Question

In: Computer Science

Task 1. Consider the following scenarios An order processing application for a pet supplies store. The...

Task 1. Consider the following scenarios

  1. An order processing application for a pet supplies store. The customers should be able to place orders online and for every order they must receive an order confirmation vie e-mail and upon shipping they must receive a shipping notice via e-mail.
  2. A publicly traded retailer with retail outlets and online shopping and shipping options
  3. A small, private law firm having a small website with forms for potential clients to complete; including name, address, contact number, and reason for scheduling an appointment
  4. A real estate Appraisal Company that provides online appraisals for a publicly traded financial institution’s residential-loan applicants which sends all applicant information to the appraisal company electronically
  5. A Web hosting company that provides leased servers for Web sites of client’s ranging from small firms to large online retailers
  6. A city government that allows people with parking tickets to pay the fines online using a credit card or online check

Last week we discussed in the class, the threats posed by each of the above scenarios and explain what its effect may be if a web application is compromised. One of the software strategies to cover the emergent security threat to an application is to build abuse cases. The result I expect is a report which integrates the software development lifecycle with security in every step of it for the abuse case described for any one of the scenarios mentioned above. You can also attempt the exercise for any scenario which interests you . (5 points)

Solutions

Expert Solution

The effects on the above scenario when the web application is compromised.

When a web application is compromised there is an unwanted activity taken by the intruder which poses severe security threats on the information that the website possess.

There are many consequences that you will have to endure if your website is indeed ever compromised.

These include, but are not limited to:

IDENTITY THEFT

If your website is hacked, you or any of your customers can become the victims of identity theft if your personal and financial information is stolen.

SITE’S SPEED SLOWS DOWN

Another reason a cybercriminal may attempt to hack into your website is to store thousands of files, such as illegal information or pirated music and movies, and then run those files on your server.

WEB HOSTS COULD SUSPEND YOUR ACCOUNT

One of the reasons hackers will attack website is to use your IP address to launch attacks on other targeted websites or to blast out spam emails.

SITE COULD CRASH COMPLETELY

If you ever click the link to a page on your site and you see a blanket white screen with a "PAGE NOT FOUND - 404 ERROR" message, it’s a clear sign that your website has been hacked, and you’ll want to take action right away to solve the problem.

In the scenario of order processing system when a website is compromised the details of the customer can lost the orders won't be processed leading to a dip in customer trust.

In the second scenario shopping cannot be done. Resulting in unavailability of service.

In the case of the law firm all the confidential information of customer can lost. The real estate appraisal company and the web hosting company can lost all the data. making them unable to operate furthermore.

Abuse case mentioned for any of the scenario in s report which integrate the SDLC with security.

Use abuse cases to determine security requirements, strengthen controls, and improve the security of an application’s business features.

Misuse and abuse cases describe how users can misuse or exploit weak controls in software features to attack an application.

A direct attack against business functionalities, which may bring in revenue or provide a positive user experience, can have a tangible business impact. Abuse cases can be an effective way to drive security requirements to properly protect these critical business use cases.

The scenario of public trader with retail shops online shopping and shipment option is taken for this report.

The shopping cart use case

An online retailer plans to support an anonymous checkout and payment system whereby an anonymous user can enter a shipping address and payment details, place the order, and expect delivery without needing to create an account.

In the design, when a customer adds an item to their shopping cart, stock is reserved for that item.

If there were 500 pairs of pants available, and someone adds a pair to their cart, there are now 499 pairs of pants available for other customers.

Abuse case number 1

A user misuses the shopping cart by adding a large quantity of products without the intent to purchase

Reserving stock when a user adds an item to their shopping cart is convenient for the user but reduces buying opportunities for other users.

To control this:

Reserve stock when a user starts the checkout process, rather than when they add items to their cart

Limit the number of items allowed in the shopping cart

Implement timers on items added to the cart, or to the entire cart

Support oversubscription through a feature to compensate users whose orders couldn’t be fulfilled

Monitor and release. If the stock inventory level is within a predefined threshold, raise an alert

Abuse case number 2

Denial-of-service attack with anonymous accounts

Attackers can take advantage of the anonymity of the shopping cart to attack the system by repeatedly opening a browser, creating a new cart, and reserving a large quantity of items.

Solved by

Implement tiered trust. Assign additional privileges to registered accounts, and fewer to anonymous accounts.

Use “likelihood to action” to prioritize inventory holding.

Abuse case cnumber 3

Automated denial of service attacks using botnet or testing tools

Attackers may use botnets or testing tools to create shopping carts and reserve products periodically. This can exhaust your inventory with constant holdings

Mitigate the risk by

Using captchas in website

Subscribe to IP blacklist feeds and use IP “threat intelligence” to screen out automated botnet attacks.

Limit browser sessions with “suspicious” item reservation requests

Misuse and abuse cases can be an effective tool to drive security requirements that protect business features or processes.

