微信客服:xiaoxionga100
微信客服:ITCS521
程序代写案例-CSIT970
时间:2022-05-25
1
CSIT970 Security Essentials
Assignment
Due: 11:30 pm 29 May 2022 Total Mark: 100 (20% of Final Mark)
Please read the questions carefully.
Q1: (50 points) In this task, you compare GDPR and Australian Privacy Act. Gather relevant information about GDPR and Australian Privacy Act as much as you can and write a case study report including the following contents: - Summary - Overview of GDPR and Australian Privacy Act - Comparison between GDPR and Australian Privacy Act (Differences and similarities should be specified.) - Your thoughts on the differ GDPR and Australian Privacy Act - References * There are articles that compare the two pieces of legislation, available from the Internet. You can refer to them, but proper citations must be made. (Failure to do so may be regarded as plagiarism.)
The length of your report should be 1500 – 1800 words excluding references. Your report should be single-spaced with font size 12. Your report will be marked based on presentation, clarity, structure and succinctness of the report contents. Name your report as q1_[StudentNumber].pdf.
Q2: (50 points) In this task, you write a Python code to search for the patterns of possible hacking attempts in the given web log file. Assume that the hacking patterns appear in the log file as the client’s request that consists of GET method, URI and protocol. You will need to search for are the following two: 1. Wildcard * : The * character (asterisk) is often used by attackers as an argument to a system command. Below is an example:
o "GET /*.txt HTTP/1.1" 404 488 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0" This request is asking for all text files within the directory of the target website. Requests like these can often be used to gather a list of log files, along with other important files. Not a lot of web applications use this character in a valid request so this makes an asterisk stand out in logs. 2. " ~ " Requests: The ~ (tilde) character is sometimes used by attackers to determine who is a valid user on your system. Below is an example:
2
CSIT970 Security Essentials
o "GET /~james HTTP/1.1" 404 488 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0" This request is looking for a user named "james" on the remote system. (Many users in a target organization have web space and if the attacker manages to visit a web page, or get a 403 error (denied error) then a user with the requested name exists. Once an attacker has a valid username, they may try to guess passwords, or perform brute force until they get a valid password. ) Your Python code needs to satisfy the following requirements: - The regular expression (regex) for the two patterns should appear in the code. - Your program should be able to find all the two hacking patterns described above from sample.log provided together with the assignment spec and display them on the screen. - Your program must be compliable using Python3. Compilation failure will result in at least 50% of deduction of the marks. - Name your code as q2_[StudentNumber].py.
How to submit Put your files to one folder named as your surname followed by your student ID number (e.g. John12345). And compress this folder to make one zip file. Submit your (zip) file through Moodle. (Not compressing your files with zip may result in the reduction of at least 10% of your total mark. If you do not use zip to compress, you will lose the mark. – Do not use rar or any other compression algorithms.)
CSIT970 Security Essentials
Assignment
Due: 11:30 pm 29 May 2022 Total Mark: 100 (20% of Final Mark)
Please read the questions carefully.
Q1: (50 points) In this task, you compare GDPR and Australian Privacy Act. Gather relevant information about GDPR and Australian Privacy Act as much as you can and write a case study report including the following contents: - Summary - Overview of GDPR and Australian Privacy Act - Comparison between GDPR and Australian Privacy Act (Differences and similarities should be specified.) - Your thoughts on the differ GDPR and Australian Privacy Act - References * There are articles that compare the two pieces of legislation, available from the Internet. You can refer to them, but proper citations must be made. (Failure to do so may be regarded as plagiarism.)
The length of your report should be 1500 – 1800 words excluding references. Your report should be single-spaced with font size 12. Your report will be marked based on presentation, clarity, structure and succinctness of the report contents. Name your report as q1_[StudentNumber].pdf.
Q2: (50 points) In this task, you write a Python code to search for the patterns of possible hacking attempts in the given web log file. Assume that the hacking patterns appear in the log file as the client’s request that consists of GET method, URI and protocol. You will need to search for are the following two: 1. Wildcard * : The * character (asterisk) is often used by attackers as an argument to a system command. Below is an example:
o "GET /*.txt HTTP/1.1" 404 488 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0" This request is asking for all text files within the directory of the target website. Requests like these can often be used to gather a list of log files, along with other important files. Not a lot of web applications use this character in a valid request so this makes an asterisk stand out in logs. 2. " ~ " Requests: The ~ (tilde) character is sometimes used by attackers to determine who is a valid user on your system. Below is an example:
2
CSIT970 Security Essentials
o "GET /~james HTTP/1.1" 404 488 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:99.0) Gecko/20100101 Firefox/99.0" This request is looking for a user named "james" on the remote system. (Many users in a target organization have web space and if the attacker manages to visit a web page, or get a 403 error (denied error) then a user with the requested name exists. Once an attacker has a valid username, they may try to guess passwords, or perform brute force until they get a valid password. ) Your Python code needs to satisfy the following requirements: - The regular expression (regex) for the two patterns should appear in the code. - Your program should be able to find all the two hacking patterns described above from sample.log provided together with the assignment spec and display them on the screen. - Your program must be compliable using Python3. Compilation failure will result in at least 50% of deduction of the marks. - Name your code as q2_[StudentNumber].py.
How to submit Put your files to one folder named as your surname followed by your student ID number (e.g. John12345). And compress this folder to make one zip file. Submit your (zip) file through Moodle. (Not compressing your files with zip may result in the reduction of at least 10% of your total mark. If you do not use zip to compress, you will lose the mark. – Do not use rar or any other compression algorithms.)
