design and development of a web application that tests the security of a database-driven websiteSolution.pdf
There is one assignment for this module which comprises of two components: Part A is The design and development of a web application that tests the security of a database-driven website
As the digital economy is growing so too is the opportunity for cyber criminals to exploit vulnerabilities in web systems and access, damage, and destroy data and hardware. According to The Cyber Security Regulation and Incentives Review UK (2016), " businesses continue to experience cyber security breaches with one in four businesses detecting a breach in the last year. The nature of the attacks mean many businesses may not know their IT systems have been breached. Cyber security breaches have a direct impact on the organisations affected, including lost staff time dealing with the breach and disruption to other work. As a result businesses incur financial losses with the average direct costs of a breach estimated at £36,000 for large businesses and £3,100 for micro/small businesses. The most costly single breach identified in the Cyber Security Breaches Survey was £3,000,000 for a large firm. There can also be reputational costs with a number of firms experiencing a loss of customers following a breach. Breaches can also result in consumers and other businesses incurring costs, for example through fraud. A US survey found that the majority of consumers affected by a breach reported they incurred costs with an estimated average of $500, while less than a third said they incurred no costs. Despite the potentially significant financial costs, evidence shows businesses are not doing to enough to protect themselves, both in terms of technical controls but also risk management and incident response. Whilst 69% of businesses say their senior management consider cyber security is a very or fairly high priority for their organisation just over half (51%) of all businesses have actually taken recommended actions to identify cyber risks, and only 10% have a formal incident management plan. Only 17% of businesses say their staff attended some form of training on cyber security in the last 12 months"
In this scenario, your role is a trainee Web Application Security Analystat a UK based technology consultancy firm. You have been assigned a task to carry out a security analysis of your client website and backend SQL database attached to a website containing possible security vulnerabilities; your answer can make reasonable assumptions.
The web/application security testing includes the following components:
Setup a fully functioning Web Application: (Screenshot for every steps must be provided)
Web Application Security Testing:
SQL Injection using SQLMAP
Web Application Security Model:
Task A is worth 60% of the overall assignment. The marking criteria are outlined below.
Marking Criteria Task A
Set up a server side (PHP) vulnerable web/application connected to a backend database (MySQL) for security testing in local environment either using XAMPP/WAMP or Virtual Box. Provide step-by-step configuration details of the environment setup (XAMPP/WAMP, Virtual Box etc), web/application and back-end database.
Scanning: You must use a network scanner like Nmap to perform a scan on the target web/application and include your findings, open ports, applications, operating systems, etc.
Sniffing: You must demonstrate the use of Wireshark sniffer to perform capture of web application session data. This will require capturing session data between your browser and website/server either remote or local.
Use SQLMAP to identifyand exploit the SQL injection vulnerabilities based on the findings from the above steps. You must elaborate the steps of SQL Injection vulnerability exploited.
Design and implement an appropriate web security model for your client by provisioning and utilizing appropriateweb application security software and hardware. (Firewall, IDS/IPS, Antivirus, Encryption, etc)
Specific requirements for the assignment: (use following open source operating system and software)Kali Linux, Virtual Box, Wireshark, Nmap, SQLMAP.
Cover sheet completed
Table of content
Headings and sub-headings
Main body divided into paragraphs
Conclusion & recommendations
Evaluation and critical appraisal
Evaluation and comparison of web server-side technologies
Appraise web application security threats and
Evaluate Web App security threats impact on business operations
Future enhancements with the benefit of your experience on the project. Discussion on web application security tools used during the security testing.
In-text citations correctly written
Reference list on a separate page, completed and in the correct format
Tired of the boring assignments to be submitted to colleges and universities? MyAssignmentMart.com gives you multiple reasons to trust it with your orders. We employ PhD experts handpicked from prestigious universities over the globe. We cater to quality assignment help, dissertation writing services and online essay help, covering more than 100 academic subjects. We pledge to complete your assignments on time and never compromise when it comes to deadline. Our prices for assignments are the most competitive in the market and make sure the cost suits your budget.
Get Assignment Help Now...!
Subjects We Offer
- Engineering Assignment Help
- MATLAB Assignment Help
- Mechanical Engineering Assignment Help
- Civil Engineering Assignment Help
- Computer Science Assignment Help
- Electrical Engineering Assignment Help
- Electronics Assignment Help
- Economics Assignment Help
- Management Assignment Help
- Do My Assignment
- Cheap Assignment Help
- Programming Assignment Help
- Law Assignment Help
- Assignment Provider
- Finance Assignment Help
- Python Assignment help
- Healthcare Management Assignment Help
- Computer Network Assignment Help
- History Assignment Help
- Industrial Engineering Homework Help
- IT Management Assignment Help
- Nursing Assignment Help
- Operating System Assignment Help
- Statistics Assignment Help
- Material Science Assignment Help
- Mechanical Engineering Homework Help
- University Assignment Help
- Agriculture Engineering Homework Help
- ATHE Courses Assignment Help
- Capital Budgeting Assignment Help
- BTEC Assignment Help
- HND Assignment Help
- Material Science Assignment Help
- Psychology Assignment Help
- Resit Assignment Help
- Computer Architecture Assignment Help
- Data Structure Assignment Help
- Database Assignment Help
- PHP Assignment Help