合肥生活安徽新闻合肥交通合肥房产生活服务合肥教育合肥招聘合肥旅游文化艺术合肥美食合肥地图合肥社保合肥医院企业服务合肥法律

代写G6077程序、代做Python编程设计
代写G6077程序、代做Python编程设计

时间:2024-10-31  来源:合肥网hfw.cc  作者:hfw.cc 我要纠错



Introduction to Computer Security – G6077

Weighting:   50% of marks for the module 
Version Information: Oct 2024
Submission deadline: Check deadline on Sussex direct. e-submission to Canvas 

You must work on this assignment on your own. The standard Informatics rules for collusion, plagiarism and lateness apply. Any cases of potential misconduct discovered will be reported and investigated.

Part A – Virtual Private Cloud (10 marks)
Use the AWS services to implement the infrastructure given below. Once you implement this, you will need to take screen shots of your settings to provide it in the report.  


Part B (90 marks)

Lovejoy’s Antique Evaluation Web Application

In this part of the coursework, you will develop a secure web application for a local antique dealer named Lovejoy.  Lovejoy wants a minimum viable product allowing customers to register and then request evaluations of potential antique objects.   Lovejoy has many rivals in the antique business who may sometimes resort to underhand tactics and so is very concerned about the security of the application.  
Your secure web application will need to have these features for the minimum viable product (MVP) release: user registration and login, a password policy, “request evaluation” page and then an extension of the “request evaluation” page file upload to allow upload of photos. Finally, Lovejoy needs a request listing page.
You should build Lovejoy’s MVP focusing on the following features in each task.  Mark allocation for each task are as described below and in the security analysis grid.  You should reflect upon your work and provide estimates of how much you’ve achieved by filling out the marking grid. An example of self-reflection is provided in the Canvas. There are thus 30 marks for completing the application reasonably, 50 marks for the security features identified and implemented, and 10 marks for self-reflection and video quality.
You have a choice of technologies from which to build the application:
PHP 
Java 
Python 
No other approach is allowed. If you are using Java and Python, you should research it yourself to find out where you want to host it.  

Task 1 - Develop a secure web form that allows customers to register in the application. They must register an email address, password, name and contact telephone number. The users’ details should be stored in a database.  
    Code Quality 5 marks
    Database Design 5 marks

Task 2 - Develop a secure login feature. 
    Code Quality 5 marks

Task 3 – Extend the password management feature to provide password strength recommendations and password recovery.
    Code Quality 5 marks

Task 4 - Implement a “Request Evaluation” web page only accessible to logged in users. This web page should have a comment box to type in the details of the object and their request, and a dropdown box for preferred method of contact between phone or email. The evaluation page should allow for file upload of a photo of the object.  
    Code Quality 5 marks

Task 5 – Implement a page that displays a list of evaluation requests.  This page should only be visible to an administrator role.    Code Quality 5 marks

Submission guidance 
You are only submitting the report to the Canvas. You must follow the report template.
Report -- You must use the report template provided at the end of this coursework description. In your report, you will provide screenshots of all the marking criteria elements and annotate where necessary. In screen shots for the code, please don’t give a big chunk of code, provide only the related lines. Use bullet points to give any explanation, please don’t write big paragraphs. 

Recording -- You will use Sussex Panopto to record a video to show the working of your application and its security features. Useful links provided at the end about Panopto. It is a very straightforward tool to use. You log in using University credential, select the right screen, and record the application to show different features. Show us the aspects that cover marking criteria. Consider the following when recording. 
1) Recording must not be more than 10 minutes. 
2) Must show the testing of all tasks in sequence (features) and its security features
3) Provide voice over or textual application on the video to explain the recording.  
4) Record screen and yourself in the video.
5) Use the self-reflection grid in the task 0 to show the order of recording features.
When you record the video, from the settings, there is a share link button, click on it and select the option that anyone at our organisation who has the link can access the video. Copy that link and put it in your report. 
How to use Panopto?
Recording presentation using Panopto

More guidance about recording the video will be provided in the Canvas. 

Code file location (OneDrive)-- Upload your code to the OneDrive and provide the code link in the report for our inspection. 
Select the folder where you have all the code, then click on the share option. In the settings, click on the pencil drop down menu and select the option can edit. Copy the link and put it in your report. 
See the recording on the Canvas how to setup this in a correct way. 





Excellent (10-9 marks)    Good (8-6 marks)    Average (5-3 marks)    Poor (2-0 marks)
     10 marks    
 Criteria (50 marks)

Excellent (15-13)    Good (12-10)    Average (9-5)    Poor (4-0)     15 marks    
Policy has no flaw, and its implementation is excellent. Various mechanisms implemented to ensure password policy is secure.      Policy has no flaws, but implementation of policy is simple.    Password policy has very few flaws. However, different sections of policy are implemented and working.      Policy has many flaws for example password is not encrypted, and no salt applied. Password forgot policy has security flaws.     Password policy          15marks
Password entropy, encrypted storage, security questions and recovery of password

