Scenario A specialist bicycle manufacturer operates a retail Web application based on a Linux platform. This allows customers to order a custom bicycle by selecting from a range of frames and components for assembly. It includes 'shopping-cart' functionality, where credit and debit card payments on checkout are channelled directly to the company's receiving bank's systems for authorisation and collection. The Web server is backed by a MySQL database running separately on its own Linux host.

Detailed Specification Assuming you are a qualified systems security auditor apply the typical audit process shown in Fig.1. to the scenario described.

Fig.1. Audit process

Deliverables Vulnerability report, threat / risk assessment report, audit report. Marking Scheme

Each report (deliverable) will be marked up to 100% and each of them will be treated as a separate document despite the fact that they ALL need to be merged into one WORD / PDF document uploaded to the coursework area. Your final mark for the whole report will be average mark of all the marks awarded for each of the reports. Marks distribution for each report will be the following:

 Technical depth, correctness & completeness (70%): Level of technical detail must be at least comparable to course lectures. Where a topic has been covered fully or partly in the lectures the student will have to demonstrate a greater depth of understanding and incorporate a greater level of technical detail.

 Organisation of the material and presentation (20%): Suitable sections and subsections; Introduction, Conclusions and References MUST be present and well written. The coursework document should be well formatted with correct English, good diagrams etc.  Conclusion / critical evaluation (10%)