This exercise (50 points) uses the AWS Cloud9 environment develop and fully test a set of tools and Web Forms to perform the following functionality:
a. Password Login form – This Python form allows a user to login to a simple web application with a username and password. A file can be used to store the username and password for validated users for this activity. No additional Web application functionality is needed after successful login other than a Greeting of your choice and the ability to update the password in a form.
b. Password update Form – This Python form allows a user to update a user’s password after they have successfully logged in.
c. Authentication functions – These Python functions that will check the following NIST SP 800-63B criteria are met upon login or upon password update: SHALL be at least 8 characters in length
• SHOULD be no more than 64 characters in length
• SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised (Provided as CommonPasswords.txt)
• If the chosen secret is found in the list, the application SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value
• SHALL implement a time-based rate-limiting mechanism that effectively limits the number of failed authentication attempts that can be made on the subscriber’s account. For this exercise throttling should start after 15 attempts.
• When the subscriber successfully authenticates, the verifier SHOULD disregard any previous failed attempts for that user from the same IP address
d. Logger – Create a log to log all failed login attempts. The Log should include date, time and IP address.
e. Log Analyzer – Create a Python log analyzer application that reads the log file created in part d to identify and geo-locate all IP addresses where more than 10 failed attempts in a period of less than 5 minutes. The geolocation should include the Lat/Long value provide from the IP Address location.
A sample report might look like this:
22.214.171.124 had 12 failed login attempts in a 5 minute period on Jul 7, 2019.
126.96.36.199 has a Lat/Long of 41.2908816/-73.610759.
1. Leverage the File I/O, Flask and Data structures work previously performed in the class.
2. Use functions to enhance code reuse and modularity.
3. Use the AWS Cloud9 IDE.
4. Use Python Lists or other data structures to store the Common Passwords and then appropriate search functions to expedite comparisons.
5. You can use “request.environ[‘REMOTE_ADDR’]” to obtain the client IP address. You will need to import the request package: “from flask import request”.
6. You will need to load the ip2geotools Python module to perform the GeoLocation (sudo python3 -m pip install ip2geotools). You will need to import the IpCity Package (from
ip2geotools.databases.noncommercial import DbIpCity). See the ip2geotools for additional method and objects available.
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more