Scribd
Upload
32 views5 pages

SSD-Lab 2-D1-Details 2023

Uploaded by

prince.mohammed.jabir
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views5 pages

SSD-Lab 2-D1-Details 2023

Uploaded by

prince.mohammed.jabir
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

SIT Internal

Important Announcement
1. VMs are ready for all groups
○ Each group has 1 VM: IP address and SSH key are available in the discussion forum of the group

○ Login: student<keyID> with the ssh key

○ Hostname for PUTTY: student<keyID>@ip-address

○ SSH with CLI: Need to convert ppk to private key .pem using puttygen (follow instruction on LMS)

2. Groups need to create your own GitHub repository


○ Add us as member of the repo:

■ Raymond.Chan@singaporetech.edu.sg,

■ truonghuu.tram@singaporetech.edu.sg,

■ AF_KeeWoon.Tan@singaporetech.edu.sg
SIT Internal

Deliverable 1 details
1. Overview of application and description of stakeholders

○ Clear description of application

○ Identify all relevant stakeholders and intended users of the application

○ Application shows impact, creativity and usefulness

2. Functional/non-functional requirements

○ Identify at least 3 relevant functional and 3 non-functional requirements in addition to login and CRUD (1
Create, 1 Read, 1 Update and 1 Delete)

3. Security requirements

○ Based on functional/non-functional requirements, identify security requirements and describe their


relevance
SIT Internal

Deliverable 1 details
4. Abuse/misuse case diagrams

○ Correctly captures all relevant use case/misuse case in diagrams that comply with proper UML
notation. We expect one use case may have one corresponding abuse/misuse case.

5. Potential risk of application

○ Identify, describe and rank the criticality of potential risk. (e.g., data leakage)

6. Threat modelling

○ Based on your team’s user cases, misuse cases and risks identified in

○ Apply Microsoft Threat Modeling tool / OWASP Threat Dragon

○ One level 0 Data flow diagram

7. Attack surface analysis

○ List out the problem attack surfaces of the application


SIT Internal

Deliverable 1 details
8. Security architecture

○ System architecture (Physical & Logical)

○ Your team is allowed to use more VMs (provided by yourselves) if you prefer. However, web app front
must still be from our provided VMs on Digital Ocean. Please also make sure to configure your VM
correctly so that your VM service provider won’t charge you extra money.

9. Security design

○ Design the application based on your team’s security requirements identified

○ Address the threats identified in your threat modelling and attack surface analysis

○ Database Schema (if any)

Page limit: 30 pages. (exclude cover page and appendix)

Deadline: Week 6, Wednesday 04 Oct 9:00 am


SIT Internal

Lab 2

1. Try the SecurityRAT

2. Define the security requirements for your application

3. Define and draw the use case / misuse case for their application

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy