Introduction to Computer Security – G6077
Hello, dear friend, you can consult us at any time if you have any questions, add WeChat: daixieit
Introduction to Computer Security – G6077
Lovejoy’s Antique Evaluation Web Application
In this coursework, you will develop a secure web application for a local antique dealer named Lovejoy. Lovejoy wants a minimum viable product allowing customers to register and then request evaluations of potential antique objects. Lovejoy has many rivals in the antique business who may sometimes resort to underhand tactics and so is very concerned about the security of the application.
Your secure web application will need to have these features for the minimum viable product (MVP) release: user registration and login, a password policy, “request evaluation” page and then an extension of the “request evaluation” page file upload to allow upload of photos. Finally, Lovejoy needs a request listing page.
You should build Lovejoy’s MVP focusing on the following features in each task. As well as the code, you should submit a report described in the appendix below, where you will provide a self reflection on the security provided for each feature. Mark allocation for each task are as described below and in the security analysis grid. You should reflect upon your work and provide estimates of how much you’ve achieved by filling out the grid, which if completed will be allocated 5 marks. There are thus 35 marks for completing the application reasonably, 60 marks for the security features identified and implemented, and 5 marks for self-reflection.
You have a choice of technologies from which to build the application:
• PHP, hosted on the university’s web server or an accessible hosting service such as AWS, Azure or Google.
• Java and an appropriate framework, using Tomcat on a hosting service as above
• Python in Django on a hosting service as above
No other approach is allowed
|
Task 1 - Develop a secure web form that allows customers to register in the application. They must register an email address, password, name and contact telephone number. The users’ details should be stored in a database. |
Code Quality 5 marks |
|
Database Design 5 marks |
|
|
|
|
|
Task 2 - Develop a secure login feature. |
Code Quality 5 marks |
|
Task 3 – Extend the password management feature to provide password strength recommendations and password recovery. |
Code Quality 5 marks |
|
Task 4 - Implement a “Request Evaluation” web page only accessible to logged in users. This web page should have a comment box to type in the details of the object and their request, and a dropdown box for preferred method of contact between phone or email. |
Code Quality 5 marks |
|
Task 5 – Extend the “Request Evaluation” page to allow for file upload of a photo of the object |
Code Quality 5 marks |
|
Task 6 – Implement a page that displays a list of evaluation requests. This page should only be visible to an administrator role |
Code Quality 5 marks |
Submission guidance
Report - Use the template provided in the Canvas for the report. Provide screenshots of all
the marking criteria elements and annotate where necessary. Use bullet points to
give any explanation. Don’t write paragraphs.
Provide the URL where the web application can be located within the report.
Web application code – a zip file should be uploaded to OneDrive and the link will be provided in the report.
2021-12-14