User Account

All Pages

How to apply secure development techniques

Assignment Help Computer Network Security
Reference no: EM133587576 , Length: word count:2000

Secure by Design

Assessment - Case Study Project

Learning Outcome 1: Apply Secure by Design fundamentals, key concepts, boundaries and the solutions it provides to security vulnerabilities.

Learning Outcome 2: Categorise and classify the concepts of information security in terms of confidentiality, integrity and availability.

Learning Outcome 3: Appraise basic concepts of Security by Design principles and their significance in software development; and the main Secure Development Life Cycle models and their major differences.

Learning Outcome 4: Develop conceptual knowledge on how to apply secure development techniques throughout the development life cycle phases of software development.

Identify useful system design tools, benefits of code review and utility of various testing strategies.

Assessment Task
Develop a 2,000-word (+/- 10%) comprehensive security design case study project report for a web- based data retrieval application that involves managing user rights, handling user credentials securely and implementing secure design patterns.

Context
Developing a Secure by Design model is essential to ensure the robustness and integrity of a web application. By applying the topics covered in this subject, such as managing user rights, handling user credentials and implementing secure design patterns, a comprehensive and effective security framework can be established.

Managing user rights is a critical component of the Secure by Design model. It involves assigning appropriate access levels and permissions to users based on their roles and responsibilities. This ensures that only authorised individuals can access sensitive information and perform specific actions within the application. Implementing a fine-grained access control system can prevent unauthorised users from tampering with or retrieving confidential data.

Handling user credentials securely is another vital aspect of the model. Employing strong password policies, such as enforcing complex passwords and regularly expiring them, can minimise the risk of unauthorised access. Additionally, storing user credentials using advanced encryption techniques, like hashing and salting, adds an extra layer of protection against potential data breaches.
Implementing secure design patterns is crucial for developing a resilient and fortified web application. Applying principles such as input validation, output encoding and secure session management can mitigate common security vulnerabilities like cross-site scripting (XSS) and session hijacking. By adhering to secure design patterns, potential attack vectors can be minimised, making the application more resilient to malicious activities.

Developing a Secure by Design model for a given case study project involves the same processes of managing user rights, handling user credentials securely and implementing secure design patterns. By considering these three important aspects and following the guidelines provided, developers can create a web application that prioritises security and safeguards against potential threats. For more specific instructions on completing this assessment, please consult the provided guidelines.

The effectiveness of cybersecurity heavily relies on the careful design and implementation of systems and applications. Creating a comprehensive design document is a critical task that should encompass not only the desired technical features but also address all security-related constraints and design systems. Neglecting to include clear and complete security considerations in the design document can lead to flawed implementations, thereby exposing significant security risks.

A well-designed and implemented system considers various aspects of cybersecurity, including threat modelling, risk assessment and the integration of security controls. By thoroughly documenting these elements in the design phase, developers and stakeholders can ensure that security measures are properly incorporated from the onset rather than being treated as an afterthought.

A design document that lacks clarity and completeness in addressing security requirements leaves room for ambiguity and oversight and may increase the likelihood of vulnerabilities and weaknesses being introduced during the implementation process. Security flaws in an application can be exploited by malicious actors to gain unauthorised access, compromise data integrity or disrupt system functionality.

To mitigate these risks, the design document should provide clear guidelines on security measures, such as access control mechanisms, encryption protocols, secure coding practices and secure communication protocols. It should also consider potential threats and vulnerabilities specific to the system or application being developed and outline strategies for their mitigation. As a result, a well- designed and implemented cybersecurity system necessitates the creation of a thorough design document that explicitly addresses security requirements. By doing so, organisations can minimise security risks, enhance the resilience of their systems and better protect sensitive data from potential cyberthreats.

Instructions

The purpose of this assessment is to develop a comprehensive security design case study project report for a web-based data retrieval application according to the case study provided for this assessment. The application enables users to log in and retrieve specific information from a database, emphasising secure authentication, data protection and vulnerability prevention. The assessment is divided into two parts: Request and Retrieve.

In the Request component, you will focus on designing cybersecurity measures related to user authentication, secure data transport, input validation and user input handling. The goal is to ensure that user credentials are protected, data is transmitted securely and common web application vulnerabilities are mitigated.

In the Retrieve component, you will design security measures to safeguard the stored data in the SQL- based database and prevent unauthorised access. This includes determining suitable field lengths, implementing strong access controls, encrypting sensitive information and preventing SQL injection vulnerabilities.

Throughout the assessment, it is important to reference relevant security standards such as OWASP (Open Web Application Security Project) guidelines, ISO 27001 and PCI DSS (Payment Card Industry Data Security Standard) where applicable. The inclusion of pseudocode, algorithms or visual representations will aid in illustrating the implementation process for the proposed security measures.

By connecting the two parts Request and Retrieve, you will establish a comprehensive framework that prioritises security throughout the development life cycle of the web-based data retrieval application. This framework encompasses secure authentication, robust data transport mechanisms, effective storage and management of login credentials, and protection against common web application vulnerabilities. Through the inclusion of pseudocode, algorithms or visual representations, developers can gain practical insights into the implementation of these security measures, ensuring that security considerations are integrated into the application's design and development phases.

Case Study Project

Part 1: Request

Design a security model for a web-based data retrieval application focusing on secure authentication, data transport, input validation and user input handling. Consider the following key areas:

User Authentication:
Implement secure authentication mechanisms (password hashing, salting).
Use secure session management techniques.

Include protocols for handling failed login attempts.
Secure Data Transport:
Utilise encrypted data transport protocols (HTTPS).
Reference industry standards for secure communication.
Input Validation:
Apply proper input validation techniques to prevent vulnerabilities.
Consider using libraries or frameworks with built-in validation mechanisms.
User Input Handling:
Sanitise and escape user inputs to prevent code injection attacks.
Educate users about secure data input practices.

Part 2: Retrieve
Design security measures for the SQL-based database used in the application. Focus on field lengths, data privacy, preventing SQL injection and visual representation. Consider the following requirements:
Field Lengths:
Determine pre-defined field lengths based on practical considerations.
Justify choices considering data volume and scalability.
Data Privacy and Security:
Implement strong access controls.
Encrypt sensitive information using industry-standard algorithms.
Reference relevant standards for handling sensitive data.
Preventing SQL Injection:
Explain risks associated with SQL injection vulnerabilities.
Propose measures like prepared statements or parameterised queries.
Visual Representation:
Include layout options, simplified pseudocode or algorithms.
Use diagrams or flowcharts to visualise data flow and interactions.

By completing this assessment, you will create a solid security design model for the web-based data retrieval application. Your model should prioritise user trust, productivity and data protection, and incorporate industry standards and best practices. The comprehensive security measures implemented in the Request and Retrieve components will ensure secure authentication, data transport, input validation and data storage. Visual representations and practical examples will aid in the effective implementation of the security design.

To prepare for this assessment, please review all the learning resources provided and discussed during Modules 1 to 11. Additional individual research in the library and on the internet is recommended.

Structure your 2,000-word security design case study project report according to the following sections:
Title page (Include the subject code and name, assessment number and name, your name, your stu- dent ID and your student email address.)

Table of contents
Introduction of 100 to 150 words
Body of the report (addressing the cybersecurity requirements according to above-mentioned two parts, Request and Retrieve) with around 1700 to 1800 words.
Conclusion of 100 to 150 words
Reference list
Appendices (if needed)

Referencing
It is essential that you use current APA style.

Reference no: EM133587576

Questions Cloud

Theory of nursing as caring : Boykin's Theory of Nursing as Caring and Levine's Conservation theory focusing on the theories not the theorist.
What is research problem, theory concept, research design : What is the research problem, theory concept, research design, sampling process, data collection approach, data analysis approach and usefulness of the article
Represents largest subspecialty of nursing profession : Represents the largest subspecialty of the nursing profession and is the only professional nursing organization dedicated to medical-surgical nurses
Summarize technology enhanced learning has become : Summarize "Technology Enhanced Learning (TEL) has become a common feature of Higher Education. However, research has been hindered by a lack of differentiation
How to apply secure development techniques : Develop conceptual knowledge on how to apply secure development techniques throughout the development life cycle phases of software development
Identify clinical areas of interest and inquiry and practice : You will identify clinical areas of interest and inquiry and practice searching for research in support of maintaining or changing these practices.
How you would take these potential health concerns : how you would take these potential health concerns and the environmental factors that influence them into account as you complete your assessments.
Describe what a stereotype is and provide three examples : Locate scholarly research on stereotypes and provide a brief summary of that research. Describe what a stereotype is and provide three examples.
In what ways do you envision your diverse identities : In what ways do you envision your diverse identities and associated power, privilege, or oppression influencing the social worker-client relationship?

Reviews

len3587576

12/5/2023 9:38:30 PM

I have provided u the assessment 2 also check that to complete assessment 3. Please make sure u use APA7 as referencing style with in cite referencing.please make sure referencing should be done.

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd