Web Application Security Report: PHP-based London Tours Website
VerifiedAdded on  2025/04/14
|21
|1315
|92
AI Summary
Desklib provides past papers and solved assignments for students. This report analyzes web application security in a PHP-based London tour website.
Web Application Security
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction......................................................................................................................................3
Comparison of Web server-side technologies.................................................................................4
Web Security Controls.....................................................................................................................5
Future enhancements.......................................................................................................................9
Conclusion.....................................................................................................................................10
References......................................................................................................................................11
Appendix........................................................................................................................................12
List of Figures
Figure 1: Parameters on which various server-side technologies are compared.............................5
Figure 2: Form validations by HTML.............................................................................................6
Figure 3: Form Validation using PHP.............................................................................................6
Figure 4: Form Validation using PHP.............................................................................................7
Figure 5: Sanitizing data using PHP Functions...............................................................................7
Figure 6: Sanitizing data using PHP Functions...............................................................................8
Figure 7: Preventing SQL Injection.................................................................................................8
Figure 8: Home Page.....................................................................................................................12
Figure 9: About Us........................................................................................................................13
Figure 10: Booking Page...............................................................................................................14
Figure 11: Contact Us Page...........................................................................................................15
Figure 12: Registration Page.........................................................................................................16
Figure 13: Dashboard Home Page.................................................................................................17
Figure 14: Add Tour Page.............................................................................................................17
Figure 15: View Tour Page............................................................................................................18
Figure 16: Booking Page...............................................................................................................19
Figure 17: Registration Table........................................................................................................19
Figure 18: Registered Entries........................................................................................................19
Figure 19: Images Table................................................................................................................19
Figure 20: Images Entries..............................................................................................................20
Figure 21: Booking Search Table..................................................................................................20
Figure 22: Booking Table..............................................................................................................20
2
Introduction......................................................................................................................................3
Comparison of Web server-side technologies.................................................................................4
Web Security Controls.....................................................................................................................5
Future enhancements.......................................................................................................................9
Conclusion.....................................................................................................................................10
References......................................................................................................................................11
Appendix........................................................................................................................................12
List of Figures
Figure 1: Parameters on which various server-side technologies are compared.............................5
Figure 2: Form validations by HTML.............................................................................................6
Figure 3: Form Validation using PHP.............................................................................................6
Figure 4: Form Validation using PHP.............................................................................................7
Figure 5: Sanitizing data using PHP Functions...............................................................................7
Figure 6: Sanitizing data using PHP Functions...............................................................................8
Figure 7: Preventing SQL Injection.................................................................................................8
Figure 8: Home Page.....................................................................................................................12
Figure 9: About Us........................................................................................................................13
Figure 10: Booking Page...............................................................................................................14
Figure 11: Contact Us Page...........................................................................................................15
Figure 12: Registration Page.........................................................................................................16
Figure 13: Dashboard Home Page.................................................................................................17
Figure 14: Add Tour Page.............................................................................................................17
Figure 15: View Tour Page............................................................................................................18
Figure 16: Booking Page...............................................................................................................19
Figure 17: Registration Table........................................................................................................19
Figure 18: Registered Entries........................................................................................................19
Figure 19: Images Table................................................................................................................19
Figure 20: Images Entries..............................................................................................................20
Figure 21: Booking Search Table..................................................................................................20
Figure 22: Booking Table..............................................................................................................20
2
Introduction
The report is based on London tours website. The website is based on a server-side scripting
language that is PHP. All requirements are successfully adhered by the website. Usability and
accessibility functionalities are achieved on this website. The login is created for both admin and
user. Various pre-defined functions and filters are used on this website. There are various
security functions used as Validations, etc. The admin pages are also made with connectivity
with the database. Security is a major aspect which is compiled here.
3
The report is based on London tours website. The website is based on a server-side scripting
language that is PHP. All requirements are successfully adhered by the website. Usability and
accessibility functionalities are achieved on this website. The login is created for both admin and
user. Various pre-defined functions and filters are used on this website. There are various
security functions used as Validations, etc. The admin pages are also made with connectivity
with the database. Security is a major aspect which is compiled here.
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Comparison of Web server-side technologies
There are various server-side technologies available in the market. Through server-side
languages, the website can be dynamically generated. The content comes from the database.
Here the content is dependent on different users for the website. Through this session can be
made for all the users of the website. There are various techniques available for authorization and
authentication. These technologies can handle all post and get requests (Choudhry, 2014).
There are various web server-side technologies which are as follows:
o Server Side Includes: Through these external commands can be included. This is one of
the simple models for server-side technology.
o Common Gateway Interfaces: Many external scripts can be executed through this. The
output can be directly redirected to the browser. The most common language for CGI is
Perl.
o Perl: It is one of the interpreted languages. It supports expansion which is modular 4.
