To develop a brief project proposal document of a web development project:
To write software requirements specification
To develop the analysis and design model of the web application including:
To develop component model and deployment model
Develop database model including:
To implement the web application using concepts and examples studied in the course.
To host the application on a web domain:
Testing of Web Application
After identifying the security features of your project, prepare a list of at least 07 security features and write a brief description about each of them:
• HASHED PASSWORDS USING SHA 256 ALGORITHM: Storing passwords in plaintext in a database is not secure. If the database gets leaked in case of a cyber-attack, passwords do not get leaked due to these hashed values as these values are irreversible. So, this acts as a strong security feature in any web application.
• LONG PASSWORDS: COMBINATION OF ANY TWO: CAPITAL AND SMALL LETTERS, AND NUMBERS: Another way I added security in my web application is by implementing checks on my passwords. The passwords must be atleast 8 character long and should be a combination of at least two of the following: capital, small alphabets and digits. This makes brute force attacks painful for the malicious users.
• PARAMETRIZED SQL COMMANDS: SQL injection is one of the most common attacks in the cyber world so we must secure our website from it. Using parametrized commands is a great way to secure the SQLi attacks on the website. It ensures that the user input is treated as data and not SQL code.
• INPUT VALIDATION: The input is validated to ensure the correct format is being given to out Database and the web application. This prevents malicious input that could lead to security vulnerabilities such as XXS or SQLi. Ensure only correct and safe data is processed on the system.
• AUTHENTICATION: The first A from the famous term AAA i.e. Authentication, Authorization, Accessibility. Our step to secure the system by logging in our users before they can perform their work. This ensures no invalid user can get to our system resources for malicious purposes.
• AUTHORIZATION: Another security feature after authentication is authorization. All users are divided into roles. The users can perform specific actions according to their privileges based on their roles.
• SECURE WEBSITE USING HTTPS PROTOCOL: Using HTTPS secures the communication between browser and the client by encrypting it so no one can understand it even if the traffic is sniffed preventing man-in-the-middle attacks and eavesdropping on sensitive data. This ensures the Confidentiality and Integrity of the data. It prevents the stealing of sensitive information such as passwords or bank account details etc.
• SESSION ABANDON WHEN LOGOUT: When user logs out, its session data is cleared to ensure session data can not be reused by an attacker.
• ALLOW LIMITED NUMBER OF ATTEMPTS FOR LOGIN: This prevents brute force attacks on the system. Limiting login attempts prevents automated bots from continuously trying to guess user credentials. This significantly reduces the likelihood of successful brute force or credential stuffing attacks.
• SESSION TIMEOUT AFTER 15 MINUTES OF ACTIVITY: User session automatically expires if an inactivity of some time is observed. This reduces the risk of unauthorized access to a user’s account in case the user forgets to logout or leave the system open, and some malicious person gains hold of it. (I tried this by adding session timeout in the web.config file but I ran into errors. I successfully added it in my Visual Studio web config file but when i added it in the hosted web config file it gave and error.
Implement identified security features for your project and make a live demonstration available.
Whole Project is available on link:
Develop test cases for all security features and prepare a report about testing of security features.