首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
代写G6077程序、代做Python编程设计
项目预算:
开发周期:
发布时间:
要求地区:
Introduction to Computer Security – G6077
Weighting: 50% of marks for the module
Version Information: Oct 2024
Submission deadline: Check deadline on Sussex direct. e-submission to Canvas
You must work on this assignment on your own. The standard Informatics rules for collusion, plagiarism and lateness apply. Any cases of potential misconduct discovered will be reported and investigated.
Part A – Virtual Private Cloud (10 marks)
Use the AWS services to implement the infrastructure given below. Once you implement this, you will need to take screen shots of your settings to provide it in the report.
Part B (90 marks)
Lovejoy’s Antique Evaluation Web Application
In this part of the coursework, you will develop a secure web application for a local antique dealer named Lovejoy. Lovejoy wants a minimum viable product allowing customers to register and then request evaluations of potential antique objects. Lovejoy has many rivals in the antique business who may sometimes resort to underhand tactics and so is very concerned about the security of the application.
Your secure web application will need to have these features for the minimum viable product (MVP) release: user registration and login, a password policy, “request evaluation” page and then an extension of the “request evaluation” page file upload to allow upload of photos. Finally, Lovejoy needs a request listing page.
You should build Lovejoy’s MVP focusing on the following features in each task. Mark allocation for each task are as described below and in the security analysis grid. You should reflect upon your work and provide estimates of how much you’ve achieved by filling out the marking grid. An example of self-reflection is provided in the Canvas. There are thus 30 marks for completing the application reasonably, 50 marks for the security features identified and implemented, and 10 marks for self-reflection and video quality.
You have a choice of technologies from which to build the application:
PHP
Java
Python
No other approach is allowed. If you are using Java and Python, you should research it yourself to find out where you want to host it.
Task 1 - Develop a secure web form that allows customers to register in the application. They must register an email address, password, name and contact telephone number. The users’ details should be stored in a database.
Code Quality 5 marks
Database Design 5 marks
Task 2 - Develop a secure login feature.
Code Quality 5 marks
Task 3 – Extend the password management feature to provide password strength recommendations and password recovery.
Code Quality 5 marks
Task 4 - Implement a “Request Evaluation” web page only accessible to logged in users. This web page should have a comment box to type in the details of the object and their request, and a dropdown box for preferred method of contact between phone or email. The evaluation page should allow for file upload of a photo of the object.
Code Quality 5 marks
Task 5 – Implement a page that displays a list of evaluation requests. This page should only be visible to an administrator role. Code Quality 5 marks
Submission guidance
You are only submitting the report to the Canvas. You must follow the report template.
Report -- You must use the report template provided at the end of this coursework description. In your report, you will provide screenshots of all the marking criteria elements and annotate where necessary. In screen shots for the code, please don’t give a big chunk of code, provide only the related lines. Use bullet points to give any explanation, please don’t write big paragraphs.
Recording -- You will use Sussex Panopto to record a video to show the working of your application and its security features. Useful links provided at the end about Panopto. It is a very straightforward tool to use. You log in using University credential, select the right screen, and record the application to show different features. Show us the aspects that cover marking criteria. Consider the following when recording.
1) Recording must not be more than 10 minutes.
2) Must show the testing of all tasks in sequence (features) and its security features
3) Provide voice over or textual application on the video to explain the recording.
4) Record screen and yourself in the video.
5) Use the self-reflection grid in the task 0 to show the order of recording features.
When you record the video, from the settings, there is a share link button, click on it and select the option that anyone at our organisation who has the link can access the video. Copy that link and put it in your report.
How to use Panopto?
Recording presentation using Panopto
More guidance about recording the video will be provided in the Canvas.
Code file location (OneDrive)-- Upload your code to the OneDrive and provide the code link in the report for our inspection.
Select the folder where you have all the code, then click on the share option. In the settings, click on the pencil drop down menu and select the option can edit. Copy the link and put it in your report.
See the recording on the Canvas how to setup this in a correct way.
Excellent (10-9 marks) Good (8-6 marks) Average (5-3 marks) Poor (2-0 marks)
10 marks
Criteria (50 marks)
Excellent (15-13) Good (12-10) Average (9-5) Poor (4-0) 15 marks
Policy has no flaw, and its implementation is excellent. Various mechanisms implemented to ensure password policy is secure. Policy has no flaws, but implementation of policy is simple. Password policy has very few flaws. However, different sections of policy are implemented and working. Policy has many flaws for example password is not encrypted, and no salt applied. Password forgot policy has security flaws. Password policy 15marks
Password entropy, encrypted storage, security questions and recovery of password
Several countermeasures are implemented, and the quality of countermeasures are excellent. Countermeasures are implemented in all the pages however quality of implementation is simple. Implemented countermeasures only in some parts of the application.
Very little effort to implement countermeasures to avoid these vulnerabilities.
Vulnerabilities 15 marks
SQL injection, XSS, CSRF, File Upload and any other obvious vulnerability.
All the requirements are implemented to authenticate users. Implementation quality is excellent. All requirements are implemented to authenticate the user. However, quality of implementation is simple. Only some obvious requirements are not implemented. Lots of obvious authentication’s requirements are not implemented. Authentication and Encryption 10 marks
User identity management (registration and login etc), Email verification for registration, 2 factor authentications (PIN and or email)
Encryption applied reasonably to secure assets
Excellent implementation of countermeasures against these attacks. No flaws in countermeasures however quality of implementation is simple. Some flaws in countermeasures Very little effort against these attacks. Obfuscation/Common attacks 10 marks
Brute force attack – Number of attempts
Botnet attack – Captcha
Dictionary attack/Rainbow table attack
5 marks 5 marks 5 marks 5 marks 10 marks 30 marks
List evaluation-Task5 Request evaluation – task 4 Forgot password-Task3 Login-Task2 User registration/Database-Task1 Features of webs application
Up to 4/6 marks 0 marks 10 marks
Fairly fully completed Marking not completed Self-reflection – 4 marks
Covered everything in order Missing aspects Video quality – 6 marks
Excellent (9 to 10) Good (6 to 8) Average (3 to 5) Poor (0-2) 10 marks
Everything is implemented as in the infrastructure Very little mistakes in the implementation Few mistakes in implementation Very little attempt. Virtual Private Cloud & Security groups
Report
You will be submitting this report to the Canvas. The report has 6 tasks. From 1 to 5, it covers the secure application part and the last task 6 covers the AWS. You will provide the three required links below.
1)Code file Location: --------------------------------------
Upload your code to OneDrive and provide a link here. Set up correct permission so that anyone with a link can view it.
2)Panopto recording:------------------------------------------
If you don’t provide this, we will not be able to test your work fully.
If any of the above evidence is not provided, you will lose marks as I will not be able to test your application.
Task 0 – Self-reflection
Marking grid filled up by you. Fill it up and past it here. We expect you to self-assess yourself fairly.
Marking criteria Sub criteria Tick/cross Marks
(from the main marking grid, assign fair marks to yourself)
Password policy Password entropy
Security questions
Password recovery
Vulnerabilites SQL injection,
XSS,
CSRF,
File Upload and
any other obvious vulnerability.
Authentication/Encrypted storage User registration, User login
Email verification for registration,
2 factor authentications (PIN and or email)
Encrypted storage
Obfuscation/Common attacks Brute force attack – Number of attempts
Botnet attack – Captcha
Dictionary attack/Rainbow table attack
Features of web application Database design
User registration
User login
Forgot password
Evaluation
List evaluation
VPC Evidence provided
Video All the marking criteria covered
Self-reflection This marking grid fill out properly
Total marks =
Task 1 – User registration
Registration feature code screenshots
Database Table
Why do you think it is secure? Use bullet points to provide your reasons and back it up with code snippet from your application. Don’t paste the big junks of code in the report, show us those specific lines, highlight, and annotate if you need to.
Task 2 - Develop a secure login feature.
Login feature code screenshots
Why do you think it is secure? Use bullet points to provide your reasons and back it up code snippet from your application.
Task 3 - Implement password strength and password recovery
List each password policy element that you implemented and back it up with code snippets from your application.
Task 4 - Implement a “Evaluation Request” web page.
Request Evaluation feature screenshot
Why do you think it is secure?
Task 5 – Request Listing Page
Code of the feature
Why do you think it is secure?
Task 6 –AWS Virtual Private Cloud settings screen shots.
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
urba6006代写、java/c++编程语...
2024-12-26
代做program、代写python编程语...
2024-12-26
代写dts207tc、sql编程语言代做
2024-12-25
cs209a代做、java程序设计代写
2024-12-25
cs305程序代做、代写python程序...
2024-12-25
代写csc1001、代做python设计程...
2024-12-24
代写practice test preparatio...
2024-12-24
代写bre2031 – environmental...
2024-12-24
代写ece5550: applied kalman ...
2024-12-24
代做conmgnt 7049 – measurem...
2024-12-24
代写ece3700j introduction to...
2024-12-24
代做adad9311 designing the e...
2024-12-24
代做comp5618 - applied cyber...
2024-12-24
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!