W.M.N Maheshika Wijesinghe Application Development Assigment Unit 30 Reg11179 Peoson No PDF

Higher Nationals
Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS
Programme title Higher National Diploma in Computing
Assessor Internal
Verifier
Unit(s) Unit 30 – Application Development
Assignment title
Student’s name
List which assessment criteria Pass Merit Distinction
the Assessor has awarded.
INTERNAL VERIFIER CHECKLIST
Do the assessment criteria awarded match

those shown in the assignment brief? Y/N
Is the Pass/Merit/Distinction grade awarded Y/N
justified by the assessor’s comments on the
student work?
Has the work been assessed Y/N
accurately?
Is the feedback to the student:
Give details:
• Constructive? Y/N
• Linked to relevant assessment criteria? Y/N
• Identifying opportunities for Y/N
improved performance? Y/N
• Agreeing actions?
Does the assessment decision need Y/N
amending?
Assessor signature Date

Internal Verifier signature Date
Programme Leader signature (if required) Date
Confirm action completed
Remedial action taken

Give details:
Assessor signature Date
Internal
Date
Verifier
signature
Programme Leader
Date
signature (if required)
Higher Nationals - Summative
Assignment Feedback Form
Student Name/ID
Unit Title Unit 30 – Application Development
Assignment Number Assessor

Date Received
Submission Date
1st submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:
LO1 Produce a Software Design Document by analysing a business-related problem and deduce an
appropriate solution including a set of initial requirements
Pass, Merit & P1 P2 M1
Distinction Descripts
LO2 Use design and development methodologies with tools and techniques associated with the
creation of a business application
Pass, Merit & P3 M2 D1
LO3 Work individually and as part of a team to plan and produce a functional business application
with support documentation
Pass, Merit & P4 P5 M3 M4 D2
LO4 Evaluate the performance of a business application against its Software Design Document
and initial requirements
Pass, Merit & P6 M4 D3
Grade: Assessor Signature: Date:
Resubmission Feedback:
Grade: Assessor Signature: Date:
Internal Verifier’s Comments:
Signature & Date:
* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and
grades decisions have been agreed at the assessment board.
Assignment Feedback
All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 3 of 89

Formative Feedback: Assessor to Student
Action Plan
Summative feedback
Feedback: Student to Assessor
Assessor Date
signature
Student Date
signature

Pearson
Higher Nationals in
Computing
Unit 30 – Application Development

General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous
page as your cover sheet and make sure all the details are accurately filled. Commented [U1]:
2. Attach this brief as the first section of your assignment. Commented [U2R1]:
3. All the assignments should be prepared using a word processing software.
Commented [U3R1]:
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
Word Processing Rules
1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and
Page Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.
Important Points:
1. Carefully check the hand in date and the instructions given in the assignment. Late submissions will
not be accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Excuses of any nature will not be accepted for failure to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may
apply (in writing) for an extension.
6. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
7. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then
be asked to complete an alternative assignment.
8. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
9. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
Student Declaration

I hereby, declare that I know what plagiarism entails,
namely to use another’s work and to present it as my own
without attributing the sources in the correct form. I further understand what it means to copy another’s work.
1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of Edexcel UK.
3. I know what the consequences will be if I plagiarise or copy another’s work in any of the
assignments for this program.
4. I declare therefore that all work presented by me for every aspect of my program, will be my own,
and where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement
between myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached
to the assignment.
Student’s Signature: Date:

(Provide E-mail ID) (Provid Submission Date)
e

Higher National Diploma in Business
Assignment Brief
Student Name /ID Number
Unit Number and Title Unit 30: Application Development
Academic Year 2018/19
Unit Tutor
Assignment Title
Issue Date
Submission Date
IV Name & Date
Submission format
The submission should be in the form of an individual written report. This should be written in a concise,
formal business style using single spacing and font size 12. You are required to make use of headings,
paragraphs and subsections as appropriate, and all work must be supported with research. You must
provide in-text citations and the reference list using Harvard referencing system.
The recommended word count is 4,000–4,500 words excluding annexures..

Minimum word count – 4,000
Maximum word count – 4,500
PC World(PCW) is a medium-sized company that sells over 50 different types of computer products. The
company has grown steadily in the last 2 years mainly due its popularity over the Internet. They are
finding it increasingly difficult to cope up with all of the paperwork associated with tracking orders due to
the increase of number of orders. The Managing Director is frustrated by the problems associated with

previous traditional 'waterfall' projects. He has decided that PCW will use a company with Agile
development experience to develop the software for a new order tracking system.
JJLP Software (JJLP) is a software development consultant. JJLP is located on the same industrial estate as
PCW. JJLP has purpose built rooms for Facilitated Workshops and Agile software development projects.
The Managing Director of PCW has decided to contract JJLP, on “time and materials” basis, for the
development of the new order tracking system using an Agile development approach.
The new order tracking system will replace the old paper based system and is likely to include some of the
following functionalities:
 Receive a sales order via telephone, fax, post or email – carried out by an Order Handling Clerk;
 Create an acknowledgement copy of the sales order with a delivery date after the order has been
confirmed with the warehouse – carried out by a Warehouse Operative ;
 Create an acknowledgement copy of the sales order stating the item is out of stock and the date it
will be available after the order has been confirmed with the warehouse – carried out by a
Warehouse Operative;
 Credit-check new customers and reject them if they are not creditworthy – carried out by an Order
Handling clerk
 Create a daily report of orders that have been dispatched – carried out by the Production Manager;
 Create an invoice for business customers after the delivery – carried out by the Chief Accountant
(M)
 Accept credit card payment from domestic customers after the order has been confirmed with the
warehouse - carried out by an Order Handling Clerk;
 Create a final demand if a business customer has not paid an invoice after 30 days – carried out by
the Chief Accountant;
The new order tracking system should have the following levels of access:
 report only;
 update only;
 update and delete;
 complete system access;
 All acknowledgement copies of sales orders, invoices and final demands must be printed on the
relevant company headed forms;
 The new order tracking system should be able to print acknowledgement copies of sales orders,
invoices and final demands at a rate of 1 in every 5 seconds. However, an upper limit of 10
seconds would be acceptable.
Activity 1-
Produce a Software Design Document by analyzing a business-related problem and deduce an
appropriate solution including a set of initial requirements

1.1 Explore a business related problem and produce a well-defined Problem definition statement supported
by a set of user and System requirements.
1.2 Determine any areas of risk related to the successful completion of your application.
1.3 Analyze a business related problem using appropriate methods and produce a well-structured Software
Design Document that defines a proposed solution. Include relevant details on requirements, system
analysis, and system design. (propose a suitable language)
Activity 2
LO2 Use design and development methodologies with tools and techniques associated with the
creation of a business application
2.1 Research the use of software development tools and techniques and identify any suitable tool or
technique that you may select for the development of this application.
2.2 Compare the differences between various software development tools and techniques researched.
Justify your preferred selection and preferred software development methodology.
2.3 Justify the tools and techniques chosen to realize a custom built website. Justify your preferred
selection of tools and techniques in deducing an appropriate solution to a business related problem.
Activity 3
LO3 Work individually and as part of a team to plan and produce a functional business application
3.1 Create a formal presentation that effectively reviews your business application, problem definition
statement, proposed solution and the development strategy. Use this presentation as a part of a peer-review
and document any feedback given.
3.2 Develop a functional business application based on a specific Software Design Document with
supportive evidence for using the preferred tools, techniques and methodologies.
3.3 Evaluate any new insights, ideas or potential improvements to your system and justify the reasons for
including/not including them as a part of this business application.
Activity 4
LO4 Evaluate the performance of a business application against its Software Design Document and
initial requirements

