{"id":2630,"date":"2026-05-03T20:19:45","date_gmt":"2026-05-03T17:19:45","guid":{"rendered":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/?page_id=2630"},"modified":"2026-05-03T20:19:45","modified_gmt":"2026-05-03T17:19:45","slug":"programare-web-laborator-securitate-web","status":"publish","type":"page","link":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/programare-web\/programare-web-laborator-securitate-web\/","title":{"rendered":"Programare Web – Laborator: Securitate Web"},"content":{"rendered":"

Cerin\u021be de implementare<\/h2>\n

1. G\u0103zduirea aplica\u021biei web<\/h3>\n

Publica\u021bi aplica\u021bia web dezvoltat\u0103 p\u00e2n\u0103 \u00een prezent, inclusiv componenta de backend implementat\u0103 \u00een PHP, pe serverul www.scs.ubbcluj.ro<\/code>, la o adres\u0103 de forma: https:\/\/www.scs.ubbcluj.ro\/~username<\/code> unde username<\/code> reprezint\u0103 numele vostru de utilizator. Dac\u0103 este necesar, migra\u021bi baza de date utilizat\u0103 c\u0103tre un sistem de gestiune a bazelor de date compatibil cu serverul www.scs.ubbcluj.ro<\/code> (de exemplu, SQLite).<\/p>\n

2. Implementarea controlat\u0103 a vulnerabilit\u0103\u021bilor web \u0219i realizarea exploit-urilor<\/h3>\n

Pentru aplica\u021bia web dezvoltat\u0103 p\u00e2n\u0103 \u00een prezent \u00een cadrul laboratoarelor, se solicit\u0103 introducerea inten\u021bionat\u0103 a unor vulnerabilit\u0103\u021bi de securitate, precum \u0219i realizarea unor exploit-uri care s\u0103 demonstreze exploatarea acestora.<\/p>\n

    \n
  1. SQL Injection<\/strong>: Face\u021bi aplica\u021bia vulnerabil\u0103 la un atac de tip SQL Injection \u0219i realiza\u021bi un exploit care demonstreaz\u0103 exploatarea acestei vulnerabilit\u0103\u021bi.<\/li>\n
  2. Cross-Site Scripting (XSS)<\/strong>: Face\u021bi aplica\u021bia vulnerabil\u0103 la un atac de tip Cross-Site Scripting (XSS) \u0219i realiza\u021bi un exploit care demonstreaz\u0103 exploatarea acestei vulnerabilit\u0103\u021bi \u00een cadrul aplica\u021biei.<\/li>\n
  3. Cross-Site Request Forgery (CSRF)<\/strong>: Face\u021bi aplica\u021bia vulnerabil\u0103 la un atac de tip Cross-Site Request Forgery (CSRF) \u0219i realiza\u021bi un exploit care demonstreaz\u0103 exploatarea acestei vulnerabilit\u0103\u021bi.<\/li>\n
  4. Unrestricted File Upload<\/strong>: Face\u021bi aplica\u021bia vulnerabil\u0103 la un atac de tip Unrestricted File Upload \u0219i realiza\u021bi un exploit care demonstreaz\u0103 exploatarea acestei vulnerabilit\u0103\u021bi.<\/li>\n
  5. Path Traversal Attack<\/strong>: Face\u021bi aplica\u021bia vulnerabil\u0103 la un atac de tip Path Traversal \u0219i realiza\u021bi un exploit care demonstreaz\u0103 exploatarea acestei vulnerabilit\u0103\u021bi.<\/li>\n<\/ol>\n

    3. Remedierea vulnerabilit\u0103\u021bilor<\/h3>\n

    Dup\u0103 demonstrarea exploit-urilor, toate vulnerabilit\u0103\u021bile men\u021bionate anterior trebuie remediate (patch-uite). Dup\u0103 predarea laboratorului, aplica\u021bia g\u0103zduit\u0103 pe server trebuie s\u0103 r\u0103m\u00e2n\u0103 \u00een forma securizat\u0103, f\u0103r\u0103 vulnerabil\u021bile introduse anterior. Identificarea ulterioar\u0103 a unor vulnerabilit\u0103\u021bi care pot conduce la compromiterea securit\u0103\u021bii serverului www.scs.ubbcluj.ro<\/code> va conduce la depunctarea notei finale la disciplina Programare Web.<\/p>\n

    Observa\u021bii suplimentare<\/h3>\n

    \u00cen cadrul orelor de laborator pot fi formulate \u0219i cerin\u021be suplimentare fa\u021b\u0103 de cele prezentate \u00een acest enun\u021b. Pentru fiecare \u00eentrebare adresat\u0103 de cadrul didactic referitoare la codul surs\u0103 al rezolv\u0103rii, la care studentul nu poate oferi un r\u0103spuns justificat, se vor sc\u0103dea 2 puncte din nota laboratorului.<\/p>\n","protected":false},"excerpt":{"rendered":"

    Cerin\u021be de implementare 1. G\u0103zduirea aplica\u021biei web Publica\u021bi aplica\u021bia web dezvoltat\u0103 p\u00e2n\u0103 \u00een prezent, inclusiv componenta de backend implementat\u0103 \u00een PHP, pe serverul www.scs.ubbcluj.ro, la o adres\u0103 de forma: https:\/\/www.scs.ubbcluj.ro\/~username unde username reprezint\u0103 numele vostru de utilizator. Dac\u0103 este necesar,… Continue Reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":267,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":[],"_links":{"self":[{"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/pages\/2630"}],"collection":[{"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/comments?post=2630"}],"version-history":[{"count":3,"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/pages\/2630\/revisions"}],"predecessor-version":[{"id":2633,"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/pages\/2630\/revisions\/2633"}],"up":[{"embeddable":true,"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/pages\/267"}],"wp:attachment":[{"href":"https:\/\/www.cs.ubbcluj.ro\/~bufny\/wp-json\/wp\/v2\/media?parent=2630"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}