This language can be interpreted through Perl interpreter which is handled from CGI. The
main disadvantage of this website is that it is complicated to work with HTML.
o PHP: It is one of the popular server-side scripting languages. Here also to develop
websites PHP is used. This can program through object-oriented programming. The
server used for this is XAMPP, WAMPP, etc. This has a library which can be used to
improve the functionality of the website.
o Active server pages (ASP): This can be designed through the .NET framework. The
server taken is IIS Server.
o Django: This is used for python. It also contains extensive libraries.
o Ruby on Rails: This support model view controller pattern (Zesty, 2014).
There are various web server-side technologies have been compared on the basis of various
parameters Crawford and Hussain, 2017) These are as follows:
4
There are various server-side technologies available in the market. Through server-side
languages, the website can be dynamically generated. The content comes from the database.
Here the content is dependent on different users for the website. Through this session can be
made for all the users of the website. There are various techniques available for authorization and
authentication. These technologies can handle all post and get requests (Choudhry, 2014).
There are various web server-side technologies which are as follows:
o Server Side Includes: Through these external commands can be included. This is one of
the simple models for server-side technology.
o Common Gateway Interfaces: Many external scripts can be executed through this. The
output can be directly redirected to the browser. The most common language for CGI is
Perl.
o Perl: It is one of the interpreted languages. It supports expansion which is modular 4.
This language can be interpreted through Perl interpreter which is handled from CGI. The
main disadvantage of this website is that it is complicated to work with HTML.
o PHP: It is one of the popular server-side scripting languages. Here also to develop
websites PHP is used. This can program through object-oriented programming. The
server used for this is XAMPP, WAMPP, etc. This has a library which can be used to
improve the functionality of the website.
o Active server pages (ASP): This can be designed through the .NET framework. The
server taken is IIS Server.
o Django: This is used for python. It also contains extensive libraries.
o Ruby on Rails: This support model view controller pattern (Zesty, 2014).
There are various web server-side technologies have been compared on the basis of various
parameters Crawford and Hussain, 2017) These are as follows:
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 1: Parameters on which various server-side technologies are compared
(Source: ucms)
Web Security Controls
There are various measures taken for web security while developing a website in PHP. These
measures are as follows:
o Form validations through PHP: The validation is done by using PHP. There are various
validations included in this. The validations include required fields, password matching,
email @ validations, etc. These are important as the user cannot insert any information
which is wrong. The form will only be submitted when the information is correct.
5
(Source: ucms)
Web Security Controls
There are various measures taken for web security while developing a website in PHP. These
measures are as follows:
o Form validations through PHP: The validation is done by using PHP. There are various
validations included in this. The validations include required fields, password matching,
email @ validations, etc. These are important as the user cannot insert any information
which is wrong. The form will only be submitted when the information is correct.
5
Figure 2: Form validations by HTML
Figure 3: Form Validation using PHP
6
Figure 3: Form Validation using PHP
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Figure 4: Form Validation using PHP
o Sanitizing data using PHP Functions: Through this illegal character are removed. This
is also done through validation. The sanitization is for an email address.
Figure 5: Sanitizing data using PHP Functions
7
o Sanitizing data using PHP Functions: Through this illegal character are removed. This
is also done through validation. The sanitization is for an email address.
Figure 5: Sanitizing data using PHP Functions
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Figure 6: Sanitizing data using PHP Functions
o Preventing SQL injection: If we use a prepared statement, the user can be forced to be
handled. It is not included in SQL command. This is done without validation. Prepared
statements are required to divide the query. This is one way to prevent all attacks related
to injection (Morris, 2017).
Figure 7: Preventing SQL Injection
8
o Preventing SQL injection: If we use a prepared statement, the user can be forced to be
handled. It is not included in SQL command. This is done without validation. Prepared
statements are required to divide the query. This is one way to prevent all attacks related
to injection (Morris, 2017).
Figure 7: Preventing SQL Injection
8
o Prevent XSS (Cross-site scripting): In this attack, malicious code or scripts are inserted
or attached with the code. It is generally inserted as side scripts. In filters, there is
strip_tags () function which can be included. There is one more function which can be
included as filter_var (). This can be done by using functions.
o Prevent Cross-site forgery (CSRF) using PHP functions: Here the JavaScript
functions which are malicious are embedded by the attacker (Martin, 2011).
Future enhancements
There are various recommendations for the future. The future enhancements points are as
follows:
o The different mode of payments: There should be a different mode of payments should be
included as debit cards, credit cards, etc.
o History of bookings should be included. By this functionality, the customer can view their
booking done.
o Travel insurance could be presented to all users for the website.
o The confirmation of bookings and other useful information should be mailed to all customers
of the website.
o The safety button option should be there for passenger safety. Through that information
could be sent to different authorities and helplines.