4.1 Review the performance of your business application against the Problem Definition Statement and
initial requirements.
4.2 Critically evaluate the strengths and weaknesses of your business application and justify opportunities
for improvement and further development.
Observation Sheet
Activity Activity Learning Feedback

No Outcome (Pass/ Redo)
1 Produce a Software Design Document by LO1
analysing a business-related problem and deduce
an appropriate solution including a set of initial
requirements
2 Use design and development methodologies with LO2
tools and techniques associated with the creation
of a business application.
3 Work individually and as part of a team to plan LO3

and produce a functional business application
4 Evaluate the performance of a business LO4

application against its Software Design
Document and initial requirements.
Comments:
Assessor Name :…………………………………………….

Date :…………………………………………….
Assessor Signature :…………………………………………….

Assessment Criteria (Students are not authorized to modify or write anything on below)
Outcomes/Criteria Page Feedback

P1Explore a business related problem
and produce a well-defined Problem
definition statement supported by a
set of user and System requirements.
P2 Determine any areas of risk related to

the successful completion of your
application.
M1 Analyse a business related problem

using appropriate methods and produce a
well-structured Software Design
Document that defines a proposed
solution . Include relevant details on
requirements, system analysis, system
design. (propose a suitable language)
P3 Research the use of software

development tools and techniques and
identify any suitable tool or technique
that you may select for the development
of this application.
M2 Compare the differences between

various software development tools and
techniques researched. Justify your
preferred selection and preferred
software development methodology.
D1 Justify the tools and techniques

chosen to realize a custom built website.
Justify your preferred selection of tools
and techniques in deducing an
appropriate solution to a business related
problem.
P4 Create a formal presentation that

effectively reviews your business
application, problem definition
Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 P a g e | 13

statement, proposed solution and the
development strategy. Use this
presentation as a part of a peer-review
and document any feedback given.
M3 Develop a functional business

application based on a specific Software
Design Document with supportive
evidence for using the preferred tools,
techniques and methodologies.
D2 Evaluate any new insights, ideas or

potential improvements to your system
and justify the reasons for including/not
including them as a part of this business
application.
M4 Review the performance of your

business application against the Problem
Definition Statement and initial
requirements.
D3 Critically evaluate the strengths and
weaknesses of your business application
and justify opportunities for
improvement and further development.
Strengths: Weaknesses:

Future Improvements & Assessor Comment:
Assessor: Signature:
Date: ____/____/______
Internal Verifier’s Comments:
Internal Verifier: Signature:

Date: ____/____/______

W.M.N Maheshika Wijesinghe
Reg.No: 11179
Application Development
Unit 30
Batch No: 26
Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|1

Acknowledgment
I am further happy to mention that as it really provides me with a massive opportunity to

upgrade my skills and to exhibit creativity where needed as I faced with challenges such that I
had to investigate and write things that I’ve never heard of, as if I were very familiar with
them. However, I do certify that I have not in any case included wrong information or
anything that could harm the organization I selected. Finally, I would like to thank all of the
lecturers including the HND Coordinator at ESOFT, and my teammate who helped me a lot in
making this assignment a success.
In preparation of my assignment, I had to take the help and guidance of some respected
persons, who deserve my deepest gratitude. As the completion of this assignment gave me
much pleasure, I would like to show my gratitude Mr.Prneeth, lecturer, on ESOFT Metro
Campus, for giving me a good guideline for assignment throughout numerous consultations. I
would also like to expand my gratitude to all those who have directly and indirectly guided
me in writing this assignment.
(Blank Page Initially)

Contents
Acknowledgment ...................................................................................................................... 2
Activity 1 ................................................................................................................................... 7
1. User Requirements ......................................................................................................... 7
User Interfaces .................................................................................................................. 7
Hardware Interfaces ........................................................................................................ 8
Software Interfaces .......................................................................................................... 8
2. System Requirements ..................................................................................................... 8
Sql ...................................................................................................................................... 8
Web server ........................................................................................................................ 9
Project type ....................................................................................................................... 9
Development cycle ............................................................................................................ 9
When run the web application threats to IT systems and data include: ............................. 11
Activity 2 ................................................................................................................................. 14
1. Front End Web Development ....................................................................................... 14
2. Back End Web Development ........................................................................................ 14
3. Visual studio with ASP.NET ........................................................................................... 15
4. MS SQL .......................................................................................................................... 16
5. Crystal Reports .............................................................................................................. 16
Crystal Reports Features ............................................................................................... 17
6. Prototype ...................................................................................................................... 18
18
7. Sketches ........................................................................................................................ 18
18
8. Wireframes ................................................................................................................... 20
Which is the Better Choice ................................................................................................... 21
Technology and the way in which we use it is constantly evolving..................................... 22
1. Databases ................................................................................................................... 22
2. CSS Preprocessors..................................................................................................... 23
3. Web Application Frameworks .................................................................................. 24
4. Languages / Platforms ............................................................................................... 25
5. web Essentials ........................................................................................................... 25
Activity 3 ................................................................................................................................. 27

Presentation....................................................................................................................... 27
Invoice................................................................................................................................ 42
PC World............................................................................................................................ 43
Payment Form................................................................................................................ 49
My Account................................................................................................................... 53
Add Category Form........................................................................................................ 55
Add Item Form............................................................................................................... 57
Order Form..................................................................................................................... 61
Use Caching................................................................................................................... 63
Disable View State if Possible........................................................................................ 63
Avoid Unnecessary Round Trips to Server..................................................................... 63
Use Specific CSS and Script files................................................................................... 64
Use Server.Transfer instead of Response.Redirect for any transfers within our server .. 64
Use Stored Procedures.................................................................................................... 64
Use Images Properly...................................................................................................... 64
Set build action to Release............................................................................................. 64
Use CDN........................................................................................................................ 65
Be more diligent while declaring variables..................................................................... 65
Activity 4............................................................................................................................... 66
4.1 Review the performance of your business application against the Problem Definition
Statement and initial requirements................................................................................... 66
4.2 Critically evaluate the strengths and weaknesses of your business application and
justify opportunities for improvement and further development......................................67
ASP.NET WebForms................................................................................................... 67
Weaknesses................................................................................................................... 68
Insecure Backup Location.............................................................................................. 68
Sensitive Cookie In HTTPS Session Without “Secure” Attribute.................................. 68
Browser technologies are too limiting............................................................................ 68
Lack of Support for MFA............................................................................................... 69
Lack of Anti-Automation............................................................................................... 69
Weak Password Policy................................................................................................. 70
Untrusted Third-Party Content....................................................................................... 70
Self – criticism...................................................................................................................... 71
Reference.............................................................................................................................. 72
Gantt chart.......................................................................................................................73

Figures
Figure 1:Data flow diagram.................................................................................................... 12

Figure 2:UML.......................................................................................................................... 13
Figure 3:3. Visual studio with ASP.NET............................................................................... 15
Figure 4:4. MS SQL.............................................................................................................. 16
Figure 5:5. Crystal Reports.................................................................................................. 17
Figure 6:6. Prototype.......................................................................................................... 18
Figure 7:7. Sketches............................................................................................................ 18
Figure 8:7. Sketches............................................................................................................ 19
Figure 9:8. Wireframes....................................................................................................... 20
Figure 10:1. Databases.......................................................................................................... 22
Figure 11:2. CSS Preprocessors............................................................................................. 23
Figure 12:3. Web Application Frameworks............................................................................ 24
Figure 13:4. Languages / Platforms....................................................................................... 25
Figure 14: Presentation slide.................................................................................................. 28
Figure 15:Presentation slide................................................................................................... 29
Figure 28:Invoice.................................................................................................................... 42
Figure 29:Registration Form.................................................................................................. 44
Figure 30:R.aspx.................................................................................................................... 44
Figure 31:R.aspx.................................................................................................................... 45
Figure 32:R.aspx.................................................................................................................... 45
Figure 33:R.aspx.................................................................................................................... 46
Figure 34:R.aspx .cs............................................................................................................... 46
Figure 35:Login Form............................................................................................................ 47
Figure 36:L.aspx.................................................................................................................... 47
Figure 37:L.aspx.................................................................................................................... 48
Figure 38:L.aspx.................................................................................................................... 48
Figure 39:L.aspx .cs............................................................................................................... 49
Figure 40:Payment Form........................................................................................................ 49
Figure 41:Payment report....................................................................................................... 50

Figure 42:P.aspx.................................................................................................................... 50
Figure 43:P.aspx.................................................................................................................... 51
Figure 44:P.aspx .cs............................................................................................................... 52
Figure 45:After Payment........................................................................................................ 52
Figure 46:Change pw............................................................................................................. 53
Figure 47:Change acc............................................................................................................. 53
Figure 48:Change pw.aspx..................................................................................................... 54
Figure 49:Change pw.cs......................................................................................................... 54
Figure 50:Category Form....................................................................................................... 55
Figure 51:Cat.aspx................................................................................................................. 55
Figure 52:Cat.aspx................................................................................................................. 56
Figure 53:Cat.cs..................................................................................................................... 57
Figure 54:Item Form.............................................................................................................. 57
Figure 55:Item.cs................................................................................................................... 58
Figure 56:Item.cs................................................................................................................... 58
Figure 57:Item.aspx............................................................................................................... 59
Figure 58:Item.aspx............................................................................................................... 59
Figure 59:Item.aspx............................................................................................................... 60
Figure 60:Item.aspx............................................................................................................... 60
Figure 61:Order Form............................................................................................................ 61
Figure 62:Order.aspx.............................................................................................................. 61
Figure 63:Order.aspx.............................................................................................................. 62
Figure 64:Order.aspx .cs........................................................................................................ 62
Figure 65:set build action to release mode............................................................................ 65
Figure 66:(UC) cookies........................................................................................................... 68
Figure 67:Gantt chart............................................................................................................. 73

Activity 1
1.1 Explore a business related problem and produce a well-defined
Problem definition statement supported by a set of user and System
requirements.
1. User Requirements
User requirements, often referred to as user needs, describe what the user does with the system, such as
what activities that users must be able to perform. User requirements are generally documented in a
User Requirements Document (URD) using narrative text. User requirements are generally signed off
by the user and used as the primary input for creating system requirements.
An important and difficult step of designing a software product is determining what the user
actually wants it to do. This is because the user is often not able to communicate the entirety of
their needs and wants, and the information they provide may also be incomplete, inaccurate and
self-conflicting. The responsibility of completely understanding what the customer wants falls on
the business analyst. This is why user requirements are generally considered separately from
system requirements. The business analyst carefully analyzes user requirements and carefully
constructs and documents a set of high quality system requirements ensuring that that the
requirements meet certain quality characteristics.
Many user requirements deal with how a user will interact with a system and what that user
expects. If there is a screen or human machine interface aspect to the system, a user requirement
may be based on what happens when the user selects an action on the screen. Maybe with a
button press not only does a process start, but it also switches to another screen and provides an
audible notification. When user requirements such as these are written down, they can often
break into multiple system requirements later due to switching of screens, the maximum delays
in starting the process, and finally what the next screen should look like. One pitfall is starting to
try to write the system requirements during a user requirement meeting. This often detracts from
gaining insight into the requirements of the user, and key functionality pieces could be missed.
User Interfaces
The user interface for the software shall be compatible to any browser such as Internet
Explorer, Mozilla or Netscape Navigator by which user can access to the system.
The user interface shall be implemented using any tool or software package like ASP.Net, MS
Front Page, EJB etc.

Hardware Interfaces
Since the application must run over the internet, all the hardware shall require to connect internet will
be hardware interface for the system. As for e.g. Modem, WAN – LAN, Ethernet Cross-Cable.
Software Interfaces
1.The e-store system shall communicate with the Configurator to identify all the
available components to configure the product.
2.The e-store shall communicate with the content manager to get the product
specifications, offerings and promotions.
3.The e-store system shall communicate with billPay system to identify available payment
methods , validate the payments and process payment.
4.The e-store system shall communicate to credit management system for handling
financing options.
5.The e-store system shall communicate with CRM system to provide support.
6.The e-store system shall communicate with Sales system for order management.
7.The e-store system shall communicate with shipping system for tracking orders and updating
of shipping methods.
8.The e-store system shall communicate with external Tax system to calculate tax.
9.The e-store system shall communicate with export regulation system to validate export regulations.
10. The system shall be verisign like software which shall allow the users to complete secured
transaction. This usually shall be the third party software system which is widely used for
internet transaction.
2. System Requirements
System requirements are the building blocks developers use to build the system. These are the
traditional “shall” statements that describe what the system “shall do.” System requirements are
classified as either functional or supplemental requirements. A functional requirement specifies
something that a user needs to perform their work. For example, a system may be required to
enter and print cost estimates; this is a functional requirement. Supplemental or non-functional
requirements specify all the remaining requirements not covered by the functional requirements. I
prefer to use the term supplemental requirements instead of non-functional requirements; who
wants to be termed nonfunctional? Supplemental requirements are sometimes called quality of
service requirements. The plan for implementing functional requirements is detailed in the
system design. The plan for implementing supplemental requirements is detailed in the system
architecture. The list below shows various types of supplemental requirements.
Sql - can work with SQL Server Express, as long as its limitations do not stop. Basically, max
memory and max database size can be the worst enemies here. Also, I had trouble in restoring
database from "normal" instances (some non-supported features will block the restore)

