Add to collection(s) Add to saved
  1. No category
Uploaded by pingyekendra

AdvanceCyberSecurity

advertisement 
UNIVERSITY OF SUNDERLAND
ASSIGNMENT COVERSHEET
Student ID :219318262
Student Name/ Names of all group members:
Himal Mahar
Programme:
Computer system engineer
Module Code and Name: Advance cyber security
Module Leader/ Module Tutor:
Due Date:8-jul 2021
jul-2021
Hand in Date:8-
Assessment Title:
Learning Outcomes Assessed: ( number as appropriate)
Mark
Areas for Commendation
Areas for Improvement
General Comments
Assessor Signature :
Overall mark ( subject to
ratification by the
assessment board)
Moderator Signature
……………………………………………………………………………………………….
I confirm that in submitting this assignment that I have read, understood and adhered to the University’s Rules and procedures
Report
governing infringements of Assessment Regulations.
PRINT Student Name: ____________________________________________
Student Signature : ______________________________________________
Module Code and Name: _________________________________________
Name of Module Tutor : __________________________________________
Faculty Stamp (date/time)
Report
Strength and weakness
The system has all user input fields authenticated on the client side. The user has to fill out all the
forms field in the system to get register to the system. The system wont able to register if any field
left empty. It also checks the values that the user entered match the pattern with the system like if
the user provides the invalid email address the system shows the massage to provide predictable
string for email. The system also allow user to check the entered password value and compare
wither the password value meet the requirement of the system like uppercase, lowercase etc.
(Pedamkar, n.d)
Weak passwords always play a major role in any hack. For the ease of user, sometime applications
do not enforce password complexity and as a result of that users use simple passwords such as
password, password123, Password@123, 12345, own mobile number etc. Weak password does
not always mean length and the characters used; it also means the guess ability. To avoid that in
this system the system is design in such a way that, the system tells you to use more complex
password like the password should be at least 8 characters long. Password should consist of
lowercase and uppercase letters, numbers to make the system more secure because a long password
can offer more protection than a short password if it is properly constructed. (Hu, 2018)
SQL injection is one of the most common web attack mechanisms utilized by attackers to steal
sensitive data from any system. On the server side to prevent SQL injection, the password entered
by user in the system stored in encrypted form which helps to prevent from stolen data. In the
system the user data stored in encrypt form so that the SQL injection can be eliminated in stored
procedure. If a user wants to access the database form remote place, then he has to logon to the
system through web site using the user’s name and password. In the middle tire, SQL query is
generated and the web server verifies user name and password, if it is matches then the user can
access the database. In the system, mechanism like SQL-Injection is used in order to bypass the
login phase without entering proper user name and password. password that assigns to login and
application store on encrypts from even if anyone directly look into the system tables in database,
they won’t find the password (Deevi Radha Rani, 2012)
The system also includes that the repetition of username and password wont accepted by the
system. The system uses a unique index to help maintain data integrity to ensure that the data set
in the table does not have the same key value, thus validating the individuality of the data values.
In the Users table, a UNIQE key has been assigned to the email_address field, which has the
advantage of preventing the email address from being used more than once.
Captcha is also used in the system. Because, CAPTCHA systems help to defend Internet services
and apps against robots and other automated attacks. CAPTCHA is a test to separate computers
from humans. In the system the google reCAPTCHA v2 is used where user clicks on the famous
“I’m not a robot” checkbox, and the advanced risk analysis algorithm will either automatically let
them through or challenge them with an image CAPTCHA. As bots got better at solving
CAPTCHAs, Google set out to create a system that would take advantage of machine learning and
artificial intelligence to create better yet less disruptive CAPTCHAs. (Dome, 2021)
Strategy and approach to the different functions of the system
To develop the system the agile methodology is used. Using the Agile Methodology technique, it
helps to create a smaller project in short time. In the system, solid cybersecurity ideas and
approaches for password and captcha authentication are include to make it as safe and secure as
possible.
First, the project's goals and what was expected of it were set. The system had a graphic user
interface that was easy to use and asked users to sign up by giving their full name, email address,
and a password, county, date of birth with their image. The system had to use an algorithm to
figure out if the email address was real and how strong the password was. Passwords had to be put
into different groups, such as uppercase, lowercase, number so that the system could tell the user
what kind of password to use. The system must be safe from web-based attacks, such as SQL
injection, and it must have five security check features, such as preventing users from using the
same password again or protecting the data with an encryption algorithm. As the last step in this
section, the system had to click on reCAPTCHA to check whether the user is real human or a bot.
References
Deevi Radha Rani, B. K. (2012). Web Security by Preventing SQL Injection Using . ) International
Journal of Computer Science and Information Technologies.
Dome, D. (2021). CAPTCHA vs reCAPTCHA: What’s the difference?
Drašar, M. (2009). Password based authentication. Masaryk University.
Hu, G. (2018). On Password Strength: A Surveyand Analysis. Software Engineering, Artificial
Intelligence, Networking and Parallel/Distributed Computing.
Pedamkar, P. (n.d). validation in php. EDUCBA.
Samar, S. (2019). Advanced Methodologies and Technologies in Network Architecture, Mobile
Computing, and Data Analytics. Philander Smith College, USA.
Sapkal, A. A. (n.d.). Security Analysis of CAPTCHA. IEEE.
Teik Guan Tan, P. S. (2020). Securing Password Authentication for Web-based Applications.
cornell university .
Appendices
Main page (register page)
The main page open while opening the system is register page. Where user have to entered in the
field. If they already have any account, they have to click on Already have an account to login into
the system.
Figure 1: register page
All input field, authenticated
The password input has been authenticaed
uppercase,lowercase,number and 8 character long.
that
The conform password inpuit field has been autheticated
Captcha code
The googel recaptcha v2 is used for the system
the
password
should
contain
Shows: The already used password cannot be used in the system
Login form(login.php)
On the Login form page, you can access the page by entering your e-mail and password. In
addition, password update and reset are possible.
Figure 2: login page
Login form check the main name and passwrof first, and with the captcha check the login user as
bot and human if the captcha varifies user as human it open the system .
Password update form
On the Password Update form page, you can update your password by entering your Current, New,
Confirm password. Once this is done, you can log in with the updated password on the Login page
Figure 3: password update page
Password updtae form shows: check password matching, encrypt old password, check main
password table first
Password updtae form shows : then check the and verify current password and for the new
password it check the last 3 password used form ht passwordhistory table if the password match
with the privious three password used in the system it shows error and have to used new password
and delete the old password form database and save new password.
Reset form
On the Reset form page, you will receive a generated new password in an email by entering the
email address. Once this is done, you can update your password and to access the Redirect page.
Figure 4reset page
Reset Form Shows: Check email is valid and get user ID, Email is valid, Generate a new password
end encrypt, and send it gmail from which password you can login in system and change the
password.
Figure 5reset form code
Reset form clint side code
Redirect page
You have successfully logged in to the page on the Redirect page and you can log out of the page
with the Logout button, which will take you to the Login page. User's status saved to session, if
someone try to open this site without login, it redirects to Login site. Get user state from session,
redirect user if he's/she's state logged out in session, Set user state to logged out in session.
Figure 6 redirect page
Related documents
Slide 1
Slide 1
Flow Chart
Flow Chart
Download
advertisement