ASC APU3F2405CS(CYB) TP068006

INDIVIDUAL ASSIGNMENT
TECHNOLOGY PARK MALAYSIA
CT123-3-3
ADVANCED SOFTWARE SECURITY

Sample

1
ASC APU3F2405CS(CYB) TP068006

Table of Contents
1.0 Abstract ............................................................................................................. 4
2.0 Introduction ....................................................................................................... 4
3.0 Secure software concepts ................................................................................... 4
3.1 Confidentiality ................................................................................................ 5
3.2 Integrity .......................................................................................................... 6
3.3 Availability ...................................................................................................... 6
4.0 Secure software requirements ............................................................................. 6
4.1 Functional Requirements ................................................................................ 7
4.1.1 Authentication .......................................................................................... 7
4.1.2 Data Protection......................................................................................... 8
4.2 Non-Functional Requirements ......................................................................... 9
4.2.1 Scalability ................................................................................................ 9
4.2.3 Maintainability ........................................................................................ 10
4.3 Secure Software Design Principles ................................................................. 11
4.3.1 Least privilege ........................................................................................ 11
4.3.2 Fail-safe ................................................................................................. 11
5.0 Research on system vulnerability and exploitation .............................................. 12
5.1 IDOR attack .................................................................................................. 12
5.2 SQL Injection ................................................................................................ 15
5.2.1 Scenario 1: login to specific user .............................................................. 17
5.2.2 Scenario 2: Login as the first registered user .............................................. 19
5.3 File Upload Vulnerability ................................................................................ 20
6.0 Secure coding implementation, the importance and explanation ......................... 28
6.1 Solution for IDOR attack ................................................................................ 28
6.1.1 Code implementation ............................................................................. 29
6.1.2 IDOR protection demonstration: .............................................................. 31
6.2 Solution for SQL injection .............................................................................. 32
6.2.1 Code implementation ............................................................................. 32
6.2.2 SQL injection protection demonstration: .................................................. 33
6.3 Solution for File Upload Vulnerability .............................................................. 34
6.3.1 Code implementation ............................................................................. 35

2
ASC APU3F2405CS(CYB) TP068006

6.3.2 File upload protection demonstration: ...................................................... 36

7.0 Conclusion ...................................................................................................... 39
8.0 References ....................................................................................................... 39

3
ASC APU3F2405CS(CYB) TP068006

1.0 Abstract
This project emphasizes the importance of secure coding practices in the development of web
applications by focusing on protecting user data, maintaining system integrity, and ensuring
continuous availability. The document outlines the key secure software concepts such as
confidentiality, integrity, and availability, as well as the secure software requirements and
design principles. Furthermore, some potential vulnerabilities like IDOR (Insecure Direct
Object References), SQL injection, and file upload vulnerabilities are identified and
demonstrated in the document to showcase how important secure coding is. Additionally, the
project also provides solutions by showcasing secure coding techniques can mitigate this risk
to ensure the website remains reliable and secured for users.

2.0 Introduction
DishCozy is a web-based platform that designed to provide customers with an accessible and
reliable way to purchase high-quality cups and plates for various needs. The platform aims to
offer a seamless online shopping experience to the end users while purchasing on the products.
As part of its early access launch, the platform offers free credits as a welcome gift to all new
users upon registration. Given that the platform will process on user registrations, transactions,
and sensitive data, having a secure coding practice during development is very important. Thus,
this document will underscore the significance of secure coding in protecting the confidentiality,
integrity, and availability of the platform. It will outline the principles of secure software design,
identifies potential vulnerabilities within the system, and proposes mitigation strategies. By
following secure coding standards, DishCozy aims to provide a safe, trustworthy, and enjoyable
shopping experience to all users.

3.0 Secure software concepts

Software is essential in the modern era, as they are being developed to help human conduct
various tasks. Due to the high demand of software, it must be carefully developed to ensure
the safety and security of the systems. Developing a secure software is challenging but
important, as vulnerabilities can expose systems to threats (Furrer, 2022). Secure software
concepts are the foundational principles in designing and developing an application. These
concepts are important on defending against vulnerabilities and potential threats which can
range from external cyberattacks to internal weaknesses such as coding errors, vulnerable

4
ASC APU3F2405CS(CYB) TP068006

design, or other bugs within the software. If these concepts are not applied carefully, it can lead
to serious consequences such as data breaches, financial loses, and decrease in company
reputation (GeeksforGeeks, 2023). Thus, proper implementation of the concepts should take
place to ensure software remains robust and resilient under various scenarios. The following
outlines the key concepts in secure software design.

