0% found this document useful (0 votes)

18 views4 pages

Task For Cybersecurity Interns: Strengthening Security Measures For A Web Application

Uploaded by

ayeshaikram564

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

18 views4 pages

Task For Cybersecurity Interns: Strengthening Security Measures For A Web Application

Uploaded by

ayeshaikram564

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 4

Task for Cybersecurity Interns: Strengthening Security Measures for a Web

Application

Overview
You will analyze a simple User Management System for vulnerabilities and apply basic security
measures to strengthen it. The goal is to familiarize yourself with cybersecurity basics, using
tools and techniques to identify and fix common vulnerabilities.

Week 1: Security Assessment

1. Understand the Application

Set up the application:

Take any mock web base application from github for cyber security testing
npm install
npm start

● Explore the app at http://localhost:3000. Check the signup, login, and profile
pages.

2. Perform Basic Vulnerability Assessment

● Use simple tools to identify vulnerabilities:

○ OWASP ZAP: Automated scanner for web app vulnerabilities.
○ Browser Developer Tools: Inspect elements and simulate XSS attacks by
entering <script>alert('XSS');</script> in text fields.
○ Basic SQL Injection Test: Test login with admin' OR '1'='1 as the
username and password fields.

Focus Areas:

● Check for:
○ Cross-Site Scripting (XSS).
○ Weak password storage.
○ Simple security misconfigurations.

3. Document Findings

● Create a simple document listing:

○ Vulnerabilities found.
○ Areas of improvement.
Week 2: Implementing Security Measures

1. Fix Vulnerabilities

● Sanitize and Validate Inputs:

Use the validator library to validate user

inputs: npm install validator

Sanitize inputs in your route handlers:

const validator = require('validator');
if (!validator.isEmail(email)) {
return res.status(400).send('Invalid email');
}

Password Hashing: Use bcrypt to hash

passwords: npm install bcrypt
const bcrypt = require('bcrypt');
const hashedPassword = await bcrypt.hash(password, 10);

2. Enhance Authentication

Add basic token-based authentication using jsonwebtoken:

npm install jsonwebtoken
const jwt = require('jsonwebtoken');
const token = jwt.sign({ id: user._id }, 'your-secret-key');
res.send({ token });

3. Secure Data Transmission

Use Helmet.js to secure HTTP headers:

npm install helmet
const helmet = require('helmet');
app.use(helmet());
Week 3: Advanced Security and Final Reporting

1. Basic Penetration Testing

● Use tools like Nmap or browser-based testing to simulate common attacks.

2. Set Up Basic Logging

Use the winston library for logging:

npm install winston
const winston = require('winston');
const logger = winston.createLogger({
transports: [
new winston.transports.Console(),
new winston.transports.File({ filename: 'security.log' })
]
});
logger.info('Application started');

3. Create a Simple Checklist

● Include best practices:

○ Validate all inputs.
○ Use HTTPS for data transmission.
○ Hash and salt passwords.

4. Final Submission

● Recorded Video: Explain what you did (record your screen).

● GitHub Repository: Upload your code, configurations, and README.
● Report: Summarize the tasks, results, and fixes.
Submission Details

Deadline: 26th-June-2025

(You will have to submit all of these 3 tasks on your consoles collectively before deadline)

Submission Format:

● Video explanation.
● GitHub repository link.
● Report document.

