To facilitate the management of sensors, the University deploys a Web Server allowing to register a new sensor, to monitor the status of existing sensors. The server is deployed as a virtual machine in the Azure infrastructure managed by the University. Networking only allows access to this server from machines located within the local network of the University. The server is based on a Ubuntu, with an Apache 2 server, running a MySQL database managed by PhP scripts.
Describe a method to analyse the security of this server.
Design and justify a security analysis method in a report (400 words max per report). This report must be written as if you were asked by a client or stakeholder of a specific system to explain which security analysis method you would use for that specific system. Case studies might use systems and concepts not covered in the lecture material, thus mimicking the fact that no security analysist is aware of all systems existing in the wild. It is your responsibility to find information relevant to these systems. In some cases, you might have to make some assumptions on how these systems are organised or used. In this case, it is expected you will justify your assumptions based on your understanding of the context.
Sample Solution