SD6503 Testing and Secure Coding

Final Project_ SD6503 Testing and Secure Coding_T2_2019
Page 1 of 4
BACHELOR OF INFORMATION TECHNOLOGY
SD6503 Testing and Secure Coding
Final Project
Trimester 2, 2019
Secure Web Project Development and Testing — Group Project
Due date and time
Due: Tuesday, 8th Nov
Purpose of this Final Project
The intention of the project is to integrate your knowledge and skills of testing and security to
develop an ASP.NET Core web project. Your group development can be based on any scenario of
SD6503留学生代做business application including at least three related tables of database (except the one used in our
course examples). The main objectives included in this assessment are:
1) Black-box testing: You must report your tested web pages for all the required functions.
2) White-box testing: You must report your tested web pages e.g. validations, boundary data, etc.
3) Grey-box testing: You must report your tested web pages and Unit Test.
4) Coded UI testing: You must explain and demonstrate (e.g. print screen) how you use coded UI
Testing.
5) Static code analysis: You must use code security software to identify the vulnerabilities of
your web project code. You also need to explain the issues and risks as well as to make a plan
of how you are going to prevent the risk.
6) Web performance and load test: You must provide evidence of print screen and explain how
you did your tests. You must use your own words to explain the contents of generated report
from test.
Submission details
Each Group submits a soft copy of their project in MS Visual Studio 2017 ASP.NET Core 2.0 , as
well as project documentation through digital Dropbox in Moodle on or before the due date.
Extensions
Extension of time will only be granted for students who have an acceptable documented reason for
not completing the assessment by the specified due date.
Grading
This Final Project is worth 40% of the total module. The assignment will be marked out of 100.

Final Project_ SD6503 Testing and Secure Coding_T2_2019
Page 2 of 4
BACHELOR OF INFORMATION TECHNOLOGY
SD6503 Testing and Secure Coding
Terms
See details of terms in the Bachelor of Information Technology handbook 2019.
Project Tasks:
You are required to develop an ASP.NET Core 2.0 Web project that will meet the following
requests:
? For MS SQL database, it requires to have at least three tables. The fields in each table
should have different data types, e.g. numbers, text, etc.
? For security reason, your Web project should include a login page. (user name and
password must be provided in your document for assessment).
? The home page should be user friendly (e.g. having logos, colours, images, and etc.)
and navigate to each functional page as well as to test pages.
? Validation controls are needed for user’s data entry, e.g. numeric field needs to be
protected from text data.
? Web pages for each business application table require basic data processing functions
such as entering, editing, and deleting.
? These web pages also should have advanced functions such as sorting and searching.
? In your black box testing, you must have enough records entered into each table in
order to show the relationships of these tables.
? In your white box testing, validations, you must have enough test cases to exam the
validation, boundary data, etc.
? In your unit & automated testing, you must have enough test cases for classes and test
web pages for each table. You also use different test data on your test pages and in
your database tables.
? In your static code analysis, you must use code security software 1) to identify the
vulnerabilities of your web project code; 2) to interpret the analysis results using your
words; and 3) to make your security plan of possible optimised solution.
Other features may be introduced by the Product Owner feedback at sprint review

Final Project_ SD6503 Testing and Secure Coding_T2_2019
Page 3 of 4
BACHELOR OF INFORMATION TECHNOLOGY
SD6503 Testing and Secure Coding
Project Documentation Requirements
The deliverables for the assignment are:
? Project Files and Documentations
? All your project files must have internal comments in self-documenting code
based on a coding standard.
? Your testing document must clearly identify the testing purpose, testing method,
test cases, and your judgement.
? Your static code analysis report must include pupose, method, tools, testing results,
your interpretation, and your plan of possible optimised solution.
? Each group must prepare an MS PowerPoint slides for a 15-minute group
presenttaion.
? All your project files and documentations for this project is to be uploaded on
Moodle before due date.
? Class Presentation
? Each group will have 15 minutes to present their project in MS PowerPoint, and
presentation time will be announced in advance.

Final Project_ SD6503 Testing and Secure Coding_T2_2019
Page 4 of 4
BACHELOR OF INFORMATION TECHNOLOGY
SD6503 Testing and Secure Coding
Marking Guide
Criteria Mark
Marks
Awarded
Comments
1. ASP.NET Core Project File (code and comments) 40%
1) SQL Server DB design and implementation 5
2) Home page: login, modify, navigation, etc. 10
3) Basic functions on application web pages 5
4) Advanced fucntions on application web pages 10
5) Unit Test and sample test page 10
2. Testing and Security Documentations 40%
1) Black-box Test (purpose, method, test cases, and your judgement) 5
2) White-box Test (purpose, method, test cases, and your judgement) 5
3) Unit Test (purpose, method, test cases, and your judgement) 5
4) Coded UI tesing (purpose, method, test cases, and your judgement) 5
5) Statice Code Aanlysis and Opitmised Solution (purpose, method,
interpretation of analysis results using your words; and possible
solution of security plan)
10
6) Web performance and load test (print screen and explain tests.
explain the contents of generated report)
10
3. Presentation 20%
1) Powpoint: legible (font, size, colour, etc.) and logical 10
2) Presentation: answering and asking questions 10
Total 100
Plagiarism
Copying the work of others, or using other people’s ideas as your own without acknowledging the source is called plagiarism.
Lecturers will not accept such work and you may be penalised by losing marks or failing an assessment.
All individual assignments and tests must be entirely your own work. Discussion and assistance between students who are
working in groups is ok, but all work handed in must be your own work and written in your own words, except for assignments
based on group achievement. To reinforce this, you are required to sign the declaration on the cover sheet of each assignment.
Further information is in the Guidelines for Written Assignments handbook and the Faculty of Business and Information
Technology Student Handbook.

