Skip to content

PI Project - This work focused on the development of a system, consisting of an enumeration system, an analysis system and a dashboard that allows to assess the current vulnerability risk of a host. Security issues will be detected and pointed out to be resolved using current state-of-the-art tools.

Notifications You must be signed in to change notification settings

secureUAll/secureUAll

Repository files navigation

secureUAll

With cyber attacks increasing over the time, organizations with a high level exposure to the outside world are starting to put a greater effort in making their systems more secure.

The University of Aveiro domain, ua.pt, has more than 1500 public domains. If not tracked, each one of these can be a potential security breach. It is therefore important to frequently search for vulnerabilities as well as encouraging the owners of the hosts to develop more secure software while raising awareness for this problem.

In the field of web applications, security includes all tasks that introduce a secure software development life cycle, and its final goal is to improve security practices and, through that, to find, fix and preferably prevent security issues within applications. It encompasses the whole application life cycle from requirements analysis, design, implementation, verification as well as maintenance.

Web application security is a branch of information security that deals specifically with security of websites, web applications and web services. At a high level, web application security draws on the principles of application security but applies them specifically to internet and web systems, and guided by the Open Web Application Security Project (OWASP) Foundation, free and open resources are developed and provided to improve the security of software.

This work focuses exactly on the development of a system, consisting of an enumeration system, an analysis system and a dashboard that allows to assess the current vulnerability risk of a host. Security issues will be detected and pointed out to be resolved using current state-of-the-art tools, with the work being focused on building the platform itself and implementing the functional logic to perform periodicals scraping.

Vulnerabilities can be classified according to different criteria. The most commonly used vulnerability severity metric is the Common Vulnerability Scoring System (CVSS), a standard maintained by the Forum of Incident Response and Security Teams (FIRST). Following the criteria of the OWASP Foundation, when reporting security test data, the best practice is to include the following information:

  • a categorization of each vulnerability by type;
  • the security threat that each issue is exposed to;
  • the root cause of each security issue, such as the bug or flaw;
  • each testing technique used to find the issues;
  • the remediation, or countermeasure, for each vulnerability; and
  • the severity rating of each vulnerability (e.g., high, medium, low, or CVSS score).

By describing what the security threat is, it will be possible to understand if and why the mitigation control is ineffective in mitigating the threat, and reporting the root cause of the issue can help pinpoint what needs to be fixed.

Course

This project was developed under the Project in Informatics course of University of Aveiro.

Project Report

This project's report can be accessed here.

Grade

This project's grade was 17 out of 20.

Team Members

About

PI Project - This work focused on the development of a system, consisting of an enumeration system, an analysis system and a dashboard that allows to assess the current vulnerability risk of a host. Security issues will be detected and pointed out to be resolved using current state-of-the-art tools.

Resources

Stars

Watchers

Forks