Added reports for my contribution (#165)

docs/project-5/Cyber Security Recommendations/Competitors-Report.md

@@ -0,0 +1,109 @@
+---
+sidebar_position: 1
+---
+
+#Research Report 
+
+Identify competitors to BugBox
+
+:::important
+
+By **Rishubh Sethi** . **06 August 2024**
+
+:::
+
+## Importance of Cybersecurity
+
+For a startup like Bugbox, which focuses on integrating technology into classrooms with engaging and gamified learning experiences, cybersecurity is crucial for several reasons such as protecting sensitive data, maintaining trust with educators and schools, compliance with regulations and ensuring platform integrity. A strong cybersecurity infrastructure is also vital to prevent popular forms of cyberattack such as Distributed Denial of Service (DDoS) attacks. Additionally, cybersecurity is essential to safeguarding intellectual property as Bugbox’s innovative curriculum and gamified learning experiences are valuable intellectual property. Effective cybersecurity helps protect these assets from theft and unauthorised access which is essential for maintain Bugbox’s competitive edge and ensuring the continued growth of the company. 
+
+## Competitors approach to Cybersecurity 
+
+Here we will look at some of Bugbox’s direct competitors and analyse their approaches to cybersecurity. These competitors include tinkercad, Lego Spike, mbot and microbit.  
+
+## Competitor 1 - Tinkercad (by Autodesk) 
+
+<br> </br>
+
+![Tinkercad-logo](../img/Competitor_1_Image.png)
+
+### Approach to Cybersecurity
+
+Tinkercad, an online 3D design and modeling tool, is part of Autodesk, which is known for its strong commitment to security. Tinkercad uses HTTPS for secure communication, ensuring data transmitted between users and the platform is encrypted. Autodesk implements multi-factor authentication (MFA) for its services to enhance account security. Regular updates and security patches are applied to address vulnerabilities. Tinkercad also has comprehensive privacy policies and terms of service that comply with global data protection regulations, including GDPR. 
+
+### Key Security Features
+
+
+
+Encryption: Data is encrypted during transmission with HTTPS. 
+
+Authentication: Multi-factor authentication (MFA) is used. 
+
+Privacy Policies: Compliant with data protection regulations like GDPR. 
+
+## Competitor 2 - Lego Spike
+
+<br> </br>
+
+![LegoSpike-logo](../img/Competitor_2_Image.png)
+
+### Approach to Cybersecurity
+
+LEGO SPIKE Prime, a robotics and coding kit for education, is part of the LEGO Group, which adheres to stringent data protection and security measures. LEGO SPIKE devices communicate with the LEGO Education software, which uses secure, encrypted communication channels. LEGO Education also ensures that software updates are delivered securely and regularly. Privacy policies are designed to protect user data, especially since LEGO SPIKE is used in educational environments where data protection is crucial. 
+
+### Key Security Features
+
+Encryption: Secure communication channels for data exchange. 
+
+Updates: Regular and secure software updates. 
+
+Privacy Policies: Strong focus on protecting user data in educational settings. 
+
+## Competitor 3 - mBot (by Makeblock)
+
+
+<br> </br>
+
+![mBot-logo](../img/Competitor_3_Image.png)
+
+### Approach to Cybersecurity
+
+Makeblock's mBot is a programmable robot used for educational purposes. The company employs basic cybersecurity practices, including encrypted communication between the mBot and its associated software. Makeblock provides firmware updates to address vulnerabilities and enhance security. User data protection is addressed through privacy policies, although the specifics might vary depending on regional regulations. The company is responsive to security issues, releasing updates as needed. 
+
+### Key Security Features
+
+
+Encryption: Basic encryption for communication. 
+
+Updates: Firmware updates to address security vulnerabilities. 
+
+Privacy Policies: Address user data protection, with regional variations. 
+
+## Competitor 4 - Micro (by the Micro Educational Foundation) 
+
+<br> </br>
+
+![mBot-logo](../img/Competitor_4_Image.png)
+
+### Approach to Cybersecurity
+
+The Micro Educational Foundation focuses on providing a secure environment for learning and coding with the Micro microcontroller. The platform uses HTTPS to encrypt data transmitted between the Micro and associated software. The Foundation provides regular software updates and has a clear privacy policy to protect user data. Additionally, they promote secure coding practices and offer resources to help educators and students understand cybersecurity basics. 
+
+### Key Security Features
+
+Encryption: Data is transmitted securely using HTTPS. 
+
+Updates: Regular software updates for security. 
+
+Privacy Policies: Clear policies to protect user data and promote secure coding practices. 
+
+## Summary
+
+Each competitor employs a range of cybersecurity measures to protect user data and ensure secure interactions with their platforms. Tinkercad and LEGO SPIKE emphasize encrypted communication and strong privacy policies, while mBot focuses on basic encryption and firmware updates. Micro combines secure data transmission with educational resources to promote cybersecurity awareness. For Bugbox, adopting similar practices—such as encryption, regular updates and strong privacy policies—will be crucial in ensuring the security and trustworthiness of the platform. 
+
+
+
+
+
+
+
+

