Secure Development: Websites
This scenario will require the students to understand how web forms are attacked, what their vulnerabilities are and how people / bots exploit them. This should give the student a good understanding of what they need to test for on their proposed platform. As well as investigating the obvious XSS and SQL Injection this should go much deeper and look at coding best practices, data storage issues and hacker mentality (why they hack, how they hack and how they think).
On successful completion of the scenario, students will be able to:
- Identify and explain the top 10 security threats and vulnerabilities to web sites and how they can be exploited.
- Explain approaches to mitigating the threats.
- Evaluate technical and non-technical approaches/ models to develop secure web software.
- Justify an approach for integrating security audit into the development of Web Applications and the associated security tasks.
- Explain good practice in securing software and have an awareness of relevant standards and codes of practice.
This page provides the resources for students to be able to complete the scenario as members of a small team facilitated by a tutor. The resources consist of an introductory video together with documents detailing the PBL problem statement, tasks and links to other materials that learners are expected to use to complete the tasks.
A facilitator guide and CSKE Guide to PBL provide additional information for tutors. The materials are modular, and the source is available so that they can be customized to other contexts, for example as part of an online course.