Transcript Xyz Online Book store

Online Book store
Course Name: Web Security
Project 1
Presented
by
Amruta Raichurkar
Videhi Patel
Overview



Design
Workflow
Potential vulnerabilities
Design


3 tier structure
UML sequence diagram
Workflow


As user
As administrator
Login
Registration
Home
Book Description
Cart
Edit Book Information
Database

Tables
- Members
- Categories
- Items
- Orders
- Card Types
Potential Vulnerabilities

Cross Site scripting(XSS)
Act of writing malicious scripting code and tricking another users web
Browser into running it using third party’s web server. It attempts to
steal a cookie value of user’session and use it to log into the website.
<b>foo</b>
<script language =‘javascript’> alert(document.cookie)</script>
Potential Vulnerabilities

Impersonating user or system
Malicious user acts as a legal receiver for the packet and steals it.
The destined receiver does not get a copy of this packets.
Packet #1
“abcde”
Receiver
Sender
Cracker
Tools



J2SE 1.4.2
Tomcat 4.1
Mysql 4.1
References

Java – How to Program
-Deitel & Deitel


Web Development with Java Server
Pages
-Duane K. Fields, Mark A. Kolb
www.java.sun.com
Thank You