Spring 2010 Research Website Vulnerability Test
Summary I will be building a website using Microsoft Visual Studio Professional. The website will be fully functional and will include a database which will use Microsoft server 2005. The website will be based on a fraternity web system. The database will be a simple one and will only include three tables (Region, Chapter, Member). You will be able to log on using a user name and password . There will be features so that you can add and remove members, update chapter info and add new regions.
User Interface I will be using CSS style sheets to give the website a more rich feel. Microsoft Visual Studio allows you to incorporate CCS style sheets in your web project and I though that it would be good to have a richer content instead of using plain HTML. I am not that familiar with CSS or Microsoft Visual Studio so I am learning as I go along.
Current Progress I was introduced to ASP.Net MVC (Model View Controller) approach to web development last week in my C Sharp class and I decided that I will use this in my research project. I have mapped out my database, started the implementation of the CSS style sheet and began to add new methods to my Controller In order to further manipulate my database.
Problems in Project • Insufficient knowledge in using style sheets. • Insufficient knowledge in Visual Studio. • Problems running Microsoft SQL server 2008 I have been reading and watching videos provided by ASP.net that have helped me to progress, and I have also taken some tutorials online for Visual Studio which have also helped. I have come across a lot of reading material that helped me with connecting the database to my webpage.
Tomcat Web Server Tomcat web server is a light weight local web server that can be used to run web applications locally. Once I have completed my web project I will run it locally to do some Web site vulnerability testing. You can download tomcat for free here: http://tomcat.apache.org/download-60.cgi
Website Testing The main purpose of this project was to test security vulnerabilities in websites. I do not host a website so I had to do some research to figure out how to build one. Once my web site project is complete I will be using Acunetix Web Vulnerability Scanner to test my web site for possible vulnerabilities. Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities. I wanted to try to use some other products but they were not free. You can download a free copy of Acunetix Web Vulnerability Scanner here: http://acunetix-web-vulnerability-scannerfree.smartcode.com/info.html
References • http://acunetix-web-vulnerability-scanner-free.smartcode.com/info.html • http://tomcat.apache.org/download-60.cgi • http://www.asp.net/learn/videos/ • http://www.microsoft.com/express/Database/