Online shopping System Project

Using SSDLC
Course :
Software security and reverse
engineering

Professor: Annette Chen

Abdiasis Ahmed Mohamed

ID: 110998410
 Project Plan for Online
•
Shopping
Online shopping is based on women’s cosmetic services. Our company wants to start a website
that will familiarize our current and potential clients to Secure with what we do, what kind of
products and services we offer, and what our location is. Our customers will be able to purchase
products online.

• This will keep our customers up-to-date with all the latest information regarding our products,
special offers, and discounts.

• Customers will also be able to ask questions and expect answers within 24 hours.
Our critical success factors include
 A data-driven website

 Easy to navigate home, order, and other pages of the site

 Clear flow of the website security

 Effective communication with the founders

 Used to analyze customer feedback and make changes

 Phases of SSDLC

Requirem Design Develop Build Testing Deploy Operation disposal

ent

System
Requirements
Definition
Process
Implementation Verification Transition Operation Disposal
Process Process process Process Process
Architecture
Definition
Process Integration Validation Validation Maintenance
Process Process Process Process
Design
Definition
Process

System
Analysis
Process
 Privilege
ent(input)
Technique SR-1.1 Define the security aspects of the functional SR-1.1 Define the SR-4.2 Maintain
boundary of security aspects of traceability of
the system in terms of the security behavior and the functional system security
security boundary of requirements and
properties to be provided. SR-2.2 Define security-driven
SR-2.2 Define system security requirements, system security constraints
security constraints on system requirements, and requirements,
Requirements rationale. security constraints
on system
requirements, and
rationale.

output Update User view / client Register admin Update Documentations

customer info, admin make order View product and add (testing
Security view/custo order, order new product view strategy/methods,
measure view: mer view uservie transactions constraints)
Can access
(order order view wview
management , with order
payment, order different
history, login privilege
and map)
Requiremen Update User views, Client make Add order/users admin Update Documentation
t (input) ： customer info, order and order, View order product and ( testing and
Security product view the userviewvie Payment view add new quality assurance
measure view: admin and w order product view process, security
Can access read/write transactions
(order analyze:account and privacy
management , privilege is measure
payment, order enough constraints)
history, login
and map)
Technique ： AR-2.1 Define AR-2.1 Define AR-2.1 Define AR-2.1 Define AR-2.1 Define AR-2.1 Define the
the concept of the concept of the concept the concept of the concept of concept of secure
secure secure function of secure secure secure function function for the
tool/MySQL for the system function for function for for the system system at the
function for at the the system at the system at at the architecture level.
the system at architecture the the architecture
the level. architecture architecture level.
Deisgn architecture level. level.
level
Output: Customer/fa Functions: Instances keep track Constraints and Documentations (testing
Authenticity, analysis: product- strategy/methods,
n is able to Secure constraints)
Confidentiality, configuratio Of all items based, technology,
log in with a Open source: SCA
Protect security n, snapshot and will Billing Security
username and
keys options, navigate model will be
password established
backend
and access database Through
the system in table design, website
a personalize while The
shopping
Requirement Develop Customer is Functions: instances keep track Constraints and Documentati
(input) ： able to log in with a Authenticity, Secure analysis: ons (testing
username and Confidentiality, configuration, Of all items product-based, strategy/met
password and access Protect security keys order ayment and will technology, hods,
the system in a options, navigate Billing Security constraints)
Check Out design
Develop personalize backend website model will be Open
database table whileThe established source: SCA
design, shopping

IP-2.1 Realize or IP-1.1 developing the IP-1.3 Develop IP-1.5 Software IP-2.1 Realize or IP-1.1
Technique ： security aspects by IP- the security integration adapt system developing
adapt system
elements in 1.2 Maintain code aspects of the Hardware and elements in the security
accordance with the traceability of the implementation software and accordance aspects by c
VE-3.1 Record the security aspects of of the Secure firmware and with the
security aspects of implemented system payment method testing the security aspects
verification results elements IP-1.4 define system .
and any security implementation
anomalies strategy, defined
encountered.

Output: Implements authority Implement and design Implement and Implement for Implement to Documentati
user/Admin and customer/ testing approach to integrate to customize ensure table ons (testing
secure payment order online payment order list product and strategy/met
for system integration hods,
system using for remind items
constraints)
MySQL Open
database source: SCA
Documentati
Requiremen Implements Implement and Implement and Implement for Implement to Documentations
t (input) ： authority design testing integrate to customize order ensure table (testing
user/Admin and approach to online payment list using for product and strategy/methods
customer/ for secure payment system MySQL remind items , constraints)
Open source: SCA
system order database Documentations
integration

Technique ： VE-1.1, Identify VE-1.4 Define the VE-1.4 Define VE-1.4 Define VE-2.1 Define VE-2.1 Define
the security security aspects the security the security the security the security
aspects within of the verification aspects of the aspects of the aspects of the aspects of the
the verification, strategy verification verification verification verification
VE-1.2 Identify VE-1.2 Identify strategVE-1.2 strategy procedures procedures
the constraints the constraints Identify the VE-3.1 Record VE-2.2 Perform VE-2.2 Perform
that can that can constraints that the security security security
Testing potentially limit can potentially
potentially limit t aspects of verification verification
the feasibility limit ty verification procedures. procedures.
Output: system elements Update online Updated Update We check all Documentations
are tested and payment system database order database table database (testing
verified. according to the table according products database table to strategy/methods
System users order /product to the Issues/ according new ensure security , constraints)
customer service Issues/ defects defects product to the Open source: SCA
are become well Issues/ defects models ns Documentations
trained for registration
 Requirement system elements are tested Update online payment Update database table
(input) ： and verified. system according to the products according new
System users customer service order /product Issues/ product to the Issues/
are become well trained defects defects for registration

Deploy Technique ： TR-2.3 Install the system at its TR-3.2 Record the security aspects of operational
specified location and establish incidents and problems and track their resolution
secure interconnections to its
environment

Output: customer view based on the admin entry Data into the system can be done
selection through the menu through various screens designed for various levels of
and the database of all the users. Once the authorized personnel feed the relevant
products and make order easy. data into the system
 Requireme customer view based on the selection through the menu and the admin entry Data
nt database of all the products and make order easy. into the system
(input) ： Make can be done
through various
screens designed
for various levels
of users.
disposal Technique DS-2.4 Disassemble the system or system element into manageable DS-3.3 Archive and
： components and ensure that appropriate protections are in place for protect
those components during removal for reuse, recycling, reconditioning, information
overhaul, archiving, or destruction. generated during
DS-1.3 Identify, plan for, and obtain the enabling systems or services to the life cycle of the
Disposal Process support the secure disposal of the system system.

Output: allows customers tm make Orders Components of product and Encrypted Security
easily and Product respostory . oders and customer info . online payments
system to prevent
intercept attack
Thank You