Web server - IIS is a natural choice when are developing Web apps under Windows. It is quite easy
to install (optional feature in Windows Server) and to perform basic configurations (bindings,
application pools, web apps etc.)
Project type - I am familiar with ASP.NET MVC5 and I can recommend it as a project type for
Web apps. Allows a modern application architecture and works nicely of things like Bootstrap (use it
by default), jQuery, AngularJs, auto mappers, dependency injection (used Ninject). Also has nice
features such as attribute routing and authentication filters.
Development cycle - there are many things to say here, but using MVC 5 allows a fast
development cycle: publish -> copy-paste content (except .configs) over target Web app folder and
the Web app will run using the new code. This is one point that was lacking in ASP.NET 5 (next
version).
Using this technology stack requires Windows OS, which is not free, but its price looks
reasonable to me.
I think the most important discriminant should be existing experience of your team. If most of
you have experience with SQL Server, .NET, IIS etc., than paying licenses might be less
expensive that learning to work with other technologies (there is actually a price associated with
learning curve, so nothing is really free, if not previously known).

User System
User requirements talk about the problem System requirements tell what system should
domain, the world of the user. have to be able to run the program:
They describe effects need to be achieved.
These effects are the combined Hardware: CPU, memory, disk space, etc.
responsibility of the software, the Software: OS, libraries, packages, etc.
hardware, and the users

User requirements tell what application System requirements tell a system should
must/should do to satisfy user's needs. It a have to be able to run program
list of features an application must/should
have, and it is used a guidance when you
develop an application: then all points are
checked, are (probably) done.
I tend to call this simply the "list of
features".
User requirement tell what application The word "system" can refer to different
should do to satisfy users needs things:
software being developed

physical device which runs the software
being developed
network of such devices
OS together with execution environment
In "user requirements" the user is a -
subject, the one that require, and the
program being developed is an object.
In "system requirements" the program
being developed is a subject while
"system" is an object.

1.2 Determine any areas of risk related to the successful completion of
your application.
Developing a real work web application can be really challenging. The developer team must have very
good skills in all the layers from the frontend down to the very backend. This challenge is even bigger
when considering the most common security risks that web applications can have.
When run the web application threats to IT systems and data include:
 Hardware and software failure - such as power loss or data corruption.
 malware - malicious software designed to disrupt computer operation
 viruses - computer code that can copy itself and spread from one computer to another,
often disrupting computer operations
 spam, scams and phishing - unsolicited email that seeks to fool people into
revealing personal details or buying fraudulent goods
 Human error - incorrect data processing, careless data disposal, or accidental opening
of infected email attachments.
 Database access slowly.
 hackers - people who illegally break into computer systems
 fraud - using a computer to alter data for illegal benefit
 passwords theft - often a target for malicious hackers
 denial-of-service - online attacks that prevent website access for authorized users
 security breaches - includes physical break-ins as well as online intrusion
 Staff dishonesty - theft of data or sensitive information, such as customer details.
 User can’t adjust to the system because they have not IT knowledge.

1.3 Analyze a business related problem using appropriate methods and produce
a well-structured Software Design Document that defines a proposed solution.
Include relevant details on requirements, system analysis, and system design.
(Propose a suitable language)
UML class diagram and use case diagram for the PCW online ordering system
Given below is the class and use case diagram for the scenario
Figure 1:Data flow diagram

Figure 2:UML

Activity 2
2.1 Research the use of software development tools and techniques and
identify any suitable tool or technique that you may select for the
development of this application.
1. Front End Web Development
HTML and CSS: HTML, CSS are the building blocks for web development. Their
Frameworks like Bootstrap and Materialize are most widely used in web development.
Twitter Bootstrap is popular for its Responsive design and Flexbox and CSS Grid System
are also trending topics in CSS, and they are used without any framework to develop
responsive websites.
Another trending development technology is Motion UI. It keeps simplicity to a site. Since a
large number of web users, today got tired of GLFs and flashing advertisements. Web
developers are using its animations that will allow adding styling and make your site unique
among thousands of others with static UI
JavaScript and its Front-End Frameworks like Angular and React and Vue.js are currently
most trending frameworks that need to be used in your project.
CSS Frameworks like SASS or LESS. SASS is preferable and widely used than LESS.
Image Editing- Photoshop, GIMP.
2. Back End Web Development
Server-Side Languages/Technologies: Node JS, Python and PHP are the more widely used
languages for Web Development in 2018. The other languages used in web development are
Ruby, C# & ASP.NET
Database: MongoDB is currently popular, with its non-relational database, MySQL is
popular relational database. Oracle, SQL Server, PostgreSQL, Firebase are other database
systems used in web development.
Back-End Frameworks: Express is the popular frame work for JavaScript. Adonis and
Hapi.js are also best frameworks in JavaScript. Frameworks for PHP like Laravel,
CodeIgniter, Symphony and Yii2 are popular. For Python- Django, Flask, Web2py are
widely used frameworks, and for Ruby – Ruby on rails, and for C# – .NET are best
frameworks used.
For Mobile Applications, React Native, Native Script, Ionic, PhoneGap are the leading
frameworks

3. Visual studio with ASP.NET
Figure 3:3. Visual studio with ASP.NET
ASP.NET is an open-source server-side web application framework designed for web

development to produce dynamic web pages developed by Microsoft to allow programmers to
build dynamic web sites, applications and services.
It was first released in January 2002 with version 1.0 of the .NET Framework, and is the
successor to Microsoft's Active Server Pages (ASP) technology. ASP.NET is built on the
Common Language Runtime (CLR), allowing programmers to write ASP.NET code using any
supported .NET language. The ASP.NET SOAP extension framework allows ASP.NET
components to process SOAP messages.
ASP.NET's successor is ASP.NET Core. It is a re-implementation of ASP.NET as a modular

web framework, together with other frameworks like Entity Framework. The new framework
uses the new open-source .NET Compiler Platform (codename "Roslyn") and is cross
platform. ASP.NET MVC, ASP.NET Web API, and ASP.NET Web Pages (a platform using
only Razor pages) have merged into a unified MVC 6.
Recently started to use a ASP.net for application development work. I use MS SQL Server
Express Edition for developing Project in ASP.net Core.
Visual Studio Code is a lightweight but powerful source code editor which runs on your desktop
and is available for Windows, macOS and Linux. It comes with built-in support for JavaScript,
TypeScript and Node.js and has a rich ecosystem of extensions for other languages (such as C++,
C#, Java, Python, PHP, Go) and runtimes (such as .NET and Unity).
I found the method how to use MS SQL Server directly from Visual Studio Code. I don’t
need to install a third party software to run SQL query.

