Professional Documents
Culture Documents
Assessor Internal
Verifier
Unit 29 – Application Program Interfaces
Unit(s)
Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST
LO2 Apply the knowledge of API research to design an application that incorporates relevant APIs for a
given scenario or a substantial student chosen application
Pass, Merit & P2 M2 D2
Distinction Descripts
LO4 Document the testing of the application, review and reflect on the APIs used
Pass, Merit & P4 M4 D4
Distinction Descripts
Resubmission Feedback:
* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions
have been agreed at the assessment board.
Assignment Feedback
Formative Feedback: Assessor to Student
Action Plan
Summative feedback
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page
as your cover sheet and make sure all the details are accurately filled.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
1. The font size should be 12 point, and should be in the style of Times New Roman.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No, and Page
Number on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help editing your
assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the compulsory
information. eg: Figures, tables of comparison etc. Adding text boxes in the body except for the before
mentioned compulsory information will result in rejection of your work.
2. Carefully check the hand in date and the instructions given in the assignment. Late submissions will not
be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may
apply (in writing) for an extension.
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will then be
asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using HARVARD
referencing system to avoid plagiarism. You have to provide both in-text citation and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be reduced to
A REFERRAL or at worst you could be expelled from the course
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct form. I further understand what it means to copy another’s work.
Submission format
Part 1 – Report: The submission should be in the form of an individual written report. This should
be written in a concise, formal business style using single spacing and font size 12. You are
required to make use of headings, paragraphs and subsections as appropriate, and all work must
be supported with research. You must provide in-text citations and the reference list using Harvard
referencing system.
Scenario
“ELEKS “ is a Top 100 Global Outsourcing company. You work as an apprentice web developer for
ELEKS . As part of your role, you have been asked to create an online shopping system for OZQ
company.
Online shopping has grown its popularity over the years, mainly because people find it convenient
and easy to shop from the comfort of their own home or office. This is one of the most enticing
factors about online shopping Because of these reasons OZQ company has decided to develope an
online shopping system.
OZQ-cart has facilitates business-to-consumer sales through its website. OZQ-cart system helps to
buy any type of item online by choosing the listed products from the website. Following are the
functional requirements of the system.
Registration – Customers can view the store but only the members can buy items. To
become a member of the website, the customer need to register for the membership.
Login page - The Login page is peripheral of the secure area of the system and allows the
user to log onto the web application. The user can view the store and add their order to the
shopping cart.
Shopping cart – Member can add their searched items to the cart.
User Profile - The User Profile page is an area that allows the users to maintain their own
information. The user can browse and search the items and add to the shopping cart.
Item Search and Select - Each customer must be able to view the status of the placed
order.
Feedbacks – user can provide opinions/ feedback to the site.
Activity 1 - Examine what an API is, the need for APIs and types of APIs.
1.1 Examin What is an API (Application Program Interface) ,types and the benefits of APIs
and evaluate the potential security issues surrounding APIs with reference .
1.2 Examin the differences between API and SDK and Assess a range of APIs that covers a
range of users of the proposed solution.
Activity 2 - Apply the knowledge of API research to design an application that incorporates
relevant APIs for a given scenario or a substantial student chosen application
2.1 Apply the knowledge of API research and Analyse the alternative solutions similar to the
proposed system that could be enhanced by a suitable API. Design an application that will
utilize a range of APIs for the proposed solution and justify the design choices used.
Activity 4 - Document the testing of the application, review and reflect on the APIs used
4.1 Design and complete a ‘black box’ and ‘white box’ testing methods for the developed
system and update the system according to the results. Critically evaluate the APIs used
within your application and results of your Test Plan. Include a review of the overall
success of your multipage website and provide a data security report of the application
you developed for the above sceanrio.
Observation Sheet
Activi Activity Learnin Feedback
ty g (Pass/ Redo)
No Outcom
e
1 Examine what an API is, the need for APIs and LO1
types of APIs.