docs/project-5/Cyber Security Recommendations/Recommended-Approaches-Report.md

@@ -0,0 +1,138 @@
+---
+sidebar_position: 2
+---
+
+# Recommended Cybersecurity Approach for Bugbox
+
+:::important
+
+By **Rishubh Sethi** . **15 September 2024**
+
+:::
+
+
+## Introduction
+
+Bugbox is an educational platform aimed at enhancing STEM education by providing a gamified, interactive programming experience for primary-aged students. As Bugbox grows and expands its platform, it becomes essential to ensure a robust cybersecurity infrastructure that aligns with industry best practices. Bugbox must safeguard sensitive data, maintain compliance with legal and regulatory standards, and provide a secure environment for both students and educators. In this report, we propose a series of technical cybersecurity measures specifically tailored to the needs of Bugbox, focusing on securing data transmission, enhancing authentication mechanisms, and fortifying platform defenses.
+
+## Data Encryption
+
+### Securing Data Transmission
+
+As Bugbox involves interactive sessions between educators, students, and its platform, all data transmitted between users and Bugbox must be encrypted to prevent unauthorized interception or tampering. The most effective way to achieve this is by implementing HTTPS across the entire platform. HTTPS ensures that data exchanged over the network is encrypted using **Transport Layer Security (TLS)**, making it unreadable to anyone attempting to intercept the communication.
+
+To achieve optimal security, Bugbox should implement **TLS 1.3**, which offers enhanced security features and faster handshakes compared to its predecessors. Strong cipher suites, such as **AES-256** encryption with **elliptic-curve Diffie-Hellman (ECDHE)** key exchange, should be used. Furthermore, Bugbox must obtain SSL/TLS certificates from a trusted Certificate Authority (CA) and implement automated certificate renewal processes using tools like **Let’s Encrypt** and **Certbot**.
+
+**Objective:** To secure all data transmitted between users and the Bugbox platform by implementing HTTPS across the entire site.
+
+**Technical Details:**
+- **TLS 1.3:** Use the latest version of TLS to ensure encryption during transmission.
+- **Certificate Management:** Obtain SSL/TLS certificates from a trusted CA. Implement automated renewal processes.
+- **HSTS (HTTP Strict Transport Security):** Enforce HSTS to ensure that browsers only communicate over HTTPS.
+- **Content Security Policy (CSP):** Implement a CSP to prevent cross-site scripting (XSS) attacks.
+
+### Protecting Data at Rest
+
+Bugbox stores a variety of sensitive data, including student information, user credentials, and educational content. To secure this data, Bugbox should employ encryption-at-rest across its databases and file storage systems. The recommended algorithm for encryption-at-rest is **AES-256**.
+
+At the database level, Bugbox should implement **Transparent Data Encryption (TDE)** to ensure the entire database and its backups are encrypted automatically. Bugbox should also use encryption tools like **LUKS** on Linux or **BitLocker** on Windows. To manage encryption keys securely, Bugbox should employ a **Hardware Security Module (HSM)** or a cloud-based **Key Management Service (KMS)** like **AWS KMS** or **Azure Key Vault**.
+
+**Objective:** To protect sensitive data stored in Bugbox’s databases and file storage systems.
+
+**Technical Details:**
+- **Encryption Algorithms:** Use **AES-256** for all sensitive data in databases.
+- **Database-Level Encryption:** Implement **TDE** for databases like PostgreSQL or MySQL.
+- **File System Encryption:** Encrypt file storage using tools like LUKS or BitLocker.
+- **Key Management:** Regularly rotate encryption keys and use envelope encryption.
+
+## Multi-Factor Authentication (MFA)
+
+### Enhancing User Authentication
+
+Given Bugbox’s target audience of children and educators, the platform must implement **Multi-Factor Authentication (MFA)** to enhance security. Bugbox can implement time-based one-time passwords (TOTP), generated through apps like **Google Authenticator** or **Authy**, or consider hardware-based tokens like **YubiKey**.
+
+To integrate MFA, Bugbox should modify its authentication flow by using libraries such as **PyOTP** for Python-based systems or **Authenticator** for Node.js. MFA secret keys should be encrypted and stored securely in Bugbox's database.
+
+**Objective:** To add an additional layer of security for user accounts by requiring multiple forms of verification.
+
+**Technical Details:**
+- **MFA Methods:** Implement TOTP using apps like **Google Authenticator** or hardware tokens like **YubiKey**.
+- **Backend Integration:** Securely handle the generation and transmission of MFA codes.
+- **Backup Methods:** Provide users with backup codes.
+- **Session Management:** Implement secure session management with session cookies marked as **Secure**, **HttpOnly**, and **SameSite**.
