MINI-PROJECT REPORT

ACCESS CONTROL
VULNERABILITY

UNDER THE SUBJECT OF

CYBER SECURITY
MINI PROJECT: 317536

UNDER THE GUIDANCE OF

(PROF. SATISH KALE)

MEMBER
MANAK JAIN (125)

P a g e 14 | 27
P a g e 15 | 27
 DECLARATION

I the undersigned solemnly declare that the project report ACCESS CONTROL
VULNERABILITY is based honor own work carried out during the course of our study under
the supervision of Prof. Satish Kale

I assert the statements made and conclusions drawn are an outcome of my research work.
I further certify that

I. The work contained in the report is original and has been done by me under the
general supervision of my supervisor.
II. The work has not been submitted to any other Institution for any other
degree/diploma/certificate in this university or any other University of India or
abroad.
III. We have followed the guidelines provided by the university in writing the report.
IV. Whenever we have used materials (data, theoretical analysis, and text) from other
sources, we have given due credit to them in the text of the report and giving their
details in the references.

Name: - MANAK JAIN

Roll. No.: - 125

Signature: -

P a g e 16 | 27
 ACKNOWLEDGEMENTS

I would like to express my sincere gratitude to my supervisors

Prof. Swati Kadu for providing their invaluable guidance, comments and suggestions
throughout the course of the project. I would specially thank for constantly motivating us to
work harder.

P a g e 17 | 27
 CONTENTS

SR.NO. TOPIC PAGE

1 Abstract 7
2 Introduction 8
3 System Analysis 9
4 Design and Development 10
5 Structural Design 11
6 Access Control Vulnerability System 12
7 Benefits of Access Control Vulnerability 14
8 Modern Pillars of Access Control Vulnerability 16
9 Project Management 17
10 Diagrams 18
11 Use Case Diagrams 19
12 Implementation 20
1. Home page
2. Stored data
3. Backend code
4. Finding the ADMIN Vulnerability
5. Found Vulnerability
6. Accessing Vulnerability

13 Conclusion 22
14 References 23

P a g e 18 | 27
 ABSTRACT

Access control vulnerability refers to a security weakness that allows

unauthorized access to a system or resource. These vulnerabilities can occur
due to various reasons, such as misconfigured access control policies, weak
passwords, and outdated software. They can be exploited by attackers to gain
access to sensitive information, steal data, or cause damage to the system.
Access control vulnerabilities pose a significant risk to organizations, as they
can lead to financial losses, reputational damage, and legal consequences. To
mitigate these risks, organizations should implement robust access control
mechanisms, such as multifactor authentication, rolebased access control, and
regular security audits. Additionally, users should be educated on best
practices for password management and safe browsing habits. Continuous
monitoring and prompt response to security incidents are also critical in
preventing access control vulnerabilities.

P a g e 19 | 27
 INTRODUCTION

Access control vulnerability refers to a security weakness that allows

unauthorized users to gain access to sensitive information, systems, or
resources that they are not supposed to have access to. This vulnerability can
arise due to a variety of reasons, including flaws in the design or
implementation of access control mechanisms, human error, or malicious
intent.

Access control is an essential component of any security system, as it ensures

that only authorized users are allowed to access specific resources. Access
control can be enforced through various mechanisms, such as passwords,
biometrics, access control lists (ACLs), and role-based access control (RBAC).

However, access control vulnerabilities can compromise the security of an

organization's assets and data. Some examples of access control vulnerabilities
include weak passwords, lack of proper authentication and authorization
mechanisms, outdated access control mechanisms, and misconfigured security
settings.

It is crucial to identify and address access control vulnerabilities promptly to

prevent unauthorized access and data breaches. Regular security assessments
and vulnerability scans can help identify access control vulnerabilities and
remediate them before they are exploited by attackers.

