Reference no: EM131446984
Project title: Designing a secure online data store
Objective: The project consists in designing a secure online data store.
Requirements:
To achieve the above-mentioned goal, you will need to do the following tasks:
1. Risk analysis: which consists of asset evaluations, threat modeling, and vulnerability analysis.
2. Security requirement specification.
3. Design the security policies.
4. Select the security solutions that satisfy the security requirements of the system.The project consists of 3 separate subprojects; all subprojects must be carried out by each student. It is recommended to start working on the subprojects as soon as possible.
Part I: Basic Hacking
The goal of this subproject is to get you acquainted with basic hacking techniques. The project consists of a simple hacking game available at https://www.try2hack.lt/en/
Visit the site and progressively advance to at least level 10 (2% will be given for each level completed successfully, which means to obtain the full mark you need to find out the correct credentials to move from level 9 to level 10).
Prepare a short report documenting your actions/steps and corresponding solutions. Indicate explicitly the credentials or links used to move between steps; make an adequate use of screenshots.
Part II: Web Application Vulnerability Assessment
The Insecure Web App is an open source database driven J2EE web application released through the Open Web Application Security Project (OWASP) (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project). It contains a variety of vulnerabilities including SQL injection, XSS, Parameter tampering, and broken authorization and authentication, to name a few.
The purpose of this subproject is to conduct vulnerability assessment of the Insecure Web App.
Before starting, you need to install the insecure Web App. The instructions to install the app on Kali are given in the appendix below.
After launching the application (using a web browser), click on the link ‘Instructions' to access the guidelines and application overview.
The ‘Application Overview' section provides a brief description of the different use cases underlying the application and lists different challenge questions in terms of vulnerability assessment.
For this subproject, you are required to answer only one challenge, which is the following:
1. Challenge # 3: Forceful Browsing and Parameter Tampering
Part III: Mitigation (12%)
In Labs 3 and 4, you conducted initial penetration testing steps against the lab network. You uncovered vulnerable services in this network, and gain access to one of the machines by exploiting some of the vulnerabilities. The goal of this subproject is to address the vulnerabilities by proposing mitigation solutions.
Choose one of the vulnerabilities found in Lab 4, and propose and implement a mitigation strategy to remediate the corresponding vulnerability.
For example, a vulnerability that might be a threat is the use of telnet protocol to connect to a remote server over the Internet.
The solution for this threat is to prevent/block incoming/outgoing telnet traffic, by writing some IPTables rules, as follows:
iptables -A INPUT -p tcp --dport telnet -j REJECT
iptables -A OUTPUT -p tcp --dport telnet -j REJECT
Note: it is important when you choose your mitigation techniques to make sure that they are feasible.
NOTE:
• The choice of the data store to be designed is flexible, meaning that you can choose by your own. For example, (1) a simplistic online bookstore that allows customers to search and purchase a book based on title, author, subject and ISBN, (2) a simplistic online sale and purchase E-Commerce tool, etc. You should be explicit on the type of chosen data store and its content, by indicating what it allows the customers to do.
• In all the mentioned requirement steps, be precise in your analysis and description of your proposed solutions. Vague, ambiguous, or unjustified claims, will contribute to affect negatively the quality of your project outcome.
Attachment:- Final Project.rar
What is the annual percentage rate of your investment
: You just bought a bond of Six Flags at the price of $980. The bond has a face value of $1000, which is the amount of money you will get paid when the bond matures in six months. You will also be paid $30 coupon payment right before the maturity date...
|
Determine what discount rate vestor should use
: Determine what discount rate (WACC) Vestor should use to evaluate the warehousing facility project. Assess whether Vestor should make the warehouse investment.
|
Compare the leandership strategies of trump and obama
: compare the leandership strategies of trump and obama.
|
After which the gold would be completely mined
: Seth Bullock, the owner of Bullock Gold Mining, is evaluating a new gold mine in South Dakota. Dan Dority, the company’s geologist, has just finished his analysis of the mine site. He has estimated that the mine would be productive for eight years, a..
|
Designing a secure online data store
: CKDF140 PROJECT Designing a secure online data store - Risk analysis: which consists of asset evaluations, threat modeling, and vulnerability analysis and Security requirement specification.
|
Why did they feel the need to devote
: Now that you have read most of Wannsee Conference, what was the Nazi's main motivation for implementing the Final Solution? In other words, WHY did they feel the need to devote so much in the way of resources and manpower to this endeavor?
|
Shortage of staff in the labor market
: What are the possibilities in this scenario? Does it matter that this employee is temporary? Does it matter that there is a severe shortage of staff in the labor market with this skill set? Does it matter that you see no evidence of anger in this ..
|
Determine the companys weighted average cost of capital
: Calculate the company's weighted average cost of capital. Use the dividend discount model. Show calculations in Microsoft Word.
|
Define the risk management process
: Write a 1,050- to 1,750-word paper using the Risk Identification Scenario. Define the risk management process. Explain the role of risk management in the project planning process. Describe at least two risks and their sources for the scenario
|