Assignment due Monday, May 11, 2026 by 11:59pm

ICS 432 – Assignment 3

Part A: Conceptual Questions

Answer each question concisely (approx. 150-200 words each). Clarity and the use of specific, real-world examples are key to earning full marks.

• CIA Triad in Practice
  • Define the Confidentiality, Integrity, and Availability components of the CIA triad. For each component, provide one distinct real-world example of a security breach and briefly explain how the principle was violated.

• SQL Injection & XSS
  • Describe, step-by-step, how an attacker could exploit a SQL injection vulnerability in a web application’s login form to bypass authentication. Provide the parameterised query (using a Python DB-API placeholder style like %s) that would prevent this attack.
  • Explain a Stored (Persistent) XSS attack. Then, recommend one specific output-encoding defence (e.g., HTML escaping) and describe what it does to neutralise the threat.

• Threat Modelling in Agile
  • Outline the four main steps of a streamlined threat modelling process suitable for Agile development. Apply these steps to a simple “to-do list” web application by identifying at least two potential threats.

• Secure Design Patterns
  • Compare and contrast the Secure Defaults and Principle of Least Privilege (PoLP) design patterns. Provide one concrete example of how each can be implemented within a micro-services architecture (e.g., database credentials, API permissions).

• Insecure Deserialisation
  • Describe how an attacker can exploit insecure deserialisation in a Python application (e.g., using the pickle module) to achieve remote code execution (RCE). Recommend and briefly explain two primary mitigation strategies.

Part B: Hands-On Exercises

1. Code Review & Remediation

You are given the following Python Flask snippet:

##

from flask import Flask, request

import pickle

import base64

app = Flask(__name__)

@app.route(‘/unpack’, methods=[‘POST’])

def unpack_data():

data = request.form['data']decoded_data = base64.b64decode(data)# Deserialise the data to reconstruct the objectreconstituted_object = pickle.loads(decoded_data)return "Object deserialised!", 200

if __name__ == ‘__main__’:

(debug=True)

##

(a) Identify: Identify the critical security flaw(s) in this code. State the CWE (Common Weakness Enumeration) identifier if known.

(b) Exploit Description: Describe, with a code example, how an attacker could craft a malicious payload to exploit this flaw.

(c) Fix the Code: Rewrite the /unpack endpoint to securely handle the data. Your solution must use JSON for serialisation and include strict schema validation using a library like Pydantic or Marshmallow. Include comments in your code.

(d) Explanation: Explain why your fix effectively prevents the original vulnerability.

2. Fuzz Testing Lab

A vulnerable Python function is designed to process user-provided strings but contains a flaw.

##

def vulnerable_parser(input_string):

"""A supposedly safe function that processes a string."""# This condition is intended to check for a specific, safe commandif input_string.startswith("SAFE:"):    command = input_string[5:]  # Get the part after "SAFE:"    # Intended to split the command, but has a flaw    parts = command.split('|')    if len(parts) == 2:        # Simulate a command execution (this is a vulnerability)        return f"Executing {parts[0]} with arg {parts[1]}"return "Invalid command

##

(a) Set up: Briefly outline the steps to configure a Python fuzzer (e.g., Atheris or pythonfuzz) to fuzz this function. What would be a good initial corpus of test inputs?

(b) Crash Analysis: Suppose the fuzzer reports a crash when the input string is “SAFE:” + “A” * 1000. Hypothesise the type of vulnerability that might be present (e.g., denial-of-service via excessive resource consumption, command injection) and explain why the crash occurs.

(c) Mitigation: Rewrite the vulnerable_parser function to safely handle arbitrary input. Your fix should address the hypothesised vulnerability and include input validation and safe processing logic.

3. CI/CD Security Integration

You are tasked with integrating security checks into an existing GitLab CI/CD pipeline for a Python project.

(a) Static Analysis: Name two open-source Static Application Security Testing (SAST) tools suitable for Python (e.g., Bandit, Semgrep). Justify your choice for one. Then, provide a YAML snippet to integrate one of these tools into a .gitlab-ci.yml file, defining a job named sast.

(b) Dynamic Scanning: Propose how to integrate the fuzzing test from Exercise 2 into the pipeline. Sketch the CI stage definition (YAML snippet) for a job named fuzz-test. Assume the fuzzer is set to run for a fixed duration (e.g., 5 minutes).

(c) Policy Enforcement: Describe how you would configure the sast and fuzz-test jobs to fail the pipeline if any high-severity security issues or crashes are detected, respectively.

Part C: Threat Model & Design Pattern Proposal

Working in teams of 2-3, choose a simple web service (e.g., a file-sharing app, a secure note-taking API, or a user profile manager). Deliver a 2-page maximum report that includes:

1. Threat Model Diagram (5 marks): A data flow diagram (DFD) of your chosen system with clearly labeled components, data flows, and at least five distinct trust boundaries.

1. Threat Enumeration (5 marks): A table listing four distinct threats, each mapped to its corresponding STRIDE category.

1. Mitigation via Design Patterns (5 marks): For each threat, propose one specific mitigation using one of the following secure-by-design patterns:

• Secure Defaults
• Principle of Least Privilege
• Secure Contract (e.g., input validation schemas)

1. CI/CD Security Gate (5 marks): Define one automated check (static or dynamic) that could be integrated into a CI/CD pipeline to enforce one of your proposed mitigations at build time. Justify your choice.

Report Guidelines:

• The report must be concise and well-structured.
• Cite all external sources (APA or IEEE style).
• Include both team member names and student IDs on the cover page.

Submission Guidelines

Submit your assignment as 2 submissions.

• The primary submission is a PDF document for the report named ICS432_Assignment3_Group_[YourGroupNumber].pdf

• The secondary submission is a ZIP file named ICS432_Assignment3_Group_[YourGroupNumber].zip. The ZIP file must contain separate, well-commented Python source code files (.py) for the fixed code in Part B.1 and the fuzzing lab in Part B.2.