P a g e 20 | 27
 SYSTEM ANALYSIS

System analysis of access control vulnerability involves a comprehensive

review of an organization's access control mechanisms and policies to identify
any potential security weaknesses. This analysis begins by identifying critical
resources, systems, and data that require protection from unauthorized access.
Next, the existing access control mechanisms in place, such as passwords,
biometrics, ACLs, and RBAC, are analyzed, including the configuration,
policies, and procedures in place to manage access controls. A thorough
analysis is conducted to identify any potential vulnerabilities or weaknesses in
the access control mechanisms and policies. Risk assessment is then
performed to evaluate the potential impact of access control vulnerabilities on
the organization's assets, systems, and data. The remediation plan involves
updating access control policies and mechanisms, implementing additional
security controls, and conducting user training and awareness programs.
Regular monitoring and review processes are implemented to ensure that the
access control mechanisms and policies remain effective and to identify any
new vulnerabilities that may arise. Overall, system analysis of access control
vulnerability helps to ensure that the access control mechanisms and policies
are effective in protecting the organization's assets and data from unauthorized
access and data breaches.

P a g e 21 | 27
 DESIGN AND DEVELOPMENT
Design and development of system access vulnerability involves the implementation
of security controls to protect an organization's resources, systems, and data from
unauthorized access. This process begins with the identification of critical assets that
require protection and the development of access control policies and procedures.
Access control mechanisms, such as passwords, biometrics, ACLs, and RBAC, are
designed and implemented to enforce these policies and procedures.

During the design and development phase, potential access control vulnerabilities
are identified, and security controls are implemented to mitigate these
vulnerabilities. For example, password policies may be established to require
complex passwords and regular password changes, or multi-factor authentication
may be implemented to add an additional layer of security.

Overall, the design and development of system access vulnerability requires a

comprehensive approach that involves the implementation of access control
mechanisms and other security controls, along with ongoing monitoring and
assessment to ensure that the security measures remain effective over time.

| 27 P a g e 22 | 27
 STRUCTURAL DESIGN OF ACCESS CONTROL
VULNERABILITY
The structural design of system access vulnerability involves creating a framework
that outlines the access control mechanisms, policies, and procedures necessary to
protect an organization's resources, systems, and data from unauthorized access. This
design begins by identifying the critical assets that require protection and defining the
access control policies and procedures necessary to protect them.
The structural design typically includes the following elements:
1. Access control mechanisms: This includes the various methods used to control
access, such as passwords, biometrics, ACLs, and RBAC.

2. Authentication mechanisms: This includes the methods used to verify the

identity of users, such as usernames and passwords, smart cards, or biometric data.

3. Authorization mechanisms: This includes the methods used to determine what

level of access users are granted, based on their role or position within the
organization.

4. Security policies: This includes the policies and procedures necessary to ensure
the security of the organization's resources and data, including password policies,
data encryption policies, and user access policies.

5. Security controls: This includes the various security controls implemented to

prevent unauthorized access attempts, such as firewalls, intrusion detection systems,
and security monitoring tools.

6. User training and awareness: This includes training and awareness programs
designed to educate users on the importance of security and how to properly use the
access control mechanisms and policies.

Overall, the structural design of system access vulnerability requires a

comprehensive approach that includes multiple access control mechanisms,
authorization and authentication processes, security policies and controls, and user
training and awareness programs. A well-designed access control system can help to
protect an organization's resources and data from unauthorized access and potential
data breaches. organization's resources and data from unauthorized access and
potential data breaches.

P a g e 23 | 27
 ACCESS CONTROL VULNERABILITY SYSTEM

System access control vulnerability system is a set of processes, policies, and

technologies designed to manage and control access to an organization's resources,
systems, and data. The purpose of the system is to prevent unauthorized access to
sensitive information and ensure that only authorized personnel can access critical assets.

The system access control vulnerability system typically includes the following
components:

1. Access control policies: These are policies and procedures that define how access
to an organization's resources is managed, including who can access them, how access is
granted, and what actions users are authorized to perform.

2. Access control mechanisms: These are the technologies used to enforce access
control policies, such as passwords, biometrics, ACLs, and RBAC.

3. Authorization mechanisms: These mechanisms determine what level of access

users are granted, based on their role or position within the organization.

4. Authentication mechanisms: These mechanisms are used to verify the identity of

users before granting access to resources.

5. Security policies and controls: These policies and controls are designed to
protect the organization's resources and data from unauthorized access, including data
encryption policies, network security controls, and security monitoring tools.

6. User training and awareness programs: These programs are designed to educate
users on the importance of security and how to properly use the access control
mechanisms and policies.

A well-designed system access control vulnerability system can help to prevent

unauthorized access to an organization's resources and data, reducing the risk of data
breaches and other security incidents. The system should be regularly reviewed and
updated to ensure that it remains effective in protecting the organization's critical assets

P a g e 24 | 27
 BENEFITS OF USING STUDENT DATABASE SYSTEM

Access control vulnerability offers several benefits for organizations, including:

1. Protection of critical assets: Access control vulnerability ensures that only

authorized personnel can access critical assets, such as confidential data, sensitive
systems, and resources. This helps to prevent unauthorized access and reduces the
risk of data breaches and other security incidents.

2. Compliance with regulations: Many industries are subject to strict regulations

regarding data protection and security. Access control vulnerability can help
organizations comply with these regulations by ensuring that access to sensitive data
is limited to authorized personnel.

3. Improved security: Access control vulnerability provides multiple layers of

security, including authentication, authorization, and access control mechanisms.
These layers of security make it more difficult for unauthorized individuals to gain
access to an organization's resources.

4. Reduced risk of insider threats: Access control vulnerability can help to

prevent insider threats by limiting access to critical assets to only authorized
personnel. This reduces the risk of intentional or accidental damage caused by
employees or contractors who have access to sensitive data and systems.

5. Increased visibility and control: Access control vulnerability provides

organizations with greater visibility and control over who is accessing their
resources and systems. This allows organizations to identify and respond to potential
security threats more quickly and effectively.

Overall, access control vulnerability is an essential component of any organization's

security strategy. By limiting access to critical assets to only authorized personnel
and implementing multiple layers of security, organizations can significantly reduce
the risk of data breaches and other security incidents.One of the mantras to improve
academic performance is by constantly monitoring your pace. Therefore, with the
help of school administration software, the students utilize their time on studies and
all the other tasks, unlike keeping track of their performance; maintaining records all
are handled by SMS software.

P a g e 25 | 27
MODERN PILLARS OF STUDENT DATABASE SYSTEM

The modern pillars of access control vulnerability refer to the key components that
are essential for effective access control in modern organizations. These pillars
include:

1. Identity and Access Management (IAM): This pillar focuses on managing and
controlling user access to resources and systems based on their identity, role, and job
function. IAM includes technologies such as authentication and authorization
mechanisms, multi-factor authentication, and user provisioning and deprovisioning
processes.

2. Privileged Access Management (PAM): This pillar is specifically designed to

manage and control access to privileged accounts and resources, such as
administrator accounts and critical systems. PAM includes technologies such as
password vaults, session recording, and just-in-time access.

3. Network Access Control (NAC): This pillar focuses on controlling access to

networks and network resources, such as switches, routers, and servers. NAC
includes technologies such as network segmentation, network admission control,
and network policy enforcement.

4. Data Access Governance (DAG): This pillar focuses on governing and

controlling access to sensitive data, such as personally identifiable information (PII)
and financial data. DAG includes technologies such as data classification, data
access controls, and data masking.

5. Cloud Access Security Broker (CASB): This pillar focuses on managing and
securing access to cloud-based applications and data. CASB includes technologies
such as cloud application discovery, data loss prevention, and cloud access controls.

These pillars are designed to work together to provide a comprehensive access

control solution that can effectively protect an organization's resources, systems, and
data from unauthorized access. By implementing these modern pillars of access
control vulnerability, organizations can significantly reduce the risk of data breaches
and other security incidents, improve compliance with regulations, and enhance
overall security posture.

