Mitigating Vulnerabilities in E-Learning Platforms
VerifiedAdded on 2025/08/25
|16
|3031
|139
AI Summary
Desklib provides solved assignments and past papers to help students succeed.
INFORMATION AND SECURITY
MANAGEMENT- ASSIGNMENT 1
MANAGEMENT- ASSIGNMENT 1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction......................................................................................................................................2
Scope................................................................................................................................................3
Risk Assessments.............................................................................................................................4
Security Strategies and Actions.......................................................................................................8
Residual Risks...............................................................................................................................10
Resources.......................................................................................................................................11
Maintenance and Training.............................................................................................................12
Conclusion.....................................................................................................................................13
References......................................................................................................................................14
Figure 1: System..............................................................................................................................3
Figure 2: Security Services..............................................................................................................4
Figure 3: System attacks..................................................................................................................5
Figure 4: Example of system...........................................................................................................8
Figure 5: Risks.................................................................................................................................9
Figure 6: Risks included................................................................................................................10
Introduction......................................................................................................................................2
Scope................................................................................................................................................3
Risk Assessments.............................................................................................................................4
Security Strategies and Actions.......................................................................................................8
Residual Risks...............................................................................................................................10
Resources.......................................................................................................................................11
Maintenance and Training.............................................................................................................12
Conclusion.....................................................................................................................................13
References......................................................................................................................................14
Figure 1: System..............................................................................................................................3
Figure 2: Security Services..............................................................................................................4
Figure 3: System attacks..................................................................................................................5
Figure 4: Example of system...........................................................................................................8
Figure 5: Risks.................................................................................................................................9
Figure 6: Risks included................................................................................................................10
Introduction
The given assessment is based on the description of the online student grading system and the
security policies related to it. There are various risks that are related to the system that are
discussed in the file and mentioned in details. The problems that are related with the distribution,
collection, grading as well as returning the assignments in the institutions may face some
logistics difficulties for ensuring the consistency as well as fairness in the grading that tends to
increase non-linearly. So the online system plays an efficient and important role in maintaining
the consistency and to eliminate these problems. But there are various risks as well that are
related to this system like any hacker can modify and change the grades online so this violates
the security policies of the institution. Various risks that are related to the system is given in this
report in detail.
The given assessment is based on the description of the online student grading system and the
security policies related to it. There are various risks that are related to the system that are
discussed in the file and mentioned in details. The problems that are related with the distribution,
collection, grading as well as returning the assignments in the institutions may face some
logistics difficulties for ensuring the consistency as well as fairness in the grading that tends to
increase non-linearly. So the online system plays an efficient and important role in maintaining
the consistency and to eliminate these problems. But there are various risks as well that are
related to this system like any hacker can modify and change the grades online so this violates
the security policies of the institution. Various risks that are related to the system is given in this
report in detail.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Scope
As the number of enrolments in the institutions is increasing so the problem in handling the
problems related to the consistency of the assignment grading is increasing. This can be resolved
by providing online management system but there are various risks that are related to the system.
Risks that include with the system are related like if a student hacks the system then the
modifications in the grades can be changed and modified by the students. Moreover other details
related to the staff and students can be changed that violates the system policies. But apart from
risks this system provides the easy assigning and remarking of the assignments that are
completed by the students by the teachers. So the scope of this assignment is high and is very
efficient for the student to check their grades online without any chaos of paper and notice
boards.
Figure 1: System
(Source: [1])
As the number of enrolments in the institutions is increasing so the problem in handling the
problems related to the consistency of the assignment grading is increasing. This can be resolved
by providing online management system but there are various risks that are related to the system.
Risks that include with the system are related like if a student hacks the system then the
modifications in the grades can be changed and modified by the students. Moreover other details
related to the staff and students can be changed that violates the system policies. But apart from
risks this system provides the easy assigning and remarking of the assignments that are
completed by the students by the teachers. So the scope of this assignment is high and is very
efficient for the student to check their grades online without any chaos of paper and notice
boards.
