Your Turn: Add a Vulnerability

Did You Know: It’s Complicated!

Applications don’t normally have just one vulnerability, so it’s best to test for more than one scenario.  For example, what if the dictionary packet is changed to some other object, like maybe a string?  This is just one example of the kinds of questions that application security validation specialists help with as part of software development.

Your Turn: Add Another Vulnerability

Your receive script is hardened against one kind of malformed packet attack, but what if there are more?  In the first example, the dictionary contained an unexpected term.  What if the dictionary is instead not a dictionary?  That would cause another kind of exception that the receiver script is not yet hardened against.  

• Modify the sender script as shown.
• Set its project name to countdown_sender_w_malformed_packet_options_your_turn.
• Flash it into the sender micro:bit by clicking Send to micro:bit.
• Repeat the tests, but also try entering the value -2 in response to the Enter seconds to count down:  prompt.
• Verify that this also causes an exception and make a note of the line number where the exception occurs.
• In the Receiver Script, move the Try: statement above where the exception occurred and indent all the lines between where the Try: statement was and where it is now.
• Set the project name of the modified Receiver script to countdown_receiver_w_more_exception_handling_your_turn.
• In both micro:bit Python Editors, click Save. 
• Flash it into the receiver micro:bit by clicking Send to micro:bit.
• Repeat the tests again and verify that the second malformed packet attack using a countdown of -2  has been mitigated.

Sender Script

Receiver Script