Worksheet: Analyse Insecure Solution

6.10. Worksheet: Analyse Insecure Solution#

This activity asks students to inspect an intentionally insecure version of the FlixReviews application, identify security problems, and compare their findings with a suggested secure implementation.

This worksheet targets the following syllabus dot points:

  • Interpret and apply fundamental software development steps to develop secure code:

    • development

    • testing and debugging

  • Apply security features incorporated into software including data protection, security, privacy, and regulatory compliance.

  • Test and evaluate the security and resilience of software by determining vulnerabilities and hardening systems.

  • Apply and evaluate strategies used by software developers to manage the security of programming code:

    • code review

    • static application security testing (SAST)

    • dynamic application security testing (DAST)

    • vulnerability assessment

    • penetration testing

6.10.1. Instructions#

  1. Give students the insecure FlixReviews code archive and the worksheet.

  2. Ask students to run or inspect the insecure application and record the vulnerabilities they find.

  3. You may want to walk through the first task as a class so students know the level of detail expected in their analysis.

  4. Students should connect each vulnerability to a likely impact, such as data exposure, broken access control, or unsafe handling of user input.

  5. As an extension, ask students to suggest fixes before they see the secure sample solution.

Use the insecure archive as the starting point for the analysis task. The secure archive is a suggested solution that can be used after students have completed their own review.

flixreviews-insecure.zip

6.10.2. Worksheet#

Analyse_Insecure_Solution_Worksheet.pdf

Analyse_Insecure_Solution_Worksheet_Solutions.pdf

6.10.3. Secure Sample#

The secure sample addresses the intended security vulnerabilities in the insecure version of the application.

Here are some suggestions for how to use it:

  • reveal the secure solution after students have completed their initial analysis

  • ask students to map each vulnerability in the insecure code to the matching fix in the secure code

  • work through the comparison section by section as a class

  • let students review the secure solution individually or in groups and add to their worksheet responses

flixreviews-secure.zip