Cybersecurity Internship Manual - Beginner Guide: Cyber Security Interns Manual
No ratings yet
Cybersecurity Internship Manual - Beginner Guide: Cyber Security Interns Manual
7 pages
Sn-Development Life Cycle: Month 1
No ratings yet
Sn-Development Life Cycle: Month 1
16 pages
Lecture 11 - Techniques To Improve Quality of Web Applications
No ratings yet
Lecture 11 - Techniques To Improve Quality of Web Applications
56 pages
Nodejs Security Handbook
No ratings yet
Nodejs Security Handbook
28 pages
Node - Js Security
No ratings yet
Node - Js Security
17 pages
Project 4 Secure Web Application Development
No ratings yet
Project 4 Secure Web Application Development
11 pages
Secure Code Review Guide 2023
No ratings yet
Secure Code Review Guide 2023
185 pages
Implementation and Analysis of Web Application Security Measures Using OWASP Guidelines
No ratings yet
Implementation and Analysis of Web Application Security Measures Using OWASP Guidelines
6 pages
Secure Coding Practices & Tools 2
No ratings yet
Secure Coding Practices & Tools 2
15 pages
Firestly Week12..... Explain Everything in Deatls W
No ratings yet
Firestly Week12..... Explain Everything in Deatls W
5 pages
Owasp Top 10
No ratings yet
Owasp Top 10
12 pages
M5 - Securing Node-Based Application
No ratings yet
M5 - Securing Node-Based Application
8 pages
Practical Part1
No ratings yet
Practical Part1
5 pages
Node.js Assignment: Secure App Development
No ratings yet
Node.js Assignment: Secure App Development
2 pages
Security Best Practices in Coding
No ratings yet
Security Best Practices in Coding
57 pages
Task - 2 WAPT - Report-1
No ratings yet
Task - 2 WAPT - Report-1
9 pages
Rakesh 2024EC0152 A4
No ratings yet
Rakesh 2024EC0152 A4
8 pages
MSD Assignment 2
No ratings yet
MSD Assignment 2
28 pages
Node Js Secure Coding Mitigate
No ratings yet
Node Js Secure Coding Mitigate
131 pages
Penetration Testing-Hritika Rawat Law
No ratings yet
Penetration Testing-Hritika Rawat Law
7 pages
Tal L. Essential Node - Js Security For Express Web Applications 2023
No ratings yet
Tal L. Essential Node - Js Security For Express Web Applications 2023
140 pages
Least Privilege: Do Not Expose Unnecessary Services
No ratings yet
Least Privilege: Do Not Expose Unnecessary Services
7 pages
Web Application Security
No ratings yet
Web Application Security
55 pages
Anis Arafa M 201803 MSC
No ratings yet
Anis Arafa M 201803 MSC
89 pages
Web - Application - Security
No ratings yet
Web - Application - Security
17 pages
Cybersecurity Cheatsheet
No ratings yet
Cybersecurity Cheatsheet
9 pages
OWASP Web Security Guide
No ratings yet
OWASP Web Security Guide
64 pages
Source Code Review
100% (1)
Source Code Review
37 pages
Top Business Logic Vulnerabilities in Web Apps
No ratings yet
Top Business Logic Vulnerabilities in Web Apps
51 pages
LEARNING OUTCOME 2 Secure Backend Application
No ratings yet
LEARNING OUTCOME 2 Secure Backend Application
9 pages
Application Security Best Practices Guide
No ratings yet
Application Security Best Practices Guide
5 pages
Scenario Based Questions - Security Engineering Lead
No ratings yet
Scenario Based Questions - Security Engineering Lead
3 pages
Web Application Penetration Testing - An Analysis of A Corporate Application According To OWASP Guidelines
No ratings yet
Web Application Penetration Testing - An Analysis of A Corporate Application According To OWASP Guidelines
146 pages
Tut08 NodeJS-3
No ratings yet
Tut08 NodeJS-3
4 pages
Additional Task 2
No ratings yet
Additional Task 2
9 pages
Cybersecurity Internship Insights
No ratings yet
Cybersecurity Internship Insights
40 pages
Week 11
No ratings yet
Week 11
11 pages
Node.js App Security Guide
No ratings yet
Node.js App Security Guide
3 pages
Security Skills For Software Engineers
No ratings yet
Security Skills For Software Engineers
3 pages
Building Secure Website