Comments:
LO1 Examine what an API is, the need for APIs and
types of APIs
Table of Contents
Activity 1 - Examine what an API is, the need for APIs and types of APIs..............................................17
1.1 Examin What is an API (Application Program Interface) ,types and the benefits of APIs and
evaluate the potential security issues surrounding APIs with reference ...............................................17
Inadequate Validation........................................................................................................................19
API incompetence..............................................................................................................................20
Injection Attacks................................................................................................................................20
DoS Attacks.......................................................................................................................................21
Broken Authentication.......................................................................................................................21
Parameter Tampering.........................................................................................................................21
1.2 Examin the differences between API and SDK and Assess a range of APIs that covers a range of
users of the proposed solution...............................................................................................................22
1.2.2 Evaluate the range of APIs for a particular platform that covers a range of users...................23
Activity 2 - Apply the knowledge of API research to design an application that incorporates relevant
APIs for a given scenario or a substantial student chosen application......................................................25
2.1 Apply the knowledge of API research and Analyse the alternative solutions similar to the
proposed system that could be enhanced by a suitable API. Design an application that will utilize a
range of APIs for the proposed solution and justify the design choices used........................................25
2.1.2 Design an application that will utilize an API for a given purpose..................................................27
2.1.3 design for a chosen substantial application that will utilize a range of APIs. Justify the choice. 31
3.1 Develop an application with suitable android and web-site wireframes for the proposed system
design in task 2. Provide all the interfaces of the system and the appropriate codes of it.....................32
Android Wireframes..........................................................................................................................32
Website wireframe.............................................................................................................................34
ER Diagram.......................................................................................................................................38
API Code...........................................................................................................................................40
Database.............................................................................................................................................45
Activity 4 - Document the testing of the application, review and reflect on the APIs used......................49
4.1 Design and complete a ‘black box’ and ‘white box’ testing methods for the developed system and
update the system according to the results. Critically evaluate the APIs used within your application
and results of your Test Plan. Include a review of the overall success of your multipage website and
provide a data security report of the application you developed for the above sceanrio.......................49
4.2 Critically evaluate the results of your Test Plan and include a review of the overall success of
your multipage website..........................................................................................................................62
4.3 Critically evaluate the APIs used within your application. Provide a data security report of your
application..............................................................................................................................................64
References..................................................................................................................................................67
Figure 1 - Home page................................................................................................................................30
Figure 2 - about us.....................................................................................................................................31
Figure 3 - User Registration......................................................................................................................31
Figure 4 - Product Search..........................................................................................................................32
Figure 5 – cart............................................................................................................................................32
Figure 6 - order Confirmation....................................................................................................................33
Figure 7 - Order Confirm...........................................................................................................................33
Figure 8 -Android Wireframes...................................................................................................................35
Figure 9- Android Wireframes...................................................................................................................36
Figure 10- Android Wireframes.................................................................................................................36
Figure 11 - Web-site Wireframes..............................................................................................................37
Figure 12- Web-site Wireframes...............................................................................................................37
Figure 13 -Web-site Wireframes................................................................................................................38
Figure 14 -Web-site Wireframes................................................................................................................38
Figure 15 -Web-site Wireframes................................................................................................................39
Figure 16 -Web-site Wireframes................................................................................................................39
Figure 17 -Web-site Wireframes................................................................................................................40
Figure 18 -Web-site Wireframes................................................................................................................40
Figure 19 -Web-site Wireframes................................................................................................................41
Figure 20 - ER Diagram............................................................................................................................41
Figure 21 - Use Case Diagram...................................................................................................................42
Figure 22 - User controller........................................................................................................................43
Figure 23 -Cart controller..........................................................................................................................44
Figure 24 – Login......................................................................................................................................45
Figure 25 – Item.........................................................................................................................................45
Figure 26-feedback controller....................................................................................................................46
Figure 27 - get Order.................................................................................................................................47
Figure 28 – database..................................................................................................................................48
Figure 29 – database..................................................................................................................................49
Figure 30- database....................................................................................................................................50
Figure 31 – database..................................................................................................................................51
Figure 32 - Home page..............................................................................................................................55
Figure 33 - invalid username and password..............................................................................................56
Figure 34 - Login Success.........................................................................................................................57
Figure 35 - After the login (home page)....................................................................................................57
Figure 36 - about us...................................................................................................................................58
Figure 37 - User Registration....................................................................................................................59
Figure 38 - Product Search........................................................................................................................59
Figure 39 – Login......................................................................................................................................60
Figure 40 - Registered Form......................................................................................................................61
Figure 45 - Search Result..........................................................................................................................62
Figure 41 - Item Details.............................................................................................................................63
Figure 42 – Cart.........................................................................................................................................64
Figure 43 - Buy Now.................................................................................................................................64
Figure 44 -payment Completed.................................................................................................................65
Activity 1 - Examine what an API is, the need for APIs and types of APIs.
1.1 Examin What is an API (Application Program Interface) ,types and the benefits of APIs and
evaluate the potential security issues surrounding APIs with reference .
1. Internal APIs
Internal APIs are exclusively meant for building internal applications to use within the company or
organization or customize it for partners to facilitate service-oriented architectures. Using private or
Internal APIs, organizations can streamline business and integrate their internal applications across their
customers and partners.
2. Production API
Eventually, every app will need a production API. This is the server that sends real data from the
database, makes updates to it, and enforces all the permissions and business logic. It should not return
data to users who should not see it, and it does not allow users to update information they do not have
permission to change. Production APIs need to be fast and scalable, because they will handle all the apps
real-world traffic. Most apps already have a production API, so there is not any need to go into more
detail on them
3. Development API
A development API is one that stands in for the production API like a body double: All it has to do is
look the part. Development APIs are perfect for working on the client before the production API is
available, allowing front-end progress to continue, even though there's no real data or database backing
it yet. Development APIs usually do not persist data to a database and just keep everything in memory.
It's often useful to have some example data that loads when the server starts
4. Mock API
Mock APIs are the simplest of the APIs listed here. It has written a version in Go with only 200 lines and
an even shorter one in JavaScript. Neither has any external dependencies because neither does anything
other than listen for what to mock and return it when the request is made. They don't have any
application-specific logic
5. Fuzzing API
A fuzzing API does the unexpected. It returns random, inconsistent data and exposes how the client
copes. Fuzzing APIs do a much better job than humans at running into problematic edge cases and
testing our implicit assumptions. The simplest fuzzing API is one that returns data in the shape the client
expects, but with random data. It's a shallow API that doesn't have any logic other than random data
generation
1.1.4 Benefits of using API
By using API business can gain more benefits. API allow the capabilities of one computer program to be
used by another. It means by which two different programs are able to communicate. For an example, if
a system needs to show the maps for the users, then the developers can use a google Map API to get the
service for the system. They can manage the functions using these APIs. And also, they can save the cost
by using these APIs. Therefore, are lots of public APIS. Therefore, the systems can use these free API if
they want.
APIs enable companies to grow their businesses more quickly than ever before, with APIs, computers
rather than people can manage the work. Through APIs, agencies can update work flows to make them
quicker and more productive. with an API an application layer can be created which can be used to
distribute information and services to new audiences which can be personalized to create custom user
experiences. It is a benefit can gain by using an API. APIs can customize the content and services that
they use the most. Companies don't have to pay for several different software applications and the
hardware to make them all work. Through an API developer can connect different systems and work
them all. It reduces the cost. If the system has to develop all the features and, they can simply. These
APIs are easy to use and operate, therefore, these APIs can easily support for the systems. Then users
can gain facilities easily.
API-powered apps are also compatible with more devices and operating systems, providing more
seamless experiences. End users can easily perform their task by using these Apps. A website uses a
URL address to make a call to a server and pull up a webpage in a browser. APIs also facilitate calls to a
server, but they execute it more simply. They connect the web, allowing developers, applications, and
sites to tap into databases and services (or, assets). APIs do this by acting like a universal converter plug
offering a standard set of instructions. It responded faster and provide a good service for the end users.
Inadequate Validation
The most common web application security weakness is the failure to properly validate input
from the client or environment. This weakness leads to almost all of the major vulnerabilities in
applications, the input data need to validate properly. If untrusty data may harm the API and the system
data. An Inadequate Validation may be an access point for the third party. Then they can access the API
and manage the system and access the system data. From this point, they can steal the API keys,
passwords and usernames. It is a potential security issue surrounding APIs.
