55-704272 Web Applications & E-Commerce Security L7 Assessment Brief | SHU

Assessment Requirements

Network security ensures the confidentiality, integrity and availability of interconnected systems and information. Due to the wide-ranging environments and platforms that are in use, and the lack of security awareness by many users, network security is a complex task. This has resulted in a high level of data loss or theft amongst business users, particularly with information stored on the Web and cloud servers. This assignment allows you to build your knowledge and understanding of the theoretical and practical issues in Web application security. In particular, you will demonstrate the threats to networked computers and ways in which the deployment of appropriate security countermeasures may mitigate these threats. To pass the coursework, you must critically evaluate the security of a networked system and then make recommendations that would enable a server to be safely deployed in a DevOps environment. You will then implement the technical recommendations related to the server’s operating system and demonstrate that the desired level of security has been achieved. This assignment builds on experience gained in lecture and lab sessions, supported by your research. This is an individual coursework.

Deliverables:

A report of up to 4000 words written in a style suitable for Managers and Directors. The report will detail your work for the assignment as well as the evaluation of security, recommendations to enhance security, implementation of those recommendations, and a demonstration that the desired level of security has been achieved, which would enable DevOps deployment.

• All submissions should be made using Microsoft Word file types, and any submissions made using invalid file types will not be marked.
• You are required to meet the normal academic conventions of structure where necessary, i.e. appropriate use of references.
• You are recommended to use headings and subheadings to provide structure to your report.
• As necessary, there will be a suitable title page with your name, table of contents,
  Introduction, key findings, as well as the main chapters.
• The submitted file to Blackboard should follow the naming convention of ‘WAECS Report Surname’, i.e. WAECS Report Smith.docx.

Assessment Scenario

With the interconnected nature of technology today, securing our networked systems and data against attack is a major concern for organisations. Security assessments of our data, computers, applications and networks enable us to put in place technical countermeasures to mitigate attacks against those systems.

SoftCorp, a company providing management services to other companies, wishes to make use of the advantages that a move towards a DevOps environment would provide to their business. SoftCorp has identified a key server that they wish to deploy to the Internet, a cloud server used for storing and accessing files by SoftCorp employees.

In preparation for this deployment, SoftCorp have tasked you with assessing the security of the server. SoftCorp are interested in knowing whether their system is open to compromise and if sensitive information can be stolen. They therefore require you to evaluate the security of this key system prior to deployment. As this is an assessment of their security, SoftCorp would like your recommendations on how security could be improved, should any issues be found and in light of their desire to move to a DevOps environment. You are then tasked with implementing the technical security recommendations on the server. Finally, you will demonstrate that the desired level of security has been achieved. Due to concerns over employee privacy, OSINT is out of scope of the security assessment.

You will be provided with an Ubuntu 24.04 cloud server virtual machine with the IP address 30.30.0.100. The network administrator account for the server has the username admin and the password password123. The cloud file server administrator login is admin and password.

Your report should not exceed 4000 words. Details of all your work on the assignment should be included in the report and supported by screenshots where applicable. You are encouraged to link any references in the practical elements of the assignment to relevant academic literature and industry standards. Particular care should be made to ensure that the report contains correct references to all cited work in an appropriate style, for example, the Harvard Referencing System. You should submit your report to Turnitin and the Blackboard submission point before the assignment deadline.

Module Learning Outcomes of 55-704272

• LO1: Select and explain the security issues about Web-based applications
• LO2: Identify, apply and justify suitable technologies for the development of secure Web-based and E-Commerce applications
• LO3: Identify, apply and justify suitable tools to assess the security of Web-based applications to meet standards-based security audit criteria
• LO4: Critically evaluate tools, methodologies and technologies related to the security assessment and design of Web-based applications