QAC020N256A: Develop Dynamic web pages for Practical Business Purposes using server-side technologies: Web Application Security Assignment, UoRL, UK

Learning outcomes assessed within this piece of work as agreed at the program level meeting On successful completion of this module students will be able to

1. Develop dynamic web pages for practical business purposes using server-side technologies.

2. Critically evaluate and compare web server-side technologies and their deployment.

3. Identify and test common security threats associated with PHP.

4. Demonstrate implementation of usability and accessibility standards in designing of a dynamic website.

5. Design and test web database systems with the clear justification of the design route taken.

Assignment Tasks

Expectations: This assignment comprises of two components: Part A is the design and development of a database-driven website for a gym (worth 60% of the total marks of the Module), and Part B is an evaluation report of 1500 words consisting of reflective commentary on Part A (worth 40% of the total marks of the Module). Both components are one piece of work and will assess all the module learning outcomes.

Rationale: We trust more and more in inputting our personal information to websites. Although this makes our everyday lives more convenient, it also engenders more vulnerabilities because this will increase the frequency of hacking attacks and security breaches.

These attacks can range from serious, large-scale attacks to simple ones and from simple ones to ridiculous and life-changing incidents. (Note: web links to most prominent web application security incidents and attacks will be posted on Moodle). In light of those incidents and vulnerabilities, this assignment will encourage you to apply the web application security concepts and identify the web application vulnerabilities by analyzing web application components such as PHP and MySQL

Scenario:  Background:  The COVID-19 pandemic has changed the reality of life and has directed young generation, amongst others, to use the Internet more than ever. They view the Internet as a positive aspect in our society and a robust and effective systems of communication which play a crucial role in our daily activities and development of identities. On the other hand, the advent of the Internet and its uses are also often used negatively.

Many people, as well as organisations, are the targets of cyber bullying resulting in confusion on the part of the “target”. Very often, most people are unaware that what they are going through is a form of bullying. As a result, the previously safe environment of the Internet is now becoming a source of confusion and anxiety.

This rapid development has increased the cybersecurity breaches with one in four businesses detecting a breach during their last few months of operations. The nature of these attacks means that many businesses may not know their IT systems have been breached and how to handle/avoid these attacks.

ProHunt is a real estate company based in London. The company deals with renting, buying and selling residential and commercial properties in the area. They are committed to providing the highest levels of customer care. The company employs two directors, two receptionists, four office administrators, two consultants, and seven field workers.

To be competitive and remain at cutting edge, The ProHunt intends to launch its business online offering one stop estate services. This new website aims to offer their customers convenience, more control and speedy signup for their services to avoid manual administrative tasks. Although the claim is to improve customer services, securing customer data and eliminating the security risks, it is obvious that it will also help the club save costs and remain financially robust.

Task A

Now “ProHunt” has contacted BuildTech (Leading IT Company) to go through a security check for the website to project their online presence and services. The client will also use the website as a contact tool with its customers.

You have been assigned to carry out a security analysis of your client website and backend SQL database attached to a website containing possible security vulnerabilities; your answer can make reasonable assumptions.

Deliverables

The web/application security testing must include the following components:

Note:

Task A is worth 60% of the overall module. The marking criteria are outlined below.

Setup Fully Functional Vulnerable Web Application:

• PHP
• MySQL
• Apache Server

Setup Mutillidae with all the above services enabled on XAMMP. Please provide a step-by-step walk-through of your implementation including set up of your backend SQL database using screenshots and appropriate description for each step.

Web Application Security Testing:

• Nmap scanning

Perform port scanning of web application target (Mutillidae) and elaborate each step clearly mentioning the details of open ports and its relevance to identify the running protocol.

• Wireshark Sniffing

Perform data/traffic capture on the target web application (Mutillidae). Please provide a detailed analysis of captured data (Protocol identified at different TCP/IP layers).

• SQL Injection using SQLMAP

Perform SQL injection attacks on Mutillidae using SQLMAP. Elaborate on the findings of your attack and include the name of the detected database version, database names, database compromised data, etc.

Part B: Reflection and Evaluation Report

Tasks:

Your second task is to write a self-reflective commentary about your journey from looking at website design, development, testing to the deployment of techniques.

Having created your website project, you should now write a self-reflective commentary (1500 words) critically reflecting on your project. Your commentary should critically explore the work you have done to produce your project using relevant literature.

Answer

Request Answer of this Assignment