Online Book store Course Name: Web Security Project 1 Presented by Amruta Raichurkar Videhi Patel
Overview Design Workflow Potential vulnerabilities
Design 3 tier structure UML sequence diagram
Workflow As user As administrator
Login
Registration
Home
Book Description
Cart
Edit Book Information
Database Tables - Members - Categories - Items - Orders - Card Types
Potential Vulnerabilities Cross Site scripting(XSS) Act of writing malicious scripting code and tricking another users web Browser into running it using third party’s web server. It attempts to steal a cookie value of user’session and use it to log into the website. foo alert(document.cookie)
Potential Vulnerabilities Impersonating user or system Malicious user acts as a legal receiver for the packet and steals it. The destined receiver does not get a copy of this packets.
Tools J2SE Tomcat 4.1 Mysql 4.1
References Java – How to Program -Deitel & Deitel Web Development with Java Server Pages -Duane K. Fields, Mark A. Kolb
Thank You