The objectives can be achieved by implementing the recommendations prescribed. The
functionality for admin age can be improvised. The search for the destination can be based on
various parameters.
9
or attached with the code. It is generally inserted as side scripts. In filters, there is
strip_tags () function which can be included. There is one more function which can be
included as filter_var (). This can be done by using functions.
o Prevent Cross-site forgery (CSRF) using PHP functions: Here the JavaScript
functions which are malicious are embedded by the attacker (Martin, 2011).
Future enhancements
There are various recommendations for the future. The future enhancements points are as
follows:
o The different mode of payments: There should be a different mode of payments should be
included as debit cards, credit cards, etc.
o History of bookings should be included. By this functionality, the customer can view their
booking done.
o Travel insurance could be presented to all users for the website.
o The confirmation of bookings and other useful information should be mailed to all customers
of the website.
o The safety button option should be there for passenger safety. Through that information
could be sent to different authorities and helplines.
The objectives can be achieved by implementing the recommendations prescribed. The
functionality for admin age can be improvised. The search for the destination can be based on
various parameters.
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Conclusion
The report for London tours website is successfully completed. The website is based on a server-
side scripting language that is PHP. All requirements are completed by the website. All usability
and accessibility functionalities are achieved on this website. The login is created for both admin
and user. Various pre-defined functions and filters are used on this website. There are various
security functions used as Validations, etc. Various server-side technologies are explained in this
report. There are various recommendations as:
o The different mode of payments should be included.
o History of bookings should be included.
o The confirmation of bookings and other useful information should be mailed to all
customers.
o The safety button option should be there for passenger safety.
10
The report for London tours website is successfully completed. The website is based on a server-
side scripting language that is PHP. All requirements are completed by the website. All usability
and accessibility functionalities are achieved on this website. The login is created for both admin
and user. Various pre-defined functions and filters are used on this website. There are various
security functions used as Validations, etc. Various server-side technologies are explained in this
report. There are various recommendations as:
o The different mode of payments should be included.
o History of bookings should be included.
o The confirmation of bookings and other useful information should be mailed to all
customers.
o The safety button option should be there for passenger safety.
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
References
Akber A Choudhry. (2014). Introduction to Server-side Technologies. [online] Available at:
http://www.akber.com/overview-of-server-side-technologies/ [Accessed 18 Feb. 2019].
Crawford, T., and Hussain, T., 2017. A Comparison of Server Side Scripting Technologies.
In Proceedings of the International Conference on Software Engineering Research and Practice
(SERP) (pp. 69-76). The Steering Committee of The World Congress in Computer Science,
Computer Engineering and Applied Computing (WorldComp).
Morris, J. (2017). Prevent SQL injection attacks with prepared statements - John Morris.
[online] John Morris. Available at: https://www.johnmorrisonline.com/prevent-sql-injection-
attacks-prepared-statements/ [Accessed 18 Feb. 2019].
Martin P. (2011). phpmaster | Preventing Cross-Site Request Forgeries. [online] SitePoint.
Available at: https://www.sitepoint.com/preventing-cross-site-request-forgeries/ [Accessed 18
Feb. 2019].
Bit Zesty. (2014). Ruby on Rails: What it is and why you should use it for your web app. [online]
Available at: https://bitzesty.com/2014/03/03/ruby-on-rails-what-it-is-and-why-we-use-it-for-
web-applications/ [Accessed 18 Feb. 2019].
11
Akber A Choudhry. (2014). Introduction to Server-side Technologies. [online] Available at:
http://www.akber.com/overview-of-server-side-technologies/ [Accessed 18 Feb. 2019].
Crawford, T., and Hussain, T., 2017. A Comparison of Server Side Scripting Technologies.
In Proceedings of the International Conference on Software Engineering Research and Practice
(SERP) (pp. 69-76). The Steering Committee of The World Congress in Computer Science,
Computer Engineering and Applied Computing (WorldComp).
Morris, J. (2017). Prevent SQL injection attacks with prepared statements - John Morris.
[online] John Morris. Available at: https://www.johnmorrisonline.com/prevent-sql-injection-
attacks-prepared-statements/ [Accessed 18 Feb. 2019].
Martin P. (2011). phpmaster | Preventing Cross-Site Request Forgeries. [online] SitePoint.
Available at: https://www.sitepoint.com/preventing-cross-site-request-forgeries/ [Accessed 18
Feb. 2019].
Bit Zesty. (2014). Ruby on Rails: What it is and why you should use it for your web app. [online]
Available at: https://bitzesty.com/2014/03/03/ruby-on-rails-what-it-is-and-why-we-use-it-for-
web-applications/ [Accessed 18 Feb. 2019].
11
Appendix
Website Screens
12
Website Screens
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 21
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.