A simple personal finance manager system made in .NET. Its differential is in its simplicity: designed to be secure, fast, easy to use, and effective in functionality. It is proposed to be built with adherence to the market and as a demonstration of the value of Microsoft technologies for desktop applications.
Demonstration video of application use: https://www.youtube.com/watch?v=FsBJ4yT1Wkk
Creation of a market research sent to communities and social networks, obtaining more than 22 responses.
Understanding the target audience through research:
- 40% of people do their financial organization via desktop (Excel/Website).
- 31% do not do it.
- Major difficulties: "an easy way to catalog and organize all expenses"; Interface that stimulates this, simple category separation
- 80% of participants reported that security is essential for this type of application; 50% for ease of use and 40% for simplicity.
- 50% feel the need for a desktop application for this type of function.
From the data collected by the research, considering the audience with greater adherence to the use of our application, we built the following persona:
"Fernanda Fraga". Fernanda is 30 years old, works as a Product Manager and is very critical when selecting an application. She likes minimalism and practicality in her daily life. "I prefer to organize my personal tasks on the computer."
Motivation: To have more of a habit of organizing personal finances. Support: She resorts to online spreadsheets when she needs them. Mistakes: Forgets to write down the expenses. Ends up saving with unindexed categories. Care: Uses antivirus and is always updated on virtual security needs.
With the information from the research, we built a Use Case Diagram to understand the functional requirements in practice:
- The application must allow the creation of categories for expenses.
- The application must allow the launch of expenses with the following data (date, value, description, and category).
- The application must allow the visualization of the total expenses per month.
- The application must allow the visualization of the total expenses per category of the month.
- The application must allow editing of registered categories.
- The application must allow editing or deletion of launched expenses.
In addition to the processes that involve the product's functionality, we also sought to consider security as an important process early on in construction. To think about security requirements, we continued with the threat modeling exercise with a focus on the core component of our service.
Understanding that, in this initial case, we should contain potential threats to the database by building parameterized queries. Defining controls from threats:
Thus, building the following security requirements as initial examples, discussed in pairs and based on OWASP ASVS:
-
Only people who have been authenticated by an access control and authentication component can view information since confidentiality allows this type of access only to authorized personnel
-
Ensure that all data inputs are treated securely to prevent SQL injection attacks
-
Continuous monitoring of application security to quickly detect and correct any vulnerabilities or issues.
-
In pairs, we decided on the following non-functional requirements to enhance the technical and process quality of the product creation:
-
The system must be implemented in the .NET framework
-
The system must follow the DevOps methodology of agility
-
The system should communicate with the SQLite database
-
The system must use an MVC layered architecture pattern.
These requirements allow us to keep the code cleaner and more organized, as well as improve the quality of the final product.
To support this process, we also use Conviso Platform's Secure by Design, which makes it easy for us to perform threat modeling with attack patterns and automated requirements.
As part of our development process, we use an automated SAST (Static Application Security Testing), from Conviso's Secure Pipeline, in Azure DevOps for each approved code before deploying it to our production environment. This helps us identify and fix security vulnerabilities in our code before it is deployed.
To help us build more modern screens, we use Figma together with a Design System to standardize the components of the product screens. Remembering that these screens were not implemented due to time.
Here are screenshots created using Figma:
Install .NET Framework on your machine Clone the project repository Run the command 'dotnet run' in the terminal, in the project directory Open the application in the browser at the address 'https://localhost:5001'
Fork the project repository Create a branch with your new feature: git checkout -b my-feature Commit your changes: git commit -m "feature: My new feature" Push your branch: git push origin my-feature Open a pull request in the project repository
This project is licensed under the Apache License 2.0. See the LICENSE file for details.