Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave
Web Application Security Testing and Vulnerability Analysis for The Priory Club

Learning Outcomes

On successful completion of this module students will be able to

1.Develop dynamic web pages for practical business purposes using server-side technologies.

2.Critically evaluate and compare web server-side technologies and their deployment.

3.Identify and test common security threats associated with PHP.

4.Demonstrate implementation of usability and accessibility standards in designing of dynamic website.

5.Design and test web database systems with clear justification of the design route taken.

Background: The COVID-19 pandemic renders individuals and society extremely vulnerable in all respects. During this crisis, we all rely, more than ever, on computer systems, mobile devices and the Internet to work, communicate, shop, share and receive information and otherwise mitigate the impact of social distancing. The current situation provides an opportunity to the cyber-crime and vulnerabilities. This virus has rapidly reshaped the way business is being conducted on the web, as buyers and sellers jump on the opportunity to capitalise on global fears, as well as dramatic shifts in supply and demand. Although, this rapid change has increased the Internet citizens’ economy, they continue to experience cybersecurity breaches with one in four businesses detecting a breach during their last few months of operations. The nature of these attacks means that many businesses may not know their IT systems have been breached and how to handle/avoid these attacks.

The Priory Club is a UK-based club with a rich history dating back to the birth of lawn tennis, they offer world-class tennis, squash, racket ball and lifestyle facilities. Their tennis facilities include 32 courts, 10 squash courts, a gym with premium cardiovascular, strength and conditioning equipment and an exercise studio offering a mix of instructor-led indoor and outdoor pools (open all year round). To be competitive and remain at cutting edge, The Priory Club intends to launch its business online offering virtual fitness classes. This new website aims to offer their customers convenience, more control and speedy signup for their services to avoid manual administrative tasks and long queues at their counters. Although the claim is to improve customer services, securing customer data and eliminating the security risks, it is obvious that it will also help the club save costs and remain financially robust. 

Task A

Now “The Priory Club” has contacted SmartTech (Leading IT Company) to go through a security check for the website to project their presence and the services they offer online. The client will also use the website as a contact tool with its customers.

You have been assigned a task to carry out a security analysis of your client website and backend SQL database attached to a website containing possible security vulnerabilities; your answer can make reasonable assumptions.

The web/application security testing must include the following components:

Note:

Task A is worth 60% of the overall module. The marking criteria are outlined below.

Setup Fully Functional Vulnerable Web Application:

·PHP

·MySQL

·Apache Server

Setup Mutillidae with all the above services enabled on XAMMP. Please provide step-by-step walk through of your implementation including setup of your backend SQL database using screen shots and appropriate description of each step.  

·Nmap scanning

Perform port scanning of web application target (Mutillidae) and elaborate each step clearly mentioning the details of open ports and its relevance to identify the running protocol.  

·Wireshark Sniffing

Perform data/traffic capture on target web application (Mutillidae). Please provide the detailed analysis of captured data (Protocol identified at different TCP/IP layers).   

·SQL Injection using SQLMAP

Perform SQL injection attack on Mutillidae using SQLMAP. Elaborate the findings of your attack and include the name of detected database version, database names, database compromised data etc.

·Firewalls

·IDS/IPS

·Encryption

Elaborate the use of above technology to strengthen the security of web applications and discuss integration of these as effective security mechanism.  

Setup a server side (PHP) vulnerable web/application connected to backend database (MySQL) for security testing in local environment either using XAMPP/WAMP or Virtual Box. Provide step-by-step configuration details of environment setup (XAMPP/WAMP, Virtual Box etc), web/application and back-end database.

Scanning: You must use a network scanner like Nmap to perform a scan on target web/application and include your findings, open ports, applications, operating systems, etc.

Sniffing: You must demonstrate the use of Wireshark sniffer to perform capture of web application session data. This will require to capture session data between your browser and website/server either remote or local.

Use SQLMAP to identify and exploit the SQL injection vulnerabilities based on the findings from the above steps. You must elaborate the steps of SQL Injection vulnerability exploited.

Design and implement an appropriate web security model for the given scenario by provisioning and utilising appropriate web security standards/technology.

support
Whatsapp
callback
sales
sales chat
Whatsapp
callback
sales chat
close