Figure 1: System
(Source: [1])
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Risk Assessments
As the introduction and scope provide information that the online student grading system has
some vulnerability as the system is online and can be hacked by the students easily. There is a
need to have a strong authentication of the system because the student can modify and change
their grades and not only theirs, but they can change the grades of other students as well.
Therefore, strong authentication is required and various risk prevention securities are needed.
Figure 2: Security Services
(Source: [2])
There are various potential vulnerabilities related to these systems and are discussed here:
User Authentication:
User authentication can take place when there are no enough functions of the management for
identifying the users that are logging in the systems. Therefore, it is essential for the students to
keep their password secure and safe from the attackers so that they cannot impersonate the user
sessions while changing and updating their passwords. And not only for the students but also for
teachers, they should keep their passwords secure that is used for keeping them login into the
platform and if the attacker gets the information of the teacher then they can extract other
sensitive information related to the institution and assignments.
Availability:
As the introduction and scope provide information that the online student grading system has
some vulnerability as the system is online and can be hacked by the students easily. There is a
need to have a strong authentication of the system because the student can modify and change
their grades and not only theirs, but they can change the grades of other students as well.
Therefore, strong authentication is required and various risk prevention securities are needed.
Figure 2: Security Services
(Source: [2])
There are various potential vulnerabilities related to these systems and are discussed here:
User Authentication:
User authentication can take place when there are no enough functions of the management for
identifying the users that are logging in the systems. Therefore, it is essential for the students to
keep their password secure and safe from the attackers so that they cannot impersonate the user
sessions while changing and updating their passwords. And not only for the students but also for
teachers, they should keep their passwords secure that is used for keeping them login into the
platform and if the attacker gets the information of the teacher then they can extract other
sensitive information related to the institution and assignments.
Availability:
This is another vulnerability that can affect the user’s security and can extract all the information.
This vulnerability occurs to make such platforms inaccessible for students as well as for the
teachers. This type of vulnerability can occur when the attacker uses DoS attack that is, Denial of
Service attack that sent the myriad number of requests to the servers and by this the server either
get crash or reduces the performance of the server that can result in the poor access of the
platform. This is how the attacker can easily get into the system and can misbehave [7].
Integrity:
Another risk that is related to these platforms is attack on the integrity of the users like stealing
private information of the students and teachers as well [8]. The attacker by stealing the
information of the teacher can easily access other private institution system and the data.
Moreover, integrity refers to the problems related to the stealing of the assignments of other
students. So these problems can get severe if not mitigated properly and on time.
Figure 3: System attacks
(Source: [3] )
Here come various risks and their description with the help of table form:
User Authentication and Access Control:
This vulnerability occurs to make such platforms inaccessible for students as well as for the
teachers. This type of vulnerability can occur when the attacker uses DoS attack that is, Denial of
Service attack that sent the myriad number of requests to the servers and by this the server either
get crash or reduces the performance of the server that can result in the poor access of the
platform. This is how the attacker can easily get into the system and can misbehave [7].
Integrity:
Another risk that is related to these platforms is attack on the integrity of the users like stealing
private information of the students and teachers as well [8]. The attacker by stealing the
information of the teacher can easily access other private institution system and the data.
Moreover, integrity refers to the problems related to the stealing of the assignments of other
students. So these problems can get severe if not mitigated properly and on time.
Figure 3: System attacks
(Source: [3] )
Here come various risks and their description with the help of table form:
User Authentication and Access Control:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Risks Confidentiality Integrity Availability
Hardware Installing devices to
track information.
Stealing various parts
and minimizes the
performance of the
system.
Available types of
equipment can get
stole and get disabled
which can deny the
services.
Software Unauthorized copy of
the software can be
developed.
