Please see the attached pdf file. Note that the "Finally......" part is not needed - I will have to add that part by myself. Just write and discuss the two web security incidents is enough.
Security Report 11/10/21, 3:40 pmSecurity Report Page 1 of 2https://ilearn.mq.edu.au/mod/turnitintooltwo/view.php?id=6693545 My home / Units / COMP3120_SHFYR_2021_ALL_U / Assessments / Security Report COMP3120 Advanced Web Development My Submissions Title Start Date Due Date Post Date Marks Available Security Report - Part 1 10 Oct 2021 - 00:00 24 Oct 2021 - 23:59 10 Nov 2021 - 15:17 15 Summary: In this assignment you will write a report around web security. The goal is to understand some published web security exploits and think about the lessons learned for the applications you are building in this unit. Listed below are some sites that publish details of cyber security exploits. It's just a partial list and you may know of other sources which you are free to use. For this report, you should select two published security incidents involving web applications. Ideally, these would be related in some way - e.g. they might be attacks on the same kind of application or they might exploit the same kind of vulnerability. For each of these you should: Give a broad description of the exploit - this can quote directly from the sources you found (with attribution) Provide some insight into how the exploit was possible with reference to the things we've covered in this unit. For example, where in the software stack was the attack made? What technical features of the application were used to gain access? What did the developers do wrong? Here we're looking for you to apply your knowledge of web application architecture and technology to interpret the attack you are describing. This should be in your own words. Finally, discuss the implications of these attacks or weaknesses in the context of one of the two applications you've implemented this semester - the individual project or the group project. Briefly describe what your application does. Was your application vulnerable to the same kind of attack? What might you have to do to ensure that such an attack could not be applied to your software? Which parts of your application stack might be vulnerable? Obviously, your choice of example exploits will affect what you can write in the last part. Ideally, choose something that is relevant to the kind of application you have worked on. If it's difficult to find something relevant, it is ok to imagine a slightly different project that would give you something to write about. Resources Top 10 Application Security Breaches of 2018 Webber Insurance list of Data Breaches in Australia API Breaches and the Visibility Problem NIST National Vulnerability Database (search interface - search for terms you know like CSRF, Cookies, HTTPS, etc to find interesting cases) Word Count: Your report should be around 2000 words with a maximum of 2500 words, not including your reference list. You will not be penalized for exceeding the maximum but we will be bored by the end of it and inclined to forget how good the start of your report was. Similarity: you will submit via Turnitin and it will generate a similarity report. We use this to find potential cases of plagiarism but there is no fixed percentage that you have to stay below. If you follow the guidelines above on quoting above you will be fine. If we find large blocks of text copied from somewhere else or if you have copied the text and then changed words to make it look different, then we'll be looking more closely. Marking Criteria: the following aspects will be considered when marking your report. Writing - readable, understandable, good grammar, spelling Unsatisfactory – Grammatical/spelling errors, hard to read, sloppy Pass – Significant errors but generally readable Credit – Clear writing, easy to follow, minimal errors Distinction – outstanding writing, pleasure to read Completeness - covers two security exploits and provides insight into how they happened Unsatisfactory - Only one exploit (or two variations on the same thing) poorly described Part 1 ! https://ilearn.mq.edu.au/my/ https://ilearn.mq.edu.au/course/index.php https://ilearn.mq.edu.au/course/view.php?id=56955 