Deploying IT Infrastructure Solutions 2013
This is the student results wiki page for the IP program "Deploying IT Infrastructure Solutions" taking place from 24th of March until 6th of April 2013.
All the information regarding program will be presented in the program web page.
Assignments
Security testing of web application
Description
Learn about the security of web applications. Find vulnerabilities from known vulnerable web applications. Find not known vulnerabilities of development version of web application Study Information Portal (Used by eleven universities of applied science in Estonia) File report that describes methods, tests and findings.
Expected outcome
Description of testing methods and findings (all vulnerabilities that students found in development environment) as testing report.
Expectations from students
Understanding web applications (What is difference of GET and POST, how sessions work, what is header etc). Knowledge of at least one web programming language (php, java, ruby, C#, python is preferred)
Lectures support
Several security related topics will covered during lectures and practical classes before starting actual testing. Lecture covers several attack types and vulnerabilities like SQL injection, cmd injection, XSS, CSRF etc. Practical classes based on DVWA (Damn Vulnerable Web Application) After lectures and practical classes students will get access to web application development environment for practical work.
Lecturer: Margus Ernits (Estonian IT College)
Driving lessons’ registration information system
Description
It is a client-server solution which keeps records of student's driving lessons. Each driving study car has a device / computer where client application runs.
Expected outcome
Client application registers the student’s driving lesson time and the GPS coordinates and sends them to the server over the mobile Internet. Client application must register driving lessons also without Internet connection and synchronize with the server when connection is established. Later a student can check ones driving lesson and travel route on the Internet.
Limitations
GPS accuracy at least one point per second.
Improving toolset for race sailing performance analysis
Description
Implementation of logger that could be used for performance analysis of race sailing teams, based on data specification for communication between marine electronic devices NMEA 0183. Learning about the performance analysis needs and specifics of race sailing teams, also learning about the marine instruments specifics and communication standard NMEA 0183. Based on core architecture of the NMEA 0183 data logger implementation including software, hardware and testing.
Expected outcome
Fully functioning and tested race sailing performance analysis data logger.
Expectations from students
Aspiration to develop in rapid prototyping and testing environment together with professional and Olympic Team race sailors and marine technology specialists fully functional performance analysis logger. Both software and hardware development skills. If you can understand and are interested in what is described at http://www.boatdesign.net/forums/attachments/onboard-electronics-controls/19260d1204757550-laptop-interface-tacktick-nmea-architecture.png then you are expected to join team.
Lectures support
Lectures and seminars will cover first the needs specification of the performance analysis logger, NMEA0183 standard description, marine instruments Received Sentences description: DBT, DPT, GLL, HDG, HDM, MTW, MWV, RMB, RMC, VHW, VLW, VWR. Team will implement the logger and install the marine wireless range instrument for testing on actual performance sailing boat. Life saving equipment and wetsuits not needed :)
Lecturer: Linnar Viik (Estonian IT College)
Robotic competitions organization software system
Description
The software system provides everything from participant registration to the live competition carry out by the referees. It contains web based interfaces and real-time applications such as score and time overlay on video broadcast. Different competition (tournament) formats are needed. As much as possible smart solutions and freely available components shall be used in order to keep the development time short.
Expected outcome
System design description including component, database and sequence diagrams. Suggestion on database, programming language and reusable components is expected. Creating a project time plan with at least two scenarios (full scope, minimum scope) is secondary objective. Prototype solution covering some part of the system would be a bonus task.
Expectations from students
Knowledge of database- and web programming. Understanding of software architectures such as MV is appreciated.
E-teacher
In the course of studying Database Fundamentals the students, as independent coursework, must draw ERD- schemes. Although there is no use of drawing the diagrams if the lector doesn’t give feedback on the success or failure of said work. The whole process of drawing ERD-diagrams looks like any other teaching process- The teacher prepares the task, the student draws the ERD-diagram and hands it to the teacher, The teacher then looks it over and corrects/improves/comments it then returning it to the student. The specificity in here being that the solutions of the tasks are graphic and no task has one concrete solution – every student solution is different. This makes every revision unique- the teacher must understand the undergrads intention, check its compliance whit the task set and then if needed make changes in the model without changing its nature.
For now it has always been done on paper – Undergrad draws a ERD case system model, prints it and hands it to the lecturer; the lecturer, if needed, corrects it with a pen , writes their comments and the non-grading evaluation and returns it to the undergrad. The lector marks the results of the test in their ÕIS table.
This process doesn’t exist electronically because during the semester there are many undergrads (ca 140-150) and there are no comfortable ways to grade them QUICKLY electronically. Herewith, when the lector gets the work printed on paper he is capable of correcting them with haste. Hence it raises two main problems that need solving. The Schemes sent on paper must be replaced by electronically forwardable materials and a way to revise/correct electronically presented ERD quick must be created.
Past couple of years have brought with them the development of portable computer user interface – There are touch screens and electronic pens, with which one can draw on a computer screen. From there springs the thought, of making an application for correction of such works, where the lector writes the corrections/notes/comments directly on the work presented by the undergrad. Using an electronic pen.
The process itself should look like this:
- The undergrad creates an ERD‐diagram and presents it in some from, that is editable by the pen (Would be best if the format permitted layers, for both the teacher and the student, so if needed the teachers additions could be „turned off
- The undergrad logs into the portal where their tests are to be presented and uploads their work. (the status becomes „presented“)
- The lector makes the corrections and adds the grade (the status of the work becomes „graded“; the evaluation can either be „accepted“, „needs personal discussion “ or „Must be reapplied“)
- The undergrad finds out their grade. If needed presents the work again.
Notes:
- The form of the presentation and the correction must be chosen
- The environment should allow the setting of the time for the discussion and medium if the lector wished for it (Time and place of direct contact; Skype etc.)
- The lector must be able to note the appointment
- The system must send an email to the lector if there is a wish for discussion
Teams and their assignments
Demo team 1
Assignment: Security testing of web application
Documentation: Demo team
Members
- Member 1, school
- Member 2, school
- Member 3, school
Demo team 2
Assignment: Security testing of web application
Documentation: Demo team 2
Members
- Member 1, school
- Member 2, school
- Member 3, school