java

Modify an existing Java Web application that violates several Payment Card Industry guidelines and recommendations. Your task is to locate the issues, identify what is wrong and then fix the code. You will discuss each issue in terms of why the issue may cause a security vulnerability, and how you specifically fixed the issue.

The current code, uses Java JSP and Servlets to allow a user to login to their account and view credit card data stored in the database. The functionality is relatively simple but several PCI compliance rules have been violated that will prevent the application from being approved by a PCI software auditor.

You should first load up the application, populate the database and make sure the application is working in your environment as expected. The application uses the Java Derby relational database. The script used to populate the application is attached as well as the Java web project itself. You should be able to open the existing project using NetBeans. However; you may need to load the Derby drivers to the libraries for the project.

Once you have the database loaded, you can try the application. (This assumes you have properly installed the Java EE when you installed NetBeans).

Email:john.doe@test.edu Password: mypassword

Review the code and perform analysis as needed. You should experiment with application as well as reviewing the code to identify possible areas of security concerns. You don't have to be an expert in JSP/Servlets, html or css to be able to find some of the issues that you have read about in the PCI documentation. However; it is recommended you experiment with the code so you have a baseline familiarity with the model and know how the JSP and servlets communicate with each other.

Focus on the PCI compliance issues found in sections 6 through 9 (see attached jpg file) as you look for issues. There are multiple issues and you should work to fix and document as many as possible.

Submission:

Provide all of your modified Java code, your modified database script and a word document describing how you addressed each issue. You should clearly describe the code and what PCI compliance issue were violated and how you fixed it. You should provide screen captures as needed to support your findings and improvements.

https://www.dropbox.com/s/opxxm9opma0hy3j/Netbeans_Package.zip?dl=0