/ShinyEggs-Final

Explore our journey in developing a secure web application, applying Secure Software Development Lifecycle (SSDLC) principles. This repository includes project files, documentation, and reports emphasizing our commitment to ensuring confidentiality, availability, and integrity in software solutions.

Primary LanguageC#GNU General Public License v3.0GPL-3.0

Secure Software Development (SSD) / 安全软件开发

This repository contains the project files for the Secure Software Development (SSD) course. Our team has developed a secure web application, following the Secure Software Development Lifecycle (SSDLC) to ensure a reliable, resilient, and secure product.

该仓库包含安全软件开发 (SSD) 课程的项目文件。我们的团队开发了一个安全的Web应用程序,遵循安全软件开发生命周期 (SSDLC) 以确保产品的可靠性、弹性和安全性。

Project Title / 项目标题

The team was engaged in developing a secure web application catering to all groups of consumers interested in purchasing electronics (phones, laptops, cables, etc.). ShinyEggs Electronics is an organization committed to assisting consumers in finding the optimal electronic products. We strive to enhance and simplify consumers’ shopping experience by providing convenience, security, and reliability. Hence, the theme of the application for this project is an Electronics Ecommerce website.

团队致力于开发一个安全的Web应用程序,迎合所有有兴趣购买电子产品(手机、笔记本电脑、电缆等)的消费者。ShinyEggs Electronics 是一家致力于帮助消费者找到最佳电子产品的组织。我们努力通过提供便利、安全和可靠性来提升和简化消费者的购物体验。因此,本项目应用的主题是电子商务网站。

Project Vision / 项目愿景

The project vision is to properly secure the web application using the knowledge we gained during the Secure Software Development Course and apply these skills throughout the Secure Software Development Life Cycle (SSDLC). The target of the development team is to design, plan, implement, and test the web application to ensure that malicious attempts to breach confidentiality, availability, and integrity are thwarted. Our ultimate goal is to instill confidence in our consumers by providing them with a safe, secure, and seamless shopping experience by prioritizing security as a fundamental aspect.

项目愿景是使用我们在安全软件开发课程中获得的知识,正确地保护Web应用程序,并在整个安全软件开发生命周期 (SSDLC) 中应用这些技能。开发团队的目标是设计、计划、实施和测试Web应用程序,以确保恶意尝试破坏保密性、可用性和完整性。我们的最终目标是通过将安全作为基本方面优先考虑,为消费者提供安全、无缝的购物体验,从而增强他们的信心。

Project Description / 项目描述

The objective of this web application is to offer a seamless shopping experience for consumers by creating a highly secure web application catering to a diverse range of consumers seeking to purchase electronics. At ShinyEggs Electronics, we strive to meet the needs and preferences of our consumers.

Through our website, consumers can explore the various options available by browsing our product catalogue and add them to the shopping cart where they can view the total amount incurred as they decide and curate their purchases. Our intuitive interface provides not only convenience but ease of accessibility for the consumer.

We have also prioritized efficiency and convenience through the checkout process where consumers can enjoy a hassle-free checkout experience, streamlining their purchase to enhance consumer satisfaction. Moreover, to ensure the safety of sensitive information, we have also implemented stringent security measures such as guaranteeing the protection of customer data and providing a safe and worry-free transaction.

该Web应用程序的目标是通过创建一个高度安全的Web应用程序,为寻求购买电子产品的各种消费者提供无缝的购物体验。在ShinyEggs Electronics,我们努力满足消费者的需求和偏好。

通过我们的网站,消费者可以通过浏览我们的产品目录来探索各种选项,并将它们添加到购物车中,在决定和策划购买时可以查看总金额。我们的直观界面不仅提供便利,还提供易于访问的消费者体验。

我们还通过结账流程优先考虑效率和便利性,让消费者享受无忧无虑的结账体验,简化他们的购买流程,以增强消费者的满意度。此外,为确保敏感信息的安全,我们还实施了严格的安全措施,如保证客户数据的保护,并提供安全和无忧的交易。

Assignment Scope and Features / 作业范围

Overview of Team Distribution / 团队分工概述

  • Wong Jia Yi: Login/Registration/Authentication
  • Sim Pei Qi: Authorization (including Admin features)
  • Bernice Tan Xuan Rong (me): CRUD Database + Audit/Accountability or Miscellaneous Pages

Full Features / 完整功能

Project Features / 项目功能

  1. Authentication / 认证

    • Cookie-Based Authentication for login and logout
    • CAPTCHA
    • MFA (Multi-Factor Authentication)
    • Account Lockout
    • Password character limit
    • Input sanitization

  2. Authorization / 授权

    • Role-Based Access Control (RBAC)
    • Attribute-Based Access Control (ABAC)

  3. Auditing / 审计

    • Data Access
    • Data Integrity
    • Data Security
    • Logging and Auditing

  4. CRUD Database / CRUD数据库

    • Create
    • Read
    • Update
    • Delete

  5. Additional Features / 其他功能

    • Shopping Cart / 购物车
      • Add products to cart
      • Remove items from cart
      • Update quantities
    • Checkout / 结账
      • Secure and streamlined process
      • Protects customer information
    • Search Bar / 搜索栏
      • Search by product name, category, or keyword
    • Products / 产品
      • Product images
      • Pricing information
      • Brand name and description

  6. Data Seeding / 数据播种

    • Testing and debugging
    • Database migration and versioning

  7. Secure Website using HTTPS / 使用HTTPS的安全网站

    • Protects sensitive data

We hope this project demonstrates our understanding and application of secure software development principles.

我们希望这个项目展示我们对安全软件开发原则的理解和应用。