The Technical University of Moldova

Faculty of Computers, Informatics and Microelectronics

Department of Software Engineering and Automatics

Semestrial Report on

The Development of Secured Applications

Semester: V

Module: ?

ECTS: 10

Verified: ?

Team number: ?

Team Members:

Cavcaliuc Nina

Fistic Cristofor

Gurduza Vasile

Popov Eliodor

Turcanu Ana

Chișinău, 2020
Table of Contents
Abstract .................................................................................................................................

1. Introduction .......................................................................................................................

2. Problem Formulation ......................................................................................................

2.1. The Aim of the Platform. The Necessity for Security .........................................

2.2. Problem Statement Formulation ..................................................................

2.3. Problem Validation ...............................................................................................

3. Research Planning ..........................................................................................................

3.1. Methods of Analysis ........................................................................................

4. Theoretical Problem Context ........................................................................................

5. Data and Data Analysis ...................................................................................................

5.1. Idea Validation ..............................................................................................

5.2. Risk Analysis ....................................................................................................

5.2.1. Risks and Vulnerabilities of the Solution ..........................................

5.2.2. Approach of Solving Vulnerabilities ..…........….......

6. Solutions and Approaches ..............................................................................................

6.1. Related Existent Solutions ..............................................................................

6.2. Solution Development ....................................................................................

6.2.1. UML Use-Case diagrams ...................................................................

6.2.2. Database structure .............................................................................

6.2.3. Back-end .............................................................................................

2
 6.2.4. Front-end .............................................................................................

6.3. Solutions for Security ........................................................................................

6.3.1. Built-in Solutions ..................................................................................

6.3.2. Custom Solutions ................................................................................

6.4. Advantages and Disadvantages of the Final Solution .....................................

6.5. Future Improvements ........................................................................................

7. Conclusions .....................................................................................................................

References ....................................................................................................................

Appendices ......................................................................................................................

List of Figures ....................................................................................................................

List of Tables .....................................................................................................................

3
 Abstract
This report is made for academic purposes and is intended to document the project under
which a secure software application has been developed. The project was made during the 5th
semester of Software Engineering, under the Department of Software Engineering and
Automatics at the Technical University of Moldova, and was supervised by prof. Bulai Rodica
and Ion Gandrabura, employee at “Amdaris” SRL. In this report is described an application
that was develop for solving a problem in local community and the whole process of
development of the application. A special aspect that was highlighted during the development
of the application was security and in this report, it is also described what was done to make
application to have a high level of security.

Technical University of Moldova, January 24, 2020

4
 1. Introduction
Software security is an aspect of application development, which should not be avoided
if the intent is to keep integrity and provide functionality. Software security is a process that is
created, designed and tested during the pre-deployment phase. Security means not only
implementing the most suitable securing mechanisms, but also, creating code that is easier to
protect.

For large enterprises, a single gap in the security of an application can mean a
tremendous loss. For example, the well-known Sony Pictures was attacked with a simple SQL
injection by a hacker group, in 2011, which resulted in the exposure of personal data of over 1
million accounts, including passwords, electronic mail and home addresses, and birth dates. In
2017, HBO, a large broadcasting company was hacked, resulting in the release of a screenplay
episode of a not yet broadcasted TV series. The hacker gained access to financial documents,
as well as contact and confidential information of the actors and the film crew.

The examples above show how much of an impact has security on the integrity of
software. It is favorable to implement it from scratch at the designing stage, since it is better to
prevent malicious attacks than to treat them subsequently.

In the present report, the following two initiatives are tackled: the development of a
software application based on a problem, which has to be validated by potential users through
open survey, and eventually, the implementation of security over the created platform during
the pre-deployment phase. The application will be conceptualized and validated in the Problem
Formulation chapter. In the following chapter the planning of the research for the project will
be documented. The next chapters will deal with the exploration of the theoretical context of
the problem, data collection and analysis of data. The final chapter will describe the solutions
and approaches that were developed for this project, related to the intent of the application but
also, related to the security of it.

5
 2. Problem Formulation

This chapter will describe the problem that is going to be tackled and solved by the
platform. The necessity for securing the application will be proven, along with formulating the
problem statement. Subsequently, the process of validating the problem will be described in
the last section of this chapter, in order to prove its actuality.

2.1. The Aim of the Platform. The Necessity for Security

Imagine this scenario: You are student or a professor and you’re doing a research for
getting a degree. You are just about to discover some very important matter which your work
is related to. However, you still need to see one more specific book you know about, in order
to be sure of your discovery. This book is very rare, it does not sell in your country. You are
interested to find out who owns this book, regardless of where they live, and ask them to buy
it or borrow it, in order for you to be able to complete your thesis. How can you easily do that?

Or this: You decided to renew your personal at-home library and you own a large
amount of books that you do not need anymore. You decided to sell or donate them to anyone
interested, as quickly as possible. A Facebook group will not help you, because you’re looking
for a wider target of clients, regardless of where they live in the world. What is the perfect
solution to your problem?

There are lots of people in and outside our country who own books that they either do
not need anymore or would like to profitably share them out. The intended web application
aims to solve the problem mentioned above. It would give any regular user the possibility of
putting their books up for sale, rent or give them away for free. Also, the same user would be

6
able to order any book found on the website and directly contact the owner for details and
specifications. Chatting with clients and owners would also be possible on the platform
directly. Means of payment would not be provided by the platform, since it is not intended to
be an online shop, but much rather an online community useful to find the product you need
from other members. The mailing of the products and money transfer are done through
particular ways which both parties (the client and the owner) agree on (which may differ from
case to case), and the risks these involve are assumed by every user. Moreover, it aims to be
straight-forward and easy to use, quick and efficient, and secure.

Security is an essential part of this application, since it would not be ready for
deployment without it. Securing the application is beneficial, or even essential for application
administrators as well as for the users. Not only is it implemented in order to prevent malicious
attacks that could destroy or malfunction, but also, in order to protect users’ personal data. In
order to keep integrity and provide functionality, the step of securing the application should
not be skipped, or the loss might be irreversible. The platform needs to be protected from
outside attacks, such as injecting foreign data into the database, or gaining unauthorized access
to prohibited data. For example, if a registered user sends the URL of the website to another
person, that person should not be able to view the page in the same way a registered user would,
until he registers himself, too. This is a measure that needs to be taken in order to protect the
platform and the personal data on it. Thus, the necessity for security is exists and is rising, in a
time where it has to keep up with the latest types of software invasions. Later in this report, the
top invasions related to the platform will be discussed and analyzed.

2.2. Problem Statement Formulation

Today, the acts of lending and getting pre-owned books are done sporadically, through
social media website groups and acquaintances. There isn’t a unified platform where people
from anywhere in the world, who have such interest in giving and getting books could connect

7
with each other. Selling, borrowing or giving books away would serve as a benefit to the
owners, as well as other book readers, who would have the possibility to get rare copies of their
books of interest and also, get them for less money or, sometimes, even for free.

This is the problem statement that was deductively derived from analyzing the field of
interest. In order for it to be the base of the application, the next step is to prove its actuality.
This validation is described in the next section.

2.3. Problem Validation

There are lots of people in and outside our country who own books that they either do
not need any more or would like to profitably share them out.

For the validation of the problem, a survey was done where a hundred people have been
asked if this is the case for them too, mainly: “Do you own books that you would like to sell,
donate or give away and/or have you ever needed a book that you could not find in local book
shops?”. According to the acquired data, 83% of interviewees said that they do have books at
home that they wouldn’t mind giving away and/or they did experience needing a book and not
being able to find it in local book shops. Respectively, 17% of the people who were questioned
answered “No”. Moreover, many of the ones who answered affirmatively agreed that they do
not know how to reach a wide target of clients when in need to sell a book, since the only way
that came in mind was Facebook groups and other social media promotion.

This social study helped to prove the actuality of the problem. The solution for it is the
base for the intended application, an online library system which allows users to get in contact
in order to exchange reading material.

8
 3. Research Planning

This chapter wi’ll document planning from what resources the data is received and what
method of analysis will be used to obtain more information needed to make our application
better for users’ experience and for applying a high level of security.

3.1. Methods of Analysis

First, what existing solution are out there, that have the serve the same purpose, that of
managing books? The most known are dedicated groups on Facebook in which people sell or
try to find a book. The method that is going to be used in order to analyze this group will be
users activity in group, how often posts are published in this group and how fast people find
what they need. Other methods of analyses will be to obtain access to documents that describe
how many people didn’t find a book that they needed and how many of them agree with prices
from library and how many of the will like to buy a book from other people. This type if
information can be taken from libraries because they make this type of analysis of market.

her data that needs to be collect is about the vulnerabilities of a web application and we
need this data to know what is needed to be improved for making a high level of security in
our application. For obtaining this information, an analysis of the top vulnerabilities of web
application is going to be made. Other method of obtaining information of such sorts is to
secure is to analysis information about frameworks that used and technologies to know what
vulnerabilities they have. Also, an analysis of data about the types of attacks that are made on
web application, needs to be done, in order to have information what needs to be secure and
what is the priority for solving each vulnerabilities. Finally, the analysis of different models of

9
developing and maintain a secure web application has to be done. For this it is needed to read
some models that were written by different specialists and to find out what is better for our
application and for our software environment. This way applying this model on our web
application will get the application a high level of security.

10
 4. Theoretical Problem Context

Applications are the primary tools that allow people to communicate, access, process
and transform information. Although it is not a standalone security requirement, its increasing
risk to cause denial of service attacks makes it a highly important one.

Web application security refers to the protection of both browser endpoints, and the
APIs they connect to, against attack from Magecart/form jacking-style attacks, malicious
browser extensions, banking trojans, Malvertisements, and other cyber security threats. When
addressed properly - including JavaScript protection, threat detection and limiting API
connections to known good sites, along with defensive measures that can shut down web app
functionality in the event of an attack - effective web application security enables customers to
detect and protect against active threats, protecting businesses and consumers from data
breaches and financial losses.

Application security risks are pervasive and can pose a direct threat to business
availability. Although it is not a standalone security requirement, its increasing risk to cause
denial of service attacks makes it a highly important one. Applications are the primary tools
that allow people to communicate, access, process and transform information. How can
businesses reduce security risks around these applications? There are three front-line
approaches: Better training, more rigorous testing, and more stringent policies and procedures.

• Developers must be trained in and employ secure coding practices.

• Professional security testers must test the applications before deployment.
• Policies and procedures must be in place to prohibit the deployment of applications
with vulnerabilities.

While these techniques can offer a first layer of protection, time-to-market pressures
often interfere with such approaches being followed. Too often the “It won’t happen to me”
mentality remains in place until a breach occurs that exposes known vulnerabilities.

11
 A threat - is an agent that may want to or certainly can result in harm to the target
organization. Threats include organized crime, spyware, malware, adware companies, and
disgruntled internal employees who start attacking their employer. A threat is something that
may or may not happen, but if happens it has the potential to cause serious damage.

Vulnerability - Weaknesses or gaps in a security program that can be exploited by

threats to gain unauthorized access to an asset, Weakness that makes an attack possible. A
vulnerability is a security risk in a software program that puts the program or computer at
danger of malicious programs. Also a vulnerability refers to a known weakness of an asset
(resource) that can be exploited by one or more attackers. In other words, it is a known issue
that allows an attack to succeed. Understanding your vulnerabilities is the first step to managing
your risk.

Risk - is defined as the potential for loss or damage when a threat exploits a
vulnerability. Risk is where threat and vulnerability overlap. That is, we get a risk when our
systems have a vulnerability that a given threat can attack. Computer security risks can be
created by malware that can infect your computer and put system and organization in a huge
damage. Risk can also be defined as follows:

Risk = Threat X Vulnerability

Assets - a resource of value. May be tangible or intangible. Usually allude to a ‘Object’.

Attack - Act of malicious threat agent. Also known as Exploit.

Probability - the potential chance of a threat being realized by an attack on an asset.

Impact - Outcome of the materialized threat.

Security is often defined as a negative property: a system is perfectly secure whenever

there is no possible way to attack it. In order to assess the security of a system, we must
therefore look at all the possible threats. The STRIDE model is a useful tool to help us classify
threats.

12
 The STRIDE model was developed by Microsoft in order to help security engineers
understand and classify all possible threats on a server. The name of this model is an acronym
for the six main types of threats: [1]

1. Spoofing
2. Tampering
3. Repudiation
4. Information disclosure
5. Denial of service
6. Escalation of privileges

Spoofing

Most security systems rely on the identification and authentication of users. Spoofing
attacks consist in using another user credentials without their knowledge. Typical spoofing
threats target weak authentication mechanisms, for instance those using simple passwords, like
a simple 4 digits number, or those using personal information that can be easily found, like date
or place of birth.

