PHP代写 | INTE1070/1071 Secure Electronic Commerce

本次PHP代写是完成一个电子商务网站,并防御web攻击
INTE1070/1071 Secure Electronic Commerce
Assignment 1

1. Overview
The objective of Assignment 1 is evaluating your knowledge on the topics covered in Lecture 1-4. Topics include an
overview of the E-Commerce system, common security attacks on E-Commerce websites, protecting E-commerce
sites using well-known approaches, and some fundamentals of crypto protocols that are used for securing electronic
commerce. Assignment 1 will focus on developing your abilities in identifying security flaws in an e-commerce website
and securing the e-commerce application using some of the well-known approaches. Assignment 1 contains several
problems related to the topics mentioned above. You are required to prepare the solutions with the description of
the step-by-step processes as a single PDF or MS Word file and necessary codes.
There are 4 (four) questions in Assignment-1. Q1 is related to different security attacks that can be performed on an
e-commerce website. On the other hand, Q2 to Q4 are related to some of the popular protection methods that are
used in e-commerce applications. Protection methods include Google’s ReCaptcha V2 and V3, email and SMS based
multifactor authentication, and Google’s two factor authentication (2FA) framework.
Develop the solution of this assignment in an iterative fashion (as opposed to completing it in one sitting). You should
be able to start preparing your answers immediately after the Lecture-1 (in Week-1). At the end of each week starting
from Week-1 to Week-4, you should be able to solve at least one question.
If there are questions, you must ask via the relevant Canvas discussion forums in a general manner.

Q1. Security Attacks on E-Commerce Websites (9 Marks)
Alice owns a computer store in Melbourne city. In order to increase the sales, she has developed an E-Commerce
application for her computer store. Some of the well-known attacks on E-commerce websites are as follows:
• Cross-Site Scripting (XSS)
• SQL injections
• Hidden field manipulation
• Fishing Attack
• Cookie poisoning
• Web scraping
• Layer 7 DoS attacks
• Parameter tampering
• Buffer overflow
• Backdoor or Debug options
• Stealth commanding
• Forced browsing
• Third-party misconfigurations
Alice realizes that the E-Commerce application must be secured before it becomes online. From that realization, she hires
you and your team as a security consultant to identify the security risks of her developed E-Commerce application.
Create an E-commerce website (with a database as back-end and other necessary tools such as HTML, PHP, Javascript,
CSS files etc.) for yourself to demonstrate the chosen attacks. However, for the sake of convenience, a sample code of
Alice’s E-Commerce application (includes HTML, PHP, JavaScript, and CSS source files) and the database (as SQL file) are
uploaded in the CANVAS under Assignment-1 home page. You should add or edit pages to whenever required.
Create a group of 3 people. Then, you are required to configure Alice’s E-Commerce application in your personal
computer or any free websites (where you can host your website) using the knowledge you have learnt from Tutorials 1
to 4.
Once you have configured the application, you are required to demonstrate at least three types of attacks that can be
performed on Alice’s E-Commerce application. For each of the attack, you need to do the followings:
a) Write down all the necessary steps to launch each attack with screenshots.
b) Record the steps in a video and post it in the CANVAS or YouTube (as a private video). Provide the link. You should
not share the link of the video any of your peer groups.
Provide the above items mentioned in (a) and (b) as a group.
Q2. Securing E-Commerce Website from spam and abuse (2+3 = 5 Marks)
In the E-Commerce application that has been provided in the CANVAS in relation to Q1, only registered users should be
authorized to login to the Ecommerce application and trade. A registered user can be either a seller or buyer who needs
to create a user account. It is possible that several fake users are created by human attackers or software bots for
hampering the operation of the E-Commerce application. To protect the E-Commerce application from spam and abuse,
Alice requests you to integrate CAPTCHA in her E-Commerce application.
Considering the security strength of Google’s reCAPTCHA service, you have decided to integrate it in Alice’s application.
a) From the knowledge you have learnt in Tutorial, implement Google’s reCAPTCHA version 2:
i. Design a form similar to the one given in Figure-2.1 to create user account with Google’s reCAPTCHA version 2.
ii. Show step by step processes, with appropriate code segments and screenshots, how Google’s reCAPTCHA version
2 can be applied in the E-Commerce application to prevent creating fake user accounts. Also, record the steps in
a video and post it in the CANVAS or YouTube (as a private video) and provide the link. You should not share the
link of the video any of your peer groups.
b) You have found that Google has a new version of its reCAPTCHA which is reCAPTCHA version 3. When you informed
Alice about the reCAPTCHA version 3, she is convinced that reCAPTCHA version 3 is better.
To make Alice happy:
i. Design a form similar to the one shown in Figure-2.2 to create user accounts with Google’s reCAPTCHA version 3.
ii. Show step by step processes, with appropriate code segments and screenshots, how Google’s reCAPTCHA version
3 can be applied in the E-Commerce application to prevent creating fake user accounts. Also, record the steps in a
video and post it in the CANVAS or YouTube (as a private video) and provide the link. You should not share the link
of the video any of your peer groups.
iii. What are the advantages of using reCAPTCHA version 3?

Q3. Simple Multi-Factor Authentication (4 Marks)
Once user accounts have been created, only valid users should be allowed to login and trade using Alice’s E-Commerce
application. However, attackers can still compromise the login system with the aid some sophisticated software. So, you
have decided to integrate the multi-factor authentication in Alice’s E-Commerce application.
Develop an Email-based multi-factor authentication for Alice’s E-Commerce application that has the following
requirements. Also, record the steps in a video and post it in the CANVAS or YouTube (as a private video) and provide the
link. You should not share the link of the video any of your peer groups.
Requirements:
i. Create a simple login form as shown in Figure-3.1. When a user provides a valid email (your RMIT student email)
and password (e.g. 1234), the user should receive a 6-digit random number in his/her email address as shown
in Figure-3.2 and the page to be shown as presented in Figure-3.3.
ii. Once the verification code is provided in the form shown in Figure-3.3, the code should be verified, and the
Success Page is shown (see Figure-3.4). Otherwise, the Failure Page is shown (see Figure-3.5).