Threat Modelling for Active Directory

This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

A comparison of the performance and scalability of relational and document-based web-systems for large scale applications in a rehabilitation context

Background: The Virtual Rehabilitation Environment (VRE) provides patients of long term neurological conditions with a platform to review their previous physiotherapy sessions, as well as see their goals and any treatments or exercises that their clinician has set for them to practice before their next session. Objective: The initial application implemented 21 of the 27 core features using the Microsoft ASP.NET MVC stack. However, the two core, non-functional requirements were negated from the project due to lack of experience and strict time constraints. This project aimed to investigate whether the application would be more suited to a non-relational solution. Method: The application was re-written using the MEAN stack (MongoDB, ExpressJS, AngularJS, NodeJS), an open source, fully JavaScript stack and then performance tests were carried out to compare the two applications. A scalability review was also conducted to assess the benefits and drawbacks of each technology in this aspect. Results: The investigation proved that the non-relational solution was much more efficient and performed faster. However, the choice of database was only a small part of the increase in efficiency and it was an all-round better design that gave the new application its performance upper hand. Conclusion: A proposal for a new application design is given that follows the microservice architecture used by companies such as Amazon and Netflix. The application is to be split up into four parts; database, client application, server application and content delivery network. These four, independently scalable and manageable services offer the greatest flexibility for future development at the low costs necessary for a start-up.Comment: Unpublished MSc thesi

Online Student Advisory System

The advancement oftechnology provides massive benefit to human beings. With the aid oftechnology, many things that were lately thought impossible are now made possible such as internet. This project related to the internet application, is called Online Student Advisory System, Currently in most university is using traditional or manual student advisory process and procedure which hold responsible to be tedious and time consuming. Alternatively there is rising trend in implementing online student advisory system that potentially better. The goal of this project is to come out withmore efficient and effective student advisory system. Along the way, few objectives and scope ofstudy have been set up which are to provide SMS alert system, enable user to track the activities performed, allow messaging and submitting report online. The project should minimize thus saving energy and time directed by all personnel involves in this advisory system in order to be more effective. The development ofthis project will follow Rapid Application Development (RAD) methodology which consists of four phases; Requirements and Planning, User Design, Construction and Cutover phase. Implementation and accomplishment of this project can positively be stepping-stone toward development of actual Online Student Advisory System in most university. Importance finding of this project is level of response and acceptance of usertoward the development of online student advisory system

Laboratory information management system study & development of LIMS web platform application for CTCV - Coimbra

The World Wide Web not only changes the process but also improves the user experience. Also, it dramatically changes how the computer software is built. This profound evolution of software development has caused developers in the software industry to change their way of developing software. In this project, the Laboratory Information Management System (LIMS) for Staff and Users of small business have been designed and developed using Throwaway Prototyping methodology with the web architecture. Different types of development platforms are available in the market to develop this application, but as per the company requirements, this application was developed with the .net framework. This web application allows us to access application data on different devices like a tablet, a desktop, a smartphone from the remote location all over the world. The main feature of this application offers to monitor the application activity like which activity was performed by the user with the corresponding date, time and short description. Therefore, this software uses an industry standard relational database management system (RDBMS) combined with a platform-independent web browser interface for data entry and the retrieval. (The 3-tier technology) The laboratory workflow steps facilitate the management and tracking of all test and test results, which ensures that the right information is available at the right time to a right person. This system will produce an efficient process in the laboratory which leads to faster work, fewer errors, and smoother workflow for an organization. Keywords IndustryN/

Design of risk assessment methodology for IT/OT systems : Employment of online security catalogues in the risk assessment process

The revolution brought about with the transition from Industry 1.0 to 4.0 has expanded the cyber threats from Information Technology (IT) to Operational Technology (OT) systems. However, unlike IT systems, identifying the relevant threats in OT is more complex as penetration testing applications highly restrict OT availability. The complexity is enhanced by the significant amount of information available in online security catalogues, like Common Weakness Enumeration, Common Vulnerabilities and Exposures and Common Attack Pattern Enumeration and Classification, and the incomplete organisation of their relationships. These issues hinder the identification of relevant threats during risk assessment of OT systems. In this thesis, a methodology is proposed to reduce the aforementioned complexities and improve relationships among online security catalogues to identify the cybersecurity risk of IT/OT systems. The weaknesses, vulnerabilities and attack patterns stored in the online catalogues are extracted and categorised by mapping their potential mitigations to their security requirements, which are introduced on security standards that the system should comply with, like the ISA/IEC 62443. The system's assets are connected to the potential threats through the security requirements, which, combined with the relationships established among the catalogues, offer the basis for graphical representation of the results by employing tree-shaped graphical models. The methodology is tested on the components of an Information and Communication Technology system, whose results verify the simplification of the threat identification process but highlight the need for an in-depth understanding of the system. Hence, the methodology offers a significant basis on which further work can be applied to standardise the risk assessment process of IT/OT systems

Threat Modelling for Active Directory

Abstract: This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

SecMVC : a model for secure software design based on the model-view-controller pattern

Current advances in the software development industry are growing more ubiquitous by the day. This has caused for security, not only in the broader sense, but specifically within the design and overall development of software itself, to become all the more important. An evidently prevalent problem in the domain of software development is that software security is not consistently addressed during design, which undermines core security concerns, and leads to the development of insecure software. This research seeks to address this issue via a model for secure software design, which is based on a software design pattern, namely, the Model-View-Controller (MVC) pattern. The use of a pattern to convey knowledge is not a new notion. However, the ability of software design patterns to convey secure software design is an idea worth investigating. Following identification of secure software design principles and concepts, as well as software design patterns, specifically those relating to the MVC pattern, a model was designed and developed. With the MVC pattern argued as being a suitable foundation for the model, the security conscious MVC (SecMVC) combines secure software design principles and concepts into the MVC pattern. Together herewith, the MVC pattern’s components in the MVC Compound pattern, namely: the Observer pattern, the Strategy pattern, and the Composite pattern, have provided further sub-models for less abstraction and greater detail. These sub-models were developed, as a result of the SecMVC model’s evaluation in the validation for this study, an expert review. Argued in the light of similar research methods, the expert review was chosen – along with a process that included the use of two expert participants to validate the SecMVC model. It was determined through the expert review that the SecMVC model is of sufficient utility, quality, and efficacy to constitute research value. The research methodology process followed was design science, in which the SecMVC model, which includes its related sub-models, serves as the artefact and research output of this study. This research study contributes evidence of the feasibility for integrating knowledge into software design patterns. This includes the SecMVC model itself. In addition, it argues for the use of an expert review, as an evaluative research method for such an artifact