Tampering

Only authorized users should be able to modify a system or the data it uses. If an attacker
is able to tamper with it, it can have some consequences on the usage of the system itself, for
instance if the attacker can add or remove some functional elements, or on the purpose of the
system, for instance if important data is destroyed or modified.

Repudiation

13
 Attackers often want to hide their malicious activity, to avoid being detected and
blocked. They might therefore try to repudiate actions they have performed, for instance by
erasing them from the logs, or by spoofing the credentials of another user.

Information disclosure

Many systems contain confidential information, and attackers often aim at getting hold
of it. There are numerous examples of data breaches in the recent years.

Denial of service

A system is usually deployed for a particular purpose, whether it is a banking

application or an integrated media management on a car. In some cases, attackers will have
some interest in preventing regular users to access the system, for instance as a way to
blackmail and extort money from the owner of the system (e.g., with ransomware).

Escalation of privilege

Once a user is identified on a system, they usually have some sort of privileges, i.e.,
they are authorized to perform some actions, but not necessarily all of them. An attacker might
therefore try to acquire additional privileges, for instance by spoofing a user with higher
privileges, or by tampering the system to change their own privileges.

STRIDE is a model of threats, used to help reason and find threats to a system. It is
used in conjunction with a model of the target system that can be constructed in parallel. This
includes a full breakdown of processes, data stores, data flows and trust boundaries. Today it
is often used by security experts to help answer the question "what can go wrong in this system
we're working on?"

14
 Each threat is a violation of a desirable property for a system:

Fig. 4.1. Each threat is a violation of a desirable property for a system.[2]

The Open Web Application Security Project (OWASP) is a not-for-profit charitable

organization focused on improving software security. OWASP works on the principles of open
source software, particularly the idea that the community is the force of creation and
contribution. The unique aspect here is that OWASP is not software, rather a set of guidelines
created by the community to help developers plug security holes in their code.

Security has become a very important aspect of software development lately, but not
everyone is aware of ways to write secure code. You may think, "my team of developers is
very experienced/skilled/efficient, they can write 100% secure code," but if you follow the
news you are aware that even bigshot websites are regularly brought down or have their user
data compromised. Your website should be well-prepared to avoid such attacks by following
these guidelines by OWASP.

The OWASP Top 10 is a standard awareness document for developers and web application
security. It represents a broad consensus about the most critical security risks to web

15
applications. Companies should adopt this document and start the process of ensuring that their
web applications minimize these risks. Using the OWASP Top 10 is perhaps the most effective
first step towards changing the software development culture within your organization into one
that produces more secure code.

16
 5. Data and Data Analysis

This chapter tracks the data analysis of the data collected from different sources to make
our application better and to understand what needs users of our application. Also, analysis of
the application environment to prepare better for users' interaction is described. Another type
of data analyzed here is the security problems that can occur in the application, which is shown
in the risk analysis to know what are the vulnerabilities in the web application and in the used
software environment.

5.1. Idea Validation

Once the discovered social problem has been validated, the next step was the solution
planning phase, where the concept of the intended platform has been defined. The solution
consists of a web application, where any registered user can either post a stock of reading
material up for sale, donation or giving away, or make a request to the stock owner to buy a
book himself. This would not be an online book shop, since the main goal is not providing a
online paying service, but to help people connect, and find their desired book or magazine.

Just like the problem being validated, the idea for this solution needs validation as well.
Thus, a different survey has been done, where 110 people have been interviewed with the
following question: “Would you use a platform to either sell, lend and donate your books, or
to find a desired reading material that may be anywhere in the world?”. This time, 76%
answered “Yes”, 22% answered “No”, while 2% held back.

Since the majority of people confirmed the necessity for such a platform, the designing
and development phases of the solutions are the next ones to be tackled.

17
 5.2. Risk Analysis

This chapter describes the research that was done for finding information about the risks and
vulnerabilities of the solution, in order to be able to analyze them later in this chapter. The risk analysis
is a great way to understand the priority of each risk and the way of solving it.

5.2.1. Risks and Vulnerabilities of the Solution

This application is a web platform because it has to be used by as many users is possible.
After analyzing users from different social networks that search for books, we understand that
every day are at least ten requests of finding a book. In this group are a lot of people in the
most popular group are around 200000 of people so this prove that many people are interesting
in a selling a book or borrow or exchange. We analysis that type of book are and that type of
publisher exist for adding then in our database of application. We analysis what information
is important for user to know when he what to borrow a book or buy a book so we will do this
information to be available for books that will be in our website so if you want to sell you book
on our website you will ned to give this information to us.

Lot of ASP.NET MVC developers are great in delivery, writing high performance code
and so on. But when it comes to security there is no planning done. When we talk about web
application, security is a major concern. So we will run through 10 points which will help us
to make our MVC code secure.

1. Cross-Site Scripting (XSS)

2. Cross-Site Request Forgery (CSRF)
3. SQL Injection
4. Do the Proper Error Handling
5. Enforce SSL and use HSTS
6. XXE (XML External Entities) attack
7. Improper Authentication & session management

18
 8. Improper Authorization
9. Do not use components with Known Vulnerabilities
10. Version Discloser

1.Cross-site Scripting (XSS) - is an attack in which malicious scripts is injected via input
fields this attack is most common and allows an attacker to steal credentials and valuable data
that can lead to a big security breach.

Fig. 5.2.1.1. Cross-site Scripting (XSS).[3]

In this attack attacker visits a website and tries to execute a malicious scripts in form
comment box. Now if website has not checked for Malicious code then the code can get
executed on the server causing damage.

Following are some solutions to prevent XSS.

Sanitizing user input: This is helpful to prevent XSS attack on site that allows HTML
markup as input. It means that encode the HTML that is stored. The Razor engine automatically

19
encode all the inputs so that the script part which adds as any field is never executed. The using
@ directive, we can apply encoding rule to the variable.

Encoding the URL: Many applications use Query String to transfer the data from one page
to another page. The XSS attack can be possible on query string data due to it is not encoded.
Using UrlEncode and UrlDecode method of Microsoft.AspNetCore.WebUtilities class, we can
encode and decode the URL with ASp.net code 2.0 and above version.

Input Validation: Some time HTML character does make sense for user input. we can put
the validation (client and server-side both) that prevent the malicious data that harming a
website.

AntiXSS Library: The fourth solution to XSS attack is by using

MicrosoftAntiXSSLibrary which will help to protect your application.

2.Cross-Site Request Forgery (CSRF) - it also is known as Session riding and pronounced
as XSRF. In this method of attack, attacker copies forge as a trusted source and send the data
to the site. The site processes this information believe that this is coming from a trusted source.
This kind of attack can be destroying both client relation and business. The example of CSRF
is unauthorized fund transfers, data theft etc.

