Unsecure PWA

Your client, ‘The Unsecure PWA Company’, has engaged you as a software engineering security specialist to provide expert advice on the security and privacy of their application. This progressive web app is currently in the testing and debugging phase of the software development lifecycle and can be accessed here: Unsecure progressive web app (PWA).

Install and Run:

Clone the repository
pip install -r requirements.txt
python main.py
Install the recommended extensions in VS Code

Overview

Here are some of the activities that you will carry out in your role as a security specialist.
They do not need to be carried out in the order below, but it is highly recommended you become familar with the PWA and how it works first.

Test and evaluate the progressive web app (PWA)

Experiment with the unsecure PWA.
Investigate how the unsecure PWA is built to see how data is handled.
Locate any security weaknesses in the code and how data is handled.
Conduct a security audit and vulnerability assessments of the unsecure PWA using special tools and tests to find any problems.
Document the processes you followed and the vulnerabilities or issues you discovered. This could include:
- browser developer tool reports (Google Lighthouse and Edge Application)
- black box test the app for vulnerabilities and privacy issues
- grey box test the app
- code review/white box asses the application
- use of third-party tools like Pentest-Tools.com or Zed Attack Proxy (ZAP).

Designing software

Write a requirements definition for the client.
Identify the user specifications for the solution.
Apply the fundamental software development steps to develop secure code.
Identify any problems that cannot be fixed by changing the code, such as how users behave or how data is managed.

Consider:

What will be different when the application is in a production environment?
What might users do that you or the ‘The Unsecure PWA Company’ cannot control that could be a vulnerability or a privacy issue?
What can’t be tested?

Developing secure code

Design, develop and implement code that changes the PWA's code and settings to fix the security issues found, like checking user inputs, encrypting data and controlling accessibility.
Use appropriate HTML/CSS/JS/SQL/JSON/Python code and web content changes to provide a close-to-industry standard solution that fully or near fully mitigates security and privacy vulnerabilities.
Apply strategies to manage the security of programming code.
Test and evaluate the security and resilience of the software.

Impact of safe and secure software development

Describe the benefits of developing secure software to your client ‘The Unsecure PWA Company’.
Provide expert advice to the ‘The Unsecure PWA Company’ on the privacy and security of their progressive web app (PWA).
List all the security or privacy issues found and explain their impact if someone took advantage of them by providing an impact assessment of each.
Present your solution and security report to the client.
Explain the benefits of implementing safe and secure development practices to an enterprise.
Explain the social, ethical and legal issues that affect people and enterprises, resulting from the development and implementation of safe and secure software.

Page updated

Report abuse