Web开发代写|Introduction to Computer Security – G6077


Lovejoy’s Antique Evaluation Web Application

In this coursework, you will develop a secure web application for a local antique dealer named
Lovejoy. Lovejoy wants a minimum viable product allowing customers to register and then request
evaluations of potential antique objects. Lovejoy has many rivals in the antique business who may
sometimes resort to underhand tactics and so is very concerned about the security of the

Your secure web application will need to have these features for the minimum viable product (MVP)
release: user registration and login, a password policy, “request evaluation” page and then an
extension of the “request evaluation” page file upload to allow upload of photos. Finally, Lovejoy
needs a request listing page.

You should build Lovejoy’s MVP focusing on the following features in each task. As well as the code,
you should submit a report described in the appendix below, where you will provide a self reflection
on the security provided for each feature. Mark allocation for each task are as described below and
in the security analysis grid. You should reflect upon your work and provide estimates of how much
you’ve achieved by filling out the grid, which if completed will be allocated 5 marks. There are thus
35 marks for completing the application reasonably, 60 marks for the security features identified and
implemented, and 5 marks for self-reflection.

You have a choice of technologies from which to build the application:

• PHP, hosted on the university’s web server.
• Java and JSP, using Tomcat on AWS servers, using the free tier

No other approach is allowed

Task 1 – Develop a secure web form that allows customers to
register in the application. They must register an email address,
password, name and contact telephone number. The users’
details should be stored in a database.

Task 2 – Develop a secure login feature.

Task 3 – Extend the password management feature to provide
password strength recommendations and password recovery.

Task 4 – Implement a “Request Evaluation” web page only
accessible to logged in users. This web page should have a
comment box to type in the details of the object and their
request, and a dropdown box for preferred method of contact
between phone or email.

Task 5 – Extend the “Request Evaluation” page to allow for file
upload of a photo of the object

Task 6 – Implement a page that displays a list of evaluation
requests. This page should only be visible to an administrator