Mostly this is done through creating a forged site and it internally hits the genuine site and
by using already established user session, an attacker is done some malicious activity. For
example, a user is transferring fund from one account to another account and trusted connection
established between the user and bank site. At the same time user click on malicious like from
junked email (that sent by the attacker). Because of the secure session is established between
user and bank site, the attacker uses this connection and does some malicious activity such as
fund transfer. However, it is vulnerability at the server (web application) side, not an end-user
side.

20
 A CSRF vulnerability allows an attacker to force a validated and logged in user to
perform actions without their consent or unknowingly.

Example:

• User logs in to the bank server.

• Bank authorizes and a secure session is established between user and the bank server.
• The attacker sends an email with a malicious link saying “Earn 100000$ now” to the
user.
• User clicks on the malicious link and the site tries transfer money from your account to
the attackers account. Because the secure session is established the malicious code can
execute successfully.

Fig. 5.2.1.2. Cross-Site Request Forgery (CSRF).[4]

The solution to prevent CSRF

Using tag helper "asp-anti forgery", we can enable/disable anti-forgery for the page.
If this tag helper value is set to "true", it means that it enables the anti-forgery for this page.
And using ValidateAntiForgeryToken attribute, we can check whether the token is valid or not

21
at server side (controller / action method). It also can be ignored by using
“IgnoreAntiforgeryToken” attribute.

3.SQL Injection - this attack is one of the most dangerous attacks it is ranked 1 in top 10
Vulnerabilities by OWASP2013 [Open Web Application Security Project]. SQL injection
attack can give valuable data to the attacker that can lead to a big security breach and can also
take full access to the database server.

In SQL Injection attacker always try to enter malicious SQL statement which will get
executed in the database and return unwanted data to the attacker.

Fig. 5.2.1.3. SQL Injection.[5]

Following are some solutions to prevent SQL Injection.

22
 Use Parameterized Query or stored procedure using the parameterized query or stored
procedure, we can prevent SQL injection. It is better to use a stored procedure instead of an
inline query. If you want to use inline query, we must use a parameterized query to prevent our
application from SQL Injection.

Fig. 5.2.1.4. Use Parameterized Query.[6]

Use any O/RM (Object-relational mapping) such as Entity Framework O/RM maps
SQL object such as a table, view to our domain object such as class. Most of the ORM is to
generate a parameterized query internally to fetch the record from the database.

4.Do the Proper Error Handling - sometimes, we are not doing proper error handling.
So, some of the sensitive information is exposed in term of error such as database object name
(table, stored procedure etc.), file location, etc. This kind of information can be used by
attacker/hacker to do an attack on the web site.

In this kind of attack the attacker intercepts form data which is submitted by end User and
changes values and sends the modified data to the server. So for such kind of scenarios
developers do put proper validations in place but when these validations display error lot of
information of the server is revealed.

23
 Fig. 5.2.1.5. Error Handling

It can be prevented by using creating a custom error page that will display when an error
occurred, or we can write the code to do custom error handling. In the first solution, we need
to create a page that has a generic message and it needs to be configured Configure method of
startup class.

Fig. 5.2.1.6.The error page

24
 Alternatively, we can write some custom code to do exception handling such as try-catch
block, exception handler or exception filter.

5.Enforce SSL and use HSTS - SSL enables us to establish an encrypted connection
between a web server and a browser. It ensures that all the data transmitted between the web
server (application) and browser are encrypted and not change during the transition. To secure
our application, we can use HTTPS (HyperText Transfer Protocol Secure) protocol. There are
many advantages using HTTPS such trust, verified data, Integrity of Data, etc.

ASP.net Core 2.1 and later version enable us to create an application that configured over
HTTPS. We can also configure HTTPS with ASP.net Core before the .NET core framework
1.1 but it was some difficult to configure. There is an option available to configure our web
application over HTTPS when we are creating a web application with Visual Studio. In the
template of a web application, HTTPS is enabling for the application.

25
 Fig. 5.2.1.7. Configure HTTPS with ASP.net Core

HSTS (HTTP Strict Transport Security Protocol)

It is a web security policy that protects our web application from downgrade protocol
attacks and cookie hijacking. It forces webserver to communicate over an HTTPS connection.
It always rejects insecure connections. The Asp.net core templet by default adds HSTS
middleware. It is not recommended to use in the development environment as a browser is
cache the HSTS header.

There are a couple of options available that can be overridden to configure HSTS.
Following are the options:

• MaxAge: It is the time span that defines the max-age of Strict-Transport-Security

header valid. The default value is 30 days.
• IncludeSubDomains: It boolean type and if it set to true, Strict-Transport-Security
header available for subdomain as well.
• Preload: Using this property, we can add preload for Strict-Transport-Security header.
• ExcludedHosts: it is a list of hostname will not add the HSTS header.

6.XXE (XML External Entities) attack - XXE (XML External Entity) attack is possible
on the application that parses XML input. The possible reason for this attack is XML input
contains the reference of the external entity which weakly configured in the XML parser. It
may happen due to the disclosure of confidential data, SSRF (server-side request forgery), port
scanning by the hacker where the application (XML parser) hosted, denial of service (Dos),
etc. Hacker / Attacker can use XML to cause a Denial of Service attack by injecting entities
within entities. This type of attack refers to “Billion Laughs Attack”. As a result, the system
required more resource to complete the task and due to high utilization server may crash.

Solution - If you are using "XmlTextReader" class to parse the XML, it has property
"DtdProcessing" that must be set to Prohibit or Ignore. If we have set DtdProcessing property

26
of XmlTextReader to "Prohibit", the system will throw the exception as DTD (Document Type
Definition) is identified and if we have set DtdProcessing property of XmlTextReader to
"Ignore", the system will ignore DTD specifications and continue to process the document.

7.Improper Authentication & session management - Sometimes, we do not maintain

proper authentication that allows the hacker to steal user credentials in terms of session and
cookies. Using this type of user access, a hacker can take complete access to the application.
Following are some ways to steal user credentials.

• Non-secure connection (without SSL)

• Login credential easy hack-able or weak credential
• Problem with session such as session-id exposed in URL, the session has a long
timeout, etc.
• Improper log out from the application (do not kill user session on logout)

After successful login in the web application, some cookies are set to the browser to
identify the user that is logged-in. These cookies are always sent to the web server with every
request. On logout, we generally remove the session but forget to remove cookies. These
cookies may be used by a hacker to do an attack on the web server. Default cookie name for
the .net core web application is “.AspNetCore.Session” and this default cookie does not specify
the domain. Using session option, we can override the cookie setting.

