Reflection And Evaluation Reports (LO2) - Guest Speaker Talk And Secure Web Development Evaluation

Part B: Reflection and Evaluation Reports (LO2) 20%

Guest Speaker Reflection

Reflect on the talk given by the guest speaker. In a paragraph of 100 – 200 words, indicate aspects of the talk that were relevant to either your project, personal development or the evaluations below.

Evaluations

You should produce TWO  EVALUATIONS, from the topics  outlined below.

The real-world case study should be drawn from work you are, or have been, involved with, such as your project.

Each Template should be approximately 1000 words. Be concise – you may use note format for your evaluations. You can attach evidence (eg code snippets/screen dumps..) in an appendix. Please study the evaluation numbered bullet points carefully

Summarise the key concepts from each topic, with appropriate use of references.

Develop criteria with which you could evaluate the technology. This would normally be drawn from an assessment of its advantages and disadvantages.

Outline a ‘real world’ case study with which you are familiar.

Apply the above criteria to your case study and reflect on your implementation

Topics

1.Secure Web Development

Reflect upon a case study which illustrates key security issues relating to web systems and the steps taken to address these issues.

2.Web Application Optimisation

Reflect on a case study where you have used techniques to optimise a web application, both at the client and server side.

3.Website Promotion/Marketing and Monitoring

Reflect upon a case study where you identify/justify and possible use techniques to market and promote a website. You should include some discussion of monitoring user behavior through analytics.

Guest speaker evaluation

Part B: Reflection and Evaluation Reports (LO2)

Guest speaker evaluation 

I was highly impressed with the discussion talk that was provided to us by the guest speaker. In my project, I personally created a boxing news website. Just like the guest speaker mentioned about the importance of encryption in websites, I implemented cryptographic encryption in my personal project. The website which I made was static in nature but still managed to harbor other factors such as SQL injection and session management. Moreover, as per the discussion where the speaker mentioned about irregularities of a project, I could aseess the situation with my project where I failed to put the login page in every page of the website. The lecture provided by the guest speaker was really helpful to me as it helped me to assess my situation with his general reviews.

Evaluations

1. Secure Web Development 

Summarise

Web developers nowadays face massive pressure from clients for delivering their applications within a tight deadline. Web systems are computer programs that function by accessing the intranet or internet. The web development applications includes on line activities such as social networks, webmail and inline retail sales. As businesses want faster delivery dates for their web development, the web developers face difficulty in implementing all the necessary security aspects to the final application (Taylor, Fritsch and Liederbach 2014). Moreover with time, the complexity of the web development increases as developers make the application to withstand external security attacks, integrate with other devices and adapt with any platform. For every business and organization, secure web development is a topmost priority. Still, only 10% of security researchers agree that proper surveys are carried out for determining whether the critical developmental applications are checked before and after production. Most of the times, the security of the web development is tested after the source code is written (Conklin et al. 2015). This limits the chances of identifying the flaws that are inherent to the system and even if proper security checks are carried out, it delays the SDLC stage and often turn out to be a costly endeavour.

Develop criteria

Properly analysing the security of the web development is crucial for the sustainability of the application. It has its fair share of advantages. Vulnerabilities can be identified with the help of multiple analysis techniques. External web applications can be discovered with the help of web development monitoring and discovery tools.  Common vulnerabilities due to static code that can assist in SQL injection and cross site scripting can be scanned with the help of static application system testing tools. Moreover, for a secure web development environment, the flaws that are do not require source code and are in production can be tested with the help of Dynamic Application security testing (Peltier 2013). The development team can also use manual penetration to check for vulnerabilities like business logic flaws and authorization issues.

During the secure web developmental stage, some security criteria need to be undertaken during the developmental stage. First comes confidentiality. Only authorised users should be able to access the vital data that is put into the web application during its development. Steps and security gates need to be placed to prevent unauthorised users from getting access to the business critical data compromising the entire application. Second comes authentication. This criteria is present for identifying the proper user who is logging into the system. Proper passwords and usernames need to be assigned to each and every member of the team member who will be accessing the web developmental application. The third criteria is authorisation. This criteria is present to authorise the user who is using the system through OTP or a particular action (Taylor, Fritsch and Liederbach 2014). The motive behind this criteria is to check whether any unscrupulous users are attempting to break into the system. Fourth comes integrity. To determine that the data is correct, proper security measures need to be placed. Fifth comes availability. For securing a web development application, the required information and proper communication should be always available whenever it is required. For making the web development secure, the security experts need to understand the specifications and logic that re inbuilt in the application properly to determine all the possible scenarios by which it can be compromised.

Evaluations

Case study

The following case study is based on the web development security of a large CRM solution developer known as Microsoft Dynamics 365. The application was launched in July 2016 and consists of a product line of CRM applications and enterprise resource planning solutions. The web server of Dynamics 365 was protected with a firewall and was hosted by an ISP. Other security measures were applied such as content filtering applications. Beyond security was contacted for auditing the defences that was provided by the ISP via security reports and weekly scanning.

Soon after the scanning process was started, for determining the security of the web system, a vulnerability was identified. To add to the issues, the ISP was not interested in providing any recommendations or solutions. Prior two months of the scanning process, an attacker used the vulnerability to put a backdoor on the server for gaining access into the system. The backdoor allowed the attacker to attack other servers on the network, use the leap frog mechanism and manipulate the server information.

The prompt action by the security experts of Microsoft immediately identified the backdoor present in the server. This security risk was previously identified through the scans but the risk severity was disagreed by the administrator of the CRM server.

The identification of the backdoor not only reduced the damaged due to the compromise but also saved Microsoft a lot of money. Moreover, the attacker could not do anything else other than putting the backdoor in the server limiting the down time of the break, expense and damage.

Application of the above criteria

In the above case study, a vulnerability in the web development of a CRM software was identified. The vulnerability prevented the secure deployment of the CRM application to the prospective clients undermining their security.

To protect the confidentiality and the authorisation criteria of secure web development, automated vulnerability scanning was conducted. The process allowed Microsoft to simulate security attacks on the web application and run the simulations on every known application attack that are updated frequently depending on the severity of the security attack. Manual testing was conducted to consider the authentication and authorisation aspect of the security criteria of the web system (Conklin et al. 2015). The flaws were remediated without compromising the vital data.

To determine the integrity and availability criteria of the secure web development stage, the source code of the web app was reviewed. The testing allowed the concerned company to test the browser side of the app development. The security code review allowed the identification of the backdoor which was put up by malicious attackers for compromising the web application. The review also helped to identify potential attacking vectors that can be used due to some inadequate database encryption.

2. Website Promotion /Marketing and Monitoring

Summarise

Website promotion or marketing allows the web developer to enhance the exposure of website by improving the content of the website and attracting increased number of visitors. Several processes are used to enhance the website promotion mechanism such as search engine submission and search engine optimization which is used to enhance the website traffic. The technique utilizes several platforms such as Instagram, Twitter and Facebook to market its contents. By sharing the viral contents, the webmasters hope that more and more visitors will open their prospective websites for better outcomes.

1. Secure Web Development

Website monitoring is different than website marketing and promotion. The technique allows businesses to check their server and monitor website functions to analyse if they are responding properly. This mechanism is adopted to check if the end users can enjoy the website and its applications as they are intended to for more functionality and performance (Zimmerman and Ng 2015). Website monitoring allows the developers to identify certain issues in a running website such as inter-connect problems, network hop problems ad internet latency. When an issue is identified, the monitoring service sends alerts in the form of diagnostics with the help of mobile, emails and SMSs.

With the help of monitoring systems, the user activities and data can be assessed, collected and tracked which is collectively known as User behaviour analytics. The user behaviour analytics help to identify certain user data such as security alerts, their geographical locations, permissions and accounts and accesses. From the past and present user data activity, certain factors such as peer group activity, session durations and allocated resources are taken into consideration into the analysis phase. The user behaviour analytics provide actionable insights to the cybersecurity teams (Strauss and Frost 2016). The data logs from the authentication logs and network are collected and stored in the SIEM as well as log management systems for analysing malicious and normal traffic of user behaviours.