The program can be
changed and altered
in order to perform
actions that are
unintended or can fail
the execution of
various activities.
Programs can get
deleted which led to
denying the services
to the users.
Data An unauthorized read
and writes on the data
or files can be
performed. The
analysis of the
statistical data can
reveal the data that is
underlying.
The files that may
present can be
changed or can get
fabricated by the
attackers.
Available data and
files may get deleted.
Communication Line Pop up notifications
and messages are
read already. There is
an observation related
to the traffic pattern
of the messages.
Available messages
can be altered, re-
ordered or deleted.
False messages can
be fabricated.
Updates in the
announcements and
notifications.
Deletion or removal
of important
messages can be
harmful. Notices and
announcement can be
deleted.
Communication line
may get unavailable
or get disabled.
Hardware Installing devices to
track information.
Stealing various parts
and minimizes the
performance of the
system.
Available types of
equipment can get
stole and get disabled
which can deny the
services.
Software Unauthorized copy of
the software can be
developed.
The program can be
changed and altered
in order to perform
actions that are
unintended or can fail
the execution of
various activities.
Programs can get
deleted which led to
denying the services
to the users.
Data An unauthorized read
and writes on the data
or files can be
performed. The
analysis of the
statistical data can
reveal the data that is
underlying.
The files that may
present can be
changed or can get
fabricated by the
attackers.
Available data and
files may get deleted.
Communication Line Pop up notifications
and messages are
read already. There is
an observation related
to the traffic pattern
of the messages.
Available messages
can be altered, re-
ordered or deleted.
False messages can
be fabricated.
Updates in the
announcements and
notifications.
Deletion or removal
of important
messages can be
harmful. Notices and
announcement can be
deleted.
Communication line
may get unavailable
or get disabled.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Server Security:
Risks Confidentiality Integrity Availability
Hardware Server network can
be cut.
Stealing the servers. Disabling services
related to the servers.
Data Available data on the
server can be tracked
and misused easily.
Detection of the
location of systems of
the users by attacking
their IP addresses.
Available data can be
removed from the
server.
Communication Line Communication
among the two
networks can be cut
and diverted.
Messages and
communication
networks can be
misused or stop [9].
Removal of the
messages from the
servers.
Network Security:
Risks Confidentiality Integrity Availability
Software The network can be
attacked and deny the
request by the
application to the
network.
Making similar
networks and
diverting the requests
of the networks.
Different networks
can be deleted or
attacked so as to
extract various
communication lines.
Hardware Cutting of the
networks or making
changes in hardware
tools.
Taking someone else
network types of
equipment.
Misuse with network
provider services and
devices.
Communication Line The decryption of the
bytes available on the
network can harm the
confidentiality of the
The network can
harm integrity by
attacking the requests
provided to the server
Availability of the
information on the
network can be
misused.
Risks Confidentiality Integrity Availability
Hardware Server network can
be cut.
Stealing the servers. Disabling services
related to the servers.
Data Available data on the
server can be tracked
and misused easily.
Detection of the
location of systems of
the users by attacking
their IP addresses.
Available data can be
removed from the
server.
Communication Line Communication
among the two
networks can be cut
and diverted.
Messages and
communication
networks can be
misused or stop [9].
Removal of the
messages from the
servers.
Network Security:
Risks Confidentiality Integrity Availability
Software The network can be
attacked and deny the
request by the
application to the
network.
Making similar
networks and
diverting the requests
of the networks.
Different networks
can be deleted or
attacked so as to
extract various
communication lines.
Hardware Cutting of the
networks or making
changes in hardware
tools.
Taking someone else
network types of
equipment.
Misuse with network
provider services and
devices.
Communication Line The decryption of the
bytes available on the
network can harm the
confidentiality of the
The network can
harm integrity by
attacking the requests
provided to the server
Availability of the
information on the
network can be
misused.
users [10]. and extracting
essential information.
