In this assessment, you are required to Implement security for applications by creating a simple e-Commerce and Learning Management System using the following platforms: There is a case study to guide you and provide you with context in which to attempt the tasks. Read the case study before commencing the assessment tasks.

Assessment Task 2 – Performance and Skills

Preamble

This assessment is divided into seven (7) tasks with additional conclusion/additional notes as well as any attachments/supporting documents:

Task 1: Setup and Initial Configuration

Task 2: Hardware and Networking Security Implementation

Task 3: Programming Algorithms & Object-Oriented Security

Task 4: Policy-based Code-Access Security

Task 5: Security Access Control

Task 6: Cryptographic Data Protection

Task 7: Protection Against Injections

Conclusion/Additional notes

Attachments/supporting documents

In this assessment, you are required to Implement security for applications by creating a simple e-Commerce and Learning Management System using the following platforms:

There is a case study to guide you and provide you with context in which to attempt the tasks. Read the case study before commencing the assessment tasks.

Note 1: The assessment tasks need to be completed using the template provided.

Note 2: Certain tasks will require you to provide screenshots and/or step-by-step documentation.

Case study: GlobalEdTech Corp

GlobalEdTech Corp is a multinational company specialising in educational technology. They recently acquired a smaller business that sells educational materials and tools online. Now, GlobalEdTech wants to integrate an e-commerce platform for their products and simultaneously establish a Learning Management System (LMS) for their training modules.

Two platforms have been selected for these purposes: Shopify for e-commerce and Schoology for the LMS. However, the rise in cyber threats has raised concerns about the security of these applications, especially given the sensitive nature of data in an LMS and the financial details stored in e-commerce platforms.

Your role is to ensure the security of these platforms, making sure both student data and financial transactions remain protected.

In implementing security for the above two applications, you should be able to observe the following criteria:

Every platform should be good for 30 users, 2 office managers and 1 IT manager

You should be able to use:

Implement policy-based code-access security by:

Implement security access control by:

Write encrypt and decrypt code data by:

Protect application against injections by:

industry standard hardware and networking relating to implementing security for applications

industry standard programming algorithms and object-oriented programming used to implement applications security

mathematics required for programming algorithms

identifying purpose of application security in software development

configuring required platform security configuration files using security configuration tools

defining required restriction custom code access permission and restrict access to protected resources

defining required access restriction custom code access and run protected operations

planning and documenting authentication and authorisation strategy according to organisational policies and procedures

developing and document required application authentication and authorisation strategy

determining and documenting required standard cryptographic algorithms

encrypting, and decrypting, data using standard cryptographic algorithms

planning and documenting secure input and output handling and prevent vulnerabilities related to code injections

using secure input and output handling according to task requirements.

Task 1: Setup and Initial Configuration

Shopify & Schoology Setup:

Set up user accounts: 30 standard users, 2 office managers, and 1 IT manager. Document the different access levels and permissions for each category.

Task 2: Hardware and Networking Security Implementation

Deploy industry-standard hardware firewalls and configure them to protect both platforms, ensuring they prevent any unwanted inbound and outbound traffic.

Set up a Virtual Private Network (VPN) for administrators (office managers & IT manager) to securely access the management interfaces of both platforms from anywhere.

Task 3: Programming Algorithms and Object-Oriented Security

For custom integration or plugins, use best practices in object-oriented programming (OOP) to ensure a secure code base.

Apply relevant mathematical algorithms to validate data and enhance security, especially when custom integrations or extensions are involved.

Task 4: Policy-based Code-Access Security

Identifying Purpose: Define and document the role of application security in the software development or integration processes for both platforms.

Configuration: Modify platform security configuration files using appropriate tools. This might include ensuring that secure cookies are used or configuring Content Security Policy (CSP) headers.

Restrictions: Define custom code access permissions. For example, ensure plugins or third-party integrations in Shopify only have access to necessary resources.

Task 5: Security Access Control

Authentication and Authorisation Strategy: Develop a comprehensive strategy for user authentication and authorization. This includes ensuring the use of strong passwords, 2FA, and defining what resources each user role can access.

Document the above strategy, aligning it with organisational policies. This documentation should detail what authentication methods are used (e.g., password, biometric, token) and the authorisation levels for each user category.

Task 6: Cryptographic Data Protection

Algorithm Documentation: Choose and document standard cryptographic algorithms suitable for data protection in both platforms.

Implementation: Encrypt sensitive data, like user passwords or confidential course materials. Ensure that data in transit (e.g., during a financial transaction) and at rest (e.g., stored student data) are encrypted.

Task 7: Protection Against Injections

Plan and Documentation: Identify areas in both platforms vulnerable to injections, especially if custom code or integrations are used. Plan secure input/output handling methods.

Implementation: Implement the above plans, ensuring that data inputs (e.g., in forms or discussion boards) are sanitised to prevent code injections. Regularly test the platforms to ensure they’re resilient against injection attacks.

Conclusion & Additional Notes

Prepare a detailed report of what actions were taken, why they were deemed necessary, and any potential future concerns, addressing the following:

Overall Implementation Overview:

Challenges Faced:

Lessons Learned:

Recommendations for Future Improvements:

Overall Implementation Overview:

Challenges Faced:

Lessons Learned:

Recommendations for Future Improvements:

Attachments & Supporting Documents

Attach any screenshots, code snippets, configurations, or other relevant documentation supporting the work.

GlobalEdTech Corp Security Implementation Template

Student Name:

Date:

Platform(s): Shopify & Schoology

1. Setup and Initial Configuration

A. User Account Setup

Standard Users (30)

Account Names/IDs:

Assigned Access Levels/Permissions:

Office Managers (2)

Account Names/IDs:

Assigned Access Levels/Permissions:

IT Manager (1)

Account Name/ID:

Assigned Access Levels/Permissions:

2. Hardware and Networking Security Implementation

A. Hardware Firewall

Firewall Model/Brand:

Configuration Details:

Reasoning:

B. Virtual Private Network (VPN)

VPN Service/Model:

Configuration Details:

Users with VPN Access:

3. Programming Algorithms & Object-Oriented Security

A. Object-Oriented Programming

Custom Integration/Plugins:

Best Practices Applied:

Security Concerns Addressed:

B. Mathematical Algorithms

Algorithms Used:

Application/Purpose in Security:

4. Policy-based Code-Access Security

A. Identifying Purpose

Role of Application Security:

Rationale:

B. Configuration

Modified Configuration Files:

Tools Used:

Rationale:

C. Restrictions

Custom Code Access Permissions:

Resources Accessed:

Restrictions Applied:

5. Security Access Control

A. Authentication and Authorisation Strategy

Methods of Authentication:

User Role Definitions:

Authorisation Levels:

B. Documentation

Strategy Overview:

Alignment with Organizational Policies:

Any Additional Procedures/Protocols:

6. Cryptographic Data Protection

A. Algorithm Documentation

Chosen Cryptographic Algorithms:

Rationale:

B. Implementation

Encrypted Data Types:

Methods/Tools Used for Encryption:

Verification of Data Security:

7. Protection Against Injections

A. Plan and Documentation

Vulnerable Areas Identified:

Secure Input/Output Handling Methods:

Rationale:

B. Implementation

Input/Output Handling Procedures:

Testing & Validation:

Conclusion & Additional Notes

Attachments & Supporting Documents

Attach any screenshots, code snippets, configurations, or other relevant documentation supporting the work.

Congratulations on completing your Assessment Task 2. Please remember to submit:

¨ This completed workbook with embedded template

Requirements: Assembly Language

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.