Online Book store Course Name: Web Security Project 1 Presented by Amruta Raichurkar Videhi Patel
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Online Book store
Course Name: Web Security Project 1
Presented by
Amruta RaichurkarVidehi Patel
Overview
Design Workflow Potential vulnerabilities
Design
3 tier structure UML sequence diagram
Workflow
As user As administrator
Login
Registration
Home
Book Description
Cart
Edit Book Information
Database
Tables- Members- Categories- Items- Orders
- Card Types
Potential Vulnerabilities
Cross Site scripting(XSS)Act of writing malicious scripting code and tricking another
users web Browser into running it using third party’s web server. It
attempts to steal a cookie value of user’session and use it to log into the
website.
<b>foo</b><script language =‘javascript’>
alert(document.cookie)</script>
Potential Vulnerabilities Impersonating user or system Malicious user acts as a legal receiver for the packet and
steals it. The destined receiver does not get a copy of this packets.
Sender Receiver
Cracker
Packet #1“abcde”
Tools
J2SE 1.4.2 Tomcat 4.1 Mysql 4.1
References
Java – How to Program-Deitel & Deitel
Web Development with Java Server Pages
-Duane K. Fields, Mark A. Kolb
www.java.sun.com
Thank You
Related Documents
