Skip to content
/ Secure-Web-Programming Public

PawTalk is website developed with secure coding and hardening practices.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

raeganfaith/Secure-Web-Programming

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits

.vscode

.vscode

 
 

InfoSec

InfoSec

 
 

README.md

README.md

 
 

Repository files navigation

🔒SECURE WEB PROGRAMMING

Threat Modelling Secure Coding Practices Server Hardening Techniqu

Threat Modelling

Identifying Security Objective

Business Case Description
Company and Industry PawTalk Inc. - Education
Solution Requirements The web application must be developed using secure coding practices.
Compliance Requirements Create, read, update, and delete (CRUD) functionality must be implemented in the web application, and both the user and admin pages need to acknowledge policy and security.
Quality of Service Requirements Availability: The service of the web application must only be accessible to Nationalian admin and users.

Reliability: The service of the web application must be responsive to mobile and desktop devices without errors.

Reliability: The service of the web application must be responsive to mobile and desktop devices without errors.
Assets Files: HTML, CSS, and JavaScript

Database: PHP

Other assets: Images, logo, and contents
Security Objective To develop a safe web application for users to post comments without being vulnerable to threats.

Secure Coding Practices

Input Validation, Authentication and Password Management

☑️ Require password combination (Sign Up)
☑️ Require email validation (Sign Up)
☑️ Require value input (Sign Up)
☑️ Confirm password match authentication (Sign Up)
☑️ No email repetition (Sign Up)
☑️ No username repetition (Sign Up)
☑️ Validate user input (Sin In)
☑️ Validate if user exists.
☑️ Validate if user or admin (Sign In)
☑️ Password authentication (Sign In)
☑️ Username and email validation (Sign In)

Session Management and Access Control

☑️ Admin and User Session
☑️ Users can post content during their session
☑️ Reflection of current user in the session
☑️ Admin and User Access
☑️ Only logged in users are eligible to post content

Data Protection, Error Handling, and Logging Overview Snippet

☑️ Hashed user and admin password in the database
☑️ Sign-Up forms data error handling
☑️ Login and access attempts
☑️ Login error handling

Server Hardening Technique

System Vulnerability Checklist

Alert Name Recommended Web Security Hardening Technique
Cross-Site Scripting Disable Trace HTTP Request
Enable/Disable Mod Security
Modules X-XSS Protection
Parameter Tampering Restrict IP Access
Server Leaks Information via “X-Powered by” HTTP Responsive Header Set Set Cookie with HttpOnly and Secure Flag
Content Security Policy (CSP) Header Not Set Disable ETag
Missing Anti-clickjacking Header, X-Content-TypeOptions Header Missing Avoid Clickjacking Attack

About

PawTalk is website developed with secure coding and hardening practices.

Topics

php crud secure-coding

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages