IT报告辅导 | Security Audit 6005CEM CW2 Secure Development

Task and Mark Distribution

In this coursework you are required to design a simple web application. And write a short report on the design choices made with regard to security implications.

The coursework has two components:

1. Design the infrastructure for a simple web application, based on the requirements below.
2. A Report on the security considerations in the website design. This should discuss and justify any design decisions made with regard

to security.

Important Note on the Design

The coursework is asking you for a high level design of the website components and infrastructure. You are NOT required to implement it. For example, your database design would include the types of information, and how they are stored (ie passwords stored as a hashed

value), but not necessarily the database engine, or table structures.
Additionally, in the report, you do not need to justify non-security related design decisions. There is no need to justify the choice of

database (sqlite, MySql, mongo) UNLESS there is a specific feature of the database that has a security implication. Website Requirements

You have been asked to develop a messaging platform to help with student engagement. The platform will try to use a similar approach to more traditional social media, and allow students to make and respond to posts on a feed.

The platform should support.

Different levels of access

Only Students and staff should be able to access the system. Students should be able to create, respond and view posts Staff should also be able to add and update lecture materials.

Admin Account
The admin account should be able to: Add and remove users on the system Change the access levels of users
View and edit course materials and posts

Web API

There will also be a simple mobile app that tries to replicate the website functionality, this will happen through a simple REST API which should support:

Authentication. There should be the same authentication / authorization as the web application

Create, Read and Respond to posts. Users should be able to view posts in the same way they can in the web app. Logging and Analytics

It has also been decided that the system will gather logging and analytics information, and the customer has asked for your feedback on this.

As this is going to be used to help track student engagement it users will not be able to opt-out. While there is currently no requirement for users to view the analytics, a dashboard is planned. The types of information they propose to collect include:

User name
Browser and OS details
Details of page clicks, and interaction with site elements Geo-Location data.

Report Requirements

The report should be written in a style suitable for a technical audience. The report should provide details of the design of the system, and the security based decisions behind it. You are expected to justify your design choices by referring to the relevant literature

A suggested report structure is as follows:

Introduction
Scope of the report, design overview

Design:
Discussion of potential security issues for each element of the design.

2/5

Recommendations for dealing with potential security / data protection issues with the proposed designs requirements. Implementation details:

Description of how your design addresses potential security issues Summary:

Summary section, highlighting the issues resolved, and the key findings of the report.
NOTE: There is also an element in the marking scheme for Background Research. While I am not expecting a full literature review, you

should support your design decisions using the relevant literature. Important Note:

You are marked on the functionality of the system, rather than its look and feel. The site should be usable via a web browser. Other than that the choice of infrastructure is up to you.

Marking.

Report (100%): Justification for the design choices.