Harshal NIS
Harshal NIS
MICROPROJECT REPORT ON
1
NETWORK AND INFORMATION SECURITY (NIS - 22620)
This is
certified that
Mr./Ms.
Roll No.
Of Sixth semester of Diploma in Computer Engineering of institute
HSBPVT’S PARIKRAMA POLYTECHNIC, KASHTI (Code:1169)
has completed the micro-project satisfactorily in course NETWORK
AND INFORMATION SECURITY (NIS - 22620) the academic
year 2024-2025 as prescribed in the curriculum.
Place:-
Date:-
2
NETWORK AND INFORMATION SECURITY (NIS - 22620)
INDEX
3
NETWORK AND INFORMATION SECURITY (NIS - 22620)
INTRODUCTION
Web applications are a key part of modern technology, enabling online shopping,
banking, communication, and more. However, their online nature also makes
them vulnerable to cyber-attacks. Web application security involves practices and
tools used to secure websites and web applications from cyber threats and
exploitation.
4
NETWORK AND INFORMATION SECURITY (NIS - 22620)
Why is it important?
✅ Final Goal
To make sure the web app is secure, reliable, and resistant to attacks.
5
NETWORK AND INFORMATION SECURITY (NIS - 22620)
PROJECT OBJECTIVE
To test a web application for common security vulnerabilities using both manual and
automated tools, and to analyze the findings for strengthening application
security.
The main objective of this project is to identify and fix security vulnerabilities in a
web application to ensure that it is safe from cyber-attacks. This includes testing
the application for common threats like SQL Injection, XSS, CSRF, broken
authentication, and more, in order to protect user data, maintain privacy, and
improve the overall security of the application.
Scope:
Limitations:
6
NETWORK AND INFORMATION SECURITY (NIS - 22620)
THEORETICAL BACKGROUND
2. Cryptographic Failures
3. Injection
4. Insecure Design
5. Security Misconfiguration
7
NETWORK AND INFORMATION SECURITY (NIS - 22620)
Web applications are widely used for services like online banking, shopping, social
media, and more. As they handle sensitive user data, security becomes a major
concern.
When a web application is not properly secured, it can be vulnerable to attacks such
as:
SQL Injection (SQLi) – Attackers can access or delete data from the database by injecting
malicious code.
Cross-Site Scripting (XSS) – Attackers insert harmful scripts into webpages viewed by
other users.
Cross-Site Request Forgery (CSRF) – Tricks users into performing actions they didn’t
intend.
Broken Authentication – Weak login systems allow unauthorized access.
To prevent these threats, Web Application Security Testing is performed. It involves
checking:
Various tools like OWASP ZAP, Burp Suite, and Nmap help testers find and fix
vulnerabilities. Security testing follows guidelines like the OWASP Top 10, which
lists the most common and critical web security issues
8
NETWORK AND INFORMATION SECURITY (NIS - 22620)
PROJECT METHODOLOGY
DVWA was selected because it is intentionally vulnerable and safe to use for testing
without legal or ethical issues.
2. Threat Modeling
List possible threats that could affect the application (like SQL Injection, XSS, CSRF).
Focus on areas where sensitive data is handled (login pages, forms, database).
3. Vulnerability Scanning
Use tools like OWASP ZAP or Burp Suite to scan the app for known security issues.
Identify weak spots in the code, inputs, or configurations.
4. Manual Testing
Try to exploit vulnerabilities like a hacker would (penetration testing).
Test login systems, form validations, and session handling.
9
NETWORK AND INFORMATION SECURITY (NIS - 22620)
10
NETWORK AND INFORMATION SECURITY (NIS - 22620)
SCREENSHOT
RISK ANALYSIS
c. Server info exposure is low risk but aids attackers during recon.
11
NETWORK AND INFORMATION SECURITY (NIS - 22620)
Imp
Likeli
Descripti a
Risk ho Solution
on c
od
t
Malicious
querie Validate
s to inputs,
access use
SQL Injection Hig
or High prepare
(SQLi) h
modify d
databa stateme
se nts.
data.
Inserting
harmf Encode
Cross-Site ul Medi output,
Hig
Scripting scripts u sanitize
h
(XSS) into m user
webpa input.
ges.
Tricking
users
Use CSRF
into Me
Cross-Site tokens
makin d Medi
Request and
g i u
Forgery secure
unwan u m
(CSRF) sessions
ted m
.
reques
ts.
Broken Weak Hig High Use strong
Authentic login h passwor
ation system ds,
s session
allowi manage
ng ment.
unaut
horize
d
12
NETWORK AND INFORMATION SECURITY (NIS - 22620)
Imp
Likeli
Descripti a
Risk ho Solution
on c
od
t
access.
Personal
or Ver Encrypt
financi y data,
Sensitive al data Medi
H use
Data leaks u
i HTTPS,
Exposure due to m
g secure
poor
h storage.
encryp
tion.
Incorrect
server Me Regular
Security or d Medi updates
Misconfig softwa i u , secure
urations re u m configur
setting m ations.
s.
13
NETWORK AND INFORMATION SECURITY (NIS - 22620)
CONCLUSION
Web application security testing plays a crucial role in identifying and mitigating
vulnerabilities that could be exploited by malicious users. In today’s digital era,
where most organizations rely heavily on web-based systems, ensuring the
security of web applications is paramount to maintaining data integrity,
confidentiality, and availability. Through this project, we explored various aspects
of security testing, including vulnerability assessment, penetration testing, and
the use of automated tools like OWASP ZAP, Burp Suite, and Nikto. These tools
help simulate real-world attacks and allow testers to uncover issues such as SQL
injection, cross-site scripting (XSS), cross-site request forgery (CSRF), security
misconfigurations, and broken authentication.
14
NETWORK AND INFORMATION SECURITY (NIS - 22620)
REFERENCES
15