You are progressing well as a junior web developer for a leading communications firm called BizTech Ltd. An opportunity has arisen for you to work for a small client company known as London Tours.

Web Application Security

Learning outcomes assessed within this piece of work as agreed at the programme level meeting

On successful completion of this module students will be able to Develop dynamic web pages for practical business purposes using server-side technologies. Critically evaluate and compare web server-side technologies and their deployment. Identify and test common security threats associated with PHP. Demonstrate implementation of usability and accessibility standards in designing of dynamic website. Design and test web database systems with clear justification of the design route taken.

Assignment Tasks

 

There is one assignment for this module which comprises of two components: Part A is the design and development of a database driven website for London Tours (worth 60% of the total marks of the assignment), and Part B is an evaluation report of 1000 words, consisting of a reflective commentary on task one (worth 40% of the total marks of the assignment). Both components are one piece of work and will assess all the module learning outcomes. 

Part A

You are progressing well as a junior web developer for a leading communications firm called BizTech Ltd. An opportunity has arisen for you to work for a small client company known as London Tours. The client is UK-based brick and mortar shop and sells tickets for famous London landmark attractions, sightseeing guided tour tickets, as well as gifts and souvenirs. To be competitive and remain at the cutting edge, London Tours intends to launch their business online. The aim of this new website is to offer their customers convenience, more control and speedy checkout services. Although the aim is to improve customer service, it is clear that it will also help the company save costs and remain ahead under tough market competition.

The client (London Tours) will use the website to project their presence and the services they offer. The client will also use the website as a contact tool with their customers. The website should be simple to use and must consider the customer experience when designing and developing this website. During the first phase of website design and development, you will design a front-end website using suitable design tools and technologies such as Adobe brackets or sublime text-2 and HTML, CSS, JavaScript on client side and PHP, MySQL on the server side. Merchant payment integration will be done during the second phase and will not be in the scope of the current work.

Deliverables

The new website should be secured, data driven and include following functionalities:

Customer Functionality:

• New user account registration

(customer name, phone #, email address, home address info (street, city and postcode), and password)

• User login
• Tour search (by place name and date)
• Add/update tours bookings from the database

Administrator Functionality:

• Admin login
• View customers’ booking requests
• Insert/update/delete bookings

 

Web Security functions:

• Form validation and sanitising data using PHP functions
• Prevent SQL injection using Prepared Statements
• Cross site scripting (XSS) or cross-site request forgery (CSRF) using PHP filters

Part B: Reflection and Evaluation Report

Your second task is to write a self-reflective commentary about your journey to website design, development, testing and deployment techniques.

Having created your website project, you should write a self-reflective commentary (1000 words) critically reflecting on your project. Your commentary should critically explore the work you have done to produce your project.