4. MS SQL
Figure 4:4. MS SQL
The SQL Server is a relational database management system from Microsoft. The system is designed
and built is to manage and store information. The system supports various business intelligence
operations, analytics operations, and transaction processing. The information stored on the server is
stored in the relational database. However, since the system is much more than a database, it also
comprises of a management system. SQL stands for Structured Query Language, a computer language
that manages and administers the server. There are many versions of the SQL server, each subsequent
version being an improved model of its predecessor.
Microsoft SQL Server has numerous applications in the business world. The first and most obvious one
is the database is used to store and manage information. However, businesses that hold sensitive
customer information such as personal details, credit card information, and other confidential
information will benefit from increased security. The system also allows the sharing of data files by
computers in the same network, a factor that increased reliability. The SQL server is also used to
increase the speed with which data is processed, allowing large operations to be executed with ease.
With the information stored in the database, businesses will have a reliable backup system.
5. Crystal Reports

Figure 5:5. Crystal Reports
Crystal Reports is a business intelligence application used to create custom reports from a variety
of data sources. The package includes the major features needed for a business to create a
database reporting environment, such as data access, report design/formatting, report viewing,
and application integration. This allows the application to be enterprise-wide, available to users,
and to support data reporting from report creation to upload and execution.
Crystal Reports Features
The main purpose of Crystal Reports is to allow users to pull their desired data from a data
source, such as an Oracle or MS SQL Server database, and present the data in a repeatable and
organized way. Crystal Reports provides you with a powerful, dynamic, and actionable reporting
solution that helps you design, explore, visualize, and deliver reports via the web or embedded in
enterprise applications.
Using this crystal report covered my application development's reporting part.

6. Prototype
Figure 6:6. Prototype
Prototype is an early sample of design used to get feedback and rapid experiments with new
ideas.
• Limit the expenses of development
• Test the design concepts
• Test the usability of the product
Prototypes typically created with a mixture of sketches, wireframes or mockups, prototypes

depending on the project timelines and these are representations of the design. This can use as
a mechanism to get user feedback early and quickly on your design where you can iterate on
making your product a better one.
7. Sketches
Figure 7:7. Sketches
Sketching is a drawing, which you could easily with a papers and pens with less cost. Mostly
sketching has used in the early stages of the design process to get new ideas for the product as
well as use to identify the users pain point. Low fidelity sketches can mostly use identifies

user pain points and gets new ideas for the product at early stage. With sketches, you can
rapidly iterate the design with a low cost to make the product more useable.
Sketch is a very popular tool within the design community that enables you to create hi-fi
interfaces and prototypes. One of the great features is Symbols, where you can design UI
assets and elements for reuse. This helps create design systems and keep your interfaces
consistent. From there, you can easily export your design into a clickable prototype. If you are
an In Vision user, make sure you check out the Craft plugin.
Figure 8:7. Sketches

8. Wireframes
Wireframes are representation of layouts and mostly focused on the layout of the content.
Mostly use gray scale or black and white.
In low fidelity wireframing, you can use tools to create gray scale wireframes, which is richer
way than sketching at the beginning of the design process.
Figure 9:8. Wireframes

2.2 Compare the differences between various software development tools
and techniques researched. Justify your preferred selection and preferred
software development methodology.
Which is the Better Choice?
Dreamweaver VS Visual Studio VS Net beans
When talking about web site creation, the two programs that stand out are Adobe’s
Dreamweaver and Microsoft’s Visual Studio and someone ever will ask which one is the better
program for what they need. The obvious issue that comes to mind before even opening the box
is that Visual Studio is a Microsoft creation.
Anyone that has any experience with computers and their programs knows that Microsoft
hardware and software plays better with other Microsoft toys. This is not to bash on Microsoft
but if you are not using any Microsoft applications then this maybe a turning point for you. Many
people are using Apple hardware when they have intensive graphic needs, so you might want a
program that plays well with any platform, including Microsoft’s.
For any first timers, Visual Studio is easy to use with its many examples and help section. Via
drag and drop interface, there is total control over servers and the HTML servers, as well. An
easy to read and navigate control panel displays all your server controls. These are some of the
highlights of what the Visual Studio can do for you.
Do you need to create and manage console applications, window applications and web applications?
Visual Studio is designed to make this easy for you. Many users have noticed that Dreamweaver is
better utilized in web design and that Visual Studio is better to use for web development.
Adobe’s Dreamweaver is more concentrated on web design than web development.

Dreamweaver works with almost all of the computer languages and can interface with java script
effortlessly with its built in extensions. Actually there over 1300 extensions available for
whatever you may need. Dreamweaver was created with idea of teams of people working on the
same project, so teamwork on the same project will be a breeze. Teamwork is possible with
Visual Studio when used in tandem with other Microsoft products.
Dreamweaver and Net Beans are very different products, so I don't think it can be said that
one is better than the other. It really depends what you're trying to do.
Net Beans is an IDE comparable to Eclipse. You can build desktop, mobile, and web apps in
it. Dreamweaver on the other hand is a program aimed at designers, and is meant for
building webpages.

2.3 Justify the tools and techniques chosen to realize a custom built
website. Justify your preferred selection of tools and techniques in
deducing an appropriate solution to a business related problem.
One of the things many people struggle with at work is making time to find ways to work
smarter. It’s not like any of us don’t want to work smarter or faster. It’s just that mentality of
“If it ain’t broke, don’t fix it” that has a way of seeping in when we think about having to find
or try new design and development tools.
Technology and the way in which we use it is constantly evolving.
Responsive design continues to get a lot of attention, but considering how different it is from
the “traditional” way of designing websites, it can be a bit overwhelming for those designers
who have yet to try it.
That’s what happens when you work in online ordering management systems, like ASP.Net,
that make the process of building and publishing websites so easy.
1. Databases
Figure 10:1. Databases
databases
A database is a collection of information that is stored so that it can be retrieved, managed
and updated.
MySQL: One of the world’s most popular open source databases.

MariaDB: Made by the original developers of MySQL. MariaDB is also becoming very
popular as an open source database server.
MongoDB: Next-generation database that lets you create applications never before possible.
Redis: An open source, in-memory data structure store, used as a database, cache and
message broker.
PostgreSQL: A powerful, open source object-relational database system

2. CSS Preprocessors
Figure 11:2. CSS Preprocessors
A CSS preprocessor is basically a scripting language that extends CSS and then compiles it
into regular CSS. Make sure to also check out or in-depth post on Sass vs Less.
Sass: A very mature, stable, and powerful professional grade CSS extension.
Less: As an extension to CSS that is also backward compatible with CSS. This makes
learning Less a breeze, and if in doubt, lets you fall back to vanilla CSS.
Stylus: A new language, providing an efficient, dynamic, and expressive way to generate
CSS. Supporting both an indented syntax and regular CSS style.
If you are just getting started with a CSS preprocessor you might want to make the transition
easier by first using a 3rd party compiler, such as the ones below.