The solution is very simple: remove the cookies are successful logout, use secure HTTP
to secure cookies and session.

If you are working with built-in identity membership, so “SignOutAsync” method of

SignInManager class will take care about removing all your cookies after logout.

As described in the preceding section, SSL enables us to do make secure

communication connection between server and client so that any data that transited between

27
server and client are encrypted. There are some cookie options need to set to secure cookies
and session.

• HttpOnly: It indicates whether client-side code able to access the application cookies
or not. If it is set to Http Only Policy. Always, the client-side script is not able to access
the application cookies.
• Secure: It indicates whether cookies are transmitted using SSL (over HTTPS) only. If
it is set to true (internally), the cookies are only transmitted over SSL connection. It can
set to true by using Cookie Secure Policy. Always and Cookie Secure Policy. Same as
Request option.
• SameSite: It is the same site mode for cookies.

8. Improper Authorization - Authentication is a process of checking the identity of

the user accessing our application. Most of the application has log in feature and application
validate user identity against any trusted source such as database or external login providers
(i.e. Facebook, Gmail, Twitter, etc.). This process is called Authentication. Authorization is the
process of validating privileges to access a resource of the application. After a successful login
to the application, authorization mechanism checks whether a login user has privileges to
access the application resource.

Using “Authorize” attribute we can turn on the authorization for any controller or
individual action method. Sometimes, due to the laziness of developers, they miss to put
authorize check of controller or action and, they bypass the authorization in the same case. It
causes the security hole in the web application. Sometimes, developers also miss putting proper
authorization for the controller or action method. For example, some of the pages can be
accessed by the unauthorized role user due to improper role-based authorization.

The solution is very straight forward, make sure authorization works as expected before
web application moves to the production environment. ASP.net core has a very rich model for

28
authorization such as Policy-based authorization, claim-based authorization, etc., we can use
these models in the complex scenario to authorization.

9. Do not use components with Known Vulnerabilities - Nowadays, we are using

many third-party JavaScript libraries in our development of web application. It is just
impossible to develop an application without such libraries. These libraries may have security
flaws which make a web application vulnerable. The most common security vulnerabilities
with-in JavaScript includes CSRF, XSS, buffer overflows, etc. As describe a preceding section
of this article, XSS allows a hacker to put malicious code into the trusted page and this code
will execute in the user's browser. CSRF allows the hacker to utilize a user’s browser session
as a trusted source and send the other sites. Buffer overflow occurred when hacker sent very
large data to the site that hold by web site resulting web site maybe crash.

For the JavaScript library, there is full prove documentation that lists down all the
vulnerabilities. There is some public site, they log the vulnerabilities for the popular JavaScript
framework or plugin. For example, jQuery’s vulnerabilities are list down on the CVE website.

Solution

• Do not download any plugin or library from an untrusted source. Use trusted source
such as npm. It may reduce the chance of including a malicious or modified component.
• Do not use any untrusted library in the application.
• Always use an updated version of the library (it may fix some critical security defect in
the latest version).
• Always remove unused plugin, files, component from the application.
• Monitor the library's Vulnerabilities from the source such as NVD and CVE.

• Here, I have talked about JavaScript library, but there are many security vulnerability
incidents are a log for the server-side framework.

29
 10. Version Discloser - The request and response object contains may information such
as to request method, remote address, server X-Powered-By, etc. Some of them are very
sensitive such as X-Powered-By, Server etc. They must not disclose to the end-user because
the attacker may use this information to do attack. It may possible that some framework version
may encounter security Vulnerabilities and using these Vulnerabilities, an attacker may break
our system.

Fig. 5.2.1.8. Version Discloser

As seen in above snap, we can get information such as a server, X-Powered-By and X-
source files. The Server property indicates which server is used to host application, the X-
Powered-By indicate the information about the framework and X-Source Files is only available
in debugging modules in IIS / IIS express.

Solution

Removing headers that contain sensitive information. We can remove server header by
setting up AddServerHeader to false where we configure the server. In following an example,
I have to remove server header from Kestrel server.

30
We can remove X-Powered-By header either by using web.config or from IIS setting.

31
 5.2.2. Approach for Solving Vulnerabilities

Taking into account this classification, and also, trying to analyze the risks mainly on
the used technology, ASP.NET MVC, the set of the most critical vulnerabilities have been
deducted. After analyzing each solution, a custom approach had to be built in order to
personalize the solutions and make them fit the platform best.

Vulnerabilitatea Solutia
Cross-Site Scripting(XSS) Input Validation, URL Encryption
Cross-Site Request Forgery(CSRF) Using helper-label “asp-anti forgery”
SQL Injection Using Object-Relational-Mapping, such as
Entity Framework.
Improper Error Handling Creating a special error log page.
Insecure connection between web server Enforce SSL and use HSTS
and browser
XXE attack Using the property “Dtd Processing” within
the parsing class of an XML. Setting it to
‘Prohibit’ or ‘Ignore’.

Improper Authentication & Session UsingHTTPS protocol for securing the

Mnagement cookies and the session.
Improper Authorization Using the authorizing model “Policy-based”

32
 Using Components with Known Not using libraries from untrusted resources.
Vulnerabilities Updating the library versions. Removing
components, files and unused plugins.
Version Discloser Removing headers which contain sensible
information. Encryption of personal data in
the database.

The solutions that have been identified, for each of these vulnerabilities, have been proposed
onto implementation within the working plan.

6. Solutions and Approaches

6.1. Related Existent Solutions

Existing solution for this problem is groups on social networks for selling and buy
books or exchange but this solution are not good because their don’t notify user then some
book that he is interested is appearing and also this don’t give you opportunity to find fast a
post if book that you want.

6.2. Solution Development

After analyzing the existent solutions and their approach, the solution development of the
platform started. The platform incorporates the key features that these existent solutions have
in common: the ability to buy and sell books online, but also coming up with new additional
features. Firs of all, for understanding the way of the application’s functioning, UML Use-
Case diagrams have been developed.

33
34
 6.2.1. UML Use-Case diagrams

Use case diagrams

Fig. 6.2.1.1 Diagram for login and registration system

A Guest in order to use all the functionalities available for a Registered user can choose
between two options: sign up and log in. To get the registration process achieved the Guest
will have to fill the required fields like: email and password. After becoming Registered, the
user will be able to change the major part of his profile fields and to fill the optional ones.
Soon, as clicking on the button “Log out”, the status of a Guest is achieved again.

