Professional Documents
Culture Documents
W.M.N Maheshika Wijesinghe Application Development Assigment Unit 30 Reg11179 Peoson No PDF
W.M.N Maheshika Wijesinghe Application Development Assigment Unit 30 Reg11179 Peoson No PDF
Assessor Internal
Verifier
Unit(s) Unit 30 – Application Development
Assignment title
Student’s name
List which assessment criteria Pass Merit Distinction
the Assessor has awarded.
Resubmission Feedback:
* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and
grades decisions have been agreed at the assessment board.
Assignment Feedback
Action Plan
Summative feedback
Assessor Date
signature
Student Date
signature
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous
page as your cover sheet and make sure all the details are accurately filled. Commented [U1]:
2. Attach this brief as the first section of your assignment. Commented [U2R1]:
3. All the assignments should be prepared using a word processing software.
Commented [U3R1]:
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.
Important Points:
1. Carefully check the hand in date and the instructions given in the assignment. Late submissions will
not be accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Excuses of any nature will not be accepted for failure to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may
apply (in writing) for an extension.
6. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
7. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
8. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
9. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
Student Declaration
Assignment Brief
Student Name /ID Number
Unit Tutor
Assignment Title
Issue Date
Submission Date
Submission format
The submission should be in the form of an individual written report. This should be written in a concise,
formal business style using single spacing and font size 12. You are required to make use of headings,
paragraphs and subsections as appropriate, and all work must be supported with research. You must
provide in-text citations and the reference list using Harvard referencing system.
PC World(PCW) is a medium-sized company that sells over 50 different types of computer products. The
company has grown steadily in the last 2 years mainly due its popularity over the Internet. They are
finding it increasingly difficult to cope up with all of the paperwork associated with tracking orders due to
the increase of number of orders. The Managing Director is frustrated by the problems associated with
JJLP Software (JJLP) is a software development consultant. JJLP is located on the same industrial estate as
PCW. JJLP has purpose built rooms for Facilitated Workshops and Agile software development projects.
The Managing Director of PCW has decided to contract JJLP, on “time and materials” basis, for the
development of the new order tracking system using an Agile development approach.
The new order tracking system will replace the old paper based system and is likely to include some of the
following functionalities:
Receive a sales order via telephone, fax, post or email – carried out by an Order Handling Clerk;
Create an acknowledgement copy of the sales order with a delivery date after the order has been
confirmed with the warehouse – carried out by a Warehouse Operative ;
Create an acknowledgement copy of the sales order stating the item is out of stock and the date it
will be available after the order has been confirmed with the warehouse – carried out by a
Warehouse Operative;
Credit-check new customers and reject them if they are not creditworthy – carried out by an Order
Handling clerk
Create a daily report of orders that have been dispatched – carried out by the Production Manager;
Create an invoice for business customers after the delivery – carried out by the Chief Accountant
(M)
Accept credit card payment from domestic customers after the order has been confirmed with the
warehouse - carried out by an Order Handling Clerk;
Create a final demand if a business customer has not paid an invoice after 30 days – carried out by
the Chief Accountant;
The new order tracking system should have the following levels of access:
report only;
update only;
update and delete;
complete system access;
All acknowledgement copies of sales orders, invoices and final demands must be printed on the
relevant company headed forms;
The new order tracking system should be able to print acknowledgement copies of sales orders,
invoices and final demands at a rate of 1 in every 5 seconds. However, an upper limit of 10
seconds would be acceptable.
Activity 1-
Produce a Software Design Document by analyzing a business-related problem and deduce an
appropriate solution including a set of initial requirements
1.2 Determine any areas of risk related to the successful completion of your application.
1.3 Analyze a business related problem using appropriate methods and produce a well-structured Software
Design Document that defines a proposed solution. Include relevant details on requirements, system
analysis, and system design. (propose a suitable language)
Activity 2
LO2 Use design and development methodologies with tools and techniques associated with the
creation of a business application
2.1 Research the use of software development tools and techniques and identify any suitable tool or
technique that you may select for the development of this application.
2.2 Compare the differences between various software development tools and techniques researched.
Justify your preferred selection and preferred software development methodology.