Risks of XML
XML format is intertwined with the SOAP protocol. This format has several areas of security risks
where hackers can focus on. It’s important to keep on top of this format to avoid a security breach. These
flaws can be used to extract data, execute a remote request from the server, scan internal systems,
perform a denial-of-service attack, and execute other attacks. The business impact depends on the
protection needs of all affected application and data.
API incompetence
The design API may not provide assumed functions. It may be a security issue for the system. The API
is not performed well and it may include some bugs. Then these bugs mat helps to hacker to access the
API and get the data from the system. Therefore, an API need to develop with standards. Then hackers
cannot easily access the API. Then system data can secure.
Injection Attacks
Injection attacks means a dangerous code is embedded into an unsecured software program to stage an
attack. Injects SQL commands that can read or modify data from a database. As a result of injection
attack an attacker obtaining unauthorized access to information or carry out other damages. If a bank
system API get an injection Attack, then their data may access by a third party. It will be a huge lost for
the bank and their client. (restcase.com, 2019)
DoS Attacks
In a Denial of Service (DoS) attack, the attacker in most cases pushes enormous messages requesting the
server or network to establish requests consisting of invalid return addresses. The attack is capable of
rendering a RESTful API into a non-functional situation if the appropriate security precautions are not
adopted. (restcase.com, 2019)
Broken Authentication
These particular problems can make an attacker to either bypass or take control of the authentication
methods made use of by a web program. Missing or inadequate authentication can result in attack
whereby JSON web tokens, API keys, passwords, etc. can be compromised. (restcase.com, 2019)
Parameter Tampering
It’s an attack that is based on the manipulation of parameters exchanged between client and server in
order to modify application data, such as user credentials and permissions, price and quantity of
products, etc. Usually, this information is stored in cookies, hidden form fields, or URL query strings,
and is used to increase application functionality and control. (restcase.com, 2019)
1.2 Examin the differences between API and SDK and Assess a range of APIs that covers a range
of users of the proposed solution.
What is SDK?
A software program improvement kit (SDK) is a set of software program development tools that
approves the creation of purposes for a positive software program package, software program
framework, hardware platform, pc system, video game console, operating system, or similar
development platform. To put it simply, an SDK is a tool box that regularly includes APIs, pieces of
code, or other rules for growing software. Companies make their SDKs on hand to developers in order
to help them effortlessly integrate with their services. (nordicapis.com,2020)
APIs and SDKs are similar, so it can be tough to apprehend exactly what the difference between the two
is, or when you ought to select to use one or the other. Another feasible source of confusion comes from
the fact that SDKs often include one or extra APIs and assist implement them. However, an API won’t
continually have an accompanying SDK. While an API is purpose built to operate a precise function of
permitting verbal exchange between applications, an SDK is an integrated platform that boasts a set of
tools to create these applications. (nordicapis.com,2020)
APIs facilitate and permit interaction between applications, but they by myself are now not adequate to
create a company new app. In other words, an API might be higher for your task if you are searching to
add a few particular features. If you are beginning a totally new project, an
SDK will furnish the tools you want to get up and running. (nordicapis.com,2020) Non-Technical
Explanation of API and SDK
If you are making an attempt to provide an explanation for the distinction between an API and an SDK
to a non-developer or anybody who is much less acquainted with the concepts, think about the use of the
one of a kind parts of a house as an analogy. In this situation, the SDK represents the entire house: all of
the rooms, furniture, telephone lines, and different components. An API represents simply the telephone
strains that permit verbal exchange in and out of the house. (nordicapis.com,2020)
Though this isn’t a best example, the house analogy helps carry the imperative differences between an
API and an SDK to any individual who might now not be as acquainted with technical concepts.
(nordicapis.com,2020)
1.2.2 Evaluate the range of APIs for a particular platform that covers a range of users.
Visual studio
Pros Cons
Code organization and looking for files, classes, The user interface can be a bit daunting to new
and
people
functions in Solution Explorer is fast and reliable.
Debugging feature in Visual Studio is There's no support for opening multiple
more solutions
important. in one 'program,' which is a bummer.
Code highlighting & syntax coloring Too heavy to install.
Powerful tool to create apps. Sometimes it slows down the system when
users going to build a project.
Postman
Postman is a collaboration platform for API development. Postman's features simplify each step of
building an API and streamline collaboration so you can create better APIs. Postman used to directly
develop and test the APIs. Postman too, easy for testing the API.
