As systems become more complex, the potential for security vulnerabilities being introduced increases. This means that if we are to provide any assurances about systems that we design and develop then we need some means for analysing, managing, and generally making sense of all the data that contributes to a system$$s design to ensure such vulnerabilities are not unintentionally introduced. In this coursework you are required to design and develop a secure web$-$based system.

Completion of this assignment will address the following learning outcomes:

$1$ Critically analyse, examine and test software for security vulnerabilities.

$2$ Create software in a range of programming languages to exploit the vulnerabilities of systems.

$3$ Apply advanced defensive cyber strategies and techniques for the secure design of systems.

$4$ Deploy a range of secure programming techniques to the development of secure software.

Task:

Design and develop a secure web$-$based system, incorporating end$-$point and communications security, and ensure its security is rigorously tested. You are required to develop the system and report the steps taken, the report should not be more than $2000-$words. The first part of the report should cover the literature review on the following areas:

$$ Security within the software development lifecycle.

$$ Secure software engineering.

$$ Techniques for secure programming.

$$ Standards based approaches such as OWASP, CERT, SANS, Certification, threat modelling and STRIDE.

$$ Tools to aid secure software development.

When you do Programming you may consider the following steps:

$$ Code hardening techniques.

$$ Platform selection and development environments.

$$ Language specific issues.

$$ Incorporating access control.

$$ Authentication and trust

$$ Applied cryptography.

$$ Security protocols in programming.

$$ Programming for offensive and defensive cyber.

$$ Mobile device software.

$$ Current research in secure programming and future trends.

$$ Code analysis and testing: Code checking, static analysis, decompiling, dynamic analysis, sandboxing, runtime monitoring, fuzz testing.

Document your program in not more than $2000-$word report showing all the steps taken in developing the system