2.3 Justify the tools and techniques chosen to realize a custom built website. Justify your preferred
selection of tools and techniques in deducing an appropriate solution to a business related problem.
Activity 3
LO3 Work individually and as part of a team to plan and produce a functional business application
with support documentation
3.1 Create a formal presentation that effectively reviews your business application, problem definition
statement, proposed solution and the development strategy. Use this presentation as a part of a peer-review
and document any feedback given.
3.2 Develop a functional business application based on a specific Software Design Document with
supportive evidence for using the preferred tools, techniques and methodologies.
3.3 Evaluate any new insights, ideas or potential improvements to your system and justify the reasons for
including/not including them as a part of this business application.
Activity 4
LO4 Evaluate the performance of a business application against its Software Design Document and
initial requirements
4.2 Critically evaluate the strengths and weaknesses of your business application and justify opportunities
for improvement and further development.
Observation Sheet
Comments:
Strengths: Weaknesses:
Assessor: Signature:
Date: ____/____/______
In preparation of my assignment, I had to take the help and guidance of some respected
persons, who deserve my deepest gratitude. As the completion of this assignment gave me
much pleasure, I would like to show my gratitude Mr.Prneeth, lecturer, on ESOFT Metro
Campus, for giving me a good guideline for assignment throughout numerous consultations. I
would also like to expand my gratitude to all those who have directly and indirectly guided
me in writing this assignment.
1. User Requirements
User requirements, often referred to as user needs, describe what the user does with the system, such as
what activities that users must be able to perform. User requirements are generally documented in a
User Requirements Document (URD) using narrative text. User requirements are generally signed off
by the user and used as the primary input for creating system requirements.
An important and difficult step of designing a software product is determining what the user
actually wants it to do. This is because the user is often not able to communicate the entirety of
their needs and wants, and the information they provide may also be incomplete, inaccurate and
self-conflicting. The responsibility of completely understanding what the customer wants falls on
the business analyst. This is why user requirements are generally considered separately from
system requirements. The business analyst carefully analyzes user requirements and carefully
constructs and documents a set of high quality system requirements ensuring that that the
requirements meet certain quality characteristics.
Many user requirements deal with how a user will interact with a system and what that user
expects. If there is a screen or human machine interface aspect to the system, a user requirement
may be based on what happens when the user selects an action on the screen. Maybe with a
button press not only does a process start, but it also switches to another screen and provides an
audible notification. When user requirements such as these are written down, they can often
break into multiple system requirements later due to switching of screens, the maximum delays
in starting the process, and finally what the next screen should look like. One pitfall is starting to
try to write the system requirements during a user requirement meeting. This often detracts from
gaining insight into the requirements of the user, and key functionality pieces could be missed.
User Interfaces
The user interface for the software shall be compatible to any browser such as Internet
Explorer, Mozilla or Netscape Navigator by which user can access to the system.
The user interface shall be implemented using any tool or software package like ASP.Net, MS
Front Page, EJB etc.
Since the application must run over the internet, all the hardware shall require to connect internet will
be hardware interface for the system. As for e.g. Modem, WAN – LAN, Ethernet Cross-Cable.
Software Interfaces
1.The e-store system shall communicate with the Configurator to identify all the
available components to configure the product.
2.The e-store shall communicate with the content manager to get the product
specifications, offerings and promotions.
3.The e-store system shall communicate with billPay system to identify available payment
methods , validate the payments and process payment.
4.The e-store system shall communicate to credit management system for handling
financing options.
5.The e-store system shall communicate with CRM system to provide support.
6.The e-store system shall communicate with Sales system for order management.
7.The e-store system shall communicate with shipping system for tracking orders and updating
of shipping methods.
8.The e-store system shall communicate with external Tax system to calculate tax.
9.The e-store system shall communicate with export regulation system to validate export regulations.
10. The system shall be verisign like software which shall allow the users to complete secured
transaction. This usually shall be the third party software system which is widely used for
internet transaction.
2. System Requirements
System requirements are the building blocks developers use to build the system. These are the
traditional “shall” statements that describe what the system “shall do.” System requirements are
classified as either functional or supplemental requirements. A functional requirement specifies
something that a user needs to perform their work. For example, a system may be required to
enter and print cost estimates; this is a functional requirement. Supplemental or non-functional
requirements specify all the remaining requirements not covered by the functional requirements. I
prefer to use the term supplemental requirements instead of non-functional requirements; who
wants to be termed nonfunctional? Supplemental requirements are sometimes called quality of
service requirements. The plan for implementing functional requirements is detailed in the
system design. The plan for implementing supplemental requirements is detailed in the system
architecture. The list below shows various types of supplemental requirements.
Sql - can work with SQL Server Express, as long as its limitations do not stop. Basically, max
memory and max database size can be the worst enemies here. Also, I had trouble in restoring
database from "normal" instances (some non-supported features will block the restore)
Project type - I am familiar with ASP.NET MVC5 and I can recommend it as a project type for
Web apps. Allows a modern application architecture and works nicely of things like Bootstrap (use it
by default), jQuery, AngularJs, auto mappers, dependency injection (used Ninject). Also has nice
features such as attribute routing and authentication filters.
Development cycle - there are many things to say here, but using MVC 5 allows a fast
development cycle: publish -> copy-paste content (except .configs) over target Web app folder and
the Web app will run using the new code. This is one point that was lacking in ASP.NET 5 (next
version).
Using this technology stack requires Windows OS, which is not free, but its price looks
reasonable to me.
I think the most important discriminant should be existing experience of your team. If most of
you have experience with SQL Server, .NET, IIS etc., than paying licenses might be less
expensive that learning to work with other technologies (there is actually a price associated with
learning curve, so nothing is really free, if not previously known).
These effects are the combined Hardware: CPU, memory, disk space, etc.
responsibility of the software, the Software: OS, libraries, packages, etc.
Developing a real work web application can be really challenging. The developer team must have very
good skills in all the layers from the frontend down to the very backend. This challenge is even bigger
when considering the most common security risks that web applications can have.
When run the web application threats to IT systems and data include:
viruses - computer code that can copy itself and spread from one computer to another,
often disrupting computer operations
spam, scams and phishing - unsolicited email that seeks to fool people into
revealing personal details or buying fraudulent goods
Human error - incorrect data processing, careless data disposal, or accidental opening
of infected email attachments.
denial-of-service - online attacks that prevent website access for authorized users
User can’t adjust to the system because they have not IT knowledge.
UML class diagram and use case diagram for the PCW online ordering system
Given below is the class and use case diagram for the scenario
HTML and CSS: HTML, CSS are the building blocks for web development. Their
Frameworks like Bootstrap and Materialize are most widely used in web development.
Twitter Bootstrap is popular for its Responsive design and Flexbox and CSS Grid System
are also trending topics in CSS, and they are used without any framework to develop
responsive websites.
Another trending development technology is Motion UI. It keeps simplicity to a site. Since a
large number of web users, today got tired of GLFs and flashing advertisements. Web
developers are using its animations that will allow adding styling and make your site unique
among thousands of others with static UI
JavaScript and its Front-End Frameworks like Angular and React and Vue.js are currently
most trending frameworks that need to be used in your project.
CSS Frameworks like SASS or LESS. SASS is preferable and widely used than LESS.
Server-Side Languages/Technologies: Node JS, Python and PHP are the more widely used
languages for Web Development in 2018. The other languages used in web development are
Ruby, C# & ASP.NET
Database: MongoDB is currently popular, with its non-relational database, MySQL is
popular relational database. Oracle, SQL Server, PostgreSQL, Firebase are other database
systems used in web development.
Back-End Frameworks: Express is the popular frame work for JavaScript. Adonis and
Hapi.js are also best frameworks in JavaScript. Frameworks for PHP like Laravel,
CodeIgniter, Symphony and Yii2 are popular. For Python- Django, Flask, Web2py are
widely used frameworks, and for Ruby – Ruby on rails, and for C# – .NET are best
frameworks used.
For Mobile Applications, React Native, Native Script, Ionic, PhoneGap are the leading
frameworks
It was first released in January 2002 with version 1.0 of the .NET Framework, and is the
successor to Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the
Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any
supported .NET language. The ASP.NET SOAP extension framework allows ASP.NET
components to process SOAP messages.