Advantages Disadvantages
API testing is a great feature. Free version provides limited sharing across
the team. If the free version can upgrade the
sharing
limit, then it would be more helpful.
It provides an import option so we can easily Syncing of changes sometimes does not work
well
import using Swagger or paste requested
content. and had to restart some time.
Sharing is so easy. More guides would be helpful because
sometimes it
takes a while to figure out something.
GUI is easy to use.
Lots of compatibility and support for various
protocols, headers, request bodies, etc.
According to these platforms these are some platforms that can use for API development. Postman is a
common platform used for API development. The main advantage is the Postman GUI s are easy to use
and simple to understand. Postman provide import function and it more useful in development.
However, it has some drawbacks. Postman Free version provides limited sharing across the team. If the
free version can upgrade the sharing limit, then it would be more helpful. Sometimes the postmen
software gets stuck and have to restart again.
Dream factory is another platform that can use for API development. The free Dream factory platform
contain more features. The Dream factory software have great security and user documentation. Its
straightforward integration to SQL backends. However, Dream factory has some drawbacks. Sometimes
Upgrading to a new version can be challenging. It will be a disadvantage for the users. Sometimes
debugging feature not perform well. Then it will be a problem for the users. Sometimes Dream factory
API database query options not as powerful as SQL language options. Free version doesn't include e-
mail, phone or chat support. Visual Studio is another Platform that used for API development. According
to this OZQ cart scenario, the author used Visual Studio IDE to develop the API. The Visual Studio IDE
provided live coding assistance regardless of the programming language they are utilizing. The
platforms built-in IntelliSense offers hints and descriptions of APIs and auto-completes lines for better
speed. Finding bugs in the code is difficult sometimes. Therefore, the Visual Studio platform support for
debugging and fix error for all included language. Visual Studio is a powerful tool to create apps and
Code organization and looking for files, classes, and functions in Solution Explorer is fast and reliable.
These feature helps to operate the IDE. Then developers can easily use the IDE. However, Visual Studio
IDE also have some drawbacks. The user interface can be a bit daunting to new people and there's no
support for opening multiple solutions in one 'program,' which is a bummer. It may be a problem in
sometimes. Sometimes it slows down the system when users going to build a project and too heavy to
install. However, the author used Visual Studio IDE as the API development platform. It is a quality IDE
and easy for use to Author. Therefore, the Author select it for this scenario. The author can gain above
mention advantages.
Activity 2 - Apply the knowledge of API research to design an application that incorporates
relevant APIs for a given scenario or a substantial student chosen application
2.1 Apply the knowledge of API research and Analyse the alternative solutions similar to the
proposed system that could be enhanced by a suitable API. Design an application that will utilize a
range of APIs for the proposed solution and justify the design choices used.
OZQ-cart is an online shopping system that facilitates business-to-consumer sales through its website.
OZQ-cart system helps to buy any type of item online by choosing the listed products from the website.
According to that there are lot of alternative APIs in the market for an Online shopping system.
Shopify API
Shopify API may be a tool that permits code suppliers to receive access to the information from
Shopify-based on-line stores and use it for his or her functions. The API supports every XML and JSON,
and works with such styles of protocol requests as GET, POST, PUT, and DELETE. a desirable issue
value thought is ways in which supported by Shopify API. It works with various ways in which akin to
class, Customer, Order, Product, etc. (you can notice all of them within the API Reference section at the
left bottom of the documentation). every of the ways in which has functions it may be used for and
certain properties. Shopify updates its API all of the time. SaaS app suppliers who ought to figure with
Shopify store data have to be compelled to hear it. they need to look at unendingly what the Shopify API
version has connectedness. Otherwise, the API connection won't be constant and reliable. (api2cart.
com,2020)
PayPal offers on-line payment solutions and has over 153 million customers worldwide. The PayPal
API makes powerful utility accessible to developers by exposing varied choices of the PayPal platform.
practicality includes but isn't limited to invoice management, human action method and account
management.
PriceTree.