Security Strategies and Actions
The security strategies as well as the action that is used in order to mitigate the system from
various attacks that can be mitigated by using various action [11]. Here is the list of various
methods that can be used in order to prevent the system from vulnerability of SQL injection.
Try to build a system that can check the input of the user for dangerous characters like
single quotes.
Try using the statements that are prepared and that can tell the database accurately and
exactly what need to expect before any user can provide the data that need to be passed.
There is the use of encryption of sensitive data.
The system can provide the assurance of the error messages that can give nothing away
related to the architecture of the internal systems of the application or the system that is
created.
Figure 4: Example of the system
(Source: [4])
essential information.
Security Strategies and Actions
The security strategies as well as the action that is used in order to mitigate the system from
various attacks that can be mitigated by using various action [11]. Here is the list of various
methods that can be used in order to prevent the system from vulnerability of SQL injection.
Try to build a system that can check the input of the user for dangerous characters like
single quotes.
Try using the statements that are prepared and that can tell the database accurately and
exactly what need to expect before any user can provide the data that need to be passed.
There is the use of encryption of sensitive data.
The system can provide the assurance of the error messages that can give nothing away
related to the architecture of the internal systems of the application or the system that is
created.
Figure 4: Example of the system
(Source: [4])
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
One of the major attacks that can occur to these systems is brute force attacks. This brute force
attack contains trying all the possible combination and codes of the password that can be found
until the attacker can get the right one [12]. This attack is used when the attacker wants to know
the username of the password of the students or the teacher that is already logged in to the
system. In order to know the passwords the attacker sends various request to the server of the
web along with the blank cookie field so that the total counts of the login get fails and reset to the
zero. In order to guess the usernames, there are various usernames that can be sent along with
some arbitrary passwords and if the server response is long then there are higher chances to
guess the user name right.
Figure 5: Risks
(Source: [5])
So prevention is necessary to this problem as well. This problem can be resolved by adding a
password policy in which the system can set the administration to the security and then to the site
policies [13]. This problem can get resolve by adding the ReCaptcha system on the page that is
used for the logging in purpose.
Other risks may include firewall and other and their mitigations are:
attack contains trying all the possible combination and codes of the password that can be found
until the attacker can get the right one [12]. This attack is used when the attacker wants to know
the username of the password of the students or the teacher that is already logged in to the
system. In order to know the passwords the attacker sends various request to the server of the
web along with the blank cookie field so that the total counts of the login get fails and reset to the
zero. In order to guess the usernames, there are various usernames that can be sent along with
some arbitrary passwords and if the server response is long then there are higher chances to
guess the user name right.
Figure 5: Risks
(Source: [5])
So prevention is necessary to this problem as well. This problem can be resolved by adding a
password policy in which the system can set the administration to the security and then to the site
policies [13]. This problem can get resolve by adding the ReCaptcha system on the page that is
used for the logging in purpose.
Other risks may include firewall and other and their mitigations are:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 6: Risks included
(Source: [6] )
Residual Risks
There are various residual risks that are responsible for facing unusual and different problems.
These residual risks are very harmful and can remain in the system for a long period of time
without any clue to any other person. The other basic risks are already discussed above but here
the residual risk is discussed and explained [14]. The security problem that may occur when a
session gets hijacks and this attack when the session is hijacked then the control of the user from
the system get snatched and the whole system can get accessed by the attacker. To be clear and
specific, Session hijacking is one act that takes control of user session after it gets successfully
obtain and generate the session of the authentication of the session ID.
The session hijack includes the attacker by using captured and brute-forced and reverse engineer
ID of the sessions in order to seize the control of the user that is legitimate of the session of web
application. There are various methods through which the session hijacking can be prevented and
they can be mitigated by using these preventive actions:
The ID of the session should be long enough as well as it should be unpredictable.
It is necessary to check the proper validation of the session ID.
(Source: [6] )
Residual Risks
There are various residual risks that are responsible for facing unusual and different problems.