Develop criteria

For proper website marketing and promotion, the following criteria needs to be checked. First of all, the target market of the website needs to be evaluated. The number of visitors is important for website marketing but that number is irrelevant if no one is interested in the prospective website. The SEO or Search engine optimization techniques needs to be used to deliver more traffic. The website keywords and stats needs to be regularly checked so that people who are looking for a particular information can find the prospective website at the top of the search suggestion. The third criteria is to check the proper market for implementing promotional strategies. The last criteria is to check which promotional efforts are providing suitable results.

For proper website monitoring, some criteria needs to be undertaken. The first criteria is the usage of a proper browser. This is important as it is the only medium by which the end user application experience can be checked.  It can be used to check the impact of the end user experience and how the elements of the website load the content for the particular users. The second criteria is the easy and efficient monitoring systems. In the website monitoring scenario, a number of tools are present which takes a lot of time to expertise and requires high skilled labour. The monitoring system should be cost effective. The third criteria is flexible alerting and notification system (Boone and Kurtz 2013). This helps to increase awareness about the operational issues. Beside the traditional SMS and email alert system, the alert systems can be integrated with telephone calls that can be accessed during off hours. The fourth criteria is precise diagnostics and reporting. Using a proper website helps to enhance the performance analysis and troubleshooting problems. TCP trace routing, a network diagnostics tool can be used to include connectivity alerts and notifications. The fifth criteria is monitoring the system both inside as well as outside the firewall. The last criteria is proper support services.

Case study

Walmart is a multinational retail business which is American in origin and operates a number of grocery stores, departmental stores and hypermarkets. The company has invested a lot in promoting its website through marketing as well as promotional strategies. It uses a variety of social medias to promote its name and markets its brand by engaging customers with trending topics. Moreover, it enhances its brand image by resorting in green initiatives and sustainable developments. Walmart has specified certain guidelines on promotions, location based and engagement for its associates. It has a number of twitter accounts to promote their initiatives and major activities from diversity to sustainability and from charitable giving to healthy foods (Ottman 2017). For discussing what happens at the national level and influence others, Walmart uses Facebook. @WalmartHub is the actual handle by which Walmart makes use of Twitter to check their retweets and content. The timeline of Facebook is used judiciously to increase their website brand awareness. It uses an image every year in the timeline to populate the newsfeed. 26 million fans have subscribed to their pages which brings in entertainment as well as a lot of updates. The Walmart posts offer a lot of suggestions. #WalmartElves tag is used by Walmart as its own hashtag for gift inspiration and for promotional purposes. It uses twitter not only for marketing but also for engaging with its customers. Walmart also uses Pingdom to monitor its online activities and uses HostTracker to determine the user experience. The software has added functionality of providing reduced page load times and diagnosing solutions.

Application of the above criteria

From the above case study, it is evident that Walmart has invested a lot in determining its target audience. The methods by which it engages customers via tags and major initiatives shows that the company has determined the criteria of promoting its strategies to the proper target markets. The number of likes and followers that the page receives is a direct indication that the company is doing well with its promotional strategies indicating that the last criteria of assessing the final results is justified. Moreover, both the softwares that are used by the company are efficient and simple (second criteria) and provides flexible alert systems (third criteria). Also, besides the two softwares, Walmart also invests in TCP trace routing software which enables it to monitor both external and internal activities with respect to the firewall. To engage efficiently with its target customers, Walmart has invested significantly in its support services (last criteria) such as proper customer services and backup technical team to monitor its website proficiently.

References:

Boone, L.E. and Kurtz, D.L., 2013. Contemporary marketing. Cengage learning.

Conklin, W.A., White, G., Cothren, C., Davis, R. and Williams, D., 2015. Principles of computer security. McGraw-Hill Education Group.

Ottman, J., 2017. The new rules of green marketing: Strategies, tools, and inspiration for sustainable branding. Routledge.

Peltier, T.R., 2013. Information security fundamentals. CRC Press.

Strauss, J. and Frost, R.D., 2016. E-marketing: Instructor's Review Copy. Routledge.

Taylor, R.W., Fritsch, E.J. and Liederbach, J., 2014. Digital crime and digital terrorism. Prentice Hall Press.

Zimmerman, J. and Ng, D., 2015. Social media marketing all-in-one for dummies. John Wiley & Sons.