Introduction to Computer Security – G6077
Weighting: 50% of marks for the module
Version Information: Version 1, Oct 2023
Submission deadline: Check deadline on Sussex direct. e-submission to Canvas
You must work on this assignment on your own. The standard Informatics rules for collusion, plagiarism and lateness apply. Any cases of potential misconduct discovered will be reported and investigated.
程序代写 CS代考 加QQ: 749389476
Part A – Virtual Private Cloud (10 marks)
Use the AWS services to implement the infrastructure given below. Once you implement this, you will need to take screen shots of your settings to provide it in the report.
Public subnet 3: 10.0.4.0/24
VPC: 10.0.0.16
Public subnet 2: 10.0.2.0/24
Security group
Service: Windows Server 2016
Public subnet 1: 10.0.0.0/24
NAT gateway
Private subnet 1: 10.0.1.0/24
Security group
Services: Apache Server, MySQL and
Private subnet 2: 10.0.3.0/24
程序代写 CS代考 加微信: cstutorcs
Part B (90 marks)
Lovejoy’s Antique Evaluation Web Application
In this part of the coursework, you will develop a secure web application for a local antique dealer named Lovejoy. Lovejoy wants a minimum viable product allowing customers to register and then request evaluations of potential antique objects. Lovejoy has many rivals in the antique business who may sometimes resort to underhand tactics and so is very concerned about the security of the application.
Your secure web application will need to have these features for the minimum viable product (MVP) release: user registration and login, a password policy, “request evaluation” page and then an extension of the “request evaluation” page file upload to allow upload of photos. Finally, Lovejoy needs a request listing page.
You should build Lovejoy’s MVP focusing on the following features in each task. As well as the code, you should submit a report as described in the appendix below, where you will provide a self- reflection on the security and for each feature. Mark allocation for each task are as described below and in the security analysis grid. You should reflect upon your work and provide estimates of how much you’ve achieved by filling out the marking grid, which if completed will be allocated 5 marks. An example of self-reflection is provided in the Canvas. There are thus 35 marks for completing the application reasonably, 50 marks for the security features identified and implemented, and 5 marks for self-reflection.
You have a choice of technologies from which to build the application:
• PHP (host it for free on 000webhost or on the AWS) • Java
No other approach is allowed. If you are using Java and Python, you should research it yourself to find out where you want to host it.
Task 1 – Develop a secure web form that allows customers to register in the application. They must register an email address, password, name and contact telephone number. The users’ details should be stored in a database.
Code Quality 5 marks Database Design 5 marks
Task 2 – Develop a secure login feature.
Code Quality 5 marks
Task 3 – Extend the password management feature to provide password strength recommendations and password recovery.
Code Quality 5 marks
Task 4 – Implement a “Request Evaluation” web page only accessible to logged in users. This web page should have a comment box to type in the details of the object and their request, and a dropdown box for preferred method of contact between phone or email.
Code Quality 5 marks
Task 5 – Extend the “Request Evaluation” page to allow for file upload of a photo of the object
Code Quality 5 marks
Task 6 – Implement a page that displays a list of evaluation Code Quality 5 marks requests. This page should only be visible to an administrator
Submission guidance
You are only submitting the report to the Canvas. You must follow the report template.
Report — You must use the report template provided at the end of this coursework description. In your report, you will provide screenshots of all the marking criteria elements and annotate where necessary. In screen shots for the code, please don’t give a big chunk of code, provide only the related lines.
Use bullet points to give any explanation, please don’t write big paragraphs.
Recording — You will use Sussex Panopto to record the working of your application and to show features that will be difficult for us to test. For example, if you implement 2FA, record it in Panopto to show that it is working, then comment out that feature so that we can test other features. Provide us a test user detail so that we can test the application. Recording should not be more than 10 minutes. You must need to plan your recording and user testing strategy in a way that we are able to see a feature working or should be able to test it. If I cannot see a feature working and cannot test it, I cannot give marks for that feature.
URL – URL of your application — You must host your application online. The URL will need to be provided in the report.
Code file location — Upload your code to the OneDrive and provide the code link in the report for our inspection.
Code Help, Add WeChat: cstutorcs
Excellent (10-9 marks) Good (8-6 marks) Average (5-3 marks)
Poor (2-0 marks)
Student must have gone beyond
Policy has no flaw, and its implementation is excellent. Various mechanisms implemented to ensure password policy is secure.
Policy has no flaws, but implementation of policy is simple.
Password policy has very few flaws. However, different sections of policy are implemented and working.
Policy has many flaws for example password is not encrypted, and no salt applied. Password forgot policy has security flaws.
Password policy 10marks
Password entropy, encrypted storage, security questions and recovery of password
Several countermeasures are implemented, and the quality of countermeasures are excellent.
Countermeasures are implemented in all the pages however quality of implementation is simple.
Implemented countermeasures only in some parts of the application.
Very little effort to implement countermeasures to avoid these vulnerabilities.
Vulnerabilities 10 marks
SQL injection, XSS, CSRF, File Upload and any other obvious vulnerability.
All the requirements are implemented to authenticate users. Implementation quality is excellent.
All requirements are implemented to authenticate the user. However, quality of implementation is simple.
Only some obvious requirements are not implemented.
Lots of obvious authentication’s requirements are not implemented.
Authentication 10 marks
User identity management (registration and login etc), Email verification for registration, 2 factor authentications (PIN and or email),
Excellent implementation of countermeasures against these attacks.
No flaws in countermeasures however quality of implementation is simple.
Some flaws in countermeasures
Very little effort against these attacks.
Obfuscation/Common attacks 10 marks
Brute force attack – Number of attempts Botnet attack – Captcha
Dictionary attack/Rainbow table attack
Claimed features are complex. The quality of achievement is excellent. No holes in the web application.
Claimed features are complex however quality of achievement/implementation could have been better. Very few flaws in the security of the application
Claimed features are somewhat complex and implementation could have been better. Some flaws in the security of the application
Minimal effort to implement some obvious security features like storing confidential information.
Deeper understanding, 10 marks
Carry out your investigation and implement more security features to ensure that there no gaps in your application.
5 marks 5 marks
List evaluation-Task6 Request evaluation – task 5
Excellent (9 to 10)
Everything is implemented as in the infrastructure
Request evaluation – task 4
Marking not completed
Average (3 to 5)
Few mistakes in implementation
Forgot password-Task3
Login-Task2
Self-reflection
User registration/Database-Task1
Features of webs application
Up to 5 marks
Fully completed
Good (6 to 8)
Very little mistakes in the implementation
Poor (0-2)
Very little attempt. Virtual Private Cloud & Security groups
You will be submitting this report to the Canvas. The report has 7 tasks. From 1 to 6, it covers the secure application part and the last task 7 covers the AWS. You will provide the three required links below.
1) Application URL: ———————————-
(URL to your web-application, this can be hosted anywhere. You will need to ensure that it is available till end of Jan for us to assess.)
2) Code file Location: ————————————–
Upload your code to OneDrive and provide a link here. Set up correct permission so that anyone with a link can view it.
3) Panopto recording and possibly test users’ detail:—————————————— If you don’t provide this, we will not be able to test your work fully.
Task 0 – Self-reflection
Marking grid filled up by you. Fill it up and past it here. We expect you to self-assess yourself fairly.
Task 1 – User registration
Registration feature code screenshots
Database Table
Why do you think it is secure? Use bullet points to provide your reasons and back it up with code snippet from your application. Don’t paste the big junks of code in the report, show us those specific lines, highlight, and annotate if you need to.
Task 2 – Develop a secure login feature.
Login feature code screenshots
Why do you think it is secure? Use bullet points to provide your reasons and back it up code snippet from your application.
Task 3 – Implement password strength and password recovery
List each password policy element that you implemented and back it up with code snippets from your application.
Task 4 – Implement a “Evaluation Request” web page.
Request Evaluation feature screenshot Why do you think it is secure?
Task 5 – Develop a feature that will allow customers to submit photographs
Code of the feature
Why do you think it is secure?
Task 6 – Request Listing Page
Code of the feature
Why do you think it is secure?
Task 7 –AWS Virtual Private Cloud settings screen shots.