CTEC3451 & CTEC5314
Final Year & MSc Project
Proposals

Link to final year projects page and an FAQ page (or reach this via Blackboard)

I am interested in any project using middle tier web technologies, in particular PHP/MySQL.  I expect PHP projects to be implemented using the latest considerations of structure (eg follow MVC architecture, single point of entry) and, in particular, security.  Web pages should also:

• be xhtml compliant (tested against the W3C validator)
• be laid out with DIV tags or CSS tables (NB NOT HTML tables)
• use a Cascading Style Sheet to control tag formatting

All of the projects below can be implemented in a variety of ways, including PHP frameworks, CMS systems, etc.

I also have a constantly developing PHP resource page.

Security project proposals are at the end of the page.

PHP projects

1. Web application to support the investigation of crime and incidents

   Police officers attending an incident have a procedure to follow for the investigation and aftermath. This includes identifying if the incident qualifies to be recorded as a crime under the Home office Crime recording rules and various options for investigation of the different types of offence: whether someone needs to be arrested or a more proportionate disposal is applicable, if an arrest is appropriate what to do with the prisoner, forensic options, evidence gathering, putting a file together for court and various in court and post conviction options, etc.
   
   The project proposal is to build a multi-platform application that would guide someone with little or no experience in investigations through the correct processes from Report to Court. The application would allow the building of a report in the background by a series of tick boxes and free text fields. The main purpose of the application is to improve the efficiency and effectiveness of police officers. Officers will shortly be working with MDT's/tough pads (mobile data terminal and police version of an Ipad).

   This project has potential commercial applicability.

2. Tracking web-site

   Elderly people with dementia or Alzheimer's are at risk of wandering away from their home and becoming lost and confused. Leicester City Council have asked us to trial a dementia tracker with fall sensor, voice channel, panic alarm and GPS. It comes as a stand-alone piece of equipment but the manufacturer does not supply a support web-site.
   
   The project is to produce the support web-site. Messages are issued to the tracker via SMS, and tracking messages come back by GPRS. Embedded in the replies is GPS data which would need to be linked to a map (eg OpenStreetMap, Bing or Google).

   This is similar to previous projects I have completed in conjunction with Eric Goodyer, who would also be involved.

3. DMU Swap-shop

   DMU staff and students may have items that are no longer required. It would be useful to be able to advertise these belongings on non-financial basis. The web-application would allow other members of DMU to browse and make offers, either to exchange items, or simply to give them a new home.
   
   The web-application could be implemented using a PHP framework (Zend, Symfony, etc).

4. DMU Coursework & Examination script coordination

   Once written, all assessments must be moderated by both internal (to DMU) and external examiners. This can be a challenge to coordinate.  An on-line system needs to be developed that will allow a member of staff to upload a script for examination by internal and external examiners, who will need to be able to give feedback comments.  Examiners should be able to see whether such feedback has back acted upon, or a rationale given for ignoring any suggestions.  There should also be a facility for an administrator to see an audit trail of who has viewed what documents and when.

   The web-application must be very secure and robust.

5. Newsagent

   Newsagents can keep strange hours, and it is often difficult to get to the shop when it is open.  The project is to develop a web-application that will allow patrons of the shop to order newspapers and magazines, cancel deliveries (temporarily or permanently), pay their bills, etc. It would also aid the newsagent to be able to create delivery lists for their employees, and to be able to see outstanding bills, etc.

   The web-application could be implemented using a PHP framework (Zend, Symfony, etc).

6. Dairy

   Dairies that make daily deliveries of milk can also deliver a whole range of products, such as bread, yoghurt, etc.  Products required by a customer could be changed on a daily basis.  This proposal requires you to develop a web-application that will allow customers to create, update and cancel orders in advance of the delivery date.  It should also allow the dairy to create an invoice for a customer, and to print out a drop-list for a roundsman.  Administration tasks such as updating the list of customers and available products woud be another possible feature.

   The web-application could be implemented using a PHP framework (Zend, Symfony, etc).

7. Agavi - PHP Framework Investigation

   Agavi (http://www.agavi.org/) is a new PHP framework that claims to be very MVC compliant (maybe more so than other frameworks). The project is to investigate this claim, by comparing Agavi with another, more commonly used, framework such as Cake or Zend.

   This is to be achieved by implementing a simple web-application in both frameworks, with a careful analysis of the findings.

8. Car Sharing Scheme (PHP)

   De Montfort University has a Green Travel Plan, which aims to encourage staff and students to reduce the impact of their travelling upon the environment.  There is a proposal to organise a car sharing scheme for staff, which could be extended to include the staff of other local large organizations, such as the Leicester Royal Infirmary, etc.

   To this end, a web-site is required to allow staff journeys to be matched, allowing staff to meet and arrange lifts with like minded people.  Staff would need to be able to enter their address, especially their postcode, and the destination address and postcode.  The software should then be able to calculate likely journey matches based upon the postcodes and offer these to users.

   There should be an option to allow staff to restrict any suggested journeys only to colleagues of the same organization.

   Security of the site is important as there would need to be some kind of identification process - staff need to be sure that they would be accepting and/or giving lifts to known people.

9. Car Sharing Scheme continued (PHP)

   A prototoype of the above car sharing cheme has been produced with the interface, business rules and database largely complete. However, the application lacks an administrative interface and some required usecases have not yet been fully implemented.

   The project is to continue and complete the application prototype to the point where it can be used as a fully working system. Missing features need to be fully implemented and full security testing carried out, with remedial coding produced where indicated.

10. Disaster Management

    A web application acting as the controller (the first point of contact) and being able to make automated database backups. The controller is also responsible for acting when connection to the main database is not possible and thus connecting to an alternate database (backup) and provide either limited functionality of the CMS or synchronisation, once the main database is back online. The application is to be based on the architecture of the Joomla CMS.

11. Subscribers Demographic Analysis

    An Ajax interface web application that visually displays in the form of graphs the subscriber's demographics with the option to save the information in spreadsheet format.

12. Live Ads

    A web application utilizing Ajax techniques to display advertisement based on the dynamically generated content. Live Ads is of a similar concept as Google Adsense. However, this application requires just one advert to be generated at a time, based on the company's advertising model (impressions purchased V priority V content).

13. Fantasy Football (PHP/Flash)

    Create a PHP driven web-site to allow users to register and play a fantasy football game on-line.  An interesting extension would be to have the actual matches played virtually, using eg Flash or Flex.

14. Concert Management System (PHP)

    Concerts are very often organised by a committee of people. In order to facilitate communication and ensure that nothing is omitted, a web-based system is proposed that would allow all facets of a concert to be micro-managed, eg booking venues; booking performers and soloists; ensuring that posters, programmes, etc are produced in good time.

15. On-line registration system (PHP)

    DMU is now required to keep a register of attendance of students at all small group activities (labs, tuts, etc).  Currently this is achieved with a series of Excel spreadsheets, but this would be improved with a secure on-line system.

16. Interactive Web Analytics (PHP & AJAX)

    A web-based system with the capacity to monitor statistical updates live through an AJAX interface, ie as users subscribe and unsubscribe to a web-site, generating dynamic graphical reports.

17. On-line Jobs Search Web-site (PHP & AJAX)

    The requirement is for an online jobs search web-site. The website should allow users to complete a profile, search for jobs by salary range, location, title, etc, and employers to complete a job description. The site should attempt to map users to jobs, and should allow the site owner to see basic statistics such as usage, numbers of jobs, etc.

Security Projects

1. memcached security issues

   (NB not memcache) Memcached is a caching library used by PHP and other web-application languages to significantly improve web-site response times. Its features include the ability to distribute cached data and sessions across multiple servers.

   The project is to investigate the security implications of this technology when using multiple server techniques. You should initially produce working PHP scripts that show the usage of memcached and go on to demonstrate techniques that can exploit vulnerabilities of this technology.

2. Cross-site History Manipulation

   XSHM is a recently identified web-browser vulnerability. The project is to investigate the vulnerability and evaluate the measures that can be taken to prevent it. You should include working examples of code.

3. Pentesting Frameworks

   Organisations such as NIST and OWASP have produced frameworks to aid in the planning and execution of pentests. The project is to review these and similar frameworks, and to propose an alternative framework. Finally, execute a pentest to aid in the analysis of your proposed framework, and to prove it's efficaciousness.

4. The Definitive Penetration Testing Guide and Training Tool

   There is a need for a comprehensive teaching aid to facilitate the learning of penetration testing tools and techniques. There are many on-line tutorials available which cover a single tool or toolkit (eg the BurpSuite help pages), and one objective of the project is to bring together all such information.

   The first deliverable of the project would be either a Virtual Machine or ISO file hosting a Linux operating system. Various open source web application penetration testing tools would be installed, such as Nikto, w3af, BurpSuite (free), WebScarab, etc. It would also include deliberately vulnerable web applications such as WebGoat, Mutillidae, DVWA, etc. A dedicated menu would improve the user experience.

   The main deliverable would be a web-site hosted on localhost. This web-site is a training tool for penetration testing; definitions, common techniques, toolkit usage, expected results, analysis of results, etc.

   Aims, Objectives & Deliverables

   • Review penetration testing tools and toolkits
   • Review tutorials and other pre-existing training materials
   • Create an open source VM and install selected pentest tools
   • Build a web-site to facilitate training in pentesting techniques