Professional Documents
Culture Documents
ACCESS CONTROL
VULNERABILITY
MEMBER
MANAK JAIN (125)
P a g e 14 | 27
P a g e 15 | 27
DECLARATION
I the undersigned solemnly declare that the project report ACCESS CONTROL
VULNERABILITY is based honor own work carried out during the course of our study under
the supervision of Prof. Satish Kale
I assert the statements made and conclusions drawn are an outcome of my research work.
I further certify that
I. The work contained in the report is original and has been done by me under the
general supervision of my supervisor.
II. The work has not been submitted to any other Institution for any other
degree/diploma/certificate in this university or any other University of India or
abroad.
III. We have followed the guidelines provided by the university in writing the report.
IV. Whenever we have used materials (data, theoretical analysis, and text) from other
sources, we have given due credit to them in the text of the report and giving their
details in the references.
Signature: -
P a g e 16 | 27
ACKNOWLEDGEMENTS
P a g e 17 | 27
CONTENTS
1 Abstract 7
2 Introduction 8
3 System Analysis 9
4 Design and Development 10
5 Structural Design 11
6 Access Control Vulnerability System 12
7 Benefits of Access Control Vulnerability 14
8 Modern Pillars of Access Control Vulnerability 16
9 Project Management 17
10 Diagrams 18
11 Use Case Diagrams 19
12 Implementation 20
1. Home page
2. Stored data
3. Backend code
4. Finding the ADMIN Vulnerability
5. Found Vulnerability
6. Accessing Vulnerability
13 Conclusion 22
14 References 23
P a g e 18 | 27
ABSTRACT
P a g e 19 | 27
INTRODUCTION
P a g e 20 | 27
SYSTEM ANALYSIS
P a g e 21 | 27
DESIGN AND DEVELOPMENT
Design and development of system access vulnerability involves the implementation
of security controls to protect an organization's resources, systems, and data from
unauthorized access. This process begins with the identification of critical assets that
require protection and the development of access control policies and procedures.
Access control mechanisms, such as passwords, biometrics, ACLs, and RBAC, are
designed and implemented to enforce these policies and procedures.
During the design and development phase, potential access control vulnerabilities
are identified, and security controls are implemented to mitigate these
vulnerabilities. For example, password policies may be established to require
complex passwords and regular password changes, or multi-factor authentication
may be implemented to add an additional layer of security.
| 27 P a g e 22 | 27
STRUCTURAL DESIGN OF ACCESS CONTROL
VULNERABILITY
The structural design of system access vulnerability involves creating a framework
that outlines the access control mechanisms, policies, and procedures necessary to
protect an organization's resources, systems, and data from unauthorized access. This
design begins by identifying the critical assets that require protection and defining the
access control policies and procedures necessary to protect them.
The structural design typically includes the following elements:
1. Access control mechanisms: This includes the various methods used to control
access, such as passwords, biometrics, ACLs, and RBAC.
4. Security policies: This includes the policies and procedures necessary to ensure
the security of the organization's resources and data, including password policies,
data encryption policies, and user access policies.
6. User training and awareness: This includes training and awareness programs
designed to educate users on the importance of security and how to properly use the
access control mechanisms and policies.
P a g e 23 | 27
ACCESS CONTROL VULNERABILITY SYSTEM
The system access control vulnerability system typically includes the following
components:
1. Access control policies: These are policies and procedures that define how access
to an organization's resources is managed, including who can access them, how access is
granted, and what actions users are authorized to perform.
2. Access control mechanisms: These are the technologies used to enforce access
control policies, such as passwords, biometrics, ACLs, and RBAC.
5. Security policies and controls: These policies and controls are designed to
protect the organization's resources and data from unauthorized access, including data
encryption policies, network security controls, and security monitoring tools.
6. User training and awareness programs: These programs are designed to educate
users on the importance of security and how to properly use the access control
mechanisms and policies.
P a g e 24 | 27
BENEFITS OF USING STUDENT DATABASE SYSTEM
P a g e 25 | 27
MODERN PILLARS OF STUDENT DATABASE SYSTEM
The modern pillars of access control vulnerability refer to the key components that
are essential for effective access control in modern organizations. These pillars
include:
1. Identity and Access Management (IAM): This pillar focuses on managing and
controlling user access to resources and systems based on their identity, role, and job
function. IAM includes technologies such as authentication and authorization
mechanisms, multi-factor authentication, and user provisioning and deprovisioning
processes.
5. Cloud Access Security Broker (CASB): This pillar focuses on managing and
securing access to cloud-based applications and data. CASB includes technologies
such as cloud application discovery, data loss prevention, and cloud access controls.
P a g e 26 | 27
PROJECT MANAGEMENT
Risk management
P a g e 27 | 27
DIAGRAMS OF ACCESS CONTROL VULNERABILITY
P a g e 28 | 27
USE CASE DIAGRAM OF DATABASE SYSTEM
P a g e 29 | 27
IMPLEMENTATION
1. SCREENSHOT OF THE HOMEPAGE
P a g e 30 | 27
3. BACKEND HTML SCREENSHOT OF CODE
P a g e 31 | 27
5. ACCESS CONTROL VULNERABILITY FOUND
P a g e 32 | 27
CONCLUSION
The modern pillars of access control vulnerability, including IAM, PAM, NAC,
DAG, and CASB, provide a comprehensive framework for organizations to
manage and control access to their resources and data.
Effective risk management is also essential for addressing potential security risks
and ensuring that access control measures remain effective over time.
P a g e 33 | 27
REFERENCES
1. NIST Special Publication 800-53: Security and Privacy Controls for Federal
Information Systems and Organizations -
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
P a g e 34 | 27
P a g e 35 | 27