BIF-6-WSM Web Services, Security and Management Coursework Specification 2016/17 Page 1 of 5 BIF-6-WSM Web Services, Security and Management Coursework Specification Your report must consist of the following headings and specified content for each heading. 1. Hosting Requirements 1.1.Details of Host Names http://www.bbc.co.uk http://www.theguardian.com http://www.argos.co.uk http://www.pcworld.co.uk For each of the four sites listed above, use appropriate tools to determine the following information and state it in your report.  What domain names does this site use; identify the registered hostname which has a DNS entry and any sub-domains which do not. List the IP addresses the domains resolve to.  If the site has a CNAME record what does it eventually resolve to? (If there is no CNAME record state that this is the case).  Who is the domain name registered to?  With which Domain Name Registrar is the registration made?  Compare the registrations of the four sites discussing similarities and differences and anything unusual about them. You must address these issues in your own words but should also provide the output from the diagnostic tools you used to find it out. Unnecessary portions of this output after the relevant information should be removed for the sake of saving space, however, you should cut off the end only after the required information. (10 marks) 1.2.Hosting Appraisal For any one site listed in 1.1 above, state what kind of hosting plan you would expect it to use and explain why. Use examples of hosting plans advertised by web hosting companies, and discuss their advantages and disadvantages to justify your judgement. (10 marks)BIF-6-WSM Web Services, Security and Management Coursework Specification 2016/17 Page 2 of 5 2. Security Issues 2.1.HTTPS usage http://www.bbc.co.uk https://www.reevoo.com/shopping (for this site you need not consider any area outside of /shopping) Compare the use of HTTPS on the BBC and Revoo websites at the links above, explaining how and where it is used in each site. In order to do this effectively you will need to create an account on the BBC website – this requires an email address and a post code (use the University’s postcode SE1 0AA if you are uncomfortable with using your own) and can be easily deleted after writing your assessment. You need this to observe when https is and is not used before during and after logging in to your account. You do not need to create a Revoo account. For those parts of the sites which do use https:  Assess whether this has been properly and completely implemented or whether there are any issues of concern, such as mixing insecure content with the secure content or failing to protect session cookies. Give specific examples where appropriate.  State whether “extended validation” is in use for the HTTPS certificate and explain how you know.  Discuss whether you believe an https connection is necessary or appropriate. For those parts of the sites which do not use https:  Assess how easy it would be for the site manager to implement https and identify any complications that might arise.  Discuss whether you believe an https connection is necessary or appropriate. (10 marks) 2.2.Attack Vulnerabilities http://www.argos.co.uk Considering only the Argos website, identify any features of the site which could potentially be used by an attacker to carry-out cross-site scripting or cross-site request forgery attacks.  Explain what such attacks would consist of and exactly how the site features would be used to do this.BIF-6-WSM Web Services, Security and Management Coursework Specification 2016/17 Page 3 of 5  Discuss whether there is any stated practice or policy protecting this feature of the site from such attacks, or if you would expect one to be in place even if it is not explicitly stated.  Explain how such attacks could also be prevented by technical means. (10 marks) 3. Web Services http://www.theguardian.com http://www.pcworld.co.uk 3.1.Possible Uses of Web Services Considering only the Guardian and PC-world websites, identify any possible usages it could be making of web services supplied by some other organisation to supply some of its content. For each example, outline how this would operate, explaining where the web service client code would be and when it would be executed. Both these sites do have features which might be driven by web services. Note that we cannot know for sure whether they are implemented by web service: it is enough to identify that they could be. (10 marks) 3.2.Possible Provision of Web Services Considering only the Guardian and PC-world websites, identify potential services each site could expose to clients. Explain why the service would be useful and outline an appropriate API that might be offered for at least one example in each site. The APIs must describe the available services by specifying a suitable name, the input parameters required to call it and the data it would return. (10 marks) 3.3.Possible Implementations of a Provided Web Service For the APIs you outlined in 3.2, discuss the advantages and disadvantages of offering the service using a WSDL/SOAP implementation and using a RESTful architecture. Recommend which you think is most appropriate in each case. (10 marks)BIF-6-WSM Web Services, Security and Management Coursework Specification 2016/17 Page 4 of 5 4. Semantic Web http://www.theguardian.com Using the example of a news story as displayed for reading on the Guardian website. 4.1.Draw a suitable RDF graph to describe a specific news story.  Include a screenshot of the page containing the story ensuring it shows the title of the story.  Use the URL of the story page as the root element of the graph.  Where possible, make use of Dublin core terms URIs in your graph.  For custom subjects, predicates or objects, use the prefix http://example.org/ to construct suitable URIs.  Show the literal values pertaining to the story where appropriate (but for the textual content of the story itself this is clearly not appropriate). 4.2.Provide a textual description of this graph in Turtle notation. (20 marks) The remaining 10 marks will be awarded for the overall quality of the work based upon the following criteria:  Meeting the requirements of this specification by providing all the required sections with the correct headings and addressing the correct issues under each heading.  Clear presentation of the work with suitable screenshots where useful and no unnecessary screenshots, and suitably formatted text for the output from tools.  Clear writing with good grammar and easily understandable narrative flow. (This criterion is waived for registered DDS students).BIF-6-WSM Web Services, Security and Management Coursework Specification 2016/17 Page 5 of 5 Submission Details The report is to be submitted electronically via the Turn-it-in system. Please make sure that you write in your own words and do not share your work with others. It is your responsibility to make sure that your work is kept securely: if another student were to submit portions of your work without your knowledge you would still be considered responsible for this. Note that the output from the DNS and WHOIS tools required by this assignment are very likely to be flagged up by the Turn-it-in system. This is to be expected and is not an issue. The remainder of your text should not. Submission deadline: 13:00 Thursday May 18, 2016 University rules state that coursework submitted within two weeks of the deadline will be marked but capped to the pass mark (40%). Students registered with the University as DDS students can submit up to two weeks after the deadline without their mark being capped. Work submitted after this two week period will not be marked and is treated as a non-submission, regardless of whether the student is registered DDS or not. Please note that the deadline is set to 13:00 – this is to avoid setting the deadline to midnight and the possibility of upload problems in the middle of the night. You can think that the deadline is midnight Wednesday 17th but with submission allowed until 1pm the next day. In any case do not leave it to the last minute to submit as a submission marked as late according to TurnItIn’s clock will be considered to be late.