Recently started to use a ASP.net for application development work. I use MS SQL Server
Express Edition for developing Project in ASP.net Core.
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop
and is available for Windows, macOS and Linux. It comes with built-in support for JavaScript,
TypeScript and Node.js and has a rich ecosystem of extensions for other languages (such as C++,
C#, Java, Python, PHP, Go) and runtimes (such as .NET and Unity).
I found the method how to use MS SQL Server directly from Visual Studio Code. I don’t
need to install a third party software to run SQL query.
The SQL Server is a relational database management system from Microsoft. The system is designed
and built is to manage and store information. The system supports various business intelligence
operations, analytics operations, and transaction processing. The information stored on the server is
stored in the relational database. However, since the system is much more than a database, it also
comprises of a management system. SQL stands for Structured Query Language, a computer language
that manages and administers the server. There are many versions of the SQL server, each subsequent
version being an improved model of its predecessor.
Microsoft SQL Server has numerous applications in the business world. The first and most obvious one
is the database is used to store and manage information. However, businesses that hold sensitive
customer information such as personal details, credit card information, and other confidential
information will benefit from increased security. The system also allows the sharing of data files by
computers in the same network, a factor that increased reliability. The SQL server is also used to
increase the speed with which data is processed, allowing large operations to be executed with ease.
With the information stored in the database, businesses will have a reliable backup system.
5. Crystal Reports
Crystal Reports is a business intelligence application used to create custom reports from a variety
of data sources. The package includes the major features needed for a business to create a
database reporting environment, such as data access, report design/formatting, report viewing,
and application integration. This allows the application to be enterprise-wide, available to users,
and to support data reporting from report creation to upload and execution.
The main purpose of Crystal Reports is to allow users to pull their desired data from a data
source, such as an Oracle or MS SQL Server database, and present the data in a repeatable and
organized way. Crystal Reports provides you with a powerful, dynamic, and actionable reporting
solution that helps you design, explore, visualize, and deliver reports via the web or embedded in
enterprise applications.
Using this crystal report covered my application development's reporting part.
Prototype is an early sample of design used to get feedback and rapid experiments with new
ideas.
• Limit the expenses of development
• Test the design concepts
• Test the usability of the product
7. Sketches
Sketching is a drawing, which you could easily with a papers and pens with less cost. Mostly
sketching has used in the early stages of the design process to get new ideas for the product as
well as use to identify the users pain point. Low fidelity sketches can mostly use identifies
Sketch is a very popular tool within the design community that enables you to create hi-fi
interfaces and prototypes. One of the great features is Symbols, where you can design UI
assets and elements for reuse. This helps create design systems and keep your interfaces
consistent. From there, you can easily export your design into a clickable prototype. If you are
an In Vision user, make sure you check out the Craft plugin.
Wireframes are representation of layouts and mostly focused on the layout of the content.
Mostly use gray scale or black and white.
In low fidelity wireframing, you can use tools to create gray scale wireframes, which is richer
way than sketching at the beginning of the design process.
When talking about web site creation, the two programs that stand out are Adobe’s
Dreamweaver and Microsoft’s Visual Studio and someone ever will ask which one is the better
program for what they need. The obvious issue that comes to mind before even opening the box
is that Visual Studio is a Microsoft creation.
Anyone that has any experience with computers and their programs knows that Microsoft
hardware and software plays better with other Microsoft toys. This is not to bash on Microsoft
but if you are not using any Microsoft applications then this maybe a turning point for you. Many
people are using Apple hardware when they have intensive graphic needs, so you might want a
program that plays well with any platform, including Microsoft’s.
For any first timers, Visual Studio is easy to use with its many examples and help section. Via
drag and drop interface, there is total control over servers and the HTML servers, as well. An
easy to read and navigate control panel displays all your server controls. These are some of the
highlights of what the Visual Studio can do for you.
Do you need to create and manage console applications, window applications and web applications?
Visual Studio is designed to make this easy for you. Many users have noticed that Dreamweaver is
better utilized in web design and that Visual Studio is better to use for web development.
