skip to Main Content

Web Security SEC-370 Dr. Ammar Ahmed The Goal- Build a Secure Web App Web Securi

Web Security SEC-370 Dr. Ammar Ahmed The Goal- Build a Secure Web App Web Security Dr. Ammar Ahmed Google.com TLS/SSL Encrypted X Database Server PostgreSQL Web Server: Apache2 Ubuntu Server No Access TLS/SSL Encrypted Database administrators And Developers Outcomes When finished with this course, you should have: 1. A web server running a secure web application. 2. The application is securely connected to a backend database over TLS/SSL 3. Data transmitted between browsers and the web server should be over https. 4. Operating systems have to be harden: i. Close non used ports ii. Remove non used programs iii. Limit access of application only to required resources 5. Eliminate risk caused by SQL injection 6. Eliminate risk of cross-site-scripting This will be your final project, which you will be building weekly! Google.com Web Security Dr. Ammar Ahmed Concepts Google.com Web Security Dr. Ammar Ahmed 1-Web Application 2- Web Server 3- Server Machine 4- Database Server 5- Database Tool 6- TLS/SSL 7- Https TLS/SSL Encrypted X Database Server PostgreSQL Web Server: Apache2 Ubuntu Server No Access TLS/SSL Encrypted Database administrators And Developers Technologies Web Security Dr. Ammar Ahmed 1. You can use any platform a. Amazon Web Service (AWS) is recommended 2. Ubuntu 14.04 as Server 3. Apache2 as web server 4. PHP as server side scripting programing language 5. AWS PostgreSQL as a database engine 6. PgAdminIII as database development tool 7. Self-signed Certificate 8. AWS security groups for firewalls configurations 9. PHP5 security API for secure login Task 1: Build A Server Machine Web Security Dr. Ammar Ahmed Ubuntu 14.04 1. This comes with built in PHP5.5.+ extension 2. Demonstration on AWS 3. Install Putty to remotely login 4. Install Puttygen to convert the AWS pem Key to http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html 5. Create a security group (like firewall concept) 6. Update Ubuntu $: apt-get update $: apt-get upgrade 7. Test php is installed also Task 2: Build A Web Server Web Security Dr. Ammar Ahmed Apache2 1. Open source 2. Test installation via accessing apache2 home page 3. Note: this will be through port 80 Task 3: Encrypt Transmission Web Security Dr. Ammar Ahmed TLS/SSL 1. Install self-signed certificate 2. Disable port 80 3. Enable connection only from port 443 4. Confirm installation via accessing apache2 home page over https Task 4: Secure Backend DB connection Web Security Dr. Ammar Ahmed PostgreSQL/ PHP 1. Bring up a PostgreSQL DB instance http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL 2. Download the public key stored at: http://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem 3. Download and install pgAdminIII Task 5: Secure Connection to DB Web Security Dr. Ammar Ahmed PostgreSQL/ PHP/ HTML 1. Create an html form with 4 fields: first Name, Last Name, Email & Password, submit and rest buttons 2. In PostgreSQL create a table with 5 fields, the above, in addition to a primary key column 3. Remove special character and escape strings from the form inputs 4. Submit information from the form securely to the DB Task 6: Secure Login Web Security Dr. Ammar Ahmed PostgreSQL/ PHP/ HTML 1. Create a secure login system

GET HELP WITH THIS ASSIGNMENT TODAY

Clicking on this button will take you to our custom assignment page. Here you can fill out all the additional details for this particular paper (grading rubric, academic style, number of sources etc), after which your paper will get assigned to a course-specific writer. If you have any issues/concerns, please don’t hesitate to contact our live support team or email us right away.

Back To Top