P a g e 26 | 27
 PROJECT MANAGEMENT
Risk management

Risk management in access control vulnerability refers to the process of identifying,

assessing, and mitigating risks associated with access control in an organization. The
goal of risk management is to reduce the likelihood and impact of potential security
incidents, such as data breaches, by implementing effective access control measures.

Effective risk management in access control vulnerability can help organizations to

proactively identify and address potential security risks before they result in security
incidents. By implementing a robust risk management process, organizations can
ensure that access control measures remain effective in protecting their resources,
systems, and data from unauthorized access.

P a g e 27 | 27
DIAGRAMS OF ACCESS CONTROL VULNERABILITY

P a g e 28 | 27
USE CASE DIAGRAM OF DATABASE SYSTEM

P a g e 29 | 27
 IMPLEMENTATION
1. SCREENSHOT OF THE HOMEPAGE

2. HOW DOES A STORED DATA LOOK LIKE

P a g e 30 | 27
3. BACKEND HTML SCREENSHOT OF CODE

4) FINDING THE ADMIN VULNERABILITY IN THE WEBSITE

P a g e 31 | 27
5. ACCESS CONTROL VULNERABILITY FOUND

6. SUCCESSFULLY ACCESSED THE VULNERABILITY

P a g e 32 | 27
 CONCLUSION

In conclusion, access control vulnerability is a critical component of an

organization's overall security posture. By implementing effective access control
measures, organizations can protect their resources, systems, and data from
unauthorized access and reduce the likelihood and impact of security incidents.

The modern pillars of access control vulnerability, including IAM, PAM, NAC,
DAG, and CASB, provide a comprehensive framework for organizations to
manage and control access to their resources and data.

Effective risk management is also essential for addressing potential security risks
and ensuring that access control measures remain effective over time.

By implementing best practices, such as a defense-in-depth strategy and regular

security assessments and audits, organizations can further enhance their access
control posture and protect against emerging security threats.

As technology continues to evolve, access control vulnerability will remain a

critical aspect of organizational security. By staying up-to-date with the latest
tools, technologies, and best practices, organizations can remain prepared to
address emerging security threats and protect their resources, systems, and data
from unauthorized access.

P a g e 33 | 27
 REFERENCES

1. NIST Special Publication 800-53: Security and Privacy Controls for Federal
Information Systems and Organizations -
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final

2. ISO/IEC 27001: Information Security Management System Standard -

https://www.iso.org/isoiec-27001-information-security.html

3. CIS Controls: Center for Internet Security -

https://www.cisecurity.org/controls/

4. OWASP Top Ten Project: Security Risks for Web Applications -

https://owasp.org/Top10/

5. SANS Institute: Access Control Policy Implementation -

https://www.sans.org/reading-room/whitepapers/policyissues/access-
controlpolicy-implementation-32838

6. "Access Control Vulnerabilities and Exploits" by Bhavani Thuraisingham -

https://www.springer.com/gp/book/9780387231092

7. "A Framework for Access Control Vulnerability Analysis" by Karim Dahman

and Robert Sloan -
https://www.sciencedirect.com/science/article/pii/S0167404813000515

8. "Access Control Mechanisms for Cloud Computing: A Systematic Review"

by Rafael Timoteo de Sousa Junior and Rodrigo Elia Assad -
https://ieeexplore.ieee.org/document/8450545

9. "Access Control Vulnerability in Database Applications: An Experimental

Study" by Luciano C. L. Ferreira, Rafael S. Werner, and Rodrigo T. M. de
Souza -
https://www.sciencedirect.com/science/article/pii/S1574013720300274

10. "Access Control Vulnerability Management in Service-Oriented

Architectures" by Carlos E. Rubio-Medrano, Mario G. López-Mendoza, and
Oscar A. EsquivelFlores - https://ieeexplore.ieee.org/document/6975206

P a g e 34 | 27
P a g e 35 | 27