FOR THE THREAT MODEL SECTION OF THE PAPER I NEED A GRAPHIC OF A THREAT MODEL CREATED USING MICROSOFT THREAT MODELING TOOL. PLEASE DO NOT IGNORE THIS VERY IMPORTANT STEP.
CHOSEN TOPIC IS CROSS-SITE SCRIPTING AKA XSS
I WILL HANDLE THE COVER PAGE, I JUST NEED YOU TOO HANDLE TO PAPER AND THE WORKS CITED.
Secure Web Application Architecture Design – Final Project
Learning Objectives
Research a secure web application architecture accounting
for application and operating system
vulnerabilities based on the Common Vulnerability Scoring
System (CVSS). The base operating system
will be RedHat Linux, Apache, MySQL, and PHP. Known as the
LAMP stack this development stack will
provide the opportunity to model a real-world secure
architecture.
Note: Include vulnerabilities specific to your topic when
possible. In some cases, the
topic will not have specific web server or operating system
vulnerabilities associated
with it. In those cases, an unrelated vulnerability is
acceptable.
Overall Assignment Requirements
You will be assigned one of the OWASP top ten web
application vulnerabilities as the topic of your final
project.
CHOSEN TOPIC – CROSS-SITE SCRIPTING
Once assigned a topic you research the vulnerability and
provide an overview of the vulnerability
including a threat model on threats associated with your
topic, and finally an applicable ASVS controls
that help secure a web application from your specific
vulnerability. On a more abstract level, design a
secure and resilient application architecture to protect
transactions as they pass through an enterprise
environment. Think of it in eliminating any single points of
failure. For example, a single firewall or
database server would cause a transaction to fail if one of
those components were unavailable.
Report Sections
Include the following sections in your Report:
Introduction
This section will include specific information about your
topic and why it is dangerous.
Vulnerability
This section will focus on the LAMP stack and 2
vulnerabilities from each component of WAMP.
Threat Model
Secure Architecture Design – Final Project
Version 4
This section will contain a threat model showing STRIDE
threats specific to your project topic.
Proposed Resilient Architecture
This section will show a secure and resilient architecture
designed by you to ensure the web
application is available and secure to the users.
Compensating Controls
This section includes ASVS controls applicable to the topic
you were assigned.
Conclusion
Closing thoughts and summary.
Final Project Paper Requirement
Introduce the paper and what it will cover. Research and
provide any vulnerabilities currently available
for the software stack on the web server. Provide a threat
model diagram and associated logic to
support the model. Define a multi-tier, enterprise security
architecture based on a resilient components
that eliminate any single points of failure. Provide
compensating controls that cover a least four ASVS
items relevant to the OWASP vulnerability selected.
Requirements:
• Provide a detailed background on the topic assigned.
• Maximum of two vulnerabilities per system component: OS,
Web Server, Database, and
Language for a total of eight items.
o Example: Linux vulnerability x2 = 2, Apache vulnerability
x 2 = 2, MySQL vulnerability x2
= 2, and PHP vulnerability x2 = 2 for a total of 8 items.
• Complete threat model including at least five STRIDE
threats that can affect the overall system.
• Proposed secure and resilient architecture including
multitier application, security devices,
database, and multiple security zones. You must include
Threat Model and proposed
Enterprise Architecture DIAGRAM in your paper. These are NOT
the same diagram.
• Minimum of four ASVS 4.0 controls to be implemented to
secure the system(s) against the
vulnerabilities discovered.
Secure Architecture Design – Final Project
Version 4
Possible Points
200 Points possible for the assignment (20% of final grade)
• 150 points possible for the paper (final paper submission)
• 50 points possible for the presentation (final
presentation submission)
Required Resources
Any websites, references, or tools discussed in class or
retrieved from research.
Do not copy and paste directly from websites, synthesize the
information in your own words. Any
information found to be directly copied from any public
source without proper citation and reference
will be considered plagiarism.
Submission Requirements
Format: Microsoft Word
Font: Times New Roman, Size 12, Double-Spaced
Citation Style: APA (https://library.cscc.edu/apa)
Length: 4-5 pages not including the title or reference pages
Filename: FLast_FinalAssignment.docx (Example: John Smith |
JSmith_FinalAssignment.docx)
Posted inUncategorized