35
36
 Fig. 6.2.1.2 Stocks diagram

Both the Guest and the Registered User will be able to search for a stock (for example
by introducing item’s title or owner’s location), to access the list with searched stocks (besides
having at this step two options: content sorting and filtering) and to access each stock’s details
individually.

The important functionality characteristic to Registered User is to make an order by clicking

on the button “Order” from the right side of each stock on the page with the list of the searched
ones. Now having a made order, there are 3 options becomes available: to message the owner
of the stock, to change stock’s status from Pending to Closed (once a order is closed it can’t be
reordered) or Canceled (once a order is canceled it can be reordered). A very obvious
functionality of course is to see the list of own orders (“My orders”).

Adding a stock (filling some compulsory and optional fields) a Registered User can be
a Book Owner. Since a stock was posted on our platform, the main functionalities like update
and delete will be available for its owner. The list with all “Incoming orders” will be accessed,
and clicking on a specific order the Book owner will be able to message the one that ordered
his item and will have the same rights on changing stock’s status as the order’s owner.

The administrator will have the possibility to create, or delete or edit the objects of
some specific classes.

6.2.2. Database structure

37
Fig. 6.2.2.1. Database structure

38
 The database that was generated after the models were built is shown in figure 6.2.2.1.
It consists of sixteen tables, and the major part of them has at least one relationship with the
other table.

One of the most important relation for our platform is AspNetUser, which contains all
the necessary data about the user, and due to the fact that there is a lot of information to keep,
the table has nine relationships.

The first relationship is through the field Location_Id from the table Location having
the multiplicity: one-to-zero/one (i.e. a user can have only one location, and a location can be
assigned to an user or to none). Besides that, this relation has a relationship with table Country
an interesting fact, is that it has a relationship with itself, because of the field ParentLocationId
(i.e. if relation has a record with the field Name that has value “Chisinau”, then the field
ParentLocationId will have value Null, but if Name=”Bacioi” then ParentLocationId will be
equal with the Id of record whose Name=”Chisinau”). The next two relationships are with
Order table, whose fields CreatedBy_Id and ModifiedBy_Id are filled with user’s id. Both of
them have the multiplicity: zero/one-to-one (i.e. a user can have many Orders, but an Order
can be owned by one user or none). The other relationships are based on the field CreatedBy_Id
from the relationship Message and on the field Owner_Id from the relationship Stock, both of
them having the same multiplicity as the previous relationships.

The Order table has two fields (Stock_Id and OrderStatus_Id) that are foreign keys for
relations Stock and OrderStatus and the existing relationships have the same multiplicity:
zero/one-to-many (i.e. an Order can be created using only a Stock and having only a
OrderStatus, but an OrderStatus and a Stock can be assigned to many other Orders). The last
relationship of table Order is with table Message, having a multiplicity one-to-many (i.e. many
Messages based only on an Order).

The table Stock has with three distinct tables (Item, ActionType, Condition) three
relationships, of the multiplicity many-to-one (i.e. one Stock can consist only from one Item,

39
ActionType and Condition, but an Item, ActionType and Condition can be part of other
Stocks).

The aforementioned multiplicity type is also characteristic for the three relationships of
the relation Item (i.e. an Item can be characterized by only an Author, a Category and a
Publisher). The other not mentioned tables were built based on the default created models.

This database is normalize in third normal form because it doesn’t have transitive
dependency and don’t have partial dependency and all condition of first form are respected.
That means that all values in columns are in atomic form and that all values stored in the same
column are from the same domain. All columns in table have unique names and the order in
which data is stored doesn’t matter for our database. This normalization help our database to
save memory and easier to update and maintain the data in database.

6.2.3. Back-end development

MVC templates, CRUD function

Create, read, update, and delete (CRUD) are the four basic functions of persistent
storage. Alternate words are sometimes used when defining the four basic functions of CRUD,
such as retrieve instead of read, modify instead of update, or destroy instead of delete. CRUD
is also sometimes used to describe user interface conventions that facilitate viewing, searching,
and changing information. Without at least these four operations, the software cannot be
considered complete. Because these operations are so fundamental, they are often documented
and described under one comprehensive heading, such as "contact management", "content
management" or "contact maintenance"
ASP.NET MVC was designed to facilitate patterns-based development practices such
as test-driven development, separation of concerns, inversion of control, and dependency
injection. The framework encourages separating the business logic layer of a web application
from its presentation layer. By dividing the application into models (M), views (V), and

40
controllers (C), ASP.NET MVC can make it easier to manage complexity in larger
applications.
With ASP.NET MVC, you work more directly with HTML and HTTP than in Web
Forms. For example, Web Forms can automatically preserve state between HTTP requests, but
you have to code that explicitly in MVC. The advantage of the MVC model is that it enables
you to take complete control over exactly what your application is doing and how it behaves
in the web environment. The disadvantage is that you have to write more code.
MVC was designed to be extensible, providing power developers the ability to
customize the framework for their application needs. In addition, the ASP.NET MVC source
code is available under an OSI license.
The MVC template creates a sample MVC 5 application that uses Bootstrap to provide
responsive design and theming features. The following illustration shows the relation in MVC.

6.3. Solutions for Security

6.3.1. Built-in Solutions

41
 ASP.NET platform is a very powerful tool with lots of ready to use features. Below is
a description of the built-in solutions used to prevent different kind of security issues in the
ReadIT application.

• SQL Injection

SQL injection is a code injection technique, used to attack data-driven applications, in

which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the
database contents to the attacker). SQL injection must exploit a security vulnerability in an
application's software, for example, when user input is either incorrectly filtered for string
literal escape characters embedded in SQL statements or user input is not strongly typed and
unexpectedly executed.

To prevent SQL injection, ReadIT application uses Entity Framework. This is an

Object Relational Mapping framework that enables developers to work with data using objects
of domain specific classes without focusing on the underlying database tables and columns
where this data is stored. By default, Entity Framework is SQL Injection Proof. You are not
required to check that unless you are using SQL queries in Entity Commands.

In order to avoid injection in the dynamically composed queries in Entity Commands,

LINQ to SQL was used. In LINQ to SQL, the data model of a relational database is mapped to
an object model expressed in the programming language of the developer. When the
application runs, LINQ to SQL translates into SQL the language-integrated queries in the
object model and sends them to the database for execution. When the database returns the
results, LINQ to SQL translates them back to objects that you can work with in your own
programming language.

