What is SEO?
The rapid development in modern technology has raised the economy, however, this development has also opened doors for cybercriminals to exploit vulnerabilities in web systems and access, damage and destroy data and hardware. Contemporary digital businesses are growing enormously but they continue to experience cybersecurity breaches with one in four businesses detecting a breach during their last operational year. The nature of these attacks means many businesses may not know their IT systems have been breached and how to handle/avoid these attacks.
On successful completion of this module students will be able to
1.Develop dynamic web pages for practical business purposes using server-side technologies.
2.Critically evaluate and compare web server-side technologies and their deployment.
3.Identify and test common security threats associated with PHP.
4.Demonstrate implementation of usability and accessibility standards in designing of dynamic website.
5.Design and test web database systems with clear justification of the design route taken.
Now FitTheBits has contacted BizTech (Leading IT Company) to develop a secure website to project their presence and the services they offer. The client will also use the website as a contact tool with its customers. The website should be simple to use and must consider customer experience when designing and developing this website.
In the second phase, you have been assigned a task to carry out a security analysis of website and backend SQL database attached to a website containing possible security vulnerabilities. You will be using a vulnerable web application Mutillidae by OWASP as a test bed. (Note: List of other vulnerable web applications will be provided on Moodle as well). You will setup the PHP based vulnerable application and conduct the security evaluation of its current state.
The web/application security testing must include the following components:
Task A is worth 60% of the overall assignment. The marking criteria are outlined below.
Setup Fully Functional Vulnerable Web Application:
Setup Mutillidae with all the above services enabled on XAMMP. Please provide step-by-step walk through of your implementation including setup of your backend SQL database using screen shots and appropriate description of each step.
Web Application Security Testing:
Perform port scanning of web application target (Mutillidae) and elaborate each step clearly mentioning the details of open ports and its relevance to identify the running protocol.
Perform data/traffic capture on target web application (Mutillidae). Please provide the detailed analysis of captured data (Protocol identified at different TCP/IP layers).
·SQL Injection using SQLMAP
Perform SQL injection attack on Mutillidae using SQLMAP. Elaborate the findings of your attack and include the name of detected database version, database names, database compromised data etc.
Web Application Security Model:
Elaborate the use of above technology to strengthen the security of web applications and discuss integration of these as effective security mechanism.
Your second task is to write a self-reflective commentary about your journey looking website design, development, testing and deployment techniques.
Having created your website project, you should write a self-reflective commentary (1000 words) critically reflecting on your project. Your commentary should critically explore the work you have done to produce your project using relevant literature.