Dreamweaver and Net Beans are very different products, so I don't think it can be said that
one is better than the other. It really depends what you're trying to do.
Net Beans is an IDE comparable to Eclipse. You can build desktop, mobile, and web apps in
it. Dreamweaver on the other hand is a program aimed at designers, and is meant for
building webpages.
One of the things many people struggle with at work is making time to find ways to work
smarter. It’s not like any of us don’t want to work smarter or faster. It’s just that mentality of
“If it ain’t broke, don’t fix it” that has a way of seeping in when we think about having to find
or try new design and development tools.
Responsive design continues to get a lot of attention, but considering how different it is from
the “traditional” way of designing websites, it can be a bit overwhelming for those designers
who have yet to try it.
That’s what happens when you work in online ordering management systems, like ASP.Net,
that make the process of building and publishing websites so easy.
1. Databases
databases
A database is a collection of information that is stored so that it can be retrieved, managed
and updated.
A CSS preprocessor is basically a scripting language that extends CSS and then compiles it
into regular CSS. Make sure to also check out or in-depth post on Sass vs Less.
Sass: A very mature, stable, and powerful professional grade CSS extension.
Less: As an extension to CSS that is also backward compatible with CSS. This makes
learning Less a breeze, and if in doubt, lets you fall back to vanilla CSS.
Stylus: A new language, providing an efficient, dynamic, and expressive way to generate
CSS. Supporting both an indented syntax and regular CSS style.
If you are just getting started with a CSS preprocessor you might want to make the transition
easier by first using a 3rd party compiler, such as the ones below.
A web application framework is a software framework designed to aid and alleviate some of
the headache involved in the development of web applications and services.
Behind all the web development tools is a language. A programming language is a formal
constructed language designed to communicate with a computer and create programs in which
you can control the behavior. And yes we realize some of these might not always be referred to
as a language.
PHP: Popular general-purpose scripting language that is especially suited to web development.
NodeJS: Event-driven I/O server-side JavaScript environment based on V8.
JavaScript: Programming language of HTML and the web.
HTML5: Markup language, the latest version of HTML and XHTML.
Python: Programming language that lets you work quickly and integrate systems more effectively.
Ruby: A dynamic, open source programming language with a focus on simplicity and productivity.
Scala: Scala is a pure-bred object-oriented language allowing a gradual, easy migration to a
more functional style.
CSS3: Latest version of cascading style sheets used in front-end development of sites
and applications.
SQL: Stands for structured query language used with relational databases.
Golang: Open source programming language that makes it easy to build simple, reliable,
and efficient software.
Rust: Systems programming language that runs blazingly fast, prevents segfaults, and
guarantees thread safety.
Elixir: Dynamic, functional language designed for building scalable and maintainable applications.
TypeScript: Open source programming language that is a superset of JavaScript which compiles
to plain JavaScript.
5. web Essentials
The package includes HTML shortcuts and productivity tools, CSS and LESS tools for keeping
your style sheets under control, extensions for coding with JavaScript, TypeScript, CoffeeScript
and Markdown, and even extensions to the built-in Visual Studio Browser Link dynamic data
exchange with open browsers in your development environment.
Another reason to check out Web Essentials: Scott Hanselman says, "It's the Web Team's
most important feature playground. It's a peek into the future of Visual Studio."
Presentation
Invoice
Figure 28:Invoice
Login Form
In the scenario, they have mentioned several types of users in the website. First, one is PC World.
Therefore, in here I have designed login form for these two types of users. Users can login as a
producer or member selecting their user category in login area. Login form prototype as follows,
Registration form
PCW producers and new members need to be register for access a web site. Every user must
provide their true details to web site.
The producers have to insert more details than normal users to get registration complete. User
Registration form prototype as follows,
Figure 30:R.aspx
Figure 32:R.aspx
Figure 36:L.aspx
Figure 38:L.aspx
Payment Form
Figure 42:P.aspx
Figure 46:Change pw
Figure 51:Cat.aspx
Figure 56:Item.cs
Figure 58:Item.aspx
Figure 60:Item.aspx
Figure 62:Order.aspx
This suggests you a few tips to improve the performance of an ASP.Net web application. There
are many more things which may ensure a better performance and faster response time for a web
application.
