Web Security for an Online Book Store

shopfitterpsithurismSoftware and s/w Development

Nov 10, 2012 (4 years and 10 months ago)

279 views

Web Security_Fall06


Online Book Store

Bookson.com

The best place to find cheapest textbooks




Presented by

Hala Annab

,
Sayli Kulkarni
&


Mirac Aktepe

Overview


Design


Features Implemented


DataBase Structure:ScreenShots


EER Diagrams


Database Relations


UML Diagrams and workflow


Potential Threats and Vulnerabilities


ScreenShots


Design


3 tier Architecture

Features Implemented


Shopping
-


Add to Cart


Delete from Cart


Checkout


Existing User


login


New User


Register


Pay


Make payment


Credit card information


Ship to address


Same address


Edit address

Database Structure




EER Diagrams


Database relations


UML Diagrams


Potential Threats and Vulnerabilities


Trying to steal the credit card number: Credit Card
Information is not encrypted when sent to the
Tomcat Server .


Trying to invalidate a session.


Trying to steal a cookie value and use it .


Trying to get the username and password and reuse
it.


Trying to get the clients address information and
change it.


Phishing: Trying to download a different URL for the
server side on client side and impersonate the site .

Screen Shots


Welcome Screen


Shopping


Cart


User: new or login customer


New User Form


Checkout: Make Payment


ScreenShots






Software and Packages used


NetBeans 5.0:



J2SE



Tomcat Server


JSP, Java Servlets, Java


MYSQL





WebSecurity Group


Hala , Sayli & Miracc