Coventry University Module Name: Security Module Code: 6005CEM Assignment Title: Coursework 1

Get help with
Phd, Masters Thesis & Mcs Final Project
MBA Final Project
Cs619,Fin619,Mgt619,Bnk619,Hrm619,Mkt619
WhatsApp: 0092-3125718857
Skype: trust_aware
Email: projecthelp77@gmail.com
Click here to Join Our Facebook Page
Click here to Join Our YouTube Channel!

Assignment Information

Module Name: Security

Module Code: 6005CEM

Assignment Title: Coursework 1

Assignment Due: 18:00 UK Time

Assignment Credit: 10

Word Count (or equivalent): 1500 Words

Assignment Type:

Percentage Grade (Applied Core Assessment). You will be provided with an overall grade between 0% and 100%. You have one opportunity to pass the assignment at or above 40%.

Assignment Task

For this assignment you are expected to produce a report, giving details of a security audit of a web application.   The audit will be a crystal box test, and you will be supplied with the source code, and the means to run the site.

The application will have several vulnerabilities, from the topics covered during the module, this may not just include technical flaws, such as SQLi, but also legal and ethical factors.

 

IMPORTANT NOTE:   You will not be penalized if you do not find all of the issues.  Audit can be difficult, and it seems wrong to penalize you for missing a subtle bug.  Marks are given for the justification of audit methods, finding common problems, and the discussion of issues found.

 

The report should contain the following sections.

 

Part 1:  Audit methods

This section of the report should introduce the audit methods chosen, and provide justification for their choice.  Why is this method appropriate for the task?  What are the strengths and weaknesses of each of the methods chosen?

 

You are free to use any audit method you feel is appropriate, this can include (but is not limited to):

  • Manual Code Review
  • Automated source code scanning
  • Automated application scanning

 

Part 2: Audit Results

This section of the report should present the results of the security audit.   You are expected to give an overview of the issues found in the code, along with an analysis of its severity, and suggestions for mitigation.

A suggested format for each issue is:

  • Brief description of the problem, and the method used to identify it.
  • Analysis of the issue, including discussion of its possible impact and severity.
  • Suggestions for mitigation.  How could the developers address the problem?

 

The report should be suitable for a technical audience, you are expected to include a introduction, conclusions and make use of the literature to support your arguments.  References should be in the APA format

 

Submission Instructions:

Submit the coursework by the due date using the link on Aula.

 

Your assignment should be submitted as a single document (i.e. Word, PDF or Markdown).

If you make use of additional materials (such as Github, or supporting videos) you should include a clear link to the supporting material in your report.

Important: In the case of Github repositories, they should be set to private,  with the relevant teaching staff added as collaborators.   Having a publicly available repository could lead to an academic misconduct case being raised against you, as people have been known to steal work from other students repos.

 

 

Marking and Feedback

How will my assignment be marked?

Your assignment will be marked by the module team

How will I receive my grades and feedback?

Provisional marks will be released once internally moderated

Feedback will be provided by the module team alongside grades release

You can access your feedback on turnitin.

 

What will I be marked against?

Details of the marking criteria for this task can be found at the bottom of this assignment brief.

 

Assessed Module Learning Outcomes

The Learning Outcomes for this module align to the marking criteria which can be found at the end of this brief. Ensure you understand the marking criteria to ensure successful achievement of the assessment task. The following module learning outcomes are assessed in this task:

 

1) Critically evaluate a range of encryption and authentication methods for a given set of requirements.

4) Critically evaluate the security of an IT ecosystem.

 

 

Assignment Support and Academic Integrity

If you have any questions about this assignment please see the Student Guidance on Coursework for more information.

Spelling, Punctuation, and Grammar:

You are expected to use effective, accurate, and appropriate language within this assessment task.

Academic Integrity:

The work you submit must be your own, or in the case of groupwork, that of your group. All sources of information need to be acknowledged and attributed; therefore, you must provide references for all sources of information and acknowledge any tools used in the production of your work, including Artificial Intelligence (AI). We use detection software and make routine checks for evidence of academic misconduct.

Definitions of academic misconduct, including plagiarism, self-plagiarism, and collusion can be found on the Student Portal. All cases of suspected academic misconduct are referred for investigation, the outcomes of which can have profound consequences to your studies. For more information on academic integrity please visit the Academic and Research Integrity section of the Student Portal.

Support for Students with Disabilities or Additional Needs:

If you have a disability, long-term health condition, specific learning difference, mental health diagnosis or symptoms and have discussed your support needs with health and wellbeing you may be able to access support that will help with your studies.

If you feel you may benefit from additional support, but have not disclosed a disability to the University, or have disclosed but are yet to discuss your support needs it is important to let us know so we can provide the right support for your circumstances. Visit the Student Portal to find out more.

