Did You Know: It's Complicated!
Applications don’t normally have just one vulnerability, so it’s best to test for more than one scenario. For example, what if the dictionary packet is changed to some other object, like maybe a string? This is just one example of the kinds of questions that application security validation specialists help with as part of software development.
Your Turn: Add Another Vulnerability
Your receive script is hardened against one kind of malformed packet attack, but what if there are more? In the first example, the dictionary contained an unexpected term. What if the dictionary is instead not a dictionary? That would cause another kind of exception that the receiver script is not yet hardened against.
- Modify the sender script as shown.
- Save it as countdown_sender_w_malformed_packet_options_your_turn.
- Flash it into the sender micro:bit.
- Repeat the tests, but also try entering the value -2 in response to the Enter seconds to count down: prompt.
- Verify that this also causes an exception and make a note of the line number where the exception occurs.
- In the Receiver Script, move the Try: statement above where the exception occurred and indent all the lines between where the Try: statement was and where it is now.
- Save the modified Receiver script as countdown_receiver_w_more_exception_handling_your_turn.
- Flash it into the receiver micro:bit.
- Repeat the tests again and verify that the second malformed packet attack using a countdown of -2 has been mitigated.
Sender Script
Receiver Script