So, will have a more light weight application which runs quicker and gives a better response time.
Use Caching
Caching is a good technique to improve this application’s performance. If the application has
infrequent data changes or the application has more static content of web page, can use caching. If
this application does not mandate near real-time content to be delivered, consider using output
caching. But, the data won’t be the latest for the duration mentioned while enabling caching.
When using caching, what it does is - it stores the output of the page. So, the subsequent requests for
the page are loaded immediately by serving this output instead of generating the output. This output is
served for the certain period mentioned while enabling caching.
this can cache entire page or fragments of pages or controls depending on the type of static data
we have.
We can disable the View State of the pages where there is no postback required. This is applicable
for controls as well. By default, View State is turned on for all pages and controls. So, turn it off for
a page or a control wherever it is not required.
Set debug=false
When we create the application, debug attribute will be set to "true" by default since it is very
useful during development. But, always set debug="false" before deployment. This is a very small
thing you need to do but will have a greater impact on the application performance.
For example,
contactus.css can be used for ContactUs.aspx and home.css can be used for Home.aspx, The same
way we can split our JavaScript files as well.
Use Server.Transfer instead of Response.Redirect for any transfers within our server
Both Server.Transer and Response.Redirect present the user with the contents of a new page but in
different ways. When we use Response.Redirect, the server sends an HTTP header back to the
browser with an HTTP status code stating that the address of the object has changed along with the
new location to find it. The browser then initiates another request to the new object.
On the other hand, Server.Transfer just transfers execution from one page to another page on the
server. In effect, back-and-forth network traffic is reduced which therefore eases the pressure on our
Web server and network bandwidth and makes our applications run faster.
Use CDN
Content Delivery Network (CDN) provide another way of increasing performance. A CDN is a
network of servers (nodes) spread across the world. When the application request for a resource from
CDN, the content is delivered from a node which is geographically nearest to the user ensuring a
faster response time.
we can avoid a lot of unnecessary memory allocation if we are a bit more cautious while
declaring variable. A few cases are,
1. Avoid the use of dynamic keyword if it is not necessary
Because, dynamic types cause compiler and Dynamic Language Runtime (DLR) to do more work.
This affects performance and it will be more obvious in case if they are used in loops.
4.1 Review the performance of your business application against the Problem
Definition Statement and initial requirements.
In setting up an online business, the owner will need to go through the same procedures as a
traditional business, in formulating a business plan, by crafting a mission statement and through
handling other administrative matters. However, there are a number of advantages and disadvantages
of operating an online business.
The Pcw Company used manual system earlier, but I could introduce online system for it.
They could to adapt new system, because company had people who have enough computer knowledge.
So, the company get many advantages as new system like bellow mentioned.
Reduced Costs
There is no time wasting, they can do work on time, So now company effectively and efficiency.
The main advantage of having an online business is the cost difference when compared to setting up a
traditional office-based company. While there are fees associated with securing a domain and setting
up a website, these are minimal in comparison to leasing and maintaining physical premises.
Lack of Interaction
With a physical presence staff members can interact with customers face to face. This can impress the
purchaser and prompt them to share their positive experiences with others. Some purchasers may
simply prefer face-to-face interaction, as opposed to purchasing their goods online. You may struggle
to develop a meaningful relationship with a purchaser when you operate an online business.
Support Systems
If a customer purchases an item from a physical store, only to later discover it is faulty, they can
return the product to the store for an exchange or refund by means of a relatively easy process.
However, if an online purchaser finds that their goods are faulty, it could be several days until the
issue is rectified, especially if you have no customer care system in operation. You will need to
implement a structured policy and system for refunding faulty goods to avoid customer frustration.
Internet Connectivity
You could stand to lose a lot of time and money if, for some reason, your website goes down and
cannot be fixed for hours, or even days. This could cause potential customers to be dissuaded from
buying a product from you if they receive an error message when trying to visit your website, and
they may communicate their poor experience with friends and family.
