Harini Iyer

Secure Web Programming

Final Project : Cricket Fantasy League Web Application

Scope Statement

The project Fantasy Cricket League Web Application will have complete information about the
teams and players in each of them. There will be six teams with 11 players each. The winning team
will be decided on the basis on votes from the users of the web application. The web application
will display team players and their photos. There will be a short career description for each player.
Their best match video will be embedded next to their picture. The users of the application can
browse through the complete team and player information in the secure web application.
The registered users can vote once. The Admin user can vote any number of times. There is a
signup option available for new users to register themselves. The username must be unique, else
registration is prevented. They need to enter an answer for three secret questions. The application
prevents the fields in the signup form to be left blank in order to register. The registered users have
an option to update their password by correctly answering these secret questions.
The project is protected from XSS and SQLi injection. Prepared statements are used throughout
the application. The forms for modification of the database are only accessible to users that pass
the authentication test. The inputs are sanitized and the sessions can last only for 30 minutes.