By designing countermeasures against misuse or abuse cases, you can identify proper security controls.


Related Solutions

Prepare an adjusted trial balance for the following: You opened a new pet supplies store and...
Prepare an adjusted trial balance for the following: You opened a new pet supplies store and named it Ozzie’s Pet Supply and Boarding on December 1, 2019. The following information about December’s transactions, accounts, and adjustment data is available. Transactions: Dec. 1 Family members contributed $50,000 cash to the business in exchange for capital. Dec. 2 Purchased $10,800 of equipment for the store paying cash. Dec. 3 Paid $4,500 for a 9-month insurance policy starting on December 1. Dec. 4...
Given the following specification for a Web-based order processing system for a computer store. “A new...
Given the following specification for a Web-based order processing system for a computer store. “A new user can connect to the company’s web page and create a new customer profile by providing personal information. This information will be validated and saved in a customer information file at the company’ s server. The user is then provided with a user id and password via an email sent by the system. Using the provided password, the user can then logon to the...
Given the following six relations for an order-processing database application in a company: CUSTOMER (Cust#, Cname,...
Given the following six relations for an order-processing database application in a company: CUSTOMER (Cust#, Cname, City) ORDER (Order#, Odate, Cust#, Ord_Amt) ORDER_ITEM (Order#, Item#, Qty) ITEM (Item#, Unit_price) SHIPMENT (Order#, Warehouse#, Ship_date) WAREHOUSE (Warehouse#, City) Here, Ord_Amt refers to total dollar amount of an order; Odate is the date the order was placed; Ship_date is the date an order (or part of an order) is shipped from the warehouse. Assume that an order can be shipped from several warehouses....
Part 1: Consider the following scenarios and answer with explaination and graphs. a.) Consider the long-run...
Part 1: Consider the following scenarios and answer with explaination and graphs. a.) Consider the long-run labor market for married female workers. In the 1950s, many employers had a policy of not hiring married women (and of even firing female employees when they married). How would the end of such policies affect the normal real wage and employment of married women working outside the home? b.) The rate of growth of potential output per person appears to have slowed down...
Business Case situation: You have decided to explore the idea of opening your own pet food and supplies retail store.
Business Case situation: You have decided to explore the idea of opening your own pet food and supplies retail store. You have 10 years of retail management experience, a college diploma in business and a strong love for animals. You currently live in the Toronto area – but are willing to move. You are leaning towards serving the higher end of the market – but are not sure. You want to provide a good range of products, maybe focused more...
B. Creation of Program Application (Development Task 1) This program should ask the following questions to...
B. Creation of Program Application (Development Task 1) This program should ask the following questions to determine the number of hotdogs and buns (with minimum number of leftovers) needed for the Annual Hotdog Eating contest: Assumptions are as follows: • Hotdogs come in packages of 10. • Hotdog buns come in packages of 8. 1. The program application should have the following inputs: • How many people will be competing in the contest? • How many hotdogs will each person...
Furry Friends Supplies Inc., a pet wholesale supplier, was organized on May 1. Projected sales for...
Furry Friends Supplies Inc., a pet wholesale supplier, was organized on May 1. Projected sales for each of the first three months of operations are as follows: May $220,000 June 330,000 July 430,000 All sales are on account. 51 percent of sales are expected to be collected in the month of the sale, 38% in the month following the sale, and the remainder in the second month following the sale. Prepare a schedule indicating cash collections from sales for May,...
Furry Friends Supplies Inc., a pet wholesale supplier, was organized on May 1. Projected sales for...
Furry Friends Supplies Inc., a pet wholesale supplier, was organized on May 1. Projected sales for each of the first three months of operations are as follows: May $300,000 June 340,000 July 510,000 All sales are on account. 53 percent of sales are expected to be collected in the month of the sale, 35% in the month following the sale, and the remainder in the second month following the sale. Prepare a schedule indicating cash collections from sales for May,...
Consider each of the following scenarios: 1. A seller orally agrees with one of its best...
Consider each of the following scenarios: 1. A seller orally agrees with one of its best customers to deliver goods in exchange for $20,000. While the seller’s practice is to obtain a written sales agreement, the seller delivered these goods to the customer without a written agreement due to the customer’s urgent need. 2. A seller agrees to provide accounting services to a customer for the next year in exchange for $40,000. While the two parties are negotiating the terms...
The following data are for the Ipad Supplies Company which is a store located in New...
The following data are for the Ipad Supplies Company which is a store located in New York City: Sales are budgeted at $355 ,000, $240,000, and $220,000 for November, December and January, respectively. Collections are expected to be 55% in the month of sale, 40% in the month following the sale, and 5% uncollectible. The cost of goods sold is 60% of sales and includes only the cost of merchandise. The company purchases 60% of its merchandise in the month...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT