Discussion:
As you progress through the course, you will need a good understanding of the files in this folder. There is guidance below on the database used for the login/registration application and a list of files included. Pay attention to what files should and should not be modified. Each modifiable file has notes for code that should not be edited.
It is recommended that you view these files using Notepad++ (https://notepad-plus-plus.org/) or similar editor.
Database Structure:
email (Primary Key) - varchar(50) // Email address
fname - varchar(30) // First name
lname - varchar(30) // Last name
pw - varchar(20) // Password
id - varchar(50) // Session ID (Unix time value for valid session)
Files:
// DO NOT EDIT:
index.html // Redirect page to index.php
index.php // Sets up application page
include/view.html // Result if login is successful and navigation link is clicked - This is a test page
include/header.html // This sets the visual display of the page - Review content for testing and validation rules
include/desc.html // This is the default page when no navigation is active
// MODIFY AS NEEDED
include/main.js // This is the main JavaScript for the application - you will add validation rules here
include/main.php // This is the main script of the application - you will add validation and modifications here
You will continue to work on the code you modified in W2 Assignment 2. You will reexamine the vulnerabilities of the application and modify the code for input validation. You will also recommend cryptography and where it should be included in the application to protect sensitive information. Write a report in a 2- to 3-page Microsoft Word document addressing the following:
• Within the application code, implement the input validation formatting that you suggested. Identify the functions you implemented in JavaScript and PHP and explain how these functions have made your application more secure against attacks.
• Review the code and information that the application records and uses. Identify information that should be protected with cryptography. Why should this information be protected? Is there a cryptography solution within PHP that will address this need? If not, what type of cryptosystem should be used to protect the information and how should it be implemented within the application? Explain the difficulty of implementing cryptography and why the cryptosystem must be chosen carefully for any application.
Note: You may implement this if you wish, but only the description of the solution is necessary for this assignment.
• Using the modified code for this week, revisit your list 4r 3 of potential exploits and access points for the software. Identify any new vulnerability you have discovered in the system and evaluate whether the modifications you have made addressed these issues or whether they are still present. List at least five potential exploits of the system and an analysis of each.
• Review the list of defense measures that should be implemented. Identify any new defense measure that you feel should be included in the list. Evaluate whether the steps you have taken to modify the application have implemented these measures successfully. List at least five defense measures needed and an analysis of each.