SalahudinProject

Web Application Security Project Sem 2 2019/2020

Team Members

• Anas Thahiri bin Mohamad Anuwar 1620249
• Muhamad Danial Mutalib bin Mohd Shah 1611965
• Amir Nadzim bin Kaharudin 1622103
• Hafidzul Ezani bin Zulkefli 1624327

Project Title

Smart Tutor, Learning Made Easy

Introduction

This Web Application was develop as a cloud-based tutorial platform focusing on the knowledge of Information and Communication Technology. This platform for online learning allow the user can access to several learning materials mainly videos provided by the tutors. The project targeted to become the one stop center for user to learn. It has two type of package currently which are package for Adult (Intermediate to Advance) and package for Kids (Beginner to Intermediate).

Vulnerabilities in the System

During the early process of the system, there are several vulnerabilities to the security of the system. The vulnerabilities are:

• No Input Validation. User can either fill the details or not.
• No Authentication. The system can be hacked by anyone.
• No Authorization. The user can access the whole system without limitation

Web Application Security Enhancement

Security features implemented within the project include:

• Authentication - Authenticate whether user is registered within the database.
• Authorization - Determines whether or not user can manipulate the database.
• Input Validation - Done using regex, this ensures that only certain characters and strings are entered within the text input.

References

• User Management Project (CRUD Operations) using Servlet +JSP +JDBC +MySQL+Tomcat (Step by Step)