Building Safe and Secure Website

The Charotar University of Science and Technology did not stop worrying about their students development in midst of COVID-19 pandemic as they provide chance to their students to make project as a part of curriculum. As a part of it, I am able to complete my project in this pandemic situation to add it extra to resume.

You have questions like what’s the use of this project? Where it is helpful? What it does? What is the purpose behind this project? So basically, this project is all about website security. It prevents cyberattacks of hackers by malicious shell scripting or by any other means and try to hamper website’s security. Cybersecurity is always remain a concern thing with respect to important data or information. It also provides functional and non-functional details in flowchart.

It is very useful to prevent system from malicious hackers i.e. black hat hackers who try to enter into the system by any means any try to hamper system’s security or try to theft important information from system or try to manipulate it. It can be understood by following example is, if we put our secret API key on GitHub even if by mistake, then also it may leak our charge SMS if it was of SMS’s API key, may perform or transfer funds to another account as API key work as password.Likewise, for each and every people, their data is very much crucial to them as no one wants their data to be public. So, keeping this things in mind, I have designed this project.

There are many types of attacks are possible, here, listing few of them :

Upcoming world will be cyberworld where there would be a thing like ‘data is everything’ meant to people.

What is cybersecurity?

It is a protection of internet-connected systems such as hardware, software and data from cyber-threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.

“One single vulnerabilities is all an attacker needs.” — Window Snyder

Look and Feel :

Website or else application is easily available for use in mobiles, tablets, laptops or any other devices like mega-screens or website in projectors. Like in mobiles, small screen is there and laptop has wider screen compared to mobile. So, screen adjustment should be there and this can be achieved via website or application easily. Also, font sizes and images also should be adjusted.

More devices, more users

Like in website designing, front-end and backend both can be managed via single Javascript or PHP only along with animations and by using different tools. Users can be more attracted through eye-catching websites as drastic improvement in web environment has taken place.

Technology :

Front-end : PHP, HTML, CSS, JAVASCRIPT.

Backend : MySQL.

For hosting website : cloud platform(AWS)

Tool Used:

Notepad++ Text Editor

Flow of project :

Content of website :

Whole website is designed by following sequence : index page, features, contact us, registration page, login page, home page, deposit page, withdrawal page, check balance, logout, safety measures. Whole idea will be cleared by following images.

Above image consists of 5 pages i.e. index page, contact us, login, register and features.

Above image consists of 4 page i.e. home page, deposit, withdrawal and balance page.

Want to see complete website?

Complete below video to get knowledge about how website looks like:

Hosting website on AWS :

Amazon Web Services(AWS) is a cloud platform for using different types of services without needing hardware but instead require only internet connection and one screen to see them. There are many cloud platforms like Microsoft Azure, Alibaba Cloud, IBM, Oracle cloud, Google cloud platforms(GCP) any many more. But compare to all, AWS is cheapest and also occupies 96% of total cloud platforms. First of all, I have created one VPC naming sgp having two subnets : public and private and in both of these subnets, EC2 instances are launched with inbound and outbound rules of security groups for allowing specific traffic to instances as well as NACLs(Network Access Control List) for denying specific traffic to instances along with internet gateway attached to public subnet for internet connectivity. Now, I have accessed public subnet through Putty software as instances are Linux AMI and also have accessed private instance through public subnet by using the concept of Bastion Host to make website more secure.

Database Service and enabling security services :

I have used Amazon RDS(Relational Database Service) and in that have used MySQL database to store information related to users and also try to enable security features provided by AWS like AWS WAF(Web Application Firewall) to prevent against SQL injection, AWS Shield to prevent against DDos(Distributed Denial of Service) attacks and has two levels as standard and advanced in which, advance level provides protection as well as detection, AWS SSO(Single Sign-On) service which provides unauthorized accesses from multiple users to same account and many more are available fo use. We can also create MySQL database tables through access of private EC2 instance.

Git Hub Link :

https://github.com/JanviAjudiya/Building-Secure-Website-on-AWS

2x AWS Certified