LINQ to SQL passes all data to the database via SQL parameters. So, although the SQL
query is composed dynamically, the values are substituted server side through parameters
safeguarding against the most common cause of SQL injection attacks.

Example:

42
 var query = db.Orders.Include(m => m.Messages).Include(m => m.Stock)

.Select(m => m.Messages

.OrderByDescending(y => y.CreatedDate)

.FirstOrDefault(x => x.CreatedBy.Id == currentUserId ||

x.Order.Stock.Owner.Id == currentUserId ||

x.Order.CreatedBy.Id == currentUserId))

Where(x => x != null);

• Cross-Site Request Forgery

To help prevent CSRF attacks, ASP.NET MVC uses anti-forgery tokens, also called
request verification tokens.

1. The client requests an HTML page that contains a form.

2. The server includes two tokens in the response. One token is sent as a cookie. The other
is placed in a hidden form field. The tokens are generated randomly so that an adversary
cannot guess the values.

3. When the client submits the form, it must send both tokens back to the server. The client
sends the cookie token as a cookie, and it sends the form token inside the form data. (A
browser client automatically does this when the user submits the form.)

4. If a request does not include both tokens, the server disallows the request.

Here is an example of an HTML form with a hidden form token:

<form action="/Home/Test" method="post">

<input name="__RequestVerificationToken" type="hidden"

value="6fGBtLZmVBZ59oUad1Fr33BuPxANKY9q3Srr5y[...]" />

43
 <input type="submit" value="Submit" />

</form>

Anti-forgery tokens work because the malicious page cannot read the user's tokens,
due to same-origin policies. Same-origin policies prevent documents hosted on two different
sites from accessing each other's content.

@using (Html.BeginForm()) {

@Html.AntiForgeryToken()

<div class="form-actions no-color">

<input type="submit" value="Delete" class="btn btn-default" /> |

@Html.ActionLink("Back to List", "Index")

</div>

• Cross Site Scripting

Cross Site Scripting (also referred to as XSS) is a kind of vulnerability that occurs when
some hacker injects malicious code (ideally script) inside a web page or the database. The
insertion of code takes place without the user's knowledge. XSS happens whenever a web
application allows to display user's input or input provided by any outside resources without
validating the input properly. XSS attacks enables a user to insert malicious JavaScript, HTML
and other cross-side scripting languages into a dynamic page – that is not validated.

XSS attacks are prevented by default in MVC applications. When any user inserts
malicious HTML markup and message into an MVC application, it will display an annoying
alert.

44
 • Broken authentication and session management

Application functions related to authentication and session management are often not
implemented correctly, allowing attackers to compromise passwords, keys, session tokens, or
exploit other implementation flaws to assume other users’ identities.

To avoid this, ASP.NET Identity was used. This is a system which can be used with all
ASP.NET frameworks, is knows for the ease of plugging in profile data about the user, has
persistence control, has a role provider, is claims based, supports social login providers, OWIN
integration and comes as a NuGet package.

This is an example of how authentication is configured in the ReadIT app:

app.CreatePerOwinContext(ApplicationDbContext.Create);

app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);

app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create
);

// Enable the application to use a cookie to store information for the

signed in user

// and to use a cookie to temporarily store information about a user

logging in with a third party login provider

// Configure the sign in cookie

app.UseCookieAuthentication(new CookieAuthenticationOptions

45
 AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,

LoginPath = new PathString("/Account/Login"),

Provider = new CookieAuthenticationProvider

// Enables the application to validate the security stamp when

the user logs in.

// This is a security feature which is used when you change a

password or add an external login to your account.

OnValidateIdentity =
SecurityStampValidator.OnValidateIdentity<ApplicationUserManager,
ApplicationUser>(

validateInterval: TimeSpan.FromMinutes(30),

regenerateIdentity: (manager, user) =>

user.GenerateUserIdentityAsync(manager))

});

app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

// Enables the application to temporarily store user information when

they are verifying the second factor in the two-factor authentication process.

app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie,
TimeSpan.FromMinutes(5));

// Enables the application to remember the second login verification

factor such as phone or email.

46
 // Once you check this option, your second step of verification during
the login process will be remembered on the device where you logged in from.

// This is similar to the RememberMe option when you log in.

app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRemember
BrowserCookie);

This also prevents improper authorization – authentication and makes permission

checking an easy task.

• Insecure Direct Object References

Insecure Direct Object Reference occurs when a application exposes a reference to an

internal implementation object. Using this way, it reveals the real identifier and format/pattern
used of the element in the storage backend side.

These references do not bring a direct security issue because, by itself, it reveals only
the format/pattern used for the object identifier. However, it brings, depending on the
format/pattern in place, a capacity for the attacker to mount a enumeration attack in order to
try to probe access to the associated objects.

In order to prevent it, the team has implemented Route Access Control and Data Access
Control, with the help of [Authorize] attributes inside the specific controllers.

[HttpPost]

[ValidateAntiForgeryToken]

[Authorize]

public ActionResult Save(StockModel stock)

47
 if (ModelState.IsValid)

var item = SaveItem(stock);

...

6.3.2. Custom Solutions

Security Misconfiguration

Good security requires having a secure configuration defined and deployed for the
application, frameworks, application server, web server, database server, and platform. All
these settings should be defined, implemented, and maintained as many are not shipped with
secure defaults. This includes keeping all software up to date, including all code libraries used
by the application.

Application frameworks can be a real bonus when it comes to building functionality

quickly without “reinventing the wheel”. The thing with widely used frameworks though, is
that once a vulnerability is discovered, there is now a broadly prevalent security problem in the
application. In order to avoid this, all framework should be updated to the latest stable version.
For this, NuGet package manager is used inside the ReadIT app.

48
 In order to successfully exploit an application, someone needs to start building a picture
of how the thing is put together. The more pieces of information they gain, the clearer the
picture of the application structure is and the more empowered they become to start actually
doing some damage. Application errors with stack traces can display such information. That’s
why a custom error handling method was implemented in the application.

First of all, all the errors are logged in a different database created just for errors. List
of errors is also available from the web, only to the users with admin privileges. This was done
with the help of ELMAH error logging facility.

Also, custom error pages were implemented for different error types.

49
 In production, debug mode should also be set to false to avoid slowness and security
issues. Maximum HTTP request size is also limited to 12 MB to avoid giving unlimited server
resources to a specific user.