Several countermeasures are implemented, and the quality of countermeasures are excellent.    Countermeasures are implemented in all the pages however quality of implementation is simple.      Implemented countermeasures only in some parts of the application. 
    Very little effort to implement countermeasures to avoid these vulnerabilities. 
    Vulnerabilities              15 marks
SQL injection, XSS, CSRF, File Upload and any other obvious vulnerability.
All the requirements are implemented to authenticate users. Implementation quality is excellent.      All requirements are implemented to authenticate the user. However, quality of implementation is simple.      Only some obvious requirements are not implemented.     Lots of obvious authentication’s requirements are not implemented.     Authentication and Encryption              10 marks 
User identity management (registration and login etc), Email verification for registration, 2 factor authentications (PIN and or email)
Encryption applied reasonably to secure assets
Excellent implementation of countermeasures against these attacks.     No flaws in countermeasures however quality of implementation is simple.      Some flaws in countermeasures     Very little effort against these attacks.     Obfuscation/Common attacks      10 marks
Brute force attack – Number of attempts
Botnet attack – Captcha 
Dictionary attack/Rainbow table attack
5 marks    5 marks    5 marks    5 marks    10 marks    30 marks
List evaluation-Task5    Request evaluation – task 4    Forgot password-Task3    Login-Task2    User registration/Database-Task1    Features of webs application

Up to 4/6 marks    0 marks    10 marks
Fairly fully completed    Marking not completed    Self-reflection – 4 marks
Covered everything in order    Missing aspects    Video quality – 6 marks

Excellent (9 to 10)    Good (6 to 8)    Average (3 to 5)    Poor (0-2)    10 marks
Everything is implemented as in the infrastructure    Very little mistakes in the implementation     Few mistakes in implementation     Very little attempt.     Virtual Private Cloud & Security groups 

Report 
You will be submitting this report to the Canvas. The report has 6 tasks. From 1 to 5, it covers the secure application part and the last task 6 covers the AWS. You will provide the three required links below.
1)Code file Location: --------------------------------------
Upload your code to OneDrive and provide a link here. Set up correct permission so that anyone with a link can view it. 
2)Panopto recording:------------------------------------------
 If you don’t provide this, we will not be able to test your work fully. 

If any of the above evidence is not provided, you will lose marks as I will not be able to test your application. 
Task 0 – Self-reflection 
Marking grid filled up by you. Fill it up and past it here. We expect you to self-assess yourself fairly. 
Marking criteria    Sub criteria    Tick/cross    Marks
 (from the main marking grid, assign fair marks to yourself)
Password policy    Password entropy                

    Security questions        
    Password recovery        
Vulnerabilites    SQL injection,         


    XSS,         
    CSRF,         
    File Upload and         
    any other obvious vulnerability.        
Authentication/Encrypted storage    User registration, User login         
    Email verification for registration,        
    2 factor authentications (PIN and or email)        
    Encrypted storage        
Obfuscation/Common attacks     Brute force attack – Number of attempts        
    Botnet attack – Captcha         
    Dictionary attack/Rainbow table attack        
Features of web application    Database design        
    User registration        
    User login        
    Forgot password        
    Evaluation        
    List evaluation        
VPC    Evidence provided        
Video    All the marking criteria covered        
Self-reflection    This marking grid fill out properly        
            Total marks = 

Task 1 – User registration 
Registration feature code screenshots

Database Table

Why do you think it is secure?  Use bullet points to provide your reasons and back it up with code snippet from your application. Don’t paste the big junks of code in the report, show us those specific lines, highlight, and annotate if you need to.

Task 2 - Develop a secure login feature. 
Login feature code screenshots

Why do you think it is secure?  Use bullet points to provide your reasons and back it up code snippet from your application.

Task 3 - Implement password strength and password recovery

List each password policy element that you implemented and back it up with code snippets from your application. 

Task 4 - Implement a “Evaluation Request” web page. 

Request Evaluation feature screenshot

Why do you think it is secure? 

Task 5 – Request Listing Page

Code of the feature

Why do you think it is secure?

Task 6 –AWS Virtual Private Cloud settings screen shots. 

请加QQ:99515681  邮箱:99515681@qq.com   WX:codinghelp



 

扫一扫在手机打开当前页
  • 上一篇:RBE104TC代做、C/C++设计编程代写
  • 下一篇:代写CSE x25、C++/Java程序设计代做
  • 无相关信息
    合肥生活资讯

    合肥图文信息
    新能源捕鱼一体电鱼竿好用吗
    新能源捕鱼一体电鱼竿好用吗
    海信罗马假日洗衣机亮相AWE  复古美学与现代科技完美结合
    海信罗马假日洗衣机亮相AWE 复古美学与现代
    合肥机场巴士4号线
    合肥机场巴士4号线
    合肥机场巴士3号线
    合肥机场巴士3号线
    合肥机场巴士2号线
    合肥机场巴士2号线
    合肥机场巴士1号线
    合肥机场巴士1号线
    合肥轨道交通线路图
    合肥轨道交通线路图
    合肥地铁5号线 运营时刻表
    合肥地铁5号线 运营时刻表
  • 币安app官网下载 短信验证码

    关于我们 | 打赏支持 | 广告服务 | 联系我们 | 网站地图 | 免责声明 | 帮助中心 | 友情链接 |

    Copyright © 2024 hfw.cc Inc. All Rights Reserved. 合肥网 版权所有
    ICP备06013414号-3 公安备 42010502001045