Sunday, 5 June 2011

Your OWASP AppSec EU Homework

This is your homework if you are coming to my presentation at the OWASP App Sec EU talk  on Friday June 10th, in Dublin. I'm going to use this completely ficticous application - the Brochure Co (BCo) website. This post is to give a quick overview of the application and a number of use cases which it will implement.

The main goal of the talk is to specify the security requirements that the application development team should incorporate during the implementation of the BCo website. 



The presentation will describe a set of topics that should be covered during a security workshop which is held at the start of the project.

Description
Brochure Co (BCo) is a company that manages and distributes a range of printed brochures on behalf of its clients. These brochures are sent out via normal mail on a regular basis. The new online application will allow BCo  users to register online and choose the brochures that they want to receive through the normal mail.

Use Case 1 - Registration
BCo users register with the  Bco.demo website. They enter their name and postal address. They choose what brochures they want to receive.

Use Case 2- Edit
BCo users can logon to the site and modify their address details as well as change the range of brochures that they receive.

Use Case 3- Delete
BCo Users can delete their accounts when they no longer want to use the application

Use Case 4- WebSite Admin Downloads Addresses

On a regular basis, the BCo Website Admin logs on and downloads the list of BCo user names and addresses as well as the list of brochures that they want to receive. The list is downloaded as a CSV file to their laptop. The BCo Website Admin cleans up the list.

Use Case 5 - WebSite Admin Forwards List

The BCo website admin then sends the cleaned up list in a spreadsheet format to PrinterCo in an email. PrinterCo then prints the brochures and sends the brochures to the BCo users via normal mail.

Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

No comments:

Post a comment