Designing a secure online data store

Assignment Help Computer Engineering
Reference no: EM131446984

Project title: Designing a secure online data store

Objective: The project consists in designing a secure online data store.


To achieve the above-mentioned goal, you will need to do the following tasks:
1. Risk analysis: which consists of asset evaluations, threat modeling, and vulnerability analysis.
2. Security requirement specification.
3. Design the security policies.
4. Select the security solutions that satisfy the security requirements of the system.The project consists of 3 separate subprojects; all subprojects must be carried out by each student. It is recommended to start working on the subprojects as soon as possible.

Part I: Basic Hacking

The goal of this subproject is to get you acquainted with basic hacking techniques. The project consists of a simple hacking game available at

Visit the site and progressively advance to at least level 10 (2% will be given for each level completed successfully, which means to obtain the full mark you need to find out the correct credentials to move from level 9 to level 10).

Prepare a short report documenting your actions/steps and corresponding solutions. Indicate explicitly the credentials or links used to move between steps; make an adequate use of screenshots.

Part II: Web Application Vulnerability Assessment

The Insecure Web App is an open source database driven J2EE web application released through the Open Web Application Security Project (OWASP) ( It contains a variety of vulnerabilities including SQL injection, XSS, Parameter tampering, and broken authorization and authentication, to name a few.
The purpose of this subproject is to conduct vulnerability assessment of the Insecure Web App.
Before starting, you need to install the insecure Web App. The instructions to install the app on Kali are given in the appendix below.

After launching the application (using a web browser), click on the link ‘Instructions' to access the guidelines and application overview.
The ‘Application Overview' section provides a brief description of the different use cases underlying the application and lists different challenge questions in terms of vulnerability assessment.

For this subproject, you are required to answer only one challenge, which is the following:

1. Challenge # 3: Forceful Browsing and Parameter Tampering

Part III: Mitigation (12%)
In Labs 3 and 4, you conducted initial penetration testing steps against the lab network. You uncovered vulnerable services in this network, and gain access to one of the machines by exploiting some of the vulnerabilities. The goal of this subproject is to address the vulnerabilities by proposing mitigation solutions.

Choose one of the vulnerabilities found in Lab 4, and propose and implement a mitigation strategy to remediate the corresponding vulnerability.

For example, a vulnerability that might be a threat is the use of telnet protocol to connect to a remote server over the Internet.
The solution for this threat is to prevent/block incoming/outgoing telnet traffic, by writing some IPTables rules, as follows:

iptables -A INPUT -p tcp --dport telnet -j REJECT
iptables -A OUTPUT -p tcp --dport telnet -j REJECT

Note: it is important when you choose your mitigation techniques to make sure that they are feasible.


• The choice of the data store to be designed is flexible, meaning that you can choose by your own. For example, (1) a simplistic online bookstore that allows customers to search and purchase a book based on title, author, subject and ISBN, (2) a simplistic online sale and purchase E-Commerce tool, etc. You should be explicit on the type of chosen data store and its content, by indicating what it allows the customers to do.

• In all the mentioned requirement steps, be precise in your analysis and description of your proposed solutions. Vague, ambiguous, or unjustified claims, will contribute to affect negatively the quality of your project outcome.

Attachment:- Final Project.rar

Reference no: EM131446984

Problem based on berkeley-based unix system

Consider a system such as a Berkeley-based UNIX system, in which users have secondary group identities that remain fixed during their login sessions - What are the advantage

Can you devise a protocol where proof size

Can you devise a protocol where proof size, verification time, and digest size are all sublinear? You might need a sub-protocol that involves some amount of two-way communic

What major cpus were made during that time

What major CPU's were made during that time? What kind of software did these cpus ran on? What kind of performance did they had? What was the first AMD made? How was it differ

Explore how video games are being used by medical community

For this writing assignment, you will explore how video games are being used by the medical community. Video games (both online and apps) are a source of entertainment for ind

What sort of people would go after the given information

What sort of people would go after this information? Why would they want it? What will/can they do with it? How would they get it? How would potential attackers be identified?

Estimate the probability of a burglary

BEITC703 - Solve the given puzzle using crypt arithmatic method and Construct a Truth table trat shows the truth value of each sentence in KB and indicate the model in which t

Design and implementation of an arithmetic logic unit

ECE 2504 - Introduction to Computer Engineering (Spring 2017) Design Project 2: Design and Implementation of an Arithmetic Logic Unit on the DE0 Nano board. After you have v

Draw one stage of the trellis diagram

ENGR4130 Project - Optimal Receiver and Symbol-by-Symbol Detection for Bandlimitted Channels. Consider the same binary communication system given above. Here we implement the


Write a Review

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd