The document summarizes a security reinforcement project for the OTSOMOTO website. It discusses identifying existing vulnerabilities like injection attacks and cross-site scripting. It describes implementing measures like secure coding practices and access controls to mitigate vulnerabilities. Finally, it proposes future enhancements like threat intelligence integration and proactive security.

1. A Security Reinforcement
Project
COURSE/BLOCK: BSIT 3B
NAME OF WEBSITE: OTSOMOTO
GROUP MEMBERS: MA. LIANNE ISABEL D. TALENTO
JESSIE JAMES D. SEDEÑO
ADRIAN SAMUEL S. OLLERES

2. Part 1
Security Reinforcement

3. TABLE OF CONTENT
TOPICS SLIDES NUMBER
WEBSITE NAME 4
Website Mission / Vision 5
Project Overview
ExistingWebSystemVulnerabilities
How SecurityMeasuresisImplemented
MitigationActionImplemented
ConclusionandFutureEnhancements
Part 2
White Hat Test for the Reinforced Website
IdentifiedVulnerability
Recommendation

4. DIGITAL WAVE
This electronic commerce site offers a Social Media Marketing, Email
Marketing, Content Marketing. Our platform is dedicated to helping the users to
acquire the skills and knowledge necessary to succeed in the world of digital
marketing, particularly in the realm of e-commerce. Customers can select their
preferred skills to acquire from Social Media, Email, Content Marketing. In addition,
this site contains all the information needed to know to encourage a customer to
make a purchase. Product descriptions were included, while in terms of the mode of
payment, customers have multiple choices, such as GCash, Paypal and Paymaya.

5. Mission Vision
At our core, we are on a mission to
empower individuals in the dynamic
landscape of digital marketing within the
e-commerce realm. We strive to provide a
comprehensive electronic commerce
platform that specializes in Social Media
Marketing, Email Marketing, and Content
Marketing. Our mission is to equip users
with the skills and knowledge essential for
thriving in the digital marketing sphere,
fostering their success in the world of e-
commerce.
We envision a future where every individual
aspiring to excel in digital marketing finds a
dedicated and resourceful platform. Our
vision is to be the foremost destination for
users seeking to acquire and enhance their
skills in Social Media, Email, and Content
Marketing. We aim to create an
environment where users not only gain
knowledge but also find all the information
required to make informed purchase
decisions. Our vision extends to providing a
seamless experience, offering multiple
payment options such as GCash, Paypal, and
Paymaya, ensuring accessibility and
convenience for our valued customers.

6. Project Overview
Scope
The digital wave spans diverse fields - digital marketing, e-
commerce, social media, cloud computing, AI, and big data. It
opens avenues for businesses to connect with customers
through digital channels, fostering new opportunities. This
wave facilitates collaboration and communication globally,
transcending geographic and time constraints. Across
industries like healthcare, education, finance, and
entertainment, the digital wave transforms operations with
advanced tools and resources.
Goals
Leverage the digital wave's power for effective customer
engagement, global collaboration, and transformative industry
impact across digital marketing, e-commerce, and various sectors.
Our digital wave initiative aims to elevate customer engagement, global collaboration, and industry
impact. Key strategies involve leveraging digital channels and technologies, supported by a clear
implementation plan with timelines and milestones. We've identified specific performance
indicators to measure success and outlined risk mitigation strategies. The documentation covers
resource needs, tools, and technologies, as well as considerations for training and support. This
concise guide provides stakeholders with a clear roadmap for the initiative's success, summarizing
key points and outlining next steps.
Documentation

7. Existing Web System Vulnerabilities
Vulnerability Screenshots
Injection Attacks
Cross-Site Scripting (XSS)
Authentication Issues
Teacher’s Note:
Actual Picture of the Front-End and
Back-End/Code that is susceptible to
any threat

8. Existing Web System Vulnerabilities
Vulnerability Description
Injection Attacks Identify and prevent SQL and code injections
that can lead to data breaches and unauthorized
access.
Cross-Site Scripting (XSS) Detect and mitigate XSS vulnerabilities to
prevent malicious scripts from running in users'
browsers.
Authentication Issues Strengthen authentication mechanisms to
prevent unauthorized access and enhance user
account security.
Teacher’s Note:
This is just a sample students are free
to give their own identified
vulnerability minimum of 3
maximum of 6

9. How Security Measures is Implemented
1 Secure Coding Practices
Enforce coding practices like input validation, output encoding, and secure API
implementation to prevent common vulnerabilities.
2 Access Controls
Implement granular access controls and role-based permissions to restrict
unauthorized access to sensitive resources.
3 Encryption
Apply strong encryption algorithms to protect data both at rest and in transit,
ensuring confidentiality and integrity.

10. Mitigation Action Implemented
Vulnerability Screenshots
Injection Attacks
Cross-Site Scripting (XSS)
Authentication Issues
Teacher’s Note:
Show your improved code that could
possible counter the identified
vulnerability. And Provide
Explanation how it work

11. Conclusion and Future
Enhancements
By reinforcing the security of the existing web system, we have mitigated
vulnerabilities, protected user data, and ensured system integrity. Further
enhancements can focus on threat intelligence integration and proactive
security measures to stay ahead of emerging threats.

12. Part 2
White Hat Test for the Reinforced Website

13. WHITE HAT TESTING

14. Name of Website for White Hat
Testing
<Screenshot of Website for White Hat Test>

15. Identified Vulnerability
1.
2.
3.. …
<Screenshot of Website for White Hat Test>