Start PL

Application Security – How to Protect User Data?

The project "Innovations in VET education" is co-financed by the European Union

Introduction to the Topic
Information for the Teacher

Wprowadzenie do tematu: "Bezpieczeństwo aplikacji – jak chronić dane użytkowników?"

In the digital age, where web and mobile applications play a key role in daily life, protecting user data is a priority. Almost every application processes various data – from personal and financial information to health and location data. Proper protection of this information is crucial not only for the safety of users but also for the trust users place in applications and their developers.

The rapid development of technology and the increasing number of applications also create challenges in data protection. Each year, the number of cyberattacks, data breaches, and attempts to access sensitive data by unauthorized individuals increases. As a result, specialists designing and developing applications must implement solutions that effectively protect user data from a variety of threats.

Securing an application is a complex process involving both technologies and best practices, as well as regular updates and monitoring for potential vulnerabilities. In this WebQuest, students will have the opportunity to delve into the topic of application security, exploring key aspects related to data protection. The work will cover four main areas:

Data Encryption: Encryption is one of the most important mechanisms for data protection, ensuring that even if data is intercepted, it becomes useless to attackers. The encryption group will explore various methods, such as asymmetric and symmetric encryption, and analyze how they can be implemented in applications. Encryption is used both for data storage (at rest) and during data transmission (in transit).

Authentication and User Authorization: Authentication is the process of verifying a user's identity, while authorization determines the permissions granted to them for accessing resources. The group working on this area will analyze how to apply secure authentication methods, such as two-factor authentication (2FA) or multi-factor authentication (MFA), which increase login security. Additionally, students will learn the principles of user session management and securing access at the application level.

Password Management: Passwords are one of the most common methods of securing access, but poor password management can lead to serious security vulnerabilities. The group working on password management will present best practices such as hashing passwords with secure algorithms (e.g., bcrypt or Argon2), avoiding storing passwords in an unencrypted form, and implementing strong password policies. Students will learn practical methods for managing passwords to protect users from data breaches.

Protecting Data During Transmission: Data transmission between the application and server is a potential point for interception. This group will explore technologies that allow for secure data transmission, such as SSL/TLS (Secure Sockets Layer / Transport Layer Security). These protocols encrypt connections, preventing unauthorized interception of data. Students will investigate how and when to use these technologies to ensure that connections within an application are secure and difficult to intercept.

Information for the Teacher

The WebQuest "Application Security – How to Protect User Data?" is intended for vocational school students, especially in computer science and electronics. The goal of the WebQuest is to deepen knowledge about key methods and technologies that secure user data in web and mobile applications. By completing this task, students will learn about the most common threats and discover effective techniques for defending against privacy and data integrity attacks.

By completing the WebQuest, students will:

• Learn about potential threats in applications and the basic principles of secure design.

• Understand the basic techniques and technologies for data protection, such as encryption, authorization, multi-level authentication, and password management.

• Grasp the difference between securely storing data and protecting its transmission.

• Learn to analyze threats arising from improper application security.

Students will work both individually – gathering information – and in groups, creating presentations on a chosen aspect of application security. The work will take place under time pressure, allowing students to develop effective collaboration and time management skills.

Suggested time for the WebQuest:

Students should dedicate approximately 12 hours of class time to completing the WebQuest.

Assessment Criteria:

• Depth of the topic (maximum grade: 5, exceeding this knowledge: grade 6).

• Aesthetics of the presentation and the way the information is presented.

• Engagement and collaboration skills of the students.

Evaluation:

• The teacher will help students analyze the content together until they fully understand it. They will offer guidance, advice, and explanations, but not ready solutions. This method will serve as a good way to initiate independent action and creative thinking.

• The teacher should thoroughly analyze the content with the students, ensuring they understand it. They should provide assistance, advice, and explanations, not ready solutions. This method fosters independent action and creative thinking.

• Group division can be done according to various criteria, such as students' cognitive abilities, skills, or interests, to balance the strengths within each group.

• The teacher can assist students when they work in groups by asking leading questions. It is important to remember that students are learning a new way of working (a process).

• The teacher should provide specific information about the assessment of students’ achievements, both during group work and when summarizing the results.

