6005-CEM Security - Coursework 2: E-Commerce Website Development
Module: 6005-CEM Security Assignment Brief
Module Learning Outcomes Assessed
1. Critically evaluate a range of encryption and authentication methods for a given set of requirements.
2. Utilise systematic knowledge to create secure environments at the host or network level.
3. Develop and evaluate software that addresses the most common and most severe security concerns.
Task and Mark Distribution
In this coursework you are required to design and develop a simple web application. You will need to implement security features for the application.
The coursework has two components:
1. Design and develop the web application, based on the requirements below.
2. A Report on the security considerations in the website design. This should present your design, and discuss and justify any design
decisions made with regard to security.
"Template" Site.
There will be a template site with the basic functionality made available. You are free to use this as a starting point.
Website Requirements
You have been asked to develop a simple E-Commerce site. Customers can:
View
Purchase Review products.
The platform should support. User Accounts.
Allow users to create an account
Require Users to Login before purchasing or reviewing products Admin Account allowing:
All users to be viewed
New items to be created.
You are free to add other user levels as required.
Reviews:
Registered users can review products.
The Site owners would like the users to be able to have a range of formatting options, supporting HTML or similar markup.
Logging and Analytics
The owners would also like some form of logging and analytics to help understand page views by registered users. You should design and justify your design choices.
IMPORTANT: You are not expected to implement any analytics infrastructure. However, you should justify the data collected, and the collection method.
Report Requirements
The report should be written in a style suitable for a technical audience.
The report should provide details of the design of the system, and the security based decisions behind it. You should supply code examples for the security related elements of the design.
You are expected to justify your design choices by referring to the relevant literature
A suggested report structure is as follows:
Introduction
Scope of the report, design overview
Design:
An overview of the design for the site, and details of the security considerations.
Discussion of potential security issues for each element of the design.
Recommendations for dealing with potential security / data protection issues with the proposed designs requirements.
There is also an element in the marking scheme for Background Research. While I am not expecting a full literature review, you should support your design decisions using the relevant literature.
For Example. When discussing the Login Functionality you might want to discuss:
Session Management Strategies, and their impact on security Password Management and Storage
Details of any levels of user access implemented.
Implementation
Source code examples showing how you have addressed the problems identified in the design phase.
NOTE: You don't need to supply the full source code in the body of the report. Show just the relevant code for each element. Summary:
highlighting the issues resolved, and the key findings of the report.
Important Note:
You are marked on the functionality of the system, rather than its look and feel. The site should be usable via a web browser. Other than that the choice of infrastructure is up to you.
Submission Instructions Please submit:
Your final report in PDF Format by the submission date.
Marking.
Report (100%): Justification for the design choices, with implementation examples
Marking Scheme
Report: Component
Introduction / Conclusions Systems Design
Discussion of Implementation Background Research Report Structure
Notes:
- You are expected to use the Coventry University APA style for referencing For support and advice on this students can contact Centre for Academic Writing (CAW).
- Please notify your registry course support team and module leader for disability support.
- Any student requiring an extension or deferral should follow the university process as outlined here.
- The University cannot take responsibility for any coursework lost or corrupted on disks, laptops or personal computer. Students
should therefore regularly back-up any work and are advised to save it on the University system.
- If there are technical or performance issues that prevent students submitting coursework through the online coursework submission
system on the day of a coursework deadline, an appropriate extension to the coursework submission deadline will be agreed. This extension will normally be 24 hours or the next working day if the deadline falls on a Friday or over the weekend period. This will be communicated via your Module Leader.
- You are encouraged to check the origianlty of your work by using the draft Turnitin links on Aula
- Collusion between students (where sections of your work are similar to the work submitted by other students in this or previous
module cohorts) is taken extremely seriously and will be reported to the academic conduct panel. This applies to both courseworks
and exam answers.
- A marked difference between your writing style, knowledge and skill level demonstrated in class discussion, any test conditions and
that demonstrated in a coursework assignment may result in you having to undertake a Viva Voce in order to prove the coursework
assignment is entirely your own work.
- If you make use of the services of a proof reader in your work you must keep your original version and make it available as a
demonstration of your written efforts. Also, please read the univeristy Proof reading policy
- You must not submit work for assessment that you have already submitted (partially or in full), either for your current course or for
another qualification of this university, unless this is specifically provided for in your assignment brief or specific course or module information. Where earlier work by you is citable, ie. it has already been published/submitted, you must reference it clearly. Identical pieces of work submitted concurrently will also be considered to be self-plagiarism.