因为专业,所以值得信赖。如有需要,请加QQ:99515681 或邮箱:[email protected]

微信:codehelp

原文地址:https://www.cnblogs.com/pythoncomp3/p/11800363.html

时间: 2024-10-07 16:33:35

SD6503 Testing and Secure Coding的相关文章

《Secure Coding in C and C++》读书笔记-第六章-格式化输出

在线阅读 目录: 1. Running with Scissors 2.Strings 3.Pointer Subterfuge 4.Dynamic Memory Management 5.Integer Security 6.Formatted Output 7.Concurrency 8.File I/O 9.Recommended Practices ? ? 6.Formatted Output ???? 代码举例: void usage(char* pname){ ????char us

Cracking the coding interview汇总目录

很久之前刷的CTCI的题目,都快忘记了,做个分类汇总,再重新好好复习一遍. Chapter 1 | Arrays and Strings 1.1 Implement an algorithm to determine if a string has all unique characters. What if you can not use additional data structures? 1.2 Write code to reverse a C-Style String. (C-Str

(翻译)网络安全书籍推荐列表

看到作者列出的书籍列表,对于信息安全的初学者来说,能很好的选择教材,鉴于只有英文版,我尝试翻译成中文以供参考,初次翻译,翻译的不好请见谅. 原文链接:http://dfir.org/?q=node/8/ 注:对于所有的书籍链接,我都会寻找中文版重新链接,如无中文版,则按原文链接英文版.并且所有书籍名称保留英文名称 这是一个我建立的一个有关计算机安全的书籍列表,它们都是很有用的“计算机安全”这个主题的相关数据.包括:数字取证. 事件响应, 恶意软件分析和逆向工程.书籍的范围从入门教材到高级的研究课

XSS (Cross Site Scripting) Prevention Cheat Sheet(XSS防护检查单)

本文是 XSS防御检查单的翻译版本 https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet 介绍 本文描述了一种恰当地使用输出转码或者转义(encoding or escaping)防御XSS攻击的简单积极模式. 尽管存在巨量XSS攻击方式,遵守一些简单的规则能够彻底防住这类严重的攻击. 本文不探讨XSS攻击的商业和技术影响. reflected and stored XSS 可以

IAP-应用内购买

[-] In App Rage 管理 In App Purchases Retrieving Product List提取产品列表 Subclassing for Your App 添加帮助类代码 显示产品列表 给我钱看看 In App Purchases Accounts and the Sandbox 何去何从 前言:自我总结--- loadStore(监听交易,请求产品描述:完成交由委托->获取产品描述-.交给fetch自定义委托LB显示)-> 2,点击购买->激活交易监听进行购买

App Store内购

一.In App Purchase概览 Store Kit代表App和App Store之间进行通信.程序将从App Store接收那些你想要提供的产品的信息,并将它们显示出来供用户购买.当用户需要购买某件产品时,程序调用StoreKit来收集购买信息.下图即为基本的store kit 模型: Store Kit的API只是为程序添加In App Purchase功能的一小部分.你需要决定如何去记录那些你想要提交的产品,如何在程序中将商店功能展现给用户,还要考虑如何将用户购买的产品提交.本章的剩

[cocos2dx 3.0 + iap]中文文档(转)

一.In App Purchase概览Store Kit代表App和App Store之间进行通信.程序将从App Store接收那些你想要提供的产品的信息,并将它们显示出来供用户购买.当用户需要购买某件产品时,程序调用StoreKit来收集购买信息. 下图即为基本的store kit 模型:Store Kit的API只是为程序添加In App Purchase功能的一小部分.你需要决定如何去记录那些你想要提交的产品,如何在程序中将商店功能展现给用户,还要考虑如何将用户购买的产品 提交.本章的剩

debugging books

https://blogs.msdn.microsoft.com/debuggingtoolbox/2007/06/08/recommended-books-how-to-acquire-or-improve-debugging-skills/ This article is my answer for this comment. First of all, this is just my opinion, not Microsoft’s opinion. Before talking abou

IAP (In-App Purchase)中文文档

内容转自:http://yarin.blog.51cto.com/1130898/549141 一.In App Purchase概览 Store Kit代表App和App Store之间进行通信.程序将从App Store接收那些你想要提供的产品的信息,并将它们显示出来供用户购买.当用户需要购买某件产品时,程序调用StoreKit来收集购买信息.下图即为基本的store kit 模型: Store Kit的API只是为程序添加In App Purchase功能的一小部分.你需要决定如何去记录那