PriceTree is an example for Price Comparison APIs. It can be used in an app, blog, or website. It helps
vendors display various prices from online stores. It also lets independent sellers monitor the market and
adjust their own price to appear more competitive. (Cummings, 2019)
These are some alternative APIs that can used for the OZQ-cart and improve the features. OAuth
2.0 API is an API that can used to improve the security of the website. This OZQ-cart is an online
shopping cart and, all the transactions perform through the internet Therefore, they need to consider
about the security of the website. Therefore, this OAuth 2.0 API suitable for this scenario. OAuth 2.0
API is mainly different from other APIs. It mainly focusses about the security. OAuth 2.0 supports a
variety of token types. WS-Security tokens, JWT tokens, legacy tokens, custom tokens, and more can be
configured and implemented across an OAuth 2.0 implementation. Shopping.com API and Google
Shopping Content API are quite similar and these APIs also can used for OZQ-Cart. These APIs are
belonging to ecommerce category and these APIs mainly focus about product category and the product
list. Through these APIs, merchants can access the Cart and sell their products. eBay and most of the
famous shopping carts used these APIs to facilitate their websites. If OZQ-Cart used these APIs, they
also can have more advantages. PriceTree is another API that can used for OZQ-cart. Connecting the
product catalogue to a price comparison API, they can receive periodic notifications regarding price
fluctuations in the industry. This allows make necessary adjustments to the price of their own products.
It will help to improve the profit and sales of the site. These APIs can used for OZQ- Cart.
2.1.2 Design an application that will utilize an API for a given purpose.
Figure 1 - Home page
Figure 2 - about us
Figure 5 – cart
Figure 6 - order Confirmation
According to this scenario ASP.NET Web API framework use for develop the web API. “ASP.NET Web
API is a framework that makes it easy to build HTTP services that reach a broad range of clients,
including browsers and mobile devices. ASP.NET Web API is an ideal platform for building RESTful
applications on the ASP.NET Framework (Tutorialspoint.com, 2019)”. The most common use case of
using Web API is for building RESTful services. OZQ-Cart system needs to develop a Web API and, the
author hopes to build a REST API. Therefore, the ASP.NET framework is more suitable to build a
RESTful services API.
REST APIs uses multiple standards like HTTP, JSON, URL, and XML while SOAP APIs is largely
based on HTTP and XML. As REST API deploys multiple standards, so it takes fewer resources and
bandwidth as compared to SOAP that uses XML for the creation of Payload and results in the large sized
file (Malik, 2019). According to these differences the author selected REST API to build for the OZQ-
online shopping Cart. ASP.NET Framework support for building RESTful services.
Python as a scripting language is fast and productive. It can use to create web-based applications quickly
and the code is highly readable as the fundamental idea behind Python is to incorporate an easily
readable code. Python syntax is easy to understand, well-defined and extensible. APIs built over python
are highly scalable and have an unmatched speed and one of the best frameworks that can be used to
develop a python API is Flask. APIs built over python are highly scalable and have an unmatched speed
and one of the best frameworks that can be used to develop a python API is Flask. This framework and
language also can used to develop the Web API. The Flask has limited support and documentation.
Therefore, the author selects the ASP .NET framework to build the Web API.
ASP .NET works on top of the HTTP protocol, and uses the HTTP commands and policies to set a
browser-to-server two-sided communication and cooperation. ASP.NET significantly reduces the
amount of code required for building large and complex applications which can increase overall
development speed and reduce development costs. It is a main reason to select ASP.NET to develop the
Web API. PHP language also can used to develop the Web API. However, author select the ASP.NET for
develop the Web API. PHP is inexpensive, secure, fast, and reliable.
ASP.NET may be easier to use and maintain because of its class library system. ASP.NET is free and it
is a well-designed Language. ASP .NET Core is multiplatform, that means it can develop on OS X,
Linux and Windows and also, can deploy it to OS X, Linux, FreeBSD or Windows servers. Many people
think it is limited to Windows or Microsoft, but it is not. ASP.NET provides continuous monitoring and
it has a complementary design and rich toolbox in the form of Visual Studio. ASP.NET is easy to learn
and easy to work with it. ASP.NET also have some drawbacks. It has limited support for testing and
SEO and sometimes it has performance issues. However, ASP.NET offers built-in security features
through windows authentication or other authentication methods. According to these advantages and
disadvantages, author select ASP.NET framework for develop the Web API for OZQ-Cart.