3. Web Application Frameworks
Figure 12:3. Web Application Frameworks
A web application framework is a software framework designed to aid and alleviate some of
the headache involved in the development of web applications and services.
Ruby: Ruby on Rails is a web-application framework that includes everything needed to

create database-backed web applications, with the MVC pattern.
AngularJS: Lets you extend HTML vocabulary for your web application. AngularJS is a
framework, even though it’s much more lightweight and sometimes referred to as a library.
Ember.js: A framework for creating ambitious web applications. Express: Fast and
minimalist web framework for Node.js.
Meteor: Full-stack JavaScript app platform that assembles all the pieces you need to build
modern web and mobile apps, with a single JavaScript codebase.
Django: High-level Python Web framework that encourages rapid development and clean,
pragmatic design.
ASP.net: Free, fully supported Web application framework that helps you create standards-
based Web solutions.
Laravel: A free, open source PHP web application framework to build web applications on
MVC pattern.
Zend Framework 2: An open source framework for developing web applications and services
using PHP.
Phalcon: A full-stack PHP framework delivered as a C-extension.
Symfony: A set of reusable PHP components and a web application framework. CakePHP:
A popular PHP framework that makes building web applications simpler, faster and
require less code.
Flask: A microframework for Python based on Werkzeug and Jinja 2.
CodeIgniter: Powerful and lightweight PHP framework built for developers who need a
simple and elegant toolkit to create full-featured web applications.
Also, make sure to check out KeyCDN’s framework integration guides to see how you can
implement a CDN with the solutions mentioned above.

4. Languages / Platforms
Figure 13:4. Languages / Platforms
Behind all the web development tools is a language. A programming language is a formal
constructed language designed to communicate with a computer and create programs in which
you can control the behavior. And yes we realize some of these might not always be referred to
as a language.
PHP: Popular general-purpose scripting language that is especially suited to web development.
NodeJS: Event-driven I/O server-side JavaScript environment based on V8.
JavaScript: Programming language of HTML and the web.
HTML5: Markup language, the latest version of HTML and XHTML.
Python: Programming language that lets you work quickly and integrate systems more effectively.
Ruby: A dynamic, open source programming language with a focus on simplicity and productivity.
Scala: Scala is a pure-bred object-oriented language allowing a gradual, easy migration to a
more functional style.
CSS3: Latest version of cascading style sheets used in front-end development of sites
and applications.
SQL: Stands for structured query language used with relational databases.
Golang: Open source programming language that makes it easy to build simple, reliable,
and efficient software.
Rust: Systems programming language that runs blazingly fast, prevents segfaults, and
guarantees thread safety.
Elixir: Dynamic, functional language designed for building scalable and maintainable applications.
TypeScript: Open source programming language that is a superset of JavaScript which compiles
to plain JavaScript.
5. web Essentials
Web Essentials, created by Microsoft's Mads Kristensen, is a general-purpose collection of

Web development-focused extensions and enhancements for Visual Studio.
The package includes HTML shortcuts and productivity tools, CSS and LESS tools for keeping
your style sheets under control, extensions for coding with JavaScript, TypeScript, CoffeeScript
and Markdown, and even extensions to the built-in Visual Studio Browser Link dynamic data
exchange with open browsers in your development environment.
Another reason to check out Web Essentials: Scott Hanselman says, "It's the Web Team's
most important feature playground. It's a peek into the future of Visual Studio."

On the downloads page you'll find Web Essentials versions for Visual Studio 2010, 2012 and
2013. (Note, however, that Web Essentials 2010 offers fewer features than the newer versions.)
There are nightly builds available through GitHub, where you can also register issues or submit
pull requests for contributions.

Activity 3
3.1 Create a formal presentation that effectively reviews your business
application, problem definition statement, proposed solution and the
development strategy. Use this presentation as a part of a peer-review and
document any feedback given.
Presentation

Figure 14: Presentation slide

Figure 15:Presentation slide













3.2 Develop a functional business application based on a specific Software
Design Document with supportive evidence for using the preferred tools,
techniques and methodologies.
Invoice
Figure 28:Invoice

PC World
Login Form
In the scenario, they have mentioned several types of users in the website. First, one is PC World.
Therefore, in here I have designed login form for these two types of users. Users can login as a
producer or member selecting their user category in login area. Login form prototype as follows,
Registration form
PCW producers and new members need to be register for access a web site. Every user must
provide their true details to web site.
The producers have to insert more details than normal users to get registration complete. User
Registration form prototype as follows,

Registration form
Figure 29:Registration Form
Figure 30:R.aspx

Figure 31:R.aspx
Figure 32:R.aspx

Figure 33:R.aspx
Figure 34:R.aspx .cs

User Login Form
Figure 35:Login Form
Figure 36:L.aspx

Figure 37:L.aspx
Figure 38:L.aspx

Figure 39:L.aspx .cs
Payment Form
Figure 40:Payment Form

Figure 41:Payment report
Figure 42:P.aspx

Figure 43:P.aspx

Figure 44:P.aspx .cs
Figure 45:After Payment

My Account
Figure 46:Change pw
Figure 47:Change acc

Figure 48:Change pw.aspx
Figure 49:Change pw.cs

Add Category Form
Figure 50:Category Form
Figure 51:Cat.aspx

Figure 52:Cat.aspx

Figure 53:Cat.cs
Add Item Form
Figure 54:Item Form

Figure 55:Item.cs
Figure 56:Item.cs

Figure 57:Item.aspx
Figure 58:Item.aspx

Figure 59:Item.aspx
Figure 60:Item.aspx

Order Form
Figure 61:Order Form
Figure 62:Order.aspx

Figure 63:Order.aspx
Figure 64:Order.aspx .cs

3.3 Evaluate any new insights, ideas or potential improvements to your
system and justify the reasons for including/not including them as a part of
this business application.
This suggests you a few tips to improve the performance of an ASP.Net web application. There
are many more things which may ensure a better performance and faster response time for a web
application.
So, will have a more light weight application which runs quicker and gives a better response time.
Use Caching
Caching is a good technique to improve this application’s performance. If the application has
infrequent data changes or the application has more static content of web page, can use caching. If
this application does not mandate near real-time content to be delivered, consider using output
caching. But, the data won’t be the latest for the duration mentioned while enabling caching.
When using caching, what it does is - it stores the output of the page. So, the subsequent requests for
the page are loaded immediately by serving this output instead of generating the output. This output is
served for the certain period mentioned while enabling caching.
this can cache entire page or fragments of pages or controls depending on the type of static data
we have.
Disable View State if Possible

View State is a technique used by an ASP.NET to persist changes to the state of a web form across
postbacks to retain the current data for a web application which is otherwise stateless. But View
State increases the load of the page both when requested and served. There is also an additional
overhead of serializing and de-serializing view state data as it is posted back. View State increases
the memory allocations on the server as well.
We can disable the View State of the pages where there is no postback required. This is applicable
for controls as well. By default, View State is turned on for all pages and controls. So, turn it off for
a page or a control wherever it is not required.
Disable view state for a single page,

<%@ Page EnableViewState="false" %>
Disable view state for a single control on a page,
Set EnableViewState = "false"
Set debug=false
When we create the application, debug attribute will be set to "true" by default since it is very
useful during development. But, always set debug="false" before deployment. This is a very small
thing you need to do but will have a greater impact on the application performance.
Avoid Unnecessary Round Trips to Server

Round trips to server significantly affect performance. This is because the requests and responses are
created and transferred to server and client. It also takes some time for the server to do the processing

and object creation before the response is sent back. Adding to this, sometimes other factors, such as
a server is busy with too many requests, network latency etc., can further affect the speed. So, keep
round trips to an absolute minimum. How it can be done in each case may depend on your
application. A few examples are:
Use Ajax UI whenever possible

Do user input validation on the client side using JavaScript
Avoid unnecessary database hits to load the unchanged content in the
database Use IsPostBack property
Use Specific CSS and Script files

Using large CSS files that are used for the entire site in multiple pages will increase the loading time
of the page thus leading to a performance hit. It can be split and stored in different files thus loading
only what is required for each page. It will minimize the loading time of the pages.
For example,
contactus.css can be used for ContactUs.aspx and home.css can be used for Home.aspx, The same
way we can split our JavaScript files as well.
Use Server.Transfer instead of Response.Redirect for any transfers within our server
Both Server.Transer and Response.Redirect present the user with the contents of a new page but in
different ways. When we use Response.Redirect, the server sends an HTTP header back to the
browser with an HTTP status code stating that the address of the object has changed along with the
new location to find it. The browser then initiates another request to the new object.
On the other hand, Server.Transfer just transfers execution from one page to another page on the
server. In effect, back-and-forth network traffic is reduced which therefore eases the pressure on our
Web server and network bandwidth and makes our applications run faster.
Use Stored Procedures

Use Stored Procedures to avoid multiple database hits and get many things done on a single hit. Also,
there is a slight performance benefit for the stored procedure over queries as Store Procedures are
compiled and stored in the SQL database server, unlike the queries which require compilation. If you
are using really long queries and if you change it to SP, the advantage will be more obvious. Because
for sending really long queries over the network, more bandwidth need to be used unlike and SP will
take only a short line.
Use Images Properly

Reduce the use of images as it will take more time to load and will cause the application to load
slowly. Better use very small images in the sense that, ones with less size and get it repeated using
CSS. If possible, remove some images and use CSS to give colors, shades, and styles.
Set build action to Release

Always remember to take the build in release mode instead of debug mode. Since building mode adds a pdb
file for each dll and this will cause your application size to increase and execution time to increase. This is
because the debug information are checked before executing code in these assemblies.

For beginners, this is how you set build action to release mode:
Figure 65:set build action to release mode
Use CDN
Content Delivery Network (CDN) provide another way of increasing performance. A CDN is a
network of servers (nodes) spread across the world. When the application request for a resource from
CDN, the content is delivered from a node which is geographically nearest to the user ensuring a
faster response time.
Be more diligent while declaring variables
we can avoid a lot of unnecessary memory allocation if we are a bit more cautious while
declaring variable. A few cases are,
1. Avoid the use of dynamic keyword if it is not necessary
Because, dynamic types cause compiler and Dynamic Language Runtime (DLR) to do more work.
This affects performance and it will be more obvious in case if they are used in loops.
2. Move variable declaration closer to usage

It is better because you're limiting the scope of the declared variables. And if you declare them
outside the loop, their scope will be broader, which means that it will take longer for the garbage
collector to free the memory they hold.

Activity 4
4.1 Review the performance of your business application against the Problem
Definition Statement and initial requirements.
In setting up an online business, the owner will need to go through the same procedures as a
traditional business, in formulating a business plan, by crafting a mission statement and through
handling other administrative matters. However, there are a number of advantages and disadvantages
of operating an online business.
The Pcw Company used manual system earlier, but I could introduce online system for it.
They could to adapt new system, because company had people who have enough computer knowledge.
So, the company get many advantages as new system like bellow mentioned.
Reduced Costs
There is no time wasting, they can do work on time, So now company effectively and efficiency.
The main advantage of having an online business is the cost difference when compared to setting up a
traditional office-based company. While there are fees associated with securing a domain and setting
up a website, these are minimal in comparison to leasing and maintaining physical premises.
Reduced Staff Requirements

an online business a lot of the work is carried out automatically. For example, purchasing an item
online does not require a cashier to take payment: a purchaser simply enters his or her card details and
the item is paid for within minutes.
Lack of Interaction
With a physical presence staff members can interact with customers face to face. This can impress the
purchaser and prompt them to share their positive experiences with others. Some purchasers may
simply prefer face-to-face interaction, as opposed to purchasing their goods online. You may struggle
to develop a meaningful relationship with a purchaser when you operate an online business.
Support Systems
If a customer purchases an item from a physical store, only to later discover it is faulty, they can
return the product to the store for an exchange or refund by means of a relatively easy process.
However, if an online purchaser finds that their goods are faulty, it could be several days until the
issue is rectified, especially if you have no customer care system in operation. You will need to
implement a structured policy and system for refunding faulty goods to avoid customer frustration.
Internet Connectivity
You could stand to lose a lot of time and money if, for some reason, your website goes down and
cannot be fixed for hours, or even days. This could cause potential customers to be dissuaded from
buying a product from you if they receive an error message when trying to visit your website, and
they may communicate their poor experience with friends and family.
Now company can face competitive market.

4.2 Critically evaluate the strengths and weaknesses of your business
application and justify opportunities for improvement and further
development.
PC World(PCW) is a medium-sized company that sells over 50 different types of computer

products. The company has grown steadily in the last 2 years mainly due its popularity over the
Internet.
Google has a vested influence in pushing computing into the cloud. Unless this company is also
a leading provider of Internet information services, however, don’t have as much incentive.
Web development is popular because it’s fast, versatile, and relatively inexpensive — and it’s
certainly easy to find developers. But that doesn’t mean the alternatives don’t have advantages
of their own, and in some cases the Web’s weaknesses might outweigh its strengths.
Strengths
My experience is that Vaadin enables you to write interactive and responsive web applications
with high comfort and development speed.
It comes with a powerful, easy-to-use component set. Another practical advantage is the
monoglot programming approach and the utilization of the well-known imperative ASP.NET
programming style. If your development team is already familiar with ASP.NET and has
already experience with ASP.NET programming in HTML, CSS and PHP, they will become
productive immediately.
ASP.NET WebForms
Gives you look and feel of real windows programming. You have buttons with click events,
grids with buttons with click events in it. You have data binding. You have all means to save
your data between posbacks (from one roundtrip to another). Rapid development
Easy to learn and implement.
Develop web application like a desktop application.

Well known imperative UI programming paradigm
Web-specific issues are transparent for developers. They don’t have to learn them.
Comprehensive and sophisticated component set and data binding mechanism.
Really good documentation and active community
Much improved control over your HTML

No postbacks / viewstate
Support for unit testing
Weaknesses
Insecure Backup Location
Incorrect configuration of the application or environment may expose certain valuable

information such as backup copies of files, database or entire website. This can happen when
the website administrator or web application stores backup copies within the website root and
does not restrict access to these files. A remote attacker can download these files and gain
access to potentially valuable information.
A recent vulnerability in XCloner (HTB23206) could be a great example of this issue. The
provided CSRF exploit in the advisory uses web site functionality to created a backup file
within a webroot. An attacker can download a backed up copy of the entire website, unless
access to .tar files is restricted by web server.
Sensitive Cookie In HTTPS Session Without “Secure” Attribute
If secure attribute is not set for sensitive cookies they can be transferred via unencrypted HTTP
connection. An attacker can perform a MitM (man-in-the-middle) attack and intercept valuable
information, which can be used later in future attacks. This issue can be used along with cross-
site scripting vulnerability to steal the session identifier. It is also possible to perform session
fixation attack and gain unauthorized access to the web site.
Below is an example of Secure (X-OWA-CANARY and X-BackEndCookie) and insecure

(UC) cookies:
Figure 66:(UC) cookies
As use can see, sensitive cookies will not be transmitted over HTTP connection, but the “UC”
cookie is allowed to do so.
Browser technologies are too limiting.

The full range of languages, tools, and methodologies that systems programming has to offer
JavaScript has evolved into a respectable general-purpose language, but it can hardly be
expected to be all things to all people. User interface code written in such languages as C++,
Objective C, or Python can often be both more efficient and more maintainable than code
written for the Web paradigm.
What’s more, HTML and CSS are clearly deficient when it comes to rich interactivity. Witness
the proliferation of multimedia plug-ins such as Flash, QuickTime, and Silverlight. Relying on
these outside dependencies increases the complexity and support cost of your applications.
These tricks wouldn’t be necessary if you weren’t trying to shoehorn interactivity into the
browser instead of sticking to the desktop.
Lack of Support for MFA
Depending on the sensitivity of data contained within a web application, support for multi-factor
authentication when an application is Internet accessible is quickly becoming a minimum
security feature. Partially due to the prevalence of password attacks and credential stuffing and
partially due to remote access requirements pushed by compliance standards, it’s a great way to
allow users to be as secure as they want to be. Ideally, this involves support for a third-party
authenticator app or hardware security token. But if that isn’t possible or for lower security
applications, two step verification with email or SMS can be useful alternatives.
There are other vulnerabilities that can occur related to authentication weaknesses, of course.
But we just wanted to cover some of the most common as raise awareness for some fairly
common issues we report on a regular basis. If you have any questions or want to schedule a
web application penetration test to see if any of these issues plague your organization’s
applications.
Lack of Anti-Automation
Similarly to account lockouts, anti-automation controls can be effective in mitigating password

attacks. But these controls can help stop more than traditional brute force attacks. They can also
be great for preventing automated username enumeration techniques or password spraying
attacks. Sometimes anti-automation will be in the form of a CAPTCHA that a user has to answer
to login (or it may only show up after a certain number of invalid attempts). Other times anti-
automation could be a temporary IP blacklist after a certain number of requests in a certain time
period. And another might be an exponential back-off, which is a type of control that enforces
an exponential sleep time in between invalid login attempts (e.g. 1 invalid attempt no sleep, 2
attempts sleep for 5 secs before next, 3 attempts sleep for 30 secs before next, and so on).

Weak Password Policy
Web application password policies seem to be lagging behind the rest of security best practice
for organizations. Sometimes there are good reasons for this (e.g. bank applications tied to
mainframes) but many times it’s just a lack of understanding of the risk or a misjudgment on
the usability impacts. This goes for both weak password policies that don’t require at least 8
characters in length, prevent extremely common passwords using a blacklist, etc. as well as
unnecessary password restrictions that don’t have a positive impact on security like arbitrary
complexity requirements or the prevention of certain special characters.
Untrusted Third-Party Content
Many web sites use advertisement networks to display third-party content. There are publicly
known security issues, connected with compromise of advertisement networks that involve
malware spreading. Malwaretising is a growing business and malicious people might use
advertising networks to spread malware perform attacks against website visitors.
ImmuniWeb uses advanced techniques to discover such issues.

Self – criticism
When I am doing this assignment, I dealt with such teams by classifying them and jotting them
down to personal notes through research on the area I was coping with, so that I would often
remember them but with the guidance from my lecturer and my positive attitude help me to
complete this assignment successfully.
It is also my fault that at certain points I have debated topics to my personal opinion even though
there were lack of evidence supporting my conclusions. Such points reflect my inability to
critically compare and highlights my inability to transcribe direct quotations.
I could always include the most timely, accurate and reliable information to support my
suggestions. Even though these things degrade the quality of my work, I found myself pushed to
be a critical and reflectivity learner through the experiences I had dealing the trials raised upon
completion of the assignment...

Reference
online. 2019. DNS server. [ONLINE] Available at: https://developers.google.com/speed/public-

dns/. [Accessed 20 October 2019].
Mr. Martin Fernandez. 2019. Seo. [ONLINE] Available at: https://www.seo.com/. [Accessed 2
May 2019].

Gantt chart
Figure 67:Gantt chart

W.M.N Maheshika Wijesinghe Application Development Assigment Unit 30 Reg11179 Peoson No PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

W.M.N Maheshika Wijesinghe Application Development Assigment Unit 30 Reg11179 Peoson No PDF

Uploaded by

Copyright:

Available Formats

Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFIER CHECKLIST

Do the assessment criteria awarded match

Assessor signature Date

Programme Leader signature (if required) Date

Confirm action completed

Remedial action taken

Unit Title Unit 30 – Application Development

Assignment Number Assessor

Grade: Assessor Signature: Date:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 3 of 89

Feedback: Student to Assessor

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 4 of 89

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 5 of 89

Word Processing Rules

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 6 of 89

1. I know that plagiarism is a punishable offence because it constitutes theft.

Student’s Signature: Date:

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 7 of 89

Unit Number and Title Unit 30: Application Development

Academic Year 2018/19

IV Name & Date

The recommended word count is 4,000–4,500 words excluding annexures..

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 8 of 89

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 9 of 89

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 10 of 89

Activity Activity Learning Feedback

3 Work individually and as part of a team to plan LO3

4 Evaluate the performance of a business LO4

Assessor Name :…………………………………………….

All rights reserved ©ESOFT Metro Campus, Sri Lanka Page 12 of 89

Outcomes/Criteria Page Feedback

P2 Determine any areas of risk related to

M1 Analyse a business related problem

P3 Research the use of software

M2 Compare the differences between

D1 Justify the tools and techniques

P4 Create a formal presentation that

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 P a g e | 13

M3 Develop a functional business

D2 Evaluate any new insights, ideas or

M4 Review the performance of your

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 P a g e | 14

Internal Verifier’s Comments:

Internal Verifier: Signature:

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 P a g e | 15

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|1

I am further happy to mention that as it really provides me with a massive opportunity to

(Blank Page Initially)

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|2

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|3

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|4

Figure 1:Data flow diagram.................................................................................................... 12

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|5

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|6

(Blank Page Initially)

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|7

Maheshika Wijesinghe| Application development|Unit 30||Reg.No 11179 Page|8

(Blank Page Initially)