Security代写|6005-CEM Security CW2: Secure Development


Module Learning Outcomes Assessed

1. Critically evaluate a range of encryption and authentication methods for a given set of requirements.

2. Utilise systematic knowledge to create secure environments at the host or network level.

3. Develop and evaluate software that addresses the most common and most severe security concerns.

Task and Mark Distribution

In this coursework you are required to design a simple web application. And write a short report on the design choices made with regard to security implications.

The coursework has two components:

1. Design the infrastructure for a simple web application, based on the requirements below.

2. A Report on the security considerations in the website design. This should discuss and justify any design decisions made with regard to security.

Important Note on the Design

The coursework is asking you for a high level design of the website components and infrastructure. You are NOT required to implement it.

For example, your database design would include the types of information, and how they are stored (ie passwords stored as a hashed value), but not necessarily the database engine, or table structures.

Additionally, in the report, you do not need to justify non-security related design decisions. There is no need to justify the choice of database (SQLite, MySQL, mongo) UNLESS there is a specific feature of the database that has a security implication.

Website Requirements

The website you need to develop is a simple messaging board, that supports stack overflow style questions, and responses.

The Website has the following requirements:

User Account Creation

It should be possible to create a new user account on the system

User Login:

Users Should be able to authenticate with the server

Forum Style Messaging.

Users should be able to ask “Questions” for other users to answer
Users should be able to view questions on the system
Users should be able to respond to questions on the system

Admin Account:

Admin account: Should provide an overview of activity on the site

Very Simple Web API:

GET: A List of all Threads
GET: An Individual Message Thread
POST: New Message

Logging and Analytics

It has also been decided that the system will gather logging and analytics information, and the customer has asked for your
feedback on this.