https://ilearn.mq.edu.au/mod/turnitintooltwo/view.php?id=6693545 https://www.immuniweb.com/blog/top-ten-application-security-databreaches-2018.html https://www.webberinsurance.com.au/data-breaches-list https://www.f5.com/labs/articles/threat-intelligence/application-protection-report-2019-episode-5-api-breaches-and-the-visibility-problem https://nvd.nist.gov/vuln/search javascript:void(0) 11/10/21, 3:40 pmSecurity Report Page 2 of 2https://ilearn.mq.edu.au/mod/turnitintooltwo/view.php?id=6693545 © Copyright Macquarie University | Confidentiality & Privacy Statement Pass – Two exploits mentioned with a reasonable explanation of what they were Credit – Exploits well described and insight into how they happened, clearly expressed Distinction – Integrated discussion, provides insight beyond the two exploits chosen, very informative review Implications – Discusses the implications of these attacks for a project Unsatisfactory – No discussion Pass – Basic links made between exploits and own project Credit – Discussion indicates a clear understanding of how the exploit could impact the project Distinction – Highly professional discussion that would be informative to a real-world development team Resources - the report is based on sources and they are referenced properly Unsatisfactory – Few or no references provided Pass – References provided but unclear what came from where Credit – Clear referencing, good choice of resources Distinction – Interesting and novel sources, links drawn between them, advanced insight Quality - Could this report be published? Unsatisfactory – Poor work, very hard to rescue Pass – Content of report is good but would need a lot of work before showing it to an audience Credit - Good quality report, needs some editing/revision before being publishable Distinction – High quality, publishable, informative report Due Date: 12:59 PM Oct 24th, 2021 (i.e., the end of Week 11) Submission Title Turnitin Paper ID Submitted Similarity Grade -- -- -- -- -- -- Submit Paper " -- -- # Refresh Submissions General iLearn or IT question? help.mq iLearn info Library Handbook Unit Guides Learning and Teaching Policies Security Confidentiality & Privacy Statement Students iLearn Quick Guides for students General question? ask.mq IT Information (printing, iLab, technologies) Student life - help and advice Email eStudent Student Policy Gateway Accessibility Service Portal Staff iLearn Quick Guides for staff L&T Workshops and services iTeach (iLearn & unit guides setup) Echo360 Lecture Recordings Info TEDS (evaluation surveys) https://ishare.mq.edu.au/prod/file/dbc1a9c8-7bcd-4a60-a4a1-f46ab50af7b2/1/iLearn%20Confidentiality%20and%20Privacy%20Collection%20Statement.pdf https://ilearn.mq.edu.au/user/profile.php?id=288189 https://ilearn.mq.edu.au/login/logout.php?sesskey=rmvIgl7ixY https://ilearn.mq.edu.au/mod/turnitintooltwo/view.php?id=6693545&part=60477&user=288189&do=submitpaper&view_context=box_solid http://help.mq.edu.au/ http://help.ilearn.mq.edu.au/ http://www.mq.edu.au/on_campus/library/ https://coursehandbook.mq.edu.au/ http://unitguides.mq.edu.au/ https://staff.mq.edu.au/work/strategy-planning-and-governance/university-policies-and-procedures/policy-central http://www.mq.edu.au/security https://ishare.mq.edu.au/prod/file/dbc1a9c8-7bcd-4a60-a4a1-f46ab50af7b2/1/iLearn%20Confidentiality%20and%20Privacy%20Collection%20Statement.pdf https://students.mq.edu.au/support/study/tools-and-resources/ilearn/ilearn-quick-guides-for-students http://ask.mq.edu.au/ http://students.mq.edu.au/it_services/ http://students.mq.edu.au/support/ https://mail.google.com/ https://student1.mq.edu.au/ https://students.mq.edu.au/support/study/student-policy-gateway https://mq-access.symplicity.com/students/index.php?s=note_taker&mode=list https://staff.mq.edu.au/teach/learning-technologies-and-spaces/teaching-technologies-and-tools/ilearn/ilearn-quick-guides-for-staff https://staff.mq.edu.au/teach/learning-technologies-and-spaces/teaching-technologies-and-tools/ilearn/ilearn-training-and-workshops https://iteach.mq.edu.au/ https://staff.mq.edu.au/teach/learning-technologies-and-spaces/teaching-technologies-and-tools/ilearn/lecture-recordings https://staff.mq.edu.au/teach/design-for-learning/teaching-evaluation