Figure 1: Secure software concepts (Pigram, n.d.)

3.1 Confidentiality
Confidentiality in secure software concepts refers to the principle of ensuring that specific
information or tools are only accessible to authorized users and is protected from unauthorized
access or exposure. In a perfect world, the existence of confidential information or tools would
be unknown to all those people that do not have access to it (Merritt, 2013). It is a fundamental
aspect of data security that safeguards personal, financial, or proprietary data from breaches,
leaks, and malicious access. In business settings, confidentiality plays a key role in protecting
sensitive information such as trade secrets, intellectual property, and proprietary data (1Kosmos,
2023). Maintaining confidentiality could help businesses to maintain their competitive
capability, comply with regulatory requirements, and avoid reputational damage from data
breaches. Moreover, it can also sustain trust from customers and partners, thereby
strengthening the relationships between them and achieve long-term success.

5
ASC APU3F2405CS(CYB) TP068006

3.2 Integrity
Integrity is another secure software concepts that refers to the principle of ensuring data and
systems remain accurate, consistent, and unaltered by unauthorized actions. Data integrity is
very important because organizations rely on data for decision-making, predicting consumer
behaviour, assessing market trends (IBM, 2024). If the data is tampered by unauthorized person
secretly, the organisation may lose money because of bad decision. Moreover, without data
integrity, people cannot trust the data shown to them, as someone could change the data to fit
their own desires. In addition, data integrity is not only can be affected by unauthorized
tampering but also by human error such as accidentally deleting data, inconsistencies across
format, and errors during data collection, such as gathering inaccurate or incomplete
information (Catherine Cote, 2021). These issues can compromise the reliability of the data,
leading to poor decision-making that may damage the reputation and operation of the
organization.

3.3 Availability
Availability is the third key principle in secure software concepts. It is to ensure systems, data,
and services are accessible to authorized users whenever they are needed. Availability is very
important in secure software because it makes the software become reliable and ensures
operations can be processed seamlessly. There are several threats that can affect the availability
of a system such as Denial of Service (DoS), power outages and natural disasters
(GeeksforGeeks, 2020). These threats can cause the system to become inaccessible by the users
and disrupt basic business operation. For example, an availability issue happened in financial
industries may prevent users from conducting transactions. To mitigate these risks, businesses
should implement scalable architectures and disaster recovery plans to handle high traffic
volumes and maintain service continuity during disaster or technical issues (Alina, 2024).

4.0 Secure software requirements

Secure software requirements define the security criteria that must meet by the application to
ensure it is robust against security threats while achieving its development objectives. These
requirements contains both functional and non-functional aspects to provide a comprehensive
framework for secure system design.

6
ASC APU3F2405CS(CYB) TP068006

4.1 Functional Requirements

Functional requirements in secure software describe what a system must do to enforce security
and to provide a secure environment. These are specific tasks, operations, or features the system
must perform, such as user authentication, data encryption, or access control (Jamie Boote,
2020). Functional requirements are essential to ensure the software fulfils the needs of its
targeted users and achieves its primary objectives. Features like user authentication, data
encryption, and access control are the common functional requirements that can be seen in
most of the secure websites.

4.1.1 Authentication
Authentication is the process of verifying someone's identity. It usually takes place by requiring
checking the username and passwords provided by the users. Authentication is very important
in security context as it is a part of identity and access management (IAM), which define who
can view data and what they can do with it (Cloudflare, n.d.). Authentication is crucial in digital
security for several reasons. Firstly, it has provided privacy and confidentiality by ensuring
only authorized users can access systems and sensitive information. Secondly, the
implementation of authentication could facilitate trust between users and service providers by
showing users that their data is well-protected, especially in the face of evolving cyber threats
(Cyber Writes Team, 2024).

Table below shows some common authentication method used in the industry and their
comparison.

Table 1: Benefits and Drawbacks of Various Authentication Methods (Roy & Roy, 2024)

Method Benefits Drawbacks

Widely supported and simple to
May vulnerable to CSRF attacks,
implement. Enabling session
Cookies request overhead, and has size and
management and user
number limitations.
customization.
Capable to transfer more data
May vulnerable to XSS attacks, difficult
JWT while supporting multi-domain
to revoke or refresh due to fixed
access and easy verification.

7
ASC APU3F2405CS(CYB) TP068006

expiration, and possess risks if key

security is compromised.
Involves complex interactions and
Allows secure assignment of
requires careful implementation to avoid
OAuth access between services using
vulnerabilities like token leakage or
tokens like JWT or API Tokens.
replay attacks.
Flexible and adaptable to various Vulnerable to interception if not
API Token security requirements while being securely transmitted over HTTPS or
simple to use. securely stored.
Enables single sign-on with strong
Complexity in XML processing can
SAML identity validations for seamless
cause performance issues
resource access across systems.
Relies on multi-party workflows, which
Simplifies cross-site identity
can lead to risks like phishing, stolen
OpenID verification without requiring
tokens, or fake identifiers if not properly
separate credentials for each site.
secured and managed.

4.1.2 Data Protection

Data protection refers to security strategies and tactics that help organization to secure
confidential data against corruption, compromise, and loss. The objective is to protect data and
ensure its availability and compliance with regulatory requirements (Badman & Kosinski,
2024). It protects organizations from data theft, data loss and data leakage by creating a data
protection policy to ensure compliance with the regulations requirements such as GDPR,
HIPAA or PCI-DSS. By compliance with the standards and regulations, the organization will
be able to protect user privacy and the reputation of the organization. A comprehensive data
protection strategy can involve encrypting data both in transit and at rest, using secure protocols
like HTTPS and AES encryption, maintaining control over data access and visibility, and
addressing vulnerabilities on time to reduce the risk of cyberattacks and breaches (Microsoft
Security, n.d.).

There are several data protection solutions can be implemented into the website to protect
against cyberattack and ensure data integrity, confidentiality and availability.

8
ASC APU3F2405CS(CYB) TP068006

Identity and access management (IAM)

IAM is a system that centralizes the management of user identities and permissions within an
organization. It works by assigning access to the users based on roles and responsibilities. This
action can help to reduce unauthorized access and insider threats while protecting sensitive
data (Badman & Kosinski, 2024).

Encryption

Encryption could protect data in the system by converting it into an unreadable cipher-text that
can only be read with a decryption key. This has ensured that data is in secure whether when it
is stored or being transferred. Moreover, encryption can also prevent unauthorized users from
viewing the information even if they gained the access (Microsoft Security, n.d.).

Backup

Backup is another data protection method that involve saving copies of important information
regularly to protect against data loss or data corruption. By allowing systems to restore to its
previous state, backups can minimize the downtime and potential losses (Badman & Kosinski,
2024).

4.2 Non-Functional Requirements

Non-functional requirements refer to the characteristics of a software system that are not related
to its main functionality. It defines how a how the system should perform to ensure it operates
effectively under various conditions while maintaining security. These requirements are crucial
for maintaining performance, reliability, and user satisfaction (GeeksforGeeks, 2024).

4.2.1 Scalability
Scalability refers to the capability of the system to handle growth in data volume and user
load. The website should ensure it can process increasing workloads without compromising
performance or security (GeeksforGeeks, 2024). This means that the website can maintain
consistent response time even during peak time when there is high volume of users. There are
several methods can be implemented by the developer to maintain scalability of a website.

9
ASC APU3F2405CS(CYB) TP068006

Write clean code

Writing clean code is essential for building scalable software. By following to programming
principles like KISS (Keep It Simple, Stupid) and DRY (Don’t Repeat Yourself), developers
can simplify the complex logic, avoid redundancy, and ensure the code to become efficient.
Thus, the performance of the software can be maintained, and it will be able to handle more
tasks (Olawanle, 2023).

Implement caching

Caching is another powerful technique that can enhance the software scalability by storing pre-
computed results in the client machine. By doing this, the requested data can be retrieved
quickly without executing expensive database queries to the server. This approach could
significantly reduce the response times and improves overall performance of the programs even
under heavy user load. Hence, caching not only speeds up the application but also allows it to
scale more effectively and maintain consistent performance as demands grow (Olawanle, 2023).

4.2.3 Maintainability
Maintainability in non-functional requirements of secure coding refers to how effectively a
software system can be supported, enhanced, and modified throughout its lifecycle. It ensures
that the developers can resolve bugs and upgrades system seamlessly without compromising
its stability or security (Tornblad, 2023). A system must be designed with simplicity,
adaptability, and extensibility to achieve maintainability. By following coding standards and
clean code practices, the program can be updated, extended or debugged easily (GeeksforGeeks,
2024). Moreover, maintainability is particularly important in secure coding because it ensures
the system can be quickly modified to address emerging threats, patch vulnerabilities, and
maintain compliance with updated security regulations (Jain, 2024). Hence, by embedding
maintainability into the software architecture, organizations can create reliable, flexible, and
secure systems that can resist the challenges in dynamic technological environments.

10
ASC APU3F2405CS(CYB) TP068006

4.3 Secure Software Design Principles

Secure Software Design Principles are the guidelines that must abide by the developers to
ensure the product is robust against threats and cyberattacks. It emphasizes on controlling
access, handling errors securely, and designing systems to resist failures. By applying these
principles, the system will be able to protect sensitive information and maintain user trust.

4.3.1 Least privilege

Least privilege is a fundamental security concept where users and processes are granted with
the minimal access rights to perform their specific tasks. This principle could reduce the attack
surface and mitigating potential damage when the user account has been compromised. Hence,
the attackers would not be able to access sensitive information that shouldn’t be accessed by
the compromised user account (OWASP, n.d.). For example, an application requiring access to
a single database table should not be granted full database permissions, while an image viewer
application should not be able to access network or contact information. This "need-to-know"
strategy guarantees that no needless privileges are ever granted and is based on military security
procedures (Heleszta, 2024). Hence, this strategy will start with no access rights for all of the
users by default and incrementally granting only the necessary privileges, promoting a secure
design that balances functionality and security.

4.3.2 Fail-safe
Fail-safe is a critical security principle that ensures systems will fall back to a secure state when
errors happened, regardless due to attacks, poor design, or implementation failures. This
principle can make sure the confidentiality, integrity, and availability of the system can be
maintained no matter what happened. Hence, unless specific access is granted, all access to
resources should be denied by default (OWASP Foundation, n.d.). This approach is similar to
the concept of allow list, where access is only permitted to specific authorized users or entities.
Such a design prioritizes in permission over exclusion, because errors in permission-based
mechanisms typically result in denying access. This result is safer when compared to exclusion-
based errors that might unintentionally allow unauthorized access (Heleszta, 2024). Moreover,
fail-safe principles can enhance the robustness of the software by enabling fast recovery from
errors, making sure the application to be secured even in unforeseen conditions.

11
ASC APU3F2405CS(CYB) TP068006

5.0 Research on system vulnerability and exploitation

The website for DishCozy has been developed with secure software requirements discussed
above, where the user will need to authenticate themselves before logging into their account.
Additionally, the implementation of clean code practices enhances the system's ability to
maintain availability, while the principle of least privilege is applied to restrict users from
accessing information that should not be accessible as a standard customer. However, there are
several vulnerabilities that might be able to exploit by the attacker due to careless coding
practices. The following sections outline the vulnerabilities identified on the website along with
demonstrations of how these vulnerabilities could be exploited.

5.1 IDOR attack

Insecure Direct Object Reference (IDOR) attacks is a vulnerability that occurs when attackers
can manipulate the identifiers used in a website’s parameters or URLs to gain access to or
change objects. It can occur due to missing access control checks, which fail to verify whether
a user is allowed to access specific data (OWASP, n.d.). There are several types of IDOR attacks
that exploit vulnerabilities in accessing unauthorized resources. For example, directory
traversal allows attackers to access restricted files and folders, such as configuration files or
scripts, by changing the file paths. Moreover, URL tampering vulnerability allowed the
attackers to modify URL parameters, such as changing an ID value to access another user's
data. Lastly, cookie ID manipulation exploits vulnerabilities in cookie handling, where an
attacker utilized stolen cookies to impersonate another user and access their sensitive
information. Each of these attacks has underscored the need for robust validation and
authorization mechanisms (GeeksforGeeks, 2023).

12
ASC APU3F2405CS(CYB) TP068006

Figure 2: IDOR vulnerability code

Figure above shows the code that vulnerable to IDOR attack. The website intended to pass user
ID as a parameter in URL to differentiate each user. However, this intention has exposed an
attack surface for the attacker to exploit it. In this scenario, the attacker can simply change the
ID parameter passed in the URL to the ID of another user. From there, the attacker can login
as other user.

Figure 3: IDOR attack stage 1

13
ASC APU3F2405CS(CYB) TP068006

During the first stage of the attack, the user will need to register an account and login into the
dashboard. In this case, the attacker has created an account named john. From the URL, we can
observe that john has an user ID of 2.

Figure 4: IDOR attack stage 2

The attacker can change the ID passed in the URL from 2 to 3. After that, he will be able to
access dashboard of user with ID 3 if it exist.

14
ASC APU3F2405CS(CYB) TP068006

Figure 5: IDOR attack stage 3

As shown in the figure above, after changing the ID from 2 to 3 and click enter, the attacker is
now at the dashboard of user with ID 3, Alicia. By doing this, the attacker will be able to use
free credit given to Alicia to buy whatever he wanted.

5.2 SQL Injection

SQL Injection is a type of attack that exploit vulnerabilities in an application's database query
execution. By injecting malicious SQL statements into input fields, attackers can manipulate
the query structure to bypass authentication, extract sensitive data, or even delete records. This
exploitation is very critical, and it can cause data breaches, unauthorized data exposure, or even
system shutdowns (Hakimi, 2024). It has become one of the most dangerous threats for data
confidentiality and integrity to web applications and has been included into the OWASP Top
10 list since of its creation as the most common and widely exploited vulnerabilities
(Morgenroth, 2022).

According to (Lenaerts-Bergmans, 2022), SQL injection attack can be categorized into mainly
three types, which are In-band SQL Injection, Inferential SQL Injection and Out-of-Band SQL

15
ASC APU3F2405CS(CYB) TP068006

Injection. In-band SQL Injection is the most common attack type where the attacker uses the
same communication channel to launch the attack and retrieve results. On the other hand,
Inferential SQL Injection involves sending payloads and analysing the database's responses
without directly retrieving data. During this attack, the attacker will use the database responses
to understand the overall structure of the database. In addition, Out-of-Band SQL Injection
occurs when attackers use a different communication channel to gather results. This type of
attack is rarely used and only used when the server is too slow or unstable to use inferential
SQL injection or in-band SQL injection.

Figure 6: SQL injection vulnerability code

The code above poses a SQL injection vulnerability. The SQL query "SELECT * FROM users
WHERE username = '{username}' AND password = '{password}'" will take inputs collected
from the login fields as arguments without conducting any verification or sanitization. Thus,
the attacker can exploit it by inserting SQL command in the username or password field. This
action can modify the SQL query and bypass the authentication.

16
ASC APU3F2405CS(CYB) TP068006

5.2.1 Scenario 1: login to specific user

Figure 7: SQL injection attack stage 1

Figure above shows the attacker try to login as user john with random password, in this case,
“1234”.

Figure 8: SQL injection attack stage 2

As shown in figure above, the website has successfully rejected the login attempt due to invalid
username or password.

17
ASC APU3F2405CS(CYB) TP068006

Figure 9: SQL injection attack stage 3

The attacker now tries to exploit the SQL vulnerability by adding “ ’; --” after the username
and use the same wrong password in the password field. This is because the “ ’ ” symbol will
close the quote for username, “ ; ” symbol will stop the SQL query while the “ -- ” symbol will
set everything after it to become comment. By doing this, the attacker can modify the SQL
query without triggering errors.

18
ASC APU3F2405CS(CYB) TP068006

Figure 10: SQL injection attack success

As shown in figure above, the attacker has logged in into john’s account without giving
the correct password.

5.2.2 Scenario 2: Login as the first registered user

Figure 11: SQL injection attack 2 stage 1

19
ASC APU3F2405CS(CYB) TP068006

The figure above shows the second SQL injection vulnerability found from the implemented
SQL query. By injecting “ ’OR 1=1;-- ” into the password field, the attacker will be able to
login as the user that with an ID of 1. This is because the “OR 1=1 ” command made the query
become correct in whatever cases so the SQL query will return the first row from the database.
Hence, the attacker will be able to login as the first user even though he doesn’t know the
username.

Figure 12: SQL injection attack 2 success

As shown in figure above, even though the attacker has submitted john as the username, after
the attack he logged in as the admin, which is the user with ID 1.

5.3 File Upload Vulnerability

File upload vulnerabilities can occur when an application allows users to upload files without
validating their file type, size, or content. This may allow attacker to inject malicious file that
contains harmful code into the server and potentially execute it from server side (Redfox
Security, 2024). For example, an attacker could exploit this by uploading a malicious script or
executable file that pretend as a harmless file, such as image or document. Once uploaded,

20
ASC APU3F2405CS(CYB) TP068006

these files can be executed on the server, potentially leading to unauthorized access, data theft,
or complete server compromise. For example, an attacker might upload a reverse shell script
and request for it from the server to gain remote connection (PortSwigger, n.d.).

Figure 13: File upload vulnerability code

Figure above shows the code that is vulnerable to file upload attack. The code above allows
user to upload whatever file into the server as profile picture without validating its file type or
file size. This has given attacker a channel to upload malicious script into the server and the
server will be vulnerable if the attacker can execute the uploaded file.

Figure 14: Register new account

Before exploiting the file upload vulnerability, I will first create an account.

21
ASC APU3F2405CS(CYB) TP068006

Figure 15: Login as new user

After that, I logged in as the new user, tom. From figure above, we can see that users are
allowed to upload their profile pictures to the dashboard. Hence, lets try to exploit that.

Figure 16: Browse image

As shown in figure above, an image named “[Link]” is chosen to upload to the dashboard.

22
ASC APU3F2405CS(CYB) TP068006

Figure 17: Upload image

After the image is uploaded, the select profile picture section shows a dropdown list and the
user is allowed to select the picture they uploaded as their profile picture.

Figure 18: Select profile picture

Figure above shown that a Microsoft image is displayed under the profile picture section after
the “[Link]” is selected as the profile picture.

23
ASC APU3F2405CS(CYB) TP068006

Figure 19: Clicking profile picture

When the user clicks on their profile picture, they will be redirected to a new page where their
profile picture is displayed in full size. After understanding how upload profile picture feature
works, the next thing is trying to upload a non-image file to the website.

Figure 20: Select payload

Msfconsole is executed from the attacker’s machine and PHP type reverse shell script is
searched. In this attack, the payload named “payload/php/meterpreter/reverse_tcp” is chosen.

24
ASC APU3F2405CS(CYB) TP068006

Figure 21: Create reverse shell script

After determining the payload, the next thing is to generate the script. Msfvenom is used to
create the reverse shell script and the LHOST has been set to attacker’s IP address while the
LPORT is set to 4444.

Figure 22: Create listener

Moving on, a listener is created in the msfconsole. The payload, LHOST and LPORT has been
configured to match the settings used in the script we generated earlier. After everything has
been set, exploit command is executed to start the listener.

25
ASC APU3F2405CS(CYB) TP068006

Figure 23: Upload script

Figure above shows the “[Link]” has been selected to upload as the profile picture.

Figure 24: Upload script successful

When the upload button is clicked, “[Link]” is displayed in the dropdown menu. This
indicates that the website does not validate the file type of the uploaded file.

26
ASC APU3F2405CS(CYB) TP068006

Figure 25: Select script as profile picture

When the script is selected in the dropdown menu and the select button is clicked, the website
starts to be loading, and the previous profile picture has disappeared. These series of activities
indicate that something is running at the back end.

Figure 26: Reverse shell connected

Checking back to the msfconsole, we can see that a session is opened. A shell is created on the
session and the “whoami” command has been used to display the connected system user. The

27
ASC APU3F2405CS(CYB) TP068006

“pwd” command shows that the server is running in the “/home/kali/Desktop/ASC Website”.
To proof that we are accessing the server, a file named [Link] is created from the attacker
machine.

Figure 27: Hosting server

The figure above shows a snapshot from the hosting server, where a file named "[Link]"
has been created in the same directory, indicating that the reverse shell has been established.

6.0 Secure coding implementation, the importance and

explanation

6.1 Solution for IDOR attack

To prevent IDOR (Insecure Direct Object References) attacks, the application should verify
that the user is only capable to access authorized resources. This can be achieved by checking
whether the session identifier of the logged in user matches the identifier in the requested URL
or not. By validating this association, the system can ensure that an attacker cannot manipulate

28
ASC APU3F2405CS(CYB) TP068006

the URL to access another user’s data without proper authorization. When the manipulation
has been detected, the website will redirect the user with unauthorized access attempt back to
the login page. Thus, the sensitive information of the users can be protected.

6.1.1 Code implementation

Below shows the implementation of session ID validation in each website pages. When a user
wants to access a page, the system will verify whether the user ID of the session matches the
user ID associated with the page. If the validation fails, the user is redirected to the login page
which could effectively prevent unauthorized access and mitigate the risk of IDOR attacks.

Figure 28: ID verification in dashboard page

Figure above shows the implemented verification code in the dashboard page. The code
checked whether the session is created, which can prevent user to access particular page
without login. The following code will check whether the session’s user ID matches the user
ID associated with that page. If the ID does not match the user, it will redirect the user to the
login page.

29
ASC APU3F2405CS(CYB) TP068006

Figure 29: ID verification in product page

Figure above shows the same verification code implemented in the product page to mitigate
IDOR attack.

Figure 30: ID verification in payment page

Figure above shows the same verification code implemented in the payment page to mitigate
IDOR attack.

30
ASC APU3F2405CS(CYB) TP068006

6.1.2 IDOR protection demonstration:

Figure 31: John's dashboard

Figure above shows the user has logged in into John’s account which has a user ID of 2.

Figure 32: IDOR attack attempt

After logging in as John, the user tried to change his ID in the URL to 1 to access the dashboard
of another user.

31
ASC APU3F2405CS(CYB) TP068006

Figure 33: Redirected to login page

When the user submitted the new URL, the website detected potential IDOR attack attempt as
the user ID is not matched. Thus, it redirected the user back to the login page, successfully
mitigated IDOR attack

6.2 Solution for SQL injection

To prevent SQL injection, it is important to change how queries receive and process parameters
by using prepared statements or parameterized queries instead of directly concatenating user
inputs into the SQL statements. With this approach, the query structure will be is predefined,
and user inputs are treated as string instead of executable code which could significantly
eliminate the risk of query logic tampering (OWASP Cheat Sheet Series, n.d.). For example,
instead of putting user input directly into a query, the input will be bounded into the
placeholders which would convert it to become a string. This prevention is important as it
protects the database from unauthorized access, data breaches, and potential manipulation of
sensitive information. By implementing such prevention, the integrity and security of the
application can be maintained.

6.2.1 Code implementation

Below shows the implementation of secure coding which aims to prevent SQL injection
attack.

32
ASC APU3F2405CS(CYB) TP068006

Figure 34: SQL injection prevention code

The way of how SQL query is coded in the snippet above demonstrates a secure way to prevent
SQL injection by using parameterized queries with placeholders. In this approach, the question
marks (?) acted as placeholders in the SQL query. Instead of directly embedding user inputs
into the query, these inputs are passed as parameters in a separate tuple. This method could
prevent attacker from injecting SQL commands that could potentially alter the filtering query.

6.2.2 SQL injection protection demonstration:

Figure 35: SQL injection attempt

Figure above shows the SQL injection attempt where the attacker tries to use SQL symbol like
“ ’;-- ” to change the filtering query.

33
ASC APU3F2405CS(CYB) TP068006

Figure 36: SQL protection successful

As shown in figure above, when the attacker submits the username and password, the website
will restrict him from logged in as it has treated the SQL symbol as string.

6.3 Solution for File Upload Vulnerability

To mitigate file upload vulnerability, the website should perform checking on file type and its
size before allowing users to upload it. The system should verify that the uploaded file is an
image by checking its MIME type or file extension to ensure that only image files with common
extension like PNG, JPG or GIF are accepted. Additionally, setting up a file size limit is also
very important to prevent the system from going down due to large file uploads. Hence, it is
very important for the website to validate selected file before uploading it directly to the server
to prevent malicious executables or large files being uploaded which might cause unauthorized
remote access, malware infection or system crash due to large file upload overwhelming the
server.

34
ASC APU3F2405CS(CYB) TP068006

6.3.1 Code implementation

Figure 37: File validation code

Figure above shows the implementation of secure coding that prevent file upload vulnerability
exploitation by only allowing certain file type and limiting file size for file upload. The selected
file can only have the extensions of PNG, JPEG, or GIF while the file size must be below 2MB.
The validation function above will check the file extension by verifying on its MIME type and
then check for its file size. If both conditions are met, the file will be allowed to upload to the
server.

Figure 38: File validation function call

Figure above shows the validation function are called when the user try to upload the selected
file. If the selected file does not met the criteria, the file will not be uploaded to the server.

35
ASC APU3F2405CS(CYB) TP068006

6.3.2 File upload protection demonstration:

Figure 39: Selecting non image file

Figure above shows the user tries to upload a PHP file.

Figure 40: Selected PHP file

As shown in figure above, a file named “[Link]” is selected.

36
ASC APU3F2405CS(CYB) TP068006

Figure 41: File upload prevention success

Figure above shows the website has successfully identified the selected file type rejected the
upload of the file due to invalid file type detected.

Figure 42: Changing file extension

Figure above shows another scenario where user tries to change the file extension directly by
renaming a zipped folder to PNG extension.

37
ASC APU3F2405CS(CYB) TP068006

Figure 43: Upload malicious PNG

After that, the user tries to upload the malicious file with PNG extension.

Figure 44: Upload reject successful

As shown in figure above, the website is also able to identify the file type of the malicious file
and reject it even after the user changed the extension by renaming it. Thus, it can protect the
server from being compromised.

38
ASC APU3F2405CS(CYB) TP068006

7.0 Conclusion
In conclusion, the development of the website, DishCozy, has highlighted the importance of
secure coding practices in protecting sensitive user data and maintaining the overall reliability
of the web applications. By applying principles like least privilege, fail-safe design, and
adhering to secure software requirements, the platform will be able to defend against a variety
of threats and potential attacks. Moreover, throughout the identification and exploitation of
vulnerabilities such as IDOR, SQL injection, and file upload issues, this project has also
demonstrated how these risks can be mitigated through secure coding strategies. By
implementing these secure coding practices, DishCozy can provide a safe and reliable shopping
experience to its users.

(5429) words

8.0 References
Alina. (2024, May 21). Confidentiality, integrity, availability examples. DataSunrise.
[Link]
examples/

Badman, A., & Kosinski, M. (2024, April 5). Data protection. [Link].
[Link]

Boote, J. (2020, July 21). Are you making software security a requirement? BlackDuck.
[Link]

Cloudflare. (n.d.). What is authentication? Cloudflare.

[Link]

Cyber Writes Team. (2024, September 27). What is Authentication? – Types, Role & How it
Works! Cyber Security News. [Link]

Furrer, F. J. (2022). Safe software and secure software. In Springer eBooks (pp. 187–262).
[Link]

GeeksforGeeks. (2020, January 24). Availability in information security. GeeksforGeeks.

[Link]

39
ASC APU3F2405CS(CYB) TP068006

GeeksforGeeks. (2023, November 1). What is Software Security Definition and Best
Practice? GeeksforGeeks. [Link]
definition-and-best-practice/

GeeksforGeeks. (2023, February 3). Insecure Direct Object reference (IDOR) vulnerability.
GeeksforGeeks. [Link]
vulnerability/

GeeksforGeeks. (2024, October 4). NonFunctional requirements in software engineering.

GeeksforGeeks. [Link]
engineering/

Hakimi, O. (2024, October 27). SQL Injection: Types, Examples & Prevention Cheat Sheet.
[Link]
prevention-cheat-sheet

Heleszta, M. (2024, February 13). Secure design principles | Cydrill Software Security.
[Link]

IBM. (2024, August 12). What is Data Integrity? IBM. [Link]

integrity

Jain, A. (2024, November 11). What are Non-functional Requirements: Types, Examples &
Approaches. Visure Solutions. [Link]
traceability-guide/non-functional-requirements/

Lenaerts-Bergmans, B. (2022, October 10). What is a SQL Injection Attack?.

[Link]

Merritt, T. (2013, January 15). 9 Software Security Design Principles. [Link].

[Link]

Microsoft Security. (n.d.). What is data protection? [Link]

us/security/business/security-101/what-is-data-
protection?msockid=2224d05a1407617c3f50c51415ae607b

Morgenroth, S. (2022, August 17). What is SQL Injection? Invicti.

[Link]

40
ASC APU3F2405CS(CYB) TP068006

Olawanle, J. (2023, January 11). How to plan for software scalability and building for
growth. DEV Community. [Link]
and-building-for-growth-2kle

OWASP Cheat Sheet Series. (n.d.). Insecure Direct Object Reference Prevention.
[Link]
n_Cheat_Sheet.html

OWASP Cheat Sheet Series. (n.d.). SQL Injection Prevention.

[Link]

OWASP Developer Guide | Principles of Security | OWASP Foundation. (n.d.).

[Link]

Pigram. (n.d.). What is the CIA triad: confidentiality, integrity, and availability.
[Link]

Port Swigger. (n.d.). File uploads | Web Security Academy. [Link]

security/file-upload

Redfox Security. (2024, November 14). Understanding file upload vulnerabilities - PEN
Testing services. Redfox Security - Pen Testing Services.
[Link]

Roy, S., & Roy, S. (2024, March 18). Popular authentication methods for web apps |
Baeldung on Computer Science. Baeldung on Computer Science.
[Link]

Tornblad, A. M. (2023, May 26). Designing resilient software architecture.

[Link]

1Kosmos. (2023, November 15). Confidentiality: What It Is, How It Works, with Examples -
1Kosmos. [Link]

41