Faculty of Computing and Information Technology
Diploma in Science (Internet Technology) Year 2
Academic Year 2018/2019
AACS3023 Web Application Programming
Assignment: Web Technology Research
Programme : DIT2
Tutorial Group : A3
Student Name : Michelle Yang Tzy Wen17JMD01953
Supervisor : Ms. Leong Pui Huang
Date Submitted to Tutor : Date/Time Received : On time / Late
(If any) : Signature : Declaration
We confirm that we have read and shall comply with all the terms and conditions of TAR University College’s plagiarism policy.
We declare that this assignment is free from all forms of plagiarism and for all intents and purposes is my own properly derived work.
Programme: DIT2 Student Name: Michelle Yang Tzy Wen
Tutorial Class: A3 Student ID No.: 17JMD01953
CRITERIA TOTAL MARK POOR AVERAGE GOOD EXCELLENCE MARK
Quality of research topic 2 0 mark
The topic is not clearly defined. 1 mark
The topic is focused but lacks direction. 2 marks
The topic is focused narrowly enough for the scope of this assignment. Report Format
2 0 mark
No TOC, page number, header and sub header. Inconsistent format. 1 mark
TOC, page number, header and sub header are given. Majority of the contents are formatted consistently. 2 marks
TOC, page number, header and sub header are given. Formally presented with consistent format and easy-to-follow structure. Spelling and Grammar
Contains numerous grammatical and spelling errors.
Contains few grammatical and spelling errors.
Rules of grammar are followed. Spelling is correct. Diagrams and Figures 2
No diagrams and figures used.
Contains few diagrams and figures used. 2 marks
Appropriate diagrams and figures used. In-text citations and end references 2
No cited works used. 1 mark
Some cited works are done in the correct format. In consistencies evident. 2 marks
All cited works are done in the correct format with no errors. Report Content 10
0 – 2 marks
Required details are not given. Contents are poorly elaborated. 3 – 5 marks
Required details are given. Contents are elaborated well. 6 – 7 marks
Required details are given. Contents are elaborated in detailed. 8 – 10 marks
Detailed descriptions are given. Good elaborations. All essential details are given. Total
Turnitin Report (1st page only)
Web Technology Research Topic: Movie Ticket System (Security Module)
Even though the movie ticket system has security, but it does not mean that your account will be safe. It is due to some of the hackers are able to manage to hack your account to steal your identities especially your bank account. It is a serious problem that we faced. In order to protect the customers’ accounts, our system do have a software called password encryption. Unfortunately, the hackers are able to decrypt the passwords. It is not an easy task to decrypt the passwords, unless they are a skilful hacker. It will lead some of the customers feel unsafe to enter their bank account numbers.
Figure 1: It shows the hacker hack the system
Another problem that we faced is the checkbox remember me. It is convenience and save time for users because they do not need to type their usernames and passwords whenever they log in. However it is insecure because if user’s laptop or any devices are stolen by the thief, they can just log in and know user’s identities.
Figure 2: It shows the remember me checkbox
In order to overcome the existing problems that we faced, we used captcha to solve the problems. Captcha is the short form of Completely Automated Public Turing test to tell Computers and Human Apart. It is a software that provide a security for us. It helps us to determine whether we are a human or a bot when we do the registration and others. It shows users a series of disfigure words and users need to figure out and type it in a textbox below the disfigure words box.
The reason why we install this captcha is because we want to prevent bots or spammers to create any problems to customers. Especially when users create a new account. It also protect the users’ account from hacking. Most of the hackers are create a bot and hack the accounts or change the users’ passwords to let the users cannot log in to their accounts. Some of the hackers will keep on spamming the useless comments to users. Hence, captcha will block all of the comments and it only allow human can comment. It is easy to implement in the website because the software developer just need to type the coding in the program within few hours.
There are some few issues that we faced when we are using captcha. We cannot prevent all the spams all the time. Some of the hackers are still able to break the system and the bots are still able to spam. Present days, not all the bots are unable to read the disfigure words. The hackers may create a new bots which they can read the words and hack users’ accounts. Not all the users can read the disfigure words so they are difficult to figure out what are those words and it will lead to time-consuming. Some of the users may find it very annoying because whenever they change the info during registration, they need to type the captcha again and again.
