Secure Web Technologies

Aims:

In the past years there has been an increase in attacks on websites that can result in the disclosure of information that is of a personal and confidential nature. With the introduction of GDPR it is no longer acceptable to collect information overtly and then not protect that information adequately.

The purpose of this module is to build secure websites and Internet systems which appropriately comply with GDPR and deploy practical cryptographic techniques for the information collected and stored.

Learning outcome 1: Assemble and prepare a GDPR compliant webserver using cloud- based VM.
Appraise and identify vulnerabilities on existing webservers using remote VM.
Distinguish from a range of technologies and how to apply them appropriately.
Critically evaluate cryptographic technologies and methods for use in applications

Skills
On successful completion of this module, the student will be able to:
Design and develop an online database.
Design and develop a dynamic website that relies on content generation and a variety of technologies.
Design and develop a website that facilitates the secure collection and storage of information using a cloud-based VM.
Evaluate, criticise and implement the configurations set on a server to manage and store personal information securely.
Design and develop a secure file store system which utilises appropriate cryptographic technologies

Assessment 1
Assignment type - Application development and report

This assessment is to build and test your skills in the deployment of a medical system for a local doctor's surgery. The web app should:
Deploy a database system
Interact and work with server-side technologies, fetching data which is drawn into the app's db
Allow patients to book appointments with a specific doctor
Allow doctors to store medical notes/treatments/medication details about a patient
All aspects of both website configuration and the actual application should be GDPR compliant and secure

Learning outcome

Assessed learning outcome (s) Knowledge
On completion of this module, the successful student will be able to:
Assemble and prepare a GDPR compliant webserver using VM.
Appraise and identify vulnerabilities on existing webservers using VM.
Distinguish from a range of technologies and how to apply them appropriately.
Skills
This module will call for the successful student to:
Design and develop an online database.
Design and develop a dynamic website that relies on content generation and a variety of technologies.
Design and develop a website that facilitates the secure collection and storage of information using VM.
Evaluate, criticise and implement the configurations set on a server to manage and store personal information securely.

Marking details:
Basic designs for both site and database

Front page designs
Database E/R diagram

IndexedDB database in use and managed

Creation of DB, with JSON data from server (5%)
- Add (2%)
Delete (1%)
Update (2%)

Patient, Admin and Doctor account types and permissions (5%)

Patient account type and permissions (1%)
Admin account type and permissions (2%)
Doctor account type and permissions (2%)

Admin functionality (Can manage patient's information name, address, DOB etc.) (10%)

Can add details of patient (name, address, telephone, DOB, NHS number (5%)
Can update/delete (5%)

Patient functionality (Can book appointments, look at medication instructions etc.) (10%)

Can book appointments and request prescriptions (5%)
Can see stored information and medical notes (5%)

Doctor functionality (Review patient history, medical notes, medicines) (10%)

Can look at patient history, notes (5%)
Can add to patient history, notes and medicines (prescriptions) (5%)

Validation checks and basic security (input sanitisation, password, email etc.)(5%)

Accounts are password protected (2%)
Inputs are sanitised, password reaches applied security standard, email input is valid (3%)

Security (Encryption)

Encryption modules used from crypto lib or similar, must be AES 256 or better (5%)
Encryption applied to passwords and other data (2%)
Decryption and data in use after storage (3%)

Advanced

JSON data collected from server and processed (5%)
Service / Web workers and threads used (5%)
PWA features (Caching of resources for offline) (5%)

Case Study / Report

Servers / Protocols / VMs / Website security / Server-side code

Assessment 2 - Cryptographic Case Study

Cryptography Case Study: File Store - individual work Two main objectives:
Development-
Combine weekly modules to form one menu driven application
Takes file (must function with binary or text) as input, stores via chosen cryptographic method, then retrieves securely if appropriate password/key is made available. This is similar to Veracrypt
The final app should work as a standalone program - ensure it works ‘as-is' before submitting
Case-
Study one example of commercial file store and cryptography in use or available give as much detail as possible of how the protocol or set of security measures in place. Produce a report how it works, its effectiveness and weaknesses with appropriate supporting mathematical content
Expand on one cryptographic technique from (DH, RSA, EC...) which relates to a commercial product.
The report should be at least 2000 words (excluding any lengthy code, which should be supplied in the appendix)
Weekly supporting code should be on the server system, neatly labelled and easily runnable; details in a readme.txt
The submission should be in PDF format
You should NOT copy and paste directly from the Internet; any quotes should be referenced appropriately

Knowledge
On completion of this module, the successful student will be able to:
Critically reflect on and recognise the central ideas in computing systems in relation to cyber security issues
Skills
This module will call for the successful student to demonstrate:
An ability to analyse vulnerability in systems with a view to propose counter-measures
Solution synthesis and development of security measures in response to vulnerabilities