Defining standards for the User Management and Registration web-based mini project are very paramount from security and usability point of views. Hence, the most critical security issue defined by the Open Web Application Security Projects (OWASD) shall be adhered to in order to avert eminent security risks by unauthorized intruders. Also to be able incorporate usability standards defined by W3C in order to make the applicable easily usable by the generality of students and staff including those with special needs. All these standards would be ensured throughout all the project developmental stages, integrations and hosting as well.
The User Management and Registration application like any other Web-based applications could be susceptible to online attacks that are commonly advanced through unsecured or weak security path way as illustrated in the figure below. Based on this awareness, adequate measures shall be employed from the scratch to avoid any form of vulnerabilities in the system to be built.
Get your grade
or your money back
using our Essay Writing Service!
There are numerous web security standards issues that has been raised by OWASP. But this project shall ensure the implementation of the standards that are very relevant in combating the most incessant and critical risks identified. OWASP (2010). Such as:-
Instead of dynamic queries, bind-variables must be used in all SQL call statements and stored procedures in order to combat SQL injection attacks when the application goes live.
The system must confirm to OWASPâ€™s Application Security Verification Standards by ensuring a single authentication and session management control in order to avoid password and encryption key been compromised.
The system must adopt indirect object referencing per user or per session as a security standard. By so doing, direct references to web resources by an unauthorized person(s) could be curtailed.
The system must contain unique token per request and per session and making such tokens embedded in hidden field. With that in place, Cross-Site Request Forgery that is often malicious in nature could be avoided.
Must adopt reliable architecture standard to ensure proper separation between various components, as well as ensuring their required security thereof in order to close any possible security misconfiguration loopholes.
In order to avoid Insecure Cryptographic Storage, the system must deploy strong encryptions keys and standard algorithms to hash passwords and sensitive data backups.
The system must adopt a configuration based on authentication and authorization policies to remedy possible failures in any attempts to restrict URL access, in order to ensure that private page requests are declined.
The system must ensure that SSL is required for all sensitive pages, secure flag on all sensitive cookies and valid certificate that matches all domains used by the site, in order to foil attack arising from insufficient protection in the Transport Layer.
. The system must validate all redirects and forwards URL requests with destination mapping values to avoid the site falling prey to phishing targets.
Structural language standard:
Presentation and formatting tools for fonts, colours, page layouts, size, etc. must be incorporated as a standard on all pages in order to enable happy usage by both able and disable users alike. CSS3 (Cascaded Style Sheet) standards, which are fully supported by the HTML5 standards shall be employed Refsnes Data (2012).
Server Scripting Language:
Always on Time
Marked to Standard
All the server scripting codes shall be done with PhP version 5 as a minimum required standard in order to leverage the object oriented, XML and MySQL functionalities that are inherent in that version. Hence, every individual modular coding must be in conformity the PhP5 flavour in order to enable the production of a dynamics and enhanced functionalities website in the overall Ausweb (2011).
The standard offered by the robust relational database management system: MySQL shall be employed for the development of the scheme structures of all the entities. Advantageously, MySQL is highly compatible with SQL (Structured Query Language) which will be used to provide the CRUD functionality into the system.