. Explain how the vulnerable lines correlate to the definition or causes of the
7. Show how to fix the vulnerability and explain in detail. It is not mandatory that the fix
8. Write your findings in the report.
9. Please visit the Google Sheet (Assignment 1 Part 1) to input your identified vulnerable
vulnerabilities on Common Weakness Enumeration and related websites. You DO NOT
have to submit this part.
vulnerability must have at least one source code file. The projects must satisfy the
following conditions:
● The repository has more 100 stars and 10 contributors on GitHub
● Link to the commit that fixes the vulnerable file
● Name of the file
● The programming language used in the file
● Name of the repository
● Number of repository stars
● Number of contributors in the repositories
● Type of vulnerability (CWE)
the vulnerabilities you found.
(Assignment 1 Part 1) along with your name and student ID to avoid duplicate
submission
vulnerability you have studied
has to be executable, but the explanation must be reasonable. If there is already a fix
available, explain how this fix complies with the standard mitigation techniques for
the vulnerability.
source code files as soon as possible after you find them. You can do the analyses and
put your findings in the report later (but still before the deadline). The student who
submits earlier will claim the authorship of the source code file and the later ones
must choose a different file to work on. In case you accidentally select the same source
code file, there will be a red flag to notify you