Cybersecurity: Website Security Audit & Hardening Recommendations
Categories
Skills
Project scope
What is the main goal for this project?
Project Duration: 6 Weeks
Project Hours: 150
Project Hours Per Learner: 30
Organization Description: [Please share any context around your organization and how this project coincides with wider Organizational goals]
Project Overview
This project focuses on assessing and improving the security of our website. The team will conduct a basic security audit, identify vulnerabilities, and propose or implement security improvements. The project is structured for a team of five learners, each dedicating 30 hours over six weeks (totalling 150 hours).
Project Scope & Expectations:
Learners will engage in:
- Conducting a security audit of the existing website (e.g., WordPress, Wix, Shopify, custom, etc.).
- Identifying vulnerabilities, including outdated plugins, weak passwords, and missing HTTPS.
- Reviewing user permissions and access controls to ensure security best practices.
- Recommending or implementing basic security hardening measures.
- Developing a basic incident response guide for handling security breaches.
Project Duration: 6 Weeks
Project Hours: 150
Project Hours Per Learner: 30
Organization Description: [Please share any context around your organization and how this project coincides with wider Organizational goals]
Project Overview
This project focuses on assessing and improving the security of our website. The team will conduct a basic security audit, identify vulnerabilities, and propose or implement security improvements. The project is structured for a team of five learners, each dedicating 30 hours over six weeks (totalling 150 hours).
Project Scope & Expectations:
Learners will engage in:
- Conducting a security audit of the existing website (e.g., WordPress, Wix, Shopify, custom, etc.).
- Identifying vulnerabilities, including outdated plugins, weak passwords, and missing HTTPS.
- Reviewing user permissions and access controls to ensure security best practices.
- Recommending or implementing basic security hardening measures.
- Developing a basic incident response guide for handling security breaches.
What tasks will learners need to complete to achieve the project goal?
Project Timeline and Deliverables:
Week 1: Project Kickoff & Security Audit Planning (~2 hours per learner)
- Meet with stakeholders.
- Ensure understanding of project goals, scope, and success metrics.
- Identify the website’s technology stack and existing security setup.
Week 2: Website Security Scan & Initial Findings (~4 hours per learner)
- Conduct a basic vulnerability scan using free tools (e.g., Mozilla Observatory, Sucuri, OpenVAS).
- Identify common security issues such as outdated plugins, weak authentication, and unencrypted data.
- Suggestion: Learners work independently to conduct their testing and submit findings via a shared internal document. They compile those findings and present them to the employer stakeholders via the deliverable – eliminating duplication.
- Deliverable: Website Security Findings Report (Checklist + Screenshots).
Week 3: Permissions & Access Control Review (~6 hours per learner)
- Audit user roles and access permissions to identify security gaps.
- Check for unused accounts, weak passwords, and lack of multi-factor authentication (MFA).
- Suggestion: Learners work independently to conduct their testing and submit findings via a shared internal document. They compile those findings and present them to the employer stakeholders via the deliverable – eliminating duplication.
- Deliverable: Access Control Report with Recommendations.
Week 4: Security Hardening Implementation (~6 hours per learner)
- Create a checklist of priority fixes based on audit findings.
- If permitted, implement basic security measures such as:
- Enabling HTTPS encryption if not already in place.
- Removing or updating outdated plugins.
- Restricting admin access through IP whitelisting or role-based permissions.
- Setting up a basic logging system to monitor unauthorized access.
- Deliverable: Security Hardening Checklist with Before/After Notes.
Week 5: Incident Response Plan (~6 hours per learner)
Develop a one-page incident response guide outlining:
- Steps to take in case of a security breach.
- Who to contact and what actions to document.
- Basic recovery strategies.
- Deliverable: Incident Response Plan (PDF or Slide Deck).
Week 6: Final Report & Presentation (~6 hours per learner)
- Compile all findings, actions taken, and future recommendations.
- Present the before-and-after security comparison to stakeholders.
- Deliverable: Final Security Audit Report & Presentation.
Final Deliverables:
- Website Security Audit Report – Summary of security issues identified.
- Access Control Report – Review of user permissions and security risks.
- Security Hardening Checklist – List of improvements made.
- Incident Response Plan – Basic guide for handling security incidents.
- Final Report & Presentation – Summary of project work and outcomes
Working Expectations:
Learners are expected to receive practical real-world job experience in exchange for completion of tangible deliverables of a successfully completed project. Employers are expected to provide mentorship, guidance, and clear expectations to students and regular communication with the AscentUP team.
Project Timeline and Deliverables:
Week 1: Project Kickoff & Security Audit Planning (~2 hours per learner)
- Meet with stakeholders.
- Ensure understanding of project goals, scope, and success metrics.
- Identify the website’s technology stack and existing security setup.
Week 2: Website Security Scan & Initial Findings (~4 hours per learner)
- Conduct a basic vulnerability scan using free tools (e.g., Mozilla Observatory, Sucuri, OpenVAS).
- Identify common security issues such as outdated plugins, weak authentication, and unencrypted data.
- Suggestion: Learners work independently to conduct their testing and submit findings via a shared internal document. They compile those findings and present them to the employer stakeholders via the deliverable – eliminating duplication.
- Deliverable: Website Security Findings Report (Checklist + Screenshots).
Week 3: Permissions & Access Control Review (~6 hours per learner)
- Audit user roles and access permissions to identify security gaps.
- Check for unused accounts, weak passwords, and lack of multi-factor authentication (MFA).
- Suggestion: Learners work independently to conduct their testing and submit findings via a shared internal document. They compile those findings and present them to the employer stakeholders via the deliverable – eliminating duplication.
- Deliverable: Access Control Report with Recommendations.
Week 4: Security Hardening Implementation (~6 hours per learner)
- Create a checklist of priority fixes based on audit findings.
- If permitted, implement basic security measures such as:
- Enabling HTTPS encryption if not already in place.
- Removing or updating outdated plugins.
- Restricting admin access through IP whitelisting or role-based permissions.
- Setting up a basic logging system to monitor unauthorized access.
- Deliverable: Security Hardening Checklist with Before/After Notes.
Week 5: Incident Response Plan (~6 hours per learner)
Develop a one-page incident response guide outlining:
- Steps to take in case of a security breach.
- Who to contact and what actions to document.
- Basic recovery strategies.
- Deliverable: Incident Response Plan (PDF or Slide Deck).
Week 6: Final Report & Presentation (~6 hours per learner)
- Compile all findings, actions taken, and future recommendations.
- Present the before-and-after security comparison to stakeholders.
- Deliverable: Final Security Audit Report & Presentation.
Final Deliverables:
- Website Security Audit Report – Summary of security issues identified.
- Access Control Report – Review of user permissions and security risks.
- Security Hardening Checklist – List of improvements made.
- Incident Response Plan – Basic guide for handling security incidents.
- Final Report & Presentation – Summary of project work and outcomes
Working Expectations:
Learners are expected to receive practical real-world job experience in exchange for completion of tangible deliverables of a successfully completed project. Employers are expected to provide mentorship, guidance, and clear expectations to students and regular communication with the AscentUP team.