Figure 3: Example of captcha
Due to the captcha cannot solve all the problems, now we implement re-captcha to replace the captcha. It has the same function as captcha is to protect the website from spammers or bots and prevent the hackers from hacking users’ accounts. It also distinguish whether you are a human or bots. The different between these captcha and re-captcha is that re-captcha ask the users to choose the pictures. For example, it show 9 different pictures but 3 of them are bicycle. It want the users to select the bicycle only. Therefore, users need to choose the pictures which are the bicycle. This method is secure compared to captcha. It is because the hackers create a bot which can read the words. Bots do not know how to figure out the pictures, it is because every users will get the different questions and pictures. Users are easy to know the pictures rather than disfigured words. It is hard for them to crack it. It will lead the customers feel safe to enter their details.
Figure 4: Example of re-captcha
Figure 5: Let the users to choose the pictures that must match with the tittle requirement.
Step 1: Install “Install-Package reCAPTCHA.MVC”
Step 2: Add the public and private key in appSettings
Step 3: Modify the form
Step 4: Implement the Controller Action
Strengths and Weaknesses
Re-captcha is not easy to get spam compare to captcha because bots do not know which pictures to select and also do not know what kind of images are inside each box. Bots are created by human means that they are rigid. This will make the hackers hard to hack users’ account. The hackers are not easy to crack the re-captcha because it keep on evolve the functions. Now they evolve until version 3. If the hackers are able to crack it, which mean that they are a skilful and expert hackers. Up to now no one can crack it. By now, re-captcha is the safest security in website. Most of the users trust re-captcha rather than captcha. It easy to figure out whether you are a bot or not. If we still using captcha but still able to figure out the words and enter it by itself.
Someday, people will able to crack re-captcha because regardless how good you create a software, it will have a weakness. It is just that see when the hackers will figure it out. Sometime users may find it annoying because when they choose the correct pictures but it still want them to do the second times but it is not the same question and pictures.
We can use biometric in the future. For example, when users want to log in their account through phone, they can use finger print to log in. It is due to every person has different finger print. Therefore they do not need to type their username and password. If they use laptop to log in, it can scan their face shape or eye to scan through the camera.
We can send code to the users and they need to enter within 1 minute. If 1 minute is over, the code will be expired and they need to resend it again. The code can either send it through their phone or their email. It is to make sure that it is the user who log in to their account. If unauthorized people want to log in your account, the users will know about it because the code will send it to users’ phone or email.
Jardine, J. (2018). Remember Me Features. online Developsec.com. Available at: https://www.developsec.com/2017/01/17/remember-me-features/ Accessed 23 Nov. 2018.
Help.justgiving.com. (2018). online Available at: https://help.justgiving.com/hc/article_attachments/115001852365/Log_in.PNG Accessed 23 Nov. 2018.
SearchSecurity. (2018). What is the purpose of CAPTCHA technology?. online Available at: https://searchsecurity.techtarget.com/answer/What-is-the-purpose-of-CAPTCHA-technology Accessed 23 Nov. 2018.
Humanity, P. (2018). The Pros and Cons of CAPTCHAs « Phil for Humanity. online Philforhumanity.com. Available at: https://www.philforhumanity.com/Pros_and_Cons_of_CAPTCHAs.html Accessed 23 Nov. 2018.
TechVoi. (2018). 4 Benefits of Captcha that Make it a Must-Have for Every Website. online Available at: http://techvoi.com/4-benefits-of-captcha-that-make-it-a-must-have-for-every-website/ Accessed 23 Nov. 2018.
Lifewire.com. (2018). online Available at: https://www.lifewire.com/thmb/vY_4Fz-mzkObfBuKZ0-AbkvhR8w=/768×0/filters:no_upscale():max_bytes(150000):strip_icc()/captcha2-582d29295f9b58d5b1a6a292.PNG Accessed 23 Nov. 2018.
Sophosnews.files.wordpress.com. (2018). online Available at: https://sophosnews.files.wordpress.com/2017/11/recaptcha.png?w=780&h=408&crop=1 Accessed 23 Nov. 2018.
Bitbay.net. (2018). online Available at: https://bitbay.net/images/d/f/f/4/e/dff4e12d653d5d46b3343482bab4d3306bc771d5-recaptcha.png Accessed 23 Nov. 2018.
closed, H. (2018). How to implement reCaptcha for ASP.NET MVC?. online Stack Overflow. Available at: https://stackoverflow.com/questions/4611122/how-to-implement-recaptcha-for-asp-net-mvc Accessed 23 Nov. 2018.