Online%20Book%20store

1
Online Book store

• Course Name Web Security
• Project 1
• Presented
• by
• Amruta Raichurkar
• Videhi Patel

2
Overview

• Design
• Workflow
• Potential vulnerabilities

3
Design

• 3 tier structure
• UML sequence diagram

4
Workflow

• As user
• As administrator

5
Login
6
Registration
7
Home
8
Book Description
9
Cart
10
Edit Book Information
11
Database

• Tables
• - Members
• - Categories
• - Items
• - Orders
• - Card Types

12
Potential Vulnerabilities

• Cross Site scripting(XSS)
• Act of writing malicious scripting code and
  tricking another users web
• Browser into running it using third partys web
  server. It attempts to
• steal a cookie value of usersession and use it
  to log into the website.
• ltbgtfoolt/bgt
• ltscript language javascriptgt
  alert(document.cookie)lt/scriptgt

13
Potential Vulnerabilities

• Impersonating user or system
• Malicious user acts as a legal receiver for
  the packet and steals it. The destined receiver
  does not get a copy of this packets.

14
Tools

• J2SE 1.4.2
• Tomcat 4.1
• Mysql 4.1

15
References

• Java How to Program -Deitel Deitel
• Web Development with Java Server Pages
• -Duane K. Fields, Mark A. Kolb
• www.java.sun.com

16
Thank You