Google has a vested influence in pushing computing into the cloud. Unless this company is also
a leading provider of Internet information services, however, don’t have as much incentive.
Web development is popular because it’s fast, versatile, and relatively inexpensive — and it’s
certainly easy to find developers. But that doesn’t mean the alternatives don’t have advantages
of their own, and in some cases the Web’s weaknesses might outweigh its strengths.
Strengths
My experience is that Vaadin enables you to write interactive and responsive web applications
with high comfort and development speed.
It comes with a powerful, easy-to-use component set. Another practical advantage is the
monoglot programming approach and the utilization of the well-known imperative ASP.NET
programming style. If your development team is already familiar with ASP.NET and has
already experience with ASP.NET programming in HTML, CSS and PHP, they will become
productive immediately.
ASP.NET WebForms
Gives you look and feel of real windows programming. You have buttons with click events,
grids with buttons with click events in it. You have data binding. You have all means to save
your data between posbacks (from one roundtrip to another). Rapid development
Easy to learn and implement.
Weaknesses
A recent vulnerability in XCloner (HTB23206) could be a great example of this issue. The
provided CSRF exploit in the advisory uses web site functionality to created a backup file
within a webroot. An attacker can download a backed up copy of the entire website, unless
access to .tar files is restricted by web server.
If secure attribute is not set for sensitive cookies they can be transferred via unencrypted HTTP
connection. An attacker can perform a MitM (man-in-the-middle) attack and intercept valuable
information, which can be used later in future attacks. This issue can be used along with cross-
site scripting vulnerability to steal the session identifier. It is also possible to perform session
fixation attack and gain unauthorized access to the web site.
As use can see, sensitive cookies will not be transmitted over HTTP connection, but the “UC”
cookie is allowed to do so.
What’s more, HTML and CSS are clearly deficient when it comes to rich interactivity. Witness
the proliferation of multimedia plug-ins such as Flash, QuickTime, and Silverlight. Relying on
these outside dependencies increases the complexity and support cost of your applications.
These tricks wouldn’t be necessary if you weren’t trying to shoehorn interactivity into the
browser instead of sticking to the desktop.
Depending on the sensitivity of data contained within a web application, support for multi-factor
authentication when an application is Internet accessible is quickly becoming a minimum
security feature. Partially due to the prevalence of password attacks and credential stuffing and
partially due to remote access requirements pushed by compliance standards, it’s a great way to
allow users to be as secure as they want to be. Ideally, this involves support for a third-party
authenticator app or hardware security token. But if that isn’t possible or for lower security
applications, two step verification with email or SMS can be useful alternatives.
There are other vulnerabilities that can occur related to authentication weaknesses, of course.
But we just wanted to cover some of the most common as raise awareness for some fairly
common issues we report on a regular basis. If you have any questions or want to schedule a
web application penetration test to see if any of these issues plague your organization’s
applications.
Lack of Anti-Automation
Web application password policies seem to be lagging behind the rest of security best practice
for organizations. Sometimes there are good reasons for this (e.g. bank applications tied to
mainframes) but many times it’s just a lack of understanding of the risk or a misjudgment on
the usability impacts. This goes for both weak password policies that don’t require at least 8
characters in length, prevent extremely common passwords using a blacklist, etc. as well as
unnecessary password restrictions that don’t have a positive impact on security like arbitrary
complexity requirements or the prevention of certain special characters.
Many web sites use advertisement networks to display third-party content. There are publicly
known security issues, connected with compromise of advertisement networks that involve
malware spreading. Malwaretising is a growing business and malicious people might use
advertising networks to spread malware perform attacks against website visitors.
It is also my fault that at certain points I have debated topics to my personal opinion even though
there were lack of evidence supporting my conclusions. Such points reflect my inability to
critically compare and highlights my inability to transcribe direct quotations.
I could always include the most timely, accurate and reliable information to support my
suggestions. Even though these things degrade the quality of my work, I found myself pushed to
be a critical and reflectivity learner through the experiences I had dealing the trials raised upon
completion of the assignment...
Mr. Martin Fernandez. 2019. Seo. [ONLINE] Available at: https://www.seo.com/. [Accessed 2
May 2019].