• Cryptography or Insecure Cryptographic Storage

Insecure Cryptographic Storage is a common vulnerability that occurs when sensitive

data is not stored securely. This isn’t a single vulnerability, but a collection of vulnerabilities
that have to do with making sure the most important data is encrypted when it needs to be. This
includes making sure you are encrypting the correct data, making sure you have proper key
storage and management and making sure that you are not using known bad algorithms.

For all the cryptographic operations ReadIT is using the AES algorithm with a 256 bits
key. For the user passwords, ASP.NET Identity hashing is used, along with a Security Stamp.

50
 • Enforcing SSL and HTTPS

HTTP Strict Transport Security (HSTS) is a web server directive that informs user
agents and web browsers how to handle its connection through a response header sent at the
very beginning and back to the browser. This sets the Strict-Transport-Security policy field
parameter. It forces those connections over HTTPS encryption, disregarding any script's call
to load any resource in that domain over HTTP.

51
 • Version discloser

A running a web server usually shows the world what type of server it is, its version
number, and the operating system. This information is available in header fields and can be
acquired using a web browser to make a simple HTTP request to any web application. It is
often called the web server banner and is ignored by most people with the exception of
malicious ones.

Attackers can perform banner grabbing using even simple TCP tools like Telnet or
Netcat. Then they launch targeted attacks against the web server and version. In addition, if a
particular web server version is known to be vulnerable to a specific exploit, the attacker would
just need to use that exploit as part of their assault on the target web server.

This is why the team has decided to limit the information provided by the IIS.

protected void Application_Start()

AreaRegistration.RegisterAllAreas();

FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);

RouteConfig.RegisterRoutes(RouteTable.Routes);

BundleConfig.RegisterBundles(BundleTable.Bundles);

MvcHandler.DisableMvcResponseHeader = true;

protected void Application_PreSendRequestHeaders()

52
 Response.Headers.Remove("Server"); //Remove Server Header

Response.Headers.Remove("X-AspNet-Version"); //Remove X-AspNet-Version

Header

Two factor authorization

We make in our application to have two factor authorization this will give extra security.
For this you give user to choose he can obtain a random generate code on email or like an SMS
text on mobile this type of authorization makes more harder to get access to user account and
we need always to have a device or an app that we receive a new code every time so this make
a high level of security for users account.

7. Conclusions

Taking everything into account, it may be concluded that this report serves as a useful
tool for consolidating the conceptual functional and process architecture of the online book

53
management system as well as an important documentation of the securing process. Taking the
steps to develop a secure application, resulted into a platform that is ready for deployment.

First of all, the initial problem was decided upon and validated, through a social survey,
which demonstrated the fact that the need and importance of such a platform is high. After
analyzing the already existent book management service providing solutions, the core
functionalities for the project were clearly established. In order to come up with a better and
improved product, the deficiencies of such websites were identified and possible personalized
solutions were found. The focus of the report was to establish the key vulnerabilities of a
platform that uses the given technology and analyze the solutions that are linked to each and
every one. The top ten vulnerabilities of a ASP.NET MVC application have been established,
and their documented solutions have been studied. This step helped develop custom solutions
for each and every vulnerability that would satisfy and would fit the platform the best. That led
to the development phase, where these solutions were implemented and, eventually tested, to
ensure a well-working and functional product.

On the whole, the intended ReadIT web application solves a social problem while
providing a high level of security. The end product is protected against the most common
malicious attacks and it itself protects the personal data of any user. If there was one more step
left, that would be the UI design, but by far not as detrimental as implementing security over
an application.

54
References
[1]- https://docs.microsoft.com/en-us/previous-
versions/commerceserver/ee823878(v=cs.20)?redirectedfrom=MSDN

[2] - https://en.wikipedia.org/wiki/STRIDE_(security)

[3]- https://hackertarget.com/xss-tutorial/

[4]- https://www.itprotoday.com/web-development/owasp-top-10-project-security-
vulnerabilities-aspnet

[5]- https://www.acunetix.com/blog/articles/configure-web-server-disclose-identity/

[6]- https://www.veracode.com/security/insecure-crypto

[7]- https://www.troyhunt.com/owasp-top-10-for-net-developers-part-6/

[8]- https://lockmedown.com/secure-from-insecure-direct-object-reference/

[9]- http://www.dotnet-programming.com/post/2015/04/12/How-to-Handle-Cross-Site-
Scripting-in-ASPNET-MVC-Application.aspx

[10]- Web Application Vulnerabilities: Detect, Exploit, Prevent 1st Edition by Steven
Kapinos

[11]- Pro ASP.NET Web API Security, Securing ASP.NET Web API by Lakshmiraghavan,
Badrinarayanan

[12]- Security Driven .NET by Stan Drapkint

55
Appendices
Appendix A

The interaction between team members over the course of developing the present project has
been efficient. Everyone participated actively in the development of the end product and had
their own input.

Decisions were taken in group, through open vote, taking into account the mentors opinion
upon the situation. The meetings took place every other day, and lasted for about 3 hours.
Outside of the meetings, work was divided and each fulfilled their task remotely. At the
meetings started with discussions upon the work done and the final adjustments could be
pushed to the master branch.

At the university, the meetings with the TUM mentor took place every week, and consisted of
discussions upon the way of improving security over the application. The mentor’s input was
studied and implemented into the project in the next meetings at the partner company.

56
Appendix B

Recordings and minutes about the meetings.

Date Hours Location Presence Subject

03.10.2019 15:00-16:00 TUM 3/5 Initialization
07.10.2019 12:00-14:00 Amdaris 5/5 Initialization,
finding the
problem to
solve
10.10.2019 15:00-16:00 TUM 3/5 Commenting
upon the need
of the platform
functionalities;
STRIDE
method
11.10.2019 15:00-18:00 Amdaris 5/5 VS
Configuration,
DataBase
Solve for CSRF
17.10.2019 15:00-16:00 TUM 2/5 Establishing the
Action Plan
25.10.2019 15:00-17:30 Amdaris 5/5 2 factor
authentication;
Sms notification
30.10.2019 15:00-17:30 Amdaris 5/5 Email
confirmation
implementation
31.10.2019 15:00-16:00 TUM 4/5 Presenting
project at the
current level
01.11.2019 15:00-18:00 Amdaris 4/5 Add the
possibility to
log with User
name
06.11.2019 15:00-18:00 Amdaris 5/5 Encrypting chat
messages

57
08.11.2019 15:00-18:00 Amdaris 5/5 Encrypting chat
messages
13.11.2019 15:00-18:00 Amdaris 5/5 Encrypting chat
messages
15.11.2019 15:00-17:30 Amdaris 4/5 Length of the
password;
Encrypting
phone number

58