• The time for project completion should be tailored to students’ abilities. It is not predetermined. The suggested time frames for different stages should be treated as approximate.

ZADANIE

Divide into four groups. Each group will prepare a presentation on a different aspect of application security. During the presentation, one group member will act as an expert, detailing the assigned topic, while the others will play the role of listeners, asking questions, and initiating a discussion about the advantages and potential challenges related to the presented security measure.

Group division and presentation topics:

Group 1: Data Encryption

Group task: Discuss what data encryption is, why it is important for protecting user data, its advantages, and which encryption types are used in applications.

Topics to cover: types of encryption (symmetric and asymmetric), encryption at the application level, best practices for implementing encryption.

Expert role: The expert will explain what encryption is, present types of encryption, and clarify their applications.

Group 2: Authentication and User Authorization

Group task: Explain the difference between authentication and authorization, which authentication methods are most effective, and how these processes enhance application security.

Topics to cover: multi-level authentication, role-based authorization, password-based authentication, biometrics, tokens.

Expert role: The expert will explain the authentication and authorization processes, present examples, and discuss the benefits of multi-level authentication.

Group 3: Password Management

Group task: Discuss the best practices for managing passwords, how to securely store them, and why it’s important to use password managers.

Topics to cover: creating secure passwords, storing and encrypting passwords, the importance of password managers, password limitations.

Expert role: The expert will present guidelines for securely storing passwords, discuss password encryption technologies, and provide industry examples.

Group 4: Protecting Data During Transmission

Group task: Discuss ways to secure data during transmission between the user and the server to prevent interception.

Topics to cover: encrypted protocols (SSL/TLS), security certificates, protection against MITM (man-in-the-middle) attacks, best practices for securing transmission.

Expert role: The expert will explain security protocols, their use in protecting data transmission, and discuss specific solutions such as SSL/TLS certificates.

After presenting their topic, each group will initiate a discussion where other groups can ask questions, share comments, and discuss the presented security techniques.

Why group work?

Each group will be responsible for a different aspect of security, which will allow them to explore a wide range of security techniques and practice communication and analytical skills. Before starting the task, the group topics will be randomly assigned by the teacher.

Stage 1: Introduction to the Topic

• Familiarize yourself with the WebQuest topic using the provided sources.

• Basic security concepts for applications will be discussed to ensure all students have the foundational knowledge needed for the project.

Stage 2: Working on Presentations

• Students will be divided into four groups, each assigned one topic to work on.

• Groups will prepare presentations that include fundamental principles and practical tips for each topic.

• The teacher will assist students in choosing appropriate sources and information.

Stage 3: Discussion and Presentation of Results

• Each group will present their results to the class, providing key information, advantages, and challenges related to their aspect of application security.

• After each presentation, a discussion will take place, during which the presented techniques and solutions will be discussed for their potential benefits in securing user data.

Stage 4: Evaluation

• The teacher will assess the engagement of each group and the quality of the prepared presentations, considering how the information was conveyed, the understanding of the topic, and participation in the discussion.

• Evaluation will be based on criteria including content value, collaboration within the group, and active participation in presentations and discussions.

Stages of Work and Time

2h

Stage 1

4h

Stage 2

4h

Stage 3

2h

Stage 4

Points	2	3	4
Content Quality	Work is weak in terms of content. Missing elements.	Work is good in terms of content. Minor or no errors.	Work is excellent in terms of content. Correct, engaging information.
Presentation of Work	• Presentation is unclear, superficial, and not engaging. • Lack of participation in discussion.	• Presentation is clear, good, and interesting. • The student participates in discussions but with limited input.	• Presentation is attractive, thorough, and engaging. • The student actively participates in discussions and contributes significantly.
Aesthetic Impressions	• Work is unclear, untidy, and poorly executed. • Poor arrangement of elements on the page.	• Work is clear, neat, and carefully done. • Good arrangement of elements on the page.	• Work is aesthetically pleasing, clear, and highly polished. It stands out visually. • Excellent arrangement of elements on the page.
Group Work	Lack of involvement of all group members in work and creative collaboration.	Good involvement of all group members. Satisfactory collaboration skills.	Full engagement of all group members. Excellent cooperation and motivation within the group.