Reference no: EM133587576 , Length: word count:2000
Secure by Design
Assessment - Case Study Project
Learning Outcome 1: Apply Secure by Design fundamentals, key concepts, boundaries and the solutions it provides to security vulnerabilities.
Learning Outcome 2: Categorise and classify the concepts of information security in terms of confidentiality, integrity and availability.
Learning Outcome 3: Appraise basic concepts of Security by Design principles and their significance in software development; and the main Secure Development Life Cycle models and their major differences.
Learning Outcome 4: Develop conceptual knowledge on how to apply secure development techniques throughout the development life cycle phases of software development.
Identify useful system design tools, benefits of code review and utility of various testing strategies.
Assessment Task
Develop a 2,000-word (+/- 10%) comprehensive security design case study project report for a web- based data retrieval application that involves managing user rights, handling user credentials securely and implementing secure design patterns.
Context
Developing a Secure by Design model is essential to ensure the robustness and integrity of a web application. By applying the topics covered in this subject, such as managing user rights, handling user credentials and implementing secure design patterns, a comprehensive and effective security framework can be established.
Managing user rights is a critical component of the Secure by Design model. It involves assigning appropriate access levels and permissions to users based on their roles and responsibilities. This ensures that only authorised individuals can access sensitive information and perform specific actions within the application. Implementing a fine-grained access control system can prevent unauthorised users from tampering with or retrieving confidential data.
Handling user credentials securely is another vital aspect of the model. Employing strong password policies, such as enforcing complex passwords and regularly expiring them, can minimise the risk of unauthorised access. Additionally, storing user credentials using advanced encryption techniques, like hashing and salting, adds an extra layer of protection against potential data breaches.
Implementing secure design patterns is crucial for developing a resilient and fortified web application. Applying principles such as input validation, output encoding and secure session management can mitigate common security vulnerabilities like cross-site scripting (XSS) and session hijacking. By adhering to secure design patterns, potential attack vectors can be minimised, making the application more resilient to malicious activities.
Developing a Secure by Design model for a given case study project involves the same processes of managing user rights, handling user credentials securely and implementing secure design patterns. By considering these three important aspects and following the guidelines provided, developers can create a web application that prioritises security and safeguards against potential threats. For more specific instructions on completing this assessment, please consult the provided guidelines.
The effectiveness of cybersecurity heavily relies on the careful design and implementation of systems and applications. Creating a comprehensive design document is a critical task that should encompass not only the desired technical features but also address all security-related constraints and design systems. Neglecting to include clear and complete security considerations in the design document can lead to flawed implementations, thereby exposing significant security risks.
A well-designed and implemented system considers various aspects of cybersecurity, including threat modelling, risk assessment and the integration of security controls. By thoroughly documenting these elements in the design phase, developers and stakeholders can ensure that security measures are properly incorporated from the onset rather than being treated as an afterthought.
A design document that lacks clarity and completeness in addressing security requirements leaves room for ambiguity and oversight and may increase the likelihood of vulnerabilities and weaknesses being introduced during the implementation process. Security flaws in an application can be exploited by malicious actors to gain unauthorised access, compromise data integrity or disrupt system functionality.
To mitigate these risks, the design document should provide clear guidelines on security measures, such as access control mechanisms, encryption protocols, secure coding practices and secure communication protocols. It should also consider potential threats and vulnerabilities specific to the system or application being developed and outline strategies for their mitigation. As a result, a well- designed and implemented cybersecurity system necessitates the creation of a thorough design document that explicitly addresses security requirements. By doing so, organisations can minimise security risks, enhance the resilience of their systems and better protect sensitive data from potential cyberthreats.
Instructions
The purpose of this assessment is to develop a comprehensive security design case study project report for a web-based data retrieval application according to the case study provided for this assessment. The application enables users to log in and retrieve specific information from a database, emphasising secure authentication, data protection and vulnerability prevention. The assessment is divided into two parts: Request and Retrieve.
In the Request component, you will focus on designing cybersecurity measures related to user authentication, secure data transport, input validation and user input handling. The goal is to ensure that user credentials are protected, data is transmitted securely and common web application vulnerabilities are mitigated.
In the Retrieve component, you will design security measures to safeguard the stored data in the SQL- based database and prevent unauthorised access. This includes determining suitable field lengths, implementing strong access controls, encrypting sensitive information and preventing SQL injection vulnerabilities.
Throughout the assessment, it is important to reference relevant security standards such as OWASP (Open Web Application Security Project) guidelines, ISO 27001 and PCI DSS (Payment Card Industry Data Security Standard) where applicable. The inclusion of pseudocode, algorithms or visual representations will aid in illustrating the implementation process for the proposed security measures.
By connecting the two parts Request and Retrieve, you will establish a comprehensive framework that prioritises security throughout the development life cycle of the web-based data retrieval application. This framework encompasses secure authentication, robust data transport mechanisms, effective storage and management of login credentials, and protection against common web application vulnerabilities. Through the inclusion of pseudocode, algorithms or visual representations, developers can gain practical insights into the implementation of these security measures, ensuring that security considerations are integrated into the application's design and development phases.
Case Study Project
Part 1: Request
Design a security model for a web-based data retrieval application focusing on secure authentication, data transport, input validation and user input handling. Consider the following key areas:
User Authentication:
Implement secure authentication mechanisms (password hashing, salting).
Use secure session management techniques.
Include protocols for handling failed login attempts.
Secure Data Transport:
Utilise encrypted data transport protocols (HTTPS).
Reference industry standards for secure communication.
Input Validation:
Apply proper input validation techniques to prevent vulnerabilities.
Consider using libraries or frameworks with built-in validation mechanisms.
User Input Handling:
Sanitise and escape user inputs to prevent code injection attacks.
Educate users about secure data input practices.
Part 2: Retrieve
Design security measures for the SQL-based database used in the application. Focus on field lengths, data privacy, preventing SQL injection and visual representation. Consider the following requirements:
Field Lengths:
Determine pre-defined field lengths based on practical considerations.
Justify choices considering data volume and scalability.
Data Privacy and Security:
Implement strong access controls.
Encrypt sensitive information using industry-standard algorithms.
Reference relevant standards for handling sensitive data.
Preventing SQL Injection:
Explain risks associated with SQL injection vulnerabilities.
Propose measures like prepared statements or parameterised queries.
Visual Representation:
Include layout options, simplified pseudocode or algorithms.
Use diagrams or flowcharts to visualise data flow and interactions.
By completing this assessment, you will create a solid security design model for the web-based data retrieval application. Your model should prioritise user trust, productivity and data protection, and incorporate industry standards and best practices. The comprehensive security measures implemented in the Request and Retrieve components will ensure secure authentication, data transport, input validation and data storage. Visual representations and practical examples will aid in the effective implementation of the security design.
To prepare for this assessment, please review all the learning resources provided and discussed during Modules 1 to 11. Additional individual research in the library and on the internet is recommended.
Structure your 2,000-word security design case study project report according to the following sections:
Title page (Include the subject code and name, assessment number and name, your name, your stu- dent ID and your student email address.)
Table of contents
Introduction of 100 to 150 words
Body of the report (addressing the cybersecurity requirements according to above-mentioned two parts, Request and Retrieve) with around 1700 to 1800 words.
Conclusion of 100 to 150 words
Reference list
Appendices (if needed)
Referencing
It is essential that you use current APA style.