GitHub - Ezaz-Ahmad/Client-Authorization-portal-using-MFA: Here, in this project, I enhanced a startup's HTTP server with key features: an admin console for user management, robust multi-factor authentication, and sophisticated access control. This project was a valuable exercise in applying cybersecurity principles in a practical setting.

Ezaz-Ahmad / Client-Authorization-portal-using-MFA Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Here, in this project, I enhanced a startup's HTTP server with key features: an admin console for user management, robust multi-factor authentication, and sophisticated access control. This project was a valuable exercise in applying cybersecurity principles in a practical setting.

0 stars 0 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
src		src
Readme.txt		Readme.txt
Report and Screenshots.pdf		Report and Screenshots.pdf
seng2250-a3.pdf		seng2250-a3.pdf

Repository files navigation

README for SENG2250 Assignment 3: Secure HTTP Server with Authentication and Access Control
Introduction
Hello! I'm excited to share my work on this individual assignment for System and Network Security. My task was to enhance an HTTP server program, focusing on authentication and access control. This work is crucial for the online portal of Mako, an emerging startup prioritizing security.

Assignment Overview
The assignment involves two major components:

Modifying a HTTP Server Program: Implementing authentication and access control.
Reflection on the Development Process: Discussing my learning journey, the project's limitations, and potential improvements.
Project Components
1. Admin Console
Functionality: Admin users can manage other clients – add, modify, and delete users.
Initial Setup: Includes a default 'root' admin user with a random password.
2. Password Storage
Implementation: Follows best practices for secure password storage.
3. Multi-factor Authentication
Process: Involves username, password, and a code sent to the user's email.
Tools Used: I recommend using Mailgun for email handling.
4. Token Authentication
Token Validity: 15 minutes.
Security: Tokens are unique and hard to guess.
5. Access Control
Model: Implementation of the Biba access control model.
Details: Various services have different security levels and access permissions.
6. Client Program
Purpose: To demonstrate the implementation of these features.
Reflections
Word Count: 600-1000 words.
Content: I will discuss what I learned from external resources and how it relates to our course content. I'll also address the limitations of the program and suggest potential improvements.
Submission Guidelines
What to Submit: A single zip file containing a PDF with program execution details and reflections, and a 'src' folder with all code and a README.md file.
My Learning Journey
As I developed this project, I learned a lot about system and network security, particularly in the context of authentication and access control in web applications. I explored various external resources, including documentation, forums, and expert discussions, to enhance my understanding and skills. This project has been a valuable addition to my academic and professional growth in cybersecurity.