Unable to Submit on Time?

The University wants you to do your best. However, we know that sometimes events happen which mean that you cannot submit your assessment by the deadline or sit a scheduled exam. If you think this might be the case, guidance on understanding what counts as an extenuating circumstance, and how to apply is available on the Student Portal.

 

Administration of Assessment

Module Leader Name: Dr. David Croft

Module Leader Email: ac0745@coventry.ac.uk

Assignment Category: Written

Attempt Type: Standard

Component Code: Cw1

 

Assessment Marking Criteria

 

  Audit Methods

 

Aligns to MLO4

 

Weighting: 40%

 Audit Results

 

Aligns to MLO1 and 4

 

Weighting : 50%

 Report Structure.

 

Doesn’t align to MLO’s but its important.

 

Weighting: 10%

  
80 to 100% As 70+ with exceptional analysis, and justification of audit methods chosen As 70+ with exceptional analysis and discussion of issues found. As 70+  with exceptional presentation and analysis, good use of references to support arguments.  
70 to 79% Multiple audit methods chosen covering both static and dynamic analysis.

 

Clear justification for the methods chosen,  taking into account the type of audit,  code base used etc.  Choice of methods is supported by the literature.

 

Good analysis of the strengths and weaknesses of the methods chosen,  discussion and analysis of how different methods can complement each other, and help provide a more comprehensive test.

 

Clear subsection, summarising decisions made.

 Multiple issues found and discussed  using appropriate audit methods.

 

Clear description of each issue,  presenting and analysing the code / design flaws that lead to it.

 

Clear discussion of the risk associated with the issue. Discussion of the wider security context, supported by the literature.  Appropriate risk rating system used

 

Appropriate suggestions for mitigation given,  including suggested fixes for problems.

 

Clear summary section, highlighting all issues found, and associated risks

 

 Clear report structure, headings match the marking criteria.

Introduction / Conclusions provide context to the report, giving relevant background to topic, and providing a clear summary of results.

Good use of references to support arguments made.

  
60 to 69% Multiple audit methods chosen covering both static and dynamic analysis.

 

There is some justification for the methods chosen,  but it may not take into account the literature / specifics of the audit to be performed.

 

Good analysis of the strengths and weaknesses of the different methods presented.

 

Clear sub section, summarising decisions made.

 

 Multiple issues found and discussed, using appropriate audit methods.

 

Clear description of each issue,  presenting the code / design flaws that lead to it.

 

Clear discussion of the risk associated with the issue.  Appropriate risk rating system used

 

Appropriate suggestions for mitigation given.  Suggestions are given in the context of the system

 

Clear summary section, highlighting all issues found, and associated risks

 Clear report structure and presentation.

Appropriate introduction and conclusions, summarising reports contents,  wider context of the report discussed.

Good analysis of reports contents, with use of references to support arguments.

  
50 to 59% One or more audit methods presented.   There is a brief description of the method, and some limited justification for the choice / discussion of strengths and weaknesses.

 

Limited summary section,

 Multiple issues found, although audit methods used may be limited,  or obvious issues missed.

 

Good discussion of each issue, overview of the problem is given.

 

Risk associated with issue is discussed, although this is general with limited context for the site under consideration.

 

Appropriate suggestions for mitigation given,  although these are general, and have limited context for the site under consideration.

 

Limited / no summary section.

 Clear report structure and presentation.

Appropriate introduction and conclusions, summarising reports contents.

Limited use of references to support arguments.

  
40 to 49% One or more audit methods presented.

 

Limited discussion and justification of the audit methods.

 

Limited or no discussion of the strengths and weaknesses of the methods chosen.

 

 

Reason for choosing methods is not clear.

 

 

 Limited number of issues found,  issues are limited to only technical problems with the code.

 

AND / OR

 

Limited or no discussion of the risk associated with the problem. Appropriate risk rating system not used.

 

AND / OR

 

Suggestions for mitigation are generic, and have no context for the site being evaluated.

 More than one of:

Poor report structure and presentation

Introduction / conclusions limited to re-iterating coursework brief with no context added.

Limited use of references to support arguments made

  
Fail

30, 35%

 Limited attempt at this section.

 

One audit method presented, with no justification for the choice.

 Limited attempt at this section

 

Limited number of issues found, no discussion of context for issue, risk analysis or suggestions for mitigation.

 Poor report structure and presentation,

Introduction and conclusions limited to re-iterating the coursework brief

Limited use of references to support arguments

  
Fail
0 to 29%		 Limited or No attempt at this section Limited or no attempt at this section Poor report structure and presentation,  literature not used to support arguments made.  

 

Leave a Reply

Your email address will not be published. Required fields are marked *

× WhatsApp Us