No ratings yet
Building Secure Website
8 pages
Document2 1
No ratings yet
Document2 1
27 pages
Unit-3 Awd
No ratings yet
Unit-3 Awd
11 pages
Mobile App Security Vulnerabilities Guide
No ratings yet
Mobile App Security Vulnerabilities Guide
21 pages
Authentication and Security
No ratings yet
Authentication and Security
2 pages
Cybersecurity Internship Task
No ratings yet
Cybersecurity Internship Task
5 pages
WebApplication Unit 3
No ratings yet
WebApplication Unit 3
37 pages
Sample Report
No ratings yet
Sample Report
6 pages
İnterview Questions - 08.06.2023
No ratings yet
İnterview Questions - 08.06.2023
27 pages
Experiment 3
No ratings yet
Experiment 3
5 pages
RedUsers Cybersecurity Internship Report Sample
No ratings yet
RedUsers Cybersecurity Internship Report Sample
3 pages
Owasp Report
No ratings yet
Owasp Report
10 pages
Unit3 Cyber
No ratings yet
Unit3 Cyber
22 pages
Node.js Authentication Strategies Guide
No ratings yet
Node.js Authentication Strategies Guide
8 pages
Top 10 Web Application Security Threats
No ratings yet
Top 10 Web Application Security Threats
9 pages
Devsecops/Sevdevops Checklist 2.0
No ratings yet
Devsecops/Sevdevops Checklist 2.0
1 page
3.5 Mobile Devices Security
No ratings yet
3.5 Mobile Devices Security
2 pages
Ethical Hacking Overview and Trends
No ratings yet
Ethical Hacking Overview and Trends
158 pages
IT Security
No ratings yet
IT Security
139 pages
Security Trusted Computing
No ratings yet
Security Trusted Computing
7 pages
Monitor and Administer System and Network
No ratings yet
Monitor and Administer System and Network
28 pages
Understanding Basic Ciphers and Cryptography
No ratings yet
Understanding Basic Ciphers and Cryptography
37 pages
Red Hat Openstack Platform 12: Security and Hardening Guide
No ratings yet
Red Hat Openstack Platform 12: Security and Hardening Guide
78 pages
Cryptography Assignment Guide
No ratings yet
Cryptography Assignment Guide
5 pages
Conventional Encryption
No ratings yet
Conventional Encryption
15 pages
Abdu Gusau Polytechnic Talata Mafara Zamfara State: Topic
No ratings yet
Abdu Gusau Polytechnic Talata Mafara Zamfara State: Topic
12 pages
Cybersecurity Basics for Beginners
No ratings yet
Cybersecurity Basics for Beginners
9 pages
Blockchain - A Game Changer For Audit Processes - Deloitte Malta - Audit & Assurance
No ratings yet
Blockchain - A Game Changer For Audit Processes - Deloitte Malta - Audit & Assurance
13 pages
Answer:: Table Using JDBC
No ratings yet
Answer:: Table Using JDBC
0 pages
Data Protection Standards
No ratings yet
Data Protection Standards
3 pages
Datasheet AD360 Panda Security
No ratings yet
Datasheet AD360 Panda Security
2 pages
Blue Futuristic Cyber Security Presentation
No ratings yet
Blue Futuristic Cyber Security Presentation
10 pages
Cyber Security All 5 Unit Notes
50% (2)
Cyber Security All 5 Unit Notes
165 pages
Owasp Top 10-2017 (En)
No ratings yet
Owasp Top 10-2017 (En)
25 pages
Chapter 3 - Cryptography
No ratings yet
Chapter 3 - Cryptography
58 pages
What Is 802.1X?: What Is EAP and What Does It Have To Do With 802.1X?
100% (2)
What Is 802.1X?: What Is EAP and What Does It Have To Do With 802.1X?
2 pages
Advanced Threat Analytics Log360
No ratings yet
Advanced Threat Analytics Log360
4 pages
Unit 1 CNS Notes
No ratings yet
Unit 1 CNS Notes
14 pages
Pi-hole Password Cracking Guide
No ratings yet
Pi-hole Password Cracking Guide
6 pages
Week 1
No ratings yet
Week 1
105 pages
Cyber Security: Threats and Solutions
No ratings yet
Cyber Security: Threats and Solutions
2 pages
Lab 3.1.14 Nguyen Duc Anh HE182570
No ratings yet
Lab 3.1.14 Nguyen Duc Anh HE182570
7 pages
Prince Oruma Resume Oct
No ratings yet
Prince Oruma Resume Oct
2 pages
Case Study
No ratings yet
Case Study
11 pages
Router Configuration Guide
No ratings yet
Router Configuration Guide
11 pages