User Account

All Pages

How to apply secure development techniques

Assignment Help Computer Network Security
Reference no: EM133587576 , Length: word count:2000

Secure by Design

Assessment - Case Study Project

Learning Outcome 1: Apply Secure by Design fundamentals, key concepts, boundaries and the solutions it provides to security vulnerabilities.

Learning Outcome 2: Categorise and classify the concepts of information security in terms of confidentiality, integrity and availability.

Learning Outcome 3: Appraise basic concepts of Security by Design principles and their significance in software development; and the main Secure Development Life Cycle models and their major differences.

Learning Outcome 4: Develop conceptual knowledge on how to apply secure development techniques throughout the development life cycle phases of software development.

Identify useful system design tools, benefits of code review and utility of various testing strategies.

Assessment Task
Develop a 2,000-word (+/- 10%) comprehensive security design case study project report for a web- based data retrieval application that involves managing user rights, handling user credentials securely and implementing secure design patterns.

Context
Developing a Secure by Design model is essential to ensure the robustness and integrity of a web application. By applying the topics covered in this subject, such as managing user rights, handling user credentials and implementing secure design patterns, a comprehensive and effective security framework can be established.

Managing user rights is a critical component of the Secure by Design model. It involves assigning appropriate access levels and permissions to users based on their roles and responsibilities. This ensures that only authorised individuals can access sensitive information and perform specific actions within the application. Implementing a fine-grained access control system can prevent unauthorised users from tampering with or retrieving confidential data.

Handling user credentials securely is another vital aspect of the model. Employing strong password policies, such as enforcing complex passwords and regularly expiring them, can minimise the risk of unauthorised access. Additionally, storing user credentials using advanced encryption techniques, like hashing and salting, adds an extra layer of protection against potential data breaches.
Implementing secure design patterns is crucial for developing a resilient and fortified web application. Applying principles such as input validation, output encoding and secure session management can mitigate common security vulnerabilities like cross-site scripting (XSS) and session hijacking. By adhering to secure design patterns, potential attack vectors can be minimised, making the application more resilient to malicious activities.

Developing a Secure by Design model for a given case study project involves the same processes of managing user rights, handling user credentials securely and implementing secure design patterns. By considering these three important aspects and following the guidelines provided, developers can create a web application that prioritises security and safeguards against potential threats. For more specific instructions on completing this assessment, please consult the provided guidelines.

The effectiveness of cybersecurity heavily relies on the careful design and implementation of systems and applications. Creating a comprehensive design document is a critical task that should encompass not only the desired technical features but also address all security-related constraints and design systems. Neglecting to include clear and complete security considerations in the design document can lead to flawed implementations, thereby exposing significant security risks.

A well-designed and implemented system considers various aspects of cybersecurity, including threat modelling, risk assessment and the integration of security controls. By thoroughly documenting these elements in the design phase, developers and stakeholders can ensure that security measures are properly incorporated from the onset rather than being treated as an afterthought.

A design document that lacks clarity and completeness in addressing security requirements leaves room for ambiguity and oversight and may increase the likelihood of vulnerabilities and weaknesses being introduced during the implementation process. Security flaws in an application can be exploited by malicious actors to gain unauthorised access, compromise data integrity or disrupt system functionality.

To mitigate these risks, the design document should provide clear guidelines on security measures, such as access control mechanisms, encryption protocols, secure coding practices and secure communication protocols. It should also consider potential threats and vulnerabilities specific to the system or application being developed and outline strategies for their mitigation. As a result, a well- designed and implemented cybersecurity system necessitates the creation of a thorough design document that explicitly addresses security requirements. By doing so, organisations can minimise security risks, enhance the resilience of their systems and better protect sensitive data from potential cyberthreats.

Instructions

The purpose of this assessment is to develop a comprehensive security design case study project report for a web-based data retrieval application according to the case study provided for this assessment. The application enables users to log in and retrieve specific information from a database, emphasising secure authentication, data protection and vulnerability prevention. The assessment is divided into two parts: Request and Retrieve.

In the Request component, you will focus on designing cybersecurity measures related to user authentication, secure data transport, input validation and user input handling. The goal is to ensure that user credentials are protected, data is transmitted securely and common web application vulnerabilities are mitigated.

In the Retrieve component, you will design security measures to safeguard the stored data in the SQL- based database and prevent unauthorised access. This includes determining suitable field lengths, implementing strong access controls, encrypting sensitive information and preventing SQL injection vulnerabilities.

Throughout the assessment, it is important to reference relevant security standards such as OWASP (Open Web Application Security Project) guidelines, ISO 27001 and PCI DSS (Payment Card Industry Data Security Standard) where applicable. The inclusion of pseudocode, algorithms or visual representations will aid in illustrating the implementation process for the proposed security measures.

By connecting the two parts Request and Retrieve, you will establish a comprehensive framework that prioritises security throughout the development life cycle of the web-based data retrieval application. This framework encompasses secure authentication, robust data transport mechanisms, effective storage and management of login credentials, and protection against common web application vulnerabilities. Through the inclusion of pseudocode, algorithms or visual representations, developers can gain practical insights into the implementation of these security measures, ensuring that security considerations are integrated into the application's design and development phases.

Case Study Project

Part 1: Request

Design a security model for a web-based data retrieval application focusing on secure authentication, data transport, input validation and user input handling. Consider the following key areas:

User Authentication:
Implement secure authentication mechanisms (password hashing, salting).
Use secure session management techniques.

Include protocols for handling failed login attempts.
Secure Data Transport:
Utilise encrypted data transport protocols (HTTPS).
Reference industry standards for secure communication.
Input Validation:
Apply proper input validation techniques to prevent vulnerabilities.
Consider using libraries or frameworks with built-in validation mechanisms.
User Input Handling:
Sanitise and escape user inputs to prevent code injection attacks.
Educate users about secure data input practices.

Part 2: Retrieve
Design security measures for the SQL-based database used in the application. Focus on field lengths, data privacy, preventing SQL injection and visual representation. Consider the following requirements:
Field Lengths:
Determine pre-defined field lengths based on practical considerations.
Justify choices considering data volume and scalability.
Data Privacy and Security:
Implement strong access controls.
Encrypt sensitive information using industry-standard algorithms.
Reference relevant standards for handling sensitive data.
Preventing SQL Injection:
Explain risks associated with SQL injection vulnerabilities.
Propose measures like prepared statements or parameterised queries.
Visual Representation:
Include layout options, simplified pseudocode or algorithms.
Use diagrams or flowcharts to visualise data flow and interactions.

By completing this assessment, you will create a solid security design model for the web-based data retrieval application. Your model should prioritise user trust, productivity and data protection, and incorporate industry standards and best practices. The comprehensive security measures implemented in the Request and Retrieve components will ensure secure authentication, data transport, input validation and data storage. Visual representations and practical examples will aid in the effective implementation of the security design.

To prepare for this assessment, please review all the learning resources provided and discussed during Modules 1 to 11. Additional individual research in the library and on the internet is recommended.

Structure your 2,000-word security design case study project report according to the following sections:
Title page (Include the subject code and name, assessment number and name, your name, your stu- dent ID and your student email address.)

Table of contents
Introduction of 100 to 150 words
Body of the report (addressing the cybersecurity requirements according to above-mentioned two parts, Request and Retrieve) with around 1700 to 1800 words.
Conclusion of 100 to 150 words
Reference list
Appendices (if needed)

Referencing
It is essential that you use current APA style.

Reference no: EM133587576

Questions Cloud

Theory of nursing as caring : Boykin's Theory of Nursing as Caring and Levine's Conservation theory focusing on the theories not the theorist.
What is research problem, theory concept, research design : What is the research problem, theory concept, research design, sampling process, data collection approach, data analysis approach and usefulness of the article
Represents largest subspecialty of nursing profession : Represents the largest subspecialty of the nursing profession and is the only professional nursing organization dedicated to medical-surgical nurses
Summarize technology enhanced learning has become : Summarize "Technology Enhanced Learning (TEL) has become a common feature of Higher Education. However, research has been hindered by a lack of differentiation
How to apply secure development techniques : Develop conceptual knowledge on how to apply secure development techniques throughout the development life cycle phases of software development
Identify clinical areas of interest and inquiry and practice : You will identify clinical areas of interest and inquiry and practice searching for research in support of maintaining or changing these practices.
How you would take these potential health concerns : how you would take these potential health concerns and the environmental factors that influence them into account as you complete your assessments.
Describe what a stereotype is and provide three examples : Locate scholarly research on stereotypes and provide a brief summary of that research. Describe what a stereotype is and provide three examples.
In what ways do you envision your diverse identities : In what ways do you envision your diverse identities and associated power, privilege, or oppression influencing the social worker-client relationship?

Reviews

len3587576

12/5/2023 9:38:30 PM

I have provided u the assessment 2 also check that to complete assessment 3. Please make sure u use APA7 as referencing style with in cite referencing.please make sure referencing should be done.

Write a Review

Computer Network Security Questions & Answers

  Explain step by step the operation of des

Explain step by step the operation of DES - If someone tells you that they know one of the plaintext blocks has a common factor

  Explain the principles of communication in networks

ITECH1102 Networking and Security, Federation University - Describe the role and functionality of hardware and software entities that contribute to the network

  You may use various sources be sure to cite any sources

create a 7-10 slide presentation on information systems security and it infrastructure. you may use various sources. be

  Describe the objectives and main elements of a cirt plan

Describe the objectives and main elements of a CIRT plan and analyze the manner in which a CIRT plan fits into the overall risk management approach of an organization and how it supports other risk management plans.

  How can social engineering attacks be defended against

Describe what a social engineering attack is. Provide 3 examples of social engineering attacks and describe how they could be used to undermine the security of your IT infrastructure. How can social engineering attacks be defended against

  Briefly explain the cyber-risk function

What is an open port and Why is it important to limit the number of open ports a system has to only those that are absolutely essential

  Identify potential vulnerabilities

Examine a specific architecture and identify potential vulnerabilities. Include a description of 2-3 vulnerabilities of the hybrid network used in this lab.

  Request for proposal and request for information

What is the importance of a Request for Proposal (RFP) and its difference between a Request for Information (RFI).

  Topic - security risks in database migration

Description - Project topic is Security risks in database migration - Write 500 words or more explaining why this topic is important

  Difference between a private key and a secret key

Explain the difference between a private key and a secret key and describe and explain, at least, seven different physical characteristics

  What is the total cost to ali baba

What is the discrepancy level in percentage between the three methods and What conclusion and observation you can make from the graph about the discrepancy

  Describe supply chain risk

Describe a supply chain risk with an example of successful attack that businesses of all sizes need to be aware of and how you can mitigate it.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd