You have chosen to sponsor your bid up to a maximum amount of .
the concept is to design two websites without the use of CMS from scratch about an online store using 2 different approaches. the first website should be vulnerable to simple attack of SQL injection and Xss (cross site scripting) while the second website should not allow for such vulnerabilities. it should use security framework such as the framework attached.the vulnerabilty in the first website should be outlined clearly. all source code, documentation must be provide. highlights of the vulnerabilities and defenses must be fully documented. the websites must be online for proper accessible.
the book store should:
Case Study: Online Bookshop
Online Bookshop case study is intended to be used for application of our security framework since the features are that of transaction between two parties such as what is obtained in http://www.dymocks.com.au/ or Amazon.com
The main focus is the payment aspect which we are going to use a gift card to simulate as seen in the figures at the last pages of this document.
The main activity in this case study includes:
1. Search books
Customers search books they want to buy. They may want to keep secret the search keywords and search results.
2. View/edit personal information
Customers are required to input their personal information such as name, address and telephone number. They are allowed to view and edit their own information on the web, but not other customers’ information.
3. Order books
Customers can order books. The order list sent from customers to the server must not be seen or modified by any other persons.
sample of this online book store is attached but we need not exactly the same due to copy right issues