CS461 – Website Security Research Project
Scott Lindsay
Reflections on the journey of the Website Security Research Project so far
The idea for approaching this project was inspired by the growing cybersecurity threats facing web applications, especially in sensitive areas like banking, where data protection is essential. Our goal is to design a mock banking application that will allow us to test different vulnerabilities in a controlled environment. This setup will let us explore both insecure and secure versions of the app, highlighting how various cyber threats, like SQL injection or brute-force attacks, play out in real time.
One of the main aims of the project is to create a safe learning environment where we can test different attack methods without putting any real systems or data at risk. To do this, we’re designing the project to run within a virtual environment, which will isolate it from public exposure. This setup allows us to safely study common vulnerabilities without opening up a live system to any actual security risks.
Even in this planning and design phase, we’ve faced some interesting challenges. Balancing “vulnerable” and “secure” versions, for example, has required us to think carefully about how to make each setup realistic enough to test while still being secure. We’re frequently revisiting our design plans, rethinking how the app’s functions will interact, and considering how to make the project both practical and educational. Though we haven’t built the app yet, designing and testing the project has already given us valuable insights into the nuances of web security and set us on a solid path toward creating an effective, controlled environment for cybersecurity learning.
Feedback on the Course
This course has been helpful in our project’s progress, particularly the resources related to data security and risk assessment that are linked on our project page. The theoretical foundation provided by these documents has given us a solid understanding of security issues, such as protecting against Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS), which we will be testing soon. Feedback from instructors has encouraged us to explore solutions and techniques we may have missed otherwise, especially regarding vulnerability management and secure coding best practices. The course material has also provided a good framework for approaching this project and has helped keep us organized and on track.
Career and/or Job Hunt
I’m building confidence in my skills now and am excited to take these lessons with me to my job and throughout my software engineering career. I am very grateful to already have a software engineering job lined up for this summer once I graduate. This project has given me hands-on experience with security vulnerabilities and has deepened my understanding of how to proactively identify and mitigate risks in web applications. Working through real-world challenges has shown me the value of a strong foundation in cybersecurity, and I’m more prepared to handle similar issues in a professional setting. I’m also excited to apply this knowledge to new technologies and frameworks, knowing that security should always be a priority in any software I develop. This experience has reinforced my commitment to building secure and reliable software during my software engineering career.
New Technologies and Tools in Use
In building this application, we selected MySQL for database management, Vue.js for the front end, and Flask for the server-side functions. For our testing environment, we are planning to rely on VirtualBox to maintain isolation, which is crucial given the security risks associated with intentionally insecure applications. Each technology plays a role in creating a realistic, full-stack application that effectively demonstrates cybersecurity threats and solutions. This setup also allows us to isolate our testing from external networks, providing a secure platform to observe vulnerabilities without exposing real data to risk.
Life Hacks: Handling Project Challenges and Managing Workload
One approach we found effective was splitting the tasks by interest level and skill level to evenly distribute them within the larger goal. This modular approach helped prevent overwhelming the team and kept our progress steady. We also set clear deadlines and designated specific roles for testing and implementing features, which helped manage our workload more evenly. Taking regular breaks after challenging debugging sessions has also helped me in the past to stay fresh and avoid burnout. I would recommend this approach to other groups since this combination of organization and balance has been critical in maintaining productivity and achieving our project goals.
Conclusion
This journey into web application security has been both challenging and rewarding. Through planning our project, preparing to tackle various cyber threats, and designing solutions, we’ve learned firsthand the complexities of securing sensitive information online. This project has strengthened our skills, reinforced our interest in cybersecurity, and highlighted the importance of thorough testing and proactive measures in web development. As we move forward, we’re excited to start building and learning more about website security.
