SC 111: Investigating Security Issues with Codacy (20 pts)

What You Need

Any device with a Web browser

First do Project SC 110: Finding Security Issues with Codacy

Critical Security Issues

At the end of Project SC 110, you had a list of critical issues, as shown below.

Flags SC 111.1 and 111.2: Hardcoded Secret (10 pts.)
Click the "Possible hardcoded secret" issue.
Codacy provides a brief, uninformative, and severely misleading analysis of this problem, as shown below.
Notice that Codacy says you can fix this problem in five minutes.
Examine this document:
NIST SP 800-57 Part 1 Rev. 5
Recommendation for Key Management: Part 1 – General
Read these sections:
Compromise of Keys and other Keying Material
Compromise Recovery
Flag SC 111.1 is covered by a green rectangle in the image below.
Examine this document:
Removing sensitive data from a repository
Read these sections:
Compromise of Keys and other Keying Material
Compromise Recovery
Flag SC 111.1 is covered by a green rectangle in the image below.

Flag SC 111.3: SQL Injection (10 pts)
Examine the SQL injection issues. Find the one that will allow an unauthorized user to authenticate without a password.
The flag is the name of the file containing that vulnerable code.

Posted 3-3-24