These residual risks are very harmful and can remain in the system for a long period of time
without any clue to any other person. The other basic risks are already discussed above but here
the residual risk is discussed and explained [14]. The security problem that may occur when a
session gets hijacks and this attack when the session is hijacked then the control of the user from
the system get snatched and the whole system can get accessed by the attacker. To be clear and
specific, Session hijacking is one act that takes control of user session after it gets successfully
obtain and generate the session of the authentication of the session ID.
The session hijack includes the attacker by using captured and brute-forced and reverse engineer
ID of the sessions in order to seize the control of the user that is legitimate of the session of web
application. There are various methods through which the session hijacking can be prevented and
they can be mitigated by using these preventive actions:
The ID of the session should be long enough as well as it should be unpredictable.
It is necessary to check the proper validation of the session ID.
It is necessary to check if the ID of the session is generated by the help of application and
it should not be introduced manually by the user.
Regeneration of the session ID after the long period of time or when the privilege of the
users is changed.
Make sure that only cookies are used in order to propagate the session ID.
The session should expire on security errors.
Try to avoid using the option ‘remember me’ in order to save the passwords on the login
sessions.
The system should be capable of expiring the sessions after some time of the inactivity on
the screen.
Try to remove the session cookies after the session gets destroyed.
Therefore, all these preventive measures can protect the system from the residual risk that may
protect the system from vulnerabilities as well as risks that can harm the overall system.
Resources
For performing mitigation of the vulnerabilities of the system there are various resources that
need to check on time so that all the security system that is taken are maintained appropriately
and for a longer time. These resources can involve hardware requirements, software
requirements, and human resources as well. If the discussion is on software resource in order to
maintain the security then it is already mentioned above that use of ReCaptcha can mitigate the
risk. Moreover, the use of different developed security system in the software can help in
mitigating the system from vulnerabilities. The use of session expiration on inactivity can be
added in the system. This is the software requirement of the system. The human resource of the
system can be teacher and the students that are user and login into the system. The option of
remembering password or save password can be avoided by the user so that in case of slight
chances of hacking these passwords cannot be checked by the users. Use of virtual machine
server also can be used in order to prevent the risks.
The hardware security includes the types of equipment and tools used in the system for the
development and the security that is used here is to take care of the equipments that are used so
that the attacker may not steal the equipments related to the security of the system. Moreover, it
it should not be introduced manually by the user.
Regeneration of the session ID after the long period of time or when the privilege of the
users is changed.
Make sure that only cookies are used in order to propagate the session ID.
The session should expire on security errors.
Try to avoid using the option ‘remember me’ in order to save the passwords on the login
sessions.
The system should be capable of expiring the sessions after some time of the inactivity on
the screen.
Try to remove the session cookies after the session gets destroyed.
Therefore, all these preventive measures can protect the system from the residual risk that may
protect the system from vulnerabilities as well as risks that can harm the overall system.
Resources
For performing mitigation of the vulnerabilities of the system there are various resources that
need to check on time so that all the security system that is taken are maintained appropriately
and for a longer time. These resources can involve hardware requirements, software
requirements, and human resources as well. If the discussion is on software resource in order to
maintain the security then it is already mentioned above that use of ReCaptcha can mitigate the
risk. Moreover, the use of different developed security system in the software can help in
mitigating the system from vulnerabilities. The use of session expiration on inactivity can be
added in the system. This is the software requirement of the system. The human resource of the
system can be teacher and the students that are user and login into the system. The option of
remembering password or save password can be avoided by the user so that in case of slight
chances of hacking these passwords cannot be checked by the users. Use of virtual machine
server also can be used in order to prevent the risks.
The hardware security includes the types of equipment and tools used in the system for the
development and the security that is used here is to take care of the equipments that are used so
that the attacker may not steal the equipments related to the security of the system. Moreover, it
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 16
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.