Академический Документы
Профессиональный Документы
Культура Документы
SQLIVs THWARTER
Submitted by
P.VIJAYA LAKSHMI
(07501A1266)
J.S.N.SASANK B.AMMAJI
(07501A1280) (07501A1287)
K.MAINKYA RAO
(07501A1279)
BATCH NO: 24
2010-2011
Signature of guide
Table of Contents
1.0 Purpose of the system…………………………………………………………..….2
1.1. Introduction…………………………………………………………………….…2
1.2. Scope…………………………………………………………………………........2
1.3. Document overview………………………………………………………….…....3
1.4. Web references………………………………………………………………….…3
2.0 Overall description………………………………………………………….……...4
2.1. System environment………………………………………………………….…....4
2.2. Requirements……………………………………………………………………....5
2.3 Functional requirements…………………………………………………………....5
2.4. Non-functional requirement……………………………………………………………….6
4.Design………………………………………………………………………………….8
4.1 Introduction to uml…………………………..………………………………………….…9
1
1.0. Purpose of the system
1.1. Introduction
A Software Requirement Specification (SRS) is the starting point of the
software developing activity. It is a complete description of the behavior of a system to be
developed. It includes a set of use cases that describe all the interaction the users will have with
the software. It is a complete description of the behavior of a system to be developed. It
includes set of use cases that describe all the interactions the users will have the software. Main
aim of organizations are protecting their precious data. The major issue of web application
security is the SQL Injection, which can give the attackers unrestricted access to the database
that underlie Web applications. Many software systems have evolved to include a Web-based
component that makes them available to the public via the Internet and can expose them to a
variety of Web-based attacks. One of these attacks is SQL injection, which can give attackers
unrestricted access to the databases that underlie Web applications and has become
increasingly frequent and serious.
1.2. Scope
We can effectively provide the security to the database. SQLIVs Thwarter
provides the security to web applications by using WASP (web application SQL
injection preventer) tool. This system mainly consists of four modules:
1. Admin
2. Customer details
3. Credit card
4. Loan
2
1.3. Document overview
The remainder of this document is two chapters; the first provides a full description of
the project for the administrator, which lists all the functions performed by the system.
The final chapter contains details of each of the system functions and actions in full for
the software developers’ assistance. These two sections are cross-referenced by topic; to
1. S.W. Boyd and A.D. Keromytis, “SQLrand: Preventing SQL Injection Attacks,” Proc.
Second Int’l Conf. Applied Cryptography and Network Security, pp. 292-302, June 2004.
2. G.T. Buehrer, B.W. Weide, and P.A.G. Sivilotti, “Using Parse Tree Validation to
Prevent SQL Injection Attacks,” Proc. Fifth Int’l
4. W.R. Cook and S. Rai, “Safe Query Objects: Statically Typed Objects as Remotely
Executable Queries,” Proc. 27th Int’l Conf.
topten.html, 2005.
3
2.0 Overall description
SQLIVs Thwarter mainly deals with the web application security. To provide this
security we developed a web application SQL-injection preventer (WASP) tool. which
we used to perform an empirical evaluation on a wide range of Web applications that we
subjected to a large and varied set of attacks and legitimate accesses. WASP was able to
stop all of the otherwise successful attacks and did not generate any false positives.
positive tainting
syntax-aware
admin
injection found
No injection or
user WASP injection
customer
admin
tarnsastion detail
New Registraton
amount credit
The user, administrator are connected to the WASP tool in the system environment. The
user and admin with valid username and password login and process it. The administrator
by connecting with the system, he maintain database of user and maintain security. The
customers by connecting with system can edit or add details . The module diagram for the
SQL injection vulnerabilities Thwarter.
4
2.2 Requirements
Hardware Requirements:
Ram : 128Mb.
Software requirements:
5
development, it is useful to distinguish between the baseline functionality necessary for
any system to compete in that product domain, and features that differentiate the system
from competitors’ products, and from variants in your company’s own product
line/family. Features may be additional functionality, or differ from the basic
functionality along some quality attribute (such as performance or memory utilization).
The precondition for to use the SQLIVs Thwarter architecture is the
admin must had register and access there account. After that user can access menu like
view details, view balances .
The precondition for to use the happi architecture is the user must had
register and access there account. After that user can access menu like view details, edit
details and add details.
2.4. Non-functional requirements
There are requirements that are not functional in nature.
Specifically, these are the constraints the system must work within. The user and vendor
must be registered in the application before using the system. This Supplementary
Specification lists the requirements that are not readily captured in the use cases of the
use-case model The Supplementary Specifications and the use-case model together
capture a complete set of requirements on the system. In general, functional requirements
define what a system is supposed to do whereas non-functional requirements define how
a system is supposed to be. Functional requirements are usually in the form of "system
shall <do requirement>", while non-functional requirements are "system shall be
<requirement>".Non-functional requirements are often called qualities of a system.
Other terms for non-functional requirements are "constraints", "quality attributes",
"quality goals", "quality of service requirements" and "non-behavioral requirements".
Qualities, that is, non-functional requirements, can be divided into two main categories:
1. Execution qualities, such as security and usability, which are observable at run
time.
2. Evolution qualities, such as testability, maintainability, extensibility and
scalability, which are embodied in the static structure of the software system.
Scope:
6
We can effectively provide security to the data in the darabase. SQLIVs
Thwarter solves the security problem by using WASP tool.
Usability:
Ease-of-use requirements address the factors that constitute the capacity of
the software to be understood, learned, and used by its intended users. Hyperlinks will be
provided for each and every service the system provides through which navigation will
be easier. A system that has high usability coefficient makes the work of the user easier.
This section lists all of those requirements that relate to, or affect the usability of the
system.
Integrity:
Integrity requirements define the security attributes of the system, restricting
access to features or data to certain users and protecting the privacy of data entered into
the software. Certain features access must be disabled to user such as modifying the
details of companies which is the sole responsibility of the administrator. Access can be
disabled by providing appropriate login screens for users and administrator separately.
Performance:
The performance is high when compared to others as it utilizes Heisenberg’s
algorithm whose efficiency is far better. Whereas this application doesn’t need any
7
external a resource hence working with it is easy by just using the appropriate software
which is compatible. And even the result can be computed faster
Security:
It can be used by any user at a time it provides authentication to the user.
Software process is a framework for the tasks that are required to build
high-quality software. Software engineers and their managers adapt the process to their
needs and then follow it. As it provides stability, one can control the software
development. Processes that you adopt depend on the software you’re building.
Generates working software quickly and early during the software life
cycle. More flexible - less costly to change scope and requirements. Easier to test and
debug during a smaller iteration. Easier to manage risk because risky pieces are identified
and handled during its iteration.
4. Design
8
the kernel of the software engineering process. Once the software requirements have been
analyzed and specified, the design is the first activity.
9
UML Analysis modeling, this focuses on the user model and structural model
views of the system.
UML design modeling, which focuses on the behavioral modeling,
implementation modeling and environmental model views.
Module Description:
1. Admin
In this module admin login only when the username and password are
valid. If admin login successfully then he provides other sub modules like registration,
transaction, customer details, amount credit information
2. Customer details
In this module customer want to access the details he has to login successfully
then it contains other sub modules. If the customer want to change the details i.e.
changing password, editing information about customer are possible.
3. Credit card
Customer want to pay he bill by using the card then the bill is processed
only when the customer is a authorized one.
4. Loans
In this module viewer can see what the loans available in this bank are and
get the details of the loans. This module can see any one who accessing the application
Use case Diagrams represent the functionality of the system from a user’s
point of view. Use cases are used during requirements elicitation and analysis to represent
the functionality of the system. Use cases focus on the behavior of the system from
external point of view. Actors are external entities that interact with the system.
10
Examples of actors include users like administrator, bank customer …etc., or another
system like central database.
Any user can view the products and can perform the following
functions like selecting the products .But only registered users can purchase the products
by performing login operation and provide feedback.
+provides
customer
admin db
11
4.4 Class Diagram
Cerdit Card
CreditProcess
Accnumber()
Bill process()
Password()
dit
cre
cre
CustomerHome
Customer Login
dit
Database
Accnumber()
User details()
password() customer customer
Transaction()
check()
update()
delete()
insert()
in
Adm Admin Home
Admin Ad Reistration()
mi transation()
n
customer details()
username() Amount credit()
password()
12
4.5 Detailed Use cases
4.5.1. Usecase1: functionalities of admin:
login
admin +performs
check transaction
performs
customer details
amount credit
Brief description:
The functionalities performed by the end user are:-
1. User Registration.
2. View Details.
3. View Transaction.
4. Credit amount.
Priority Essential
13
Trigger Menu selection
customer
transaction
14
Brief description:
The functionalities performed by the Vendor are:
1. View Details.
2. Transaction.
Priority Essential
15
login
view details
customer
bill process
Brief description:
The functionalities performed by the utility companies are:
1. Login.
2. View Customer Details.
3. Process the bill.
Use Case Name functionalities performed by customer by
using credit card
Priority Essential
Basic Path
1. customer can view the details.
16
Alternate Path N/A
The project has covered almost all the requirements. Further requirements and
improvements can easily be done since the coding is mainly structured or modular in
nature. Improvements can be appended by changing the existing modules or adding new
modules. One important development that can be added to the project in future is file
level backup, which is presently done for folder level.
17
18