My undergraduate students are involved in designing a web based student admission system. They have to make the system secure from different types of attacks and cover vulnerabilities. What types of attacks and vulnerabilities are there? What basic security features should be implemented to provide average level of security.
I suggest the guideline of NIST at http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf
I think OWASP Top-10 is the best reference for this.
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
If you want basic security then you should implement https SSL. You should also guard against Sql injection attacks by writing appropriate code. You should use hashed passwords for the database users. I suggest SHA-256.
The system you implement the system on should also have its own set of security procedures. These are too much to explain in this short post.
I agree that NIST and OWASP are best as guidance for developing web security features.
- OWASP has the best guideline I have found so far on web application vulnerabilities. Some of the basic vulnerabilities include SQL injection, XSS, session fixations, CSRF, force browsing, broken access controls. I think these are more than enough for undergraduate project.
https://www.owasp.org/index.php/Top_10_2013-Top_10
Hello All,
Does anyone have or know how i get DataSet for Web server access log (Apache web server) ""hosted on cloud computing"" (DDoS / HTTP GET Flooding Attack). To do Training & Testing on it...
- Badges
- Science topic
- Similar topics
- Analytical Chemistry
- Extraction