+
+### Backup Authentication and Session Management
+
+Bugbox should provide one-time-use backup codes and ensure secure session management where cookies are marked as **Secure**, **HttpOnly**, and **SameSite**. Sessions should expire automatically after periods of inactivity.
+
+## Regular Security Audits and Updates
+
+### Automated Vulnerability Scanning
+
+Bugbox should conduct regular security audits using tools like **OpenVAS**, **Nessus**, or **Qualys** to identify common vulnerabilities such as SQL injection, cross-site scripting (XSS), and outdated software versions.
+
+### Static and Dynamic Code Analysis
+
+Bugbox should implement static code analysis tools like **SonarQube** or **Checkmarx** to detect vulnerabilities in source code, and dynamic code analysis tools like **Veracode** or **Burp Suite** to test code execution in staging environments.
+
+### Third-Party Security Audits and Penetration Testing
+
+Bugbox should engage third-party security firms for annual penetration tests and audits to identify vulnerabilities that internal teams might overlook.
+
+## User Access Controls
+
+### Role-Based Access Control (RBAC)
+
+Bugbox must implement **Role-Based Access Control (RBAC)** to ensure users only access the resources necessary for their role. RBAC can be implemented using frameworks like **Spring Security** or **Django’s authentication system**.
+
+**Objective:** To restrict user access based on their role within the organization.
+
+### Granular Permissions and Attribute-Based Access Control (ABAC)
+
+For more granular control, Bugbox can implement **Attribute-Based Access Control (ABAC)**, which evaluates attributes like user location, time of day, or device used.
+
+### Logging and Auditing
+
+All access control events should be logged and monitored regularly using tools like **Splunk**, **ELK Stack**, or **Graylog**.
+
+## Comprehensive Privacy Policy
+
+### Data Protection and Regulatory Compliance
+
+Bugbox must develop a privacy policy that complies with **GDPR**, **COPPA**, and **FERPA**. Data minimization practices should be implemented to collect only the necessary information.
+
+### Privacy by Design
+
+Bugbox should adopt a **Privacy by Design** approach, embedding privacy considerations into the platform architecture and development processes.
+
+## Incident Response Plan (IRP)
+
+### Establishing an Incident Response Team
+
+Bugbox must develop an **Incident Response Plan (IRP)** that outlines the roles and responsibilities of the **Incident Response Team (IRT)**. This team should include IT administrators, developers, legal advisors, and PR representatives.
+
+### Detection and Analysis
+
+Bugbox should implement **Intrusion Detection Systems (IDS)** like **Snort** or **Suricata** to monitor network traffic, and **Security Information and Event Management (SIEM)** tools like **Splunk** or **ELK Stack** to aggregate logs.
+
+### Containment, Eradication, and Recovery
+
+Bugbox’s IRT should act swiftly to contain threats and remove malicious software. Systems should be restored from backups, with validation to ensure no residual malware remains.
+
+### Post-Incident Analysis
+
+A post-incident analysis should be conducted to identify root causes and update the IRP accordingly.
+
+## Secure Development Lifecycle
+
+### Secure Code Development
+
+Bugbox’s development team should follow secure coding practices and integrate automated security testing tools like **OWASP ZAP** or **SonarQube** into its CI/CD pipeline.
+
+### Penetration Testing
+
+Bugbox should conduct regular penetration tests to identify vulnerabilities that may not be caught during the development phase.
+
+## Conclusion
+
+Implementing these technical cybersecurity measures will significantly enhance Bugbox’s ability to protect its platform and users from evolving threats. By focusing on encryption, MFA, regular audits, access control, privacy compliance, and incident response, Bugbox can maintain a secure and trusted environment for educators and students.

docs/project-5/Cyber Security Recommendations/category.json

@@ -0,0 +1,8 @@
+{
+    "label": "Cyber Security Recommendations",
+    "position": 6,
+    "link": {
+      "type": "generated-index",
+      "description": "BugBox cybersecurity recommendations and recommended implementations"
+    }
+  }

docs/project-5/_category_.json

@@ -6,3 +6,5 @@
     "description": "BugBox"
   }
 }
+
+

yarn.lock

@@ -5999,11 +5999,6 @@ fs.realpath@^1.0.0:
   resolved "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz"
   integrity sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==
 
-fsevents@~2.3.2:
-  version "2.3.3"
-  resolved "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz"
-  integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==
-
 fstream@^1.0.12:
   version "1.0.12"
   resolved "https://registry.npmjs.org/fstream/-/fstream-1.0.12.tgz"