Codenation Security Vulnerable Website
Codenation Security Vulnerable Website
REQUIREMENTS
Issues
● Too much time was spent on setting up a website on the Raspberry Pis.
● Most students aren’t skilled enough to understand the requirements for hosting a website.
● Using their websites would mean they don’t have a dynamic website that has access to a
real database
● Connecting to a database can be tricky, especially for a beginner who doesn’t know how
PHP or MySQL works.
● Unclear user interface and structure of their websites means that they may have difficulty
in navigating as a team
PROJECT PLANNING
Present the below-mentioned features and benefits to Paul (Course Leader) and the rest of the
Cyber team to discuss the requirements and solutions to the issues mentioned above. I will also
provide them with a live example. I will be putting together course content and material to explain
the features of a highly vulnerable insecure website in Google Slides for the students to
understand what the vulnerabilities are and how they work. Below is a plan of how I wish to
implement this.
1. Set up a full stack website with Linux Apache MySql PHP.
2. Learn PHP and MySQL
3. Setup development website with a simple form in the local environment
4. Setup an e-commerce site that doesn’t take real payment but is still vulnerable to cyber
attacks
5. Deploy it on a Raspberry Pi and test it
6. Keep a copy of all files and SQL database files on the Github repository
Features of Website
● An admin section
● Create, read, update and delete products
● Cart system
● Checkout system
● Customer registration, login and order history system
● Search, pagination, and categorise product
DESIGN
Website wireframe
DEVELOPMENT
MySQL
Admin table for the admin backend
Order Items
Products
This will allow me to manage the data I need to create for an ecommerce website. With mysql as
a database I will be able to support students to achieve their learning objectives.
List the products through a table if there is a successful session set through the admin login.
Search products
These are includes which are like components that can be used in multiple places such as a
header, footer, and search bar.
Add to cart
Cart
● I used Bootstrap for setting up the user interface for things like responsiveness, layout of
the content, and components for a more productive development.
● Used font awesome CDN so that I can add icons to provide a more visual indication of
direction or explain.
● Used animation CDN for a more exciting or engaging website experience.
For more of my code then please visit the following github repository
https://github.com/cn-azmol-miah/level_two
TESTING
I will then test its functionality and benefits by inviting students to make use of php’s error logging
functions.
● l tested the site for vulnerabilities by making a simple form to begin rather than a full
website.
● I used automated testing for vulnerabilities using software like SQL map to carry out
injection attacks to see if the website is setup correctly
● Manual SQL injections carried out as well other attacks like script tags
Issues
● Didn’t know where to start after learning the fundamentals of MySQL and PHP. To solve
this I started to watch tutorials on youtube as well as using Tryhackme and started to mix
the learning and understanding from both to realise what was going on. I then understood
with SQL injections it was a matter of inputting a query but making sure I understood what
syntax was required.
● Various issues with php logic which was unable to fetch data from the backend and then
trying a different approach helped
● Uploading to the Raspberry Pi was a bit tricky just needed to do more individual directory
or file copying instead of being able to copy with built functions that copy everything
CONCLUSION
Website will require changes as we go along but has brought about benefits in terms of being
able to satisfy the needs of the students as well as being able to provide a platform for other
possible courses. This has already helped create part of the level three course.
REFERENCES
1. MySQL - https://www.mysql.com/
2. PHP - https://www.php.net/
3. Bootstrap - https://getbootstrap.com/
4. Font Awesome - https://fontawesome.com/
5. Animate CSS - https://animate.style/
6. Tryhackme SQL Injection - https://tryhackme.com/room/sqlinjectionlm
7. Basics of SQL Injection - https://www.youtube.com/watch?v=2nXOxLpeu80&t=3494s
8. SQL Map - https://sqlmap.org/