+61-4-8002-4016
Australia 
Brazil 
Canada 
Hongkong 
India 
Ireland 
Jorden 
Kuwait 
Malaysia 
New Zealand 
UAE 
USA 
UK 
Qatar 
Saudi Arabia 
Singapore 
Taiwan 
South Africa 
Free Sample
design and development of a web application that tests the security of a database-driven website
Solution.pdfThere is one assignment for this module which comprises of two components: Part A is The design and development of a web application that tests the security of a database-driven website
Part A
As the digital economy is growing so too is the opportunity for cyber criminals to exploit vulnerabilities in web systems and access, damage, and destroy data and hardware. According to The Cyber Security Regulation and Incentives Review UK (2016), " businesses continue to experience cyber security breaches with one in four businesses detecting a breach in the last year. The nature of the attacks mean many businesses may not know their IT systems have been breached. Cyber security breaches have a direct impact on the organisations affected, including lost staff time dealing with the breach and disruption to other work. As a result businesses incur financial losses with the average direct costs of a breach estimated at £36,000 for large businesses and £3,100 for micro/small businesses. The most costly single breach identified in the Cyber Security Breaches Survey was £3,000,000 for a large firm. There can also be reputational costs with a number of firms experiencing a loss of customers following a breach. Breaches can also result in consumers and other businesses incurring costs, for example through fraud. A US survey found that the majority of consumers affected by a breach reported they incurred costs with an estimated average of $500, while less than a third said they incurred no costs. Despite the potentially significant financial costs, evidence shows businesses are not doing to enough to protect themselves, both in terms of technical controls but also risk management and incident response. Whilst 69% of businesses say their senior management consider cyber security is a very or fairly high priority for their organisation just over half (51%) of all businesses have actually taken recommended actions to identify cyber risks, and only 10% have a formal incident management plan. Only 17% of businesses say their staff attended some form of training on cyber security in the last 12 months"
In this scenario, your role is a trainee Web Application Security Analystat a UK based technology consultancy firm. You have been assigned a task to carry out a security analysis of your client website and backend SQL database attached to a website containing possible security vulnerabilities; your answer can make reasonable assumptions.
Deliverables
The web/application security testing includes the following components:
Setup a fully functioning Web Application: (Screenshot for every steps must be provided)
-
PHP
-
MySQL
-
Apache Server
Web Application Security Testing:
-
Nmap scanning
-
Wireshark Sniffing
-
SQL Injection using SQLMAP
Web Application Security Model:
-
Firewalls
-
IDS/IPS
-
Encryption
Note:
Task A is worth 60% of the overall assignment. The marking criteria are outlined below.
Marking Criteria Task A
|
Description |
Marks |
Set up a server side (PHP) vulnerable web/application connected to a backend database (MySQL) for security testing in local environment either using XAMPP/WAMP or Virtual Box. Provide step-by-step configuration details of the environment setup (XAMPP/WAMP, Virtual Box etc), web/application and back-end database. |
20 |
Scanning: You must use a network scanner like Nmap to perform a scan on the target web/application and include your findings, open ports, applications, operating systems, etc. |
20 |
Sniffing: You must demonstrate the use of Wireshark sniffer to perform capture of web application session data. This will require capturing session data between your browser and website/server either remote or local. |
20 |
Use SQLMAP to identifyand exploit the SQL injection vulnerabilities based on the findings from the above steps. You must elaborate the steps of SQL Injection vulnerability exploited. |
25 |
Design and implement an appropriate web security model for your client by provisioning and utilizing appropriateweb application security software and hardware. (Firewall, IDS/IPS, Antivirus, Encryption, etc) |
15 |
|
Total |
100 |
|
Assignment support: Specific requirements for the assignment: (use following open source operating system and software)Kali Linux, Virtual Box, Wireshark, Nmap, SQLMAP. |
Assignment Checklist
|
TASKS COMPLETED |
tick |
|
Cover sheet completed |
|
|
Table of content |
|
|
Headings and sub-headings |
|
|
introduction |
|
|
Main body divided into paragraphs |
|
|
Conclusion & recommendations |
|
|
Evaluation and critical appraisal |
|
|
Evaluation and comparison of web server-side technologies |
|
|
Appraise web application security threats and |
|
|
Evaluate Web App security threats impact on business operations |
|
|
Future enhancements with the benefit of your experience on the project. Discussion on web application security tools used during the security testing. |
|
|
In-text citations correctly written |
|
|
Reference list on a separate page, completed and in the correct format |
Tired of the boring assignments to be submitted to colleges and universities? MyAssignmentMart.com gives you multiple reasons to trust it with your orders. We employ PhD experts handpicked from prestigious universities over the globe. We cater to quality assignment help, dissertation writing services and online essay help, covering more than 100 academic subjects. We pledge to complete your assignments on time and never compromise when it comes to deadline. Our prices for assignments are the most competitive in the market and make sure the cost suits your budget.
