CW2: Secure Development
Assessment brief
View as Coursework BriefSubmission Informtion
| Handout Date | 20th Sep 2021 |
| Due Date | |
| Estimated Effort | 20 Hours |
| Percentage of Module Mark | 50% |
ILO's Assessed
- 1. Critically evaluate a range of encryption and authentication methods for a given set of requirements.
- 2. Utilise systematic knowledge to create secure environments at the host or network level.
- 3. Develop and evaluate software that addresses the most common and most severe security concerns.
Task and Mark Distribution
In this coursework you are required to design a simple web application. And write a short report on the design choices made with regard to security implications.
The coursework has two components:
- Design the infrastructure for a simple web application, based on the requirements below.
- A Report on the security considerations in the website design. This should discuss and justify any design decisions made with regard to security.
Important Note on the Design
The coursework is asking you for a high level design of the website components and infrastructure. You are NOT required to implement it.
For example, your database design would include the types of information, and how they are stored (ie passwords stored as a hashed value), but not necessarily the database engine, or table structures.
Additionally, in the report, you do not need to justify non-security related design decisions. There is no need to justify the choice of database (SQLite, MySQL, mongo) UNLESS there is a specific feature of the database that has a security implication.
Website Requirements
You have been asked to develop a messaging platform to help with student engagement. The platform will try to use a similar approach to more traditional social media, and allow students to make and respond to posts on a feed.
The platform should support.
- Different levels of access
- Only Students and staff should be able to access the system.
- Students should be able to create, respond and view posts
- Staff should also be able to add and update lecture materials.
- Admin Account
- The admin account should be able to:
- Add and remove users on the system
- Change the access levels of users
- View and edit course materials and posts
-
Web API
- There will also be a simple mobile app that tries to replicate the website
functionality, this will happen through a simple REST API which should
support:
- Authentication. There should be the same authentication / authorisation as the web application
- Create, Read and Respond to posts. Users should be able to view posts in the same way they can in the web app.
- There will also be a simple mobile app that tries to replicate the website
functionality, this will happen through a simple REST API which should
support:
-
Logging and Analytics
-
It has also been decided that the system will gather logging and analytics information, and the customer has asked for your feedback on this.
-
As this is going to be used to help track student engagement it users will not be able to opt-out. While there is currently no requirement for users to view the analytics, a dashboard is planned. The types of information they propose to collect include:
- User name
- Browser and OS details
- Details of page clicks, and interaction with site elements
- Geo-Location data.
-
Report Requirements
The report should be written in a style suitable for a technical audience. The report should provide details of the design of the system, and the security based decisions behind it. You are expected to justify your design choices by referring to the relevant literature
A suggested report structure is as follows:
- Introduction
- Scope of the report, design overview
- Design:
- Discussion of potential security issues for each element of the design.
- Recommendations for dealing with potential security / data protection issues with the proposed designs requirements.
- Implementation details:
- Description of how your design addresses potential security issues
- Summary:
- Summary section, highlighting the issues resolved, and the key findings of the report.
NOTE: There is also an element in the marking scheme for Background Research.
While I am not expecting a full literature review, you should support your design decisions using the
relevant literature.
Important Note:
You are marked on the functionality of the system, rather than its look and feel. The site should be usable via a web browser. Other than that the choice of infrastructure is up to you.
Submission Instructions
Please submit:
- Your final report in PDF Format by the submission date.
Marking.
- Report (100%): Justification for the design choices.
Marking Scheme
Report:
| Component | Marks (of 100) |
|---|---|
| Introduction / Conclusions | 10 |
| Systems Design | 30 |
| Discussion of Implementation | 30 |
| Background Research | 20 |
| Report Structure | 10 |
Marking Matrix
| Grade | Mark | Description |
|---|---|---|
| No submission | 0 | No work submitted |
| Fail | 0-25 | Clear failure demonstrating little understanding of relevant theories, concepts and issues. Minimal evidence of research and use of established methodologies and incomplete knowledge of the area. Serious and fundamental errors and aspects missing. No evidence of research. |
| Near Fail | 25-39 | Very limited understanding of relevant theories, concepts and. Little evidence of research and use of established methodologies. Some relevant material will be present. Deficiencies evident in analysis. Fundamental errors and some misunderstanding likely to be present. |
| Pass | 40-49 | Meets the learning outcomes with a basic understanding of relevant theories, concepts and issues.. Demonstrates an understanding of knowledge and subject-specific theories sufficient to deal with concepts. Assessment may be incomplete and with some errors. Research scope sufficient to evidence use of some established methodologies. Some irrelevant material likely to be present |
| 2:2 | 50-59 | Good understanding of relevant theories, concepts and issues with some critical analysis. Research undertaken accurately using established methodologies, enquiry beyond that recommended may be present. Some errors may be present and some inclusion of irrelevant material. Good understanding, with evidence of breadth and depth, of knowledge and subject-specific theories with indications of originality and autonomy |
| 2:1 | 60-69 | Very good work demonstrating strong understanding of theories, concepts and issues with clear critical analysis. Thorough research, using established methodologies accurately, beyond the recommended minimum with little, if any, irrelevant material present. Very good understanding, evidencing breadth and depth, of knowledge and subject-specific theories with some originality and autonomy. |
| First | 70-79 | Excellent work with clear evidence of understanding, creativity and critical/analytical skills. Thorough research well beyond the minimum recommended using methodologies beyond the usual range. Excellent understanding of knowledge and subject-specific theories with evidence of considerable originality and autonomy. |
| Outstanding | 80-90 | Outstanding work with high degree of understanding, creativity and critical/analytical skills. Outstanding understanding of knowledge and subject-specific theories. Evidence of outstanding research well beyond minimum recommended using a range of methodologies. Demonstrates creative flair, originality and autonomy. |
| Exceptional | 90-100 | Exceptional work with very high degree of understanding, creativity and critical/analytic skills. Evidence of exceptional research well beyond minimum recommended using a range of methodologies. . Exceptional understanding of knowledge and subject-specific theories. Demonstrates creative flair, a high degree of originality and autonomy. |