Scribd
Upload
28 views20 pages

Codenation Security Vulnerable Website

This project aims to create a premade vulnerable penetration testing website for level two Cyber Security students to facilitate their learning. It addresses issues such as time-consuming setup, lack of skills among students, and unclear website navigation by providing a full stack web application with e-commerce functionality. The website will be deployed on a Raspberry Pi and includes features like an admin section, product management, and customer registration, while also serving as a practical tool for learning about cybersecurity vulnerabilities.

Uploaded by

lohardeepak9098
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views20 pages

Codenation Security Vulnerable Website

This project aims to create a premade vulnerable penetration testing website for level two Cyber Security students to facilitate their learning. It addresses issues such as time-consuming setup, lack of skills among students, and unclear website navigation by providing a full stack web application with e-commerce functionality. The website will be deployed on a Raspberry Pi and includes features like an admin section, product management, and customer registration, while also serving as a practical tool for learning about cybersecurity vulnerabilities.

Uploaded by

lohardeepak9098
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Vulnerable Penetration

Testing Website for Level Two


OVERVIEW
This project is intended to help teachers and students save time by having a premade website to
carry out their learning objectives for the level two unit four Cyber Security course. Below is a list
of the Issues I wish to address.

REQUIREMENTS

Issues
● Too much time was spent on setting up a website on the Raspberry Pis.
● Most students aren’t skilled enough to understand the requirements for hosting a website.
● Using their websites would mean they don’t have a dynamic website that has access to a
real database
● Connecting to a database can be tricky, especially for a beginner who doesn’t know how
PHP or MySQL works.
● Unclear user interface and structure of their websites means that they may have difficulty
in navigating as a team

PROJECT PLANNING
Present the below-mentioned features and benefits to Paul (Course Leader) and the rest of the
Cyber team to discuss the requirements and solutions to the issues mentioned above. I will also
provide them with a live example. I will be putting together course content and material to explain
the features of a highly vulnerable insecure website in Google Slides for the students to
understand what the vulnerabilities are and how they work. Below is a plan of how I wish to
implement this.
1. Set up a full stack website with Linux Apache MySql PHP.
2. Learn PHP and MySQL
3. Setup development website with a simple form in the local environment
4. Setup an e-commerce site that doesn’t take real payment but is still vulnerable to cyber
attacks
5. Deploy it on a Raspberry Pi and test it
6. Keep a copy of all files and SQL database files on the Github repository

Features of Website
● An admin section
● Create, read, update and delete products
● Cart system
● Checkout system
● Customer registration, login and order history system
● Search, pagination, and categorise product

Benefits of a premade website


● Having a premade website that is already deployed will save time by nearly a whole day
for students to complete their tasks
● Having a full stack web application that has ecommerce functionality provides a more real
environment for learning cybersecurity penetration
● Bring more focus on learning cybersecurity penetration testing and securing

DESIGN

Website wireframe
DEVELOPMENT

MySQL
Admin table for the admin backend

Categories table for category filtering

Customer details table for registration and logging in

Customer data when placing order


Orders placed by customer

Order Items

Products
This will allow me to manage the data I need to create for an ecommerce website. With mysql as
a database I will be able to support students to achieve their learning objectives.

PHP and Javascript


Create the products

Delete the products


Edit the product

List the products through a table if there is a successful session set through the admin login.
Search products

Paginate between the products


Login to admin

Logout from the admin side

Pagination and category SQL querying


Set base or home url as global variable to make it easier when establishing url in other places
such as anchor tags and when deploying changing this would change it everywhere else.

Connecting to the database

These are includes which are like components that can be used in multiple places such as a
header, footer, and search bar.
Add to cart
Cart

Delete from cart


.Checkout to place orders

Login form for customers


Logout for customer account

Customer account or dashboard


Single product page
All products page
Customer registration form
Some of the libraries used in this project are...

● I used Bootstrap for setting up the user interface for things like responsiveness, layout of
the content, and components for a more productive development.
● Used font awesome CDN so that I can add icons to provide a more visual indication of
direction or explain.
● Used animation CDN for a more exciting or engaging website experience.

For more of my code then please visit the following github repository

https://github.com/cn-azmol-miah/level_two

TESTING
I will then test its functionality and benefits by inviting students to make use of php’s error logging
functions.

Manual tests and logs

● l tested the site for vulnerabilities by making a simple form to begin rather than a full
website.
● I used automated testing for vulnerabilities using software like SQL map to carry out
injection attacks to see if the website is setup correctly
● Manual SQL injections carried out as well other attacks like script tags

Issues
● Didn’t know where to start after learning the fundamentals of MySQL and PHP. To solve
this I started to watch tutorials on youtube as well as using Tryhackme and started to mix
the learning and understanding from both to realise what was going on. I then understood
with SQL injections it was a matter of inputting a query but making sure I understood what
syntax was required.
● Various issues with php logic which was unable to fetch data from the backend and then
trying a different approach helped
● Uploading to the Raspberry Pi was a bit tricky just needed to do more individual directory
or file copying instead of being able to copy with built functions that copy everything

INSTALLATION AND ACCEPTANCE


● Website has been deployed on LAMP server on Raspberry PI
● Has been demonstrated in three various meetings that required changes
● Shared with all of the develop team for analysis, bugs and suggestions

CONCLUSION
Website will require changes as we go along but has brought about benefits in terms of being
able to satisfy the needs of the students as well as being able to provide a platform for other
possible courses. This has already helped create part of the level three course.
REFERENCES
1. MySQL - https://www.mysql.com/
2. PHP - https://www.php.net/
3. Bootstrap - https://getbootstrap.com/
4. Font Awesome - https://fontawesome.com/
5. Animate CSS - https://animate.style/
6. Tryhackme SQL Injection - https://tryhackme.com/room/sqlinjectionlm
7. Basics of SQL Injection - https://www.youtube.com/watch?v=2nXOxLpeu80&t=3494s
8. SQL Map - https://sqlmap.org/

You might also like