Android Wireframes
Figure 8 -Android Wireframes
Figure 9- Android Wireframes
Figure 10- Android Wireframes
Website wireframe
Figure 11 - Web-site Wireframes
Figure 20 - ER Diagram
Introduction
Testing objectives
Test Scope
Test Approach
Testing procedure
Introduction
OZQ-cart is an online shopping system that facilitates business-to-consumer sales through its website.
OZQ-cart system helps to buy any type of item online by choosing the listed products from the website.
The OZQ-cart have more data to store like item detail, user details order details, payment details… etc.
The author used MYSQL statements to create the database. And Adobe Dreamweaver software and
HTML, CSS, PHP and JavaScript languages to create interfaces and to develop the site. Author used
Visual studio IDE to develop the API using .Net. The author has used a test plan to test the system.
Test objectives.
Main object is to prove all the functions perform perfectly. To verify user and system requirements
contribution to the database. To find errors and make best solutions for it.
Test scope
This is an online shopping cart and it has various functions, such as register user, order a item, add an
item to the cart … etc. Author created various test cases for system testing. Author check actual result
and await result for the test cases and compare the result and finalize a conclusion.
Test Approach
System Testing is the testing of a complete and fully integrated software product. Usually, software is
only one element of a larger computer-based system. Ultimately, software is interfaced with other
software/hardware systems. System Testing is actually a series of different tests whose sole purpose is to
exercise the full computer-based system. (Guru99.com, 2019)
Two Category of Software Testing
Black Box Testing
White Box Testing
Black-box testing is a method of software testing that examines the functionality of an application based
on the specifications. It is also known as Specifications based testing. It is used to check the
performance of the program without knowing the internal structure of the application. It means the tester
not accessing the source code and test the system. According to the OZQ-Cart system, also use Black-
box testing to test the website functionalities. The tester not require the technical or programming
knowledge to do the test. OZQ-Cart system also tested by using black box testing.
White box testing is a testing technique, that examines the program structure and derives test data from
the program logic/code. The other names of glass box testing are clear box testing, open box testing,
logic driven testing or path driven testing or structural testing. In White box testing, tester tests
functional flow, variable values and calculations of the source code to identify that output is expected or
not.
Testing Procedure
These are the testcase author used to test the website. Author has selected some persons and gave to test
all functions one by one. Then the author can recognize all errors in the system. And also, the user can
identify the efficiency, performance, speed, accuracy and all other things in the system by this testing
procedure.
Test Case
Test case Input data Expected result Actual result Test outcome
(Pass/Fail)
Enter the valid user Usernam Display the registered Display the Pass
e: user registered users
name and password users home page
home page the
in the login menu Password:123
users
Click “Login” Click the Display Login Page Display Login Page Pass
button button
Click “Shopping Display Shopping Display Shopping
Click the Pass
cart” button Cart Page Cart Page
button
Click “about us” Display About us Display About us
Click the Pass
button Page Page
button
Figure 36 - about us
Figure 37 - User Registration
Figure 38 - Product Search
Figure 39 – Login
Figure 43 – Cart
4.2 Critically evaluate the results of your Test Plan and include a review of the overall success
of your multipage website
OZQ-Cart system tested by using Black box testing and white Box testing. According to the test plan, it
includes 11 test cases. The first test case “Type the Home page URL and load the Home page”. In their
tester try to figure out, when type the URL the home page is loaded or not. According to the test results,
the test case “Pass”. It shows the home page when user type the URL. This test case more important. It
is the first page interact with the user when using the OZQ-Cart. Therefore, this test case needs to pass
and perform well. the next test case is to validate the login page. Firstly, tester enter invalid user name
and password to verify the validation perform well. if the system validates the username and password,
then the system needs to show an error message when user name and password invalid. According to the
test results, the test case “Pass”. It means, the system shows error message when user input an invalid
username or password. It improves the system security and this validation needs to perform well.
according to test result OZQ-Cart login validation is perform well. It improves the security of the
system. The next test case is also, for login interface. The test case is “Enter the valid user name and
password in the login menu”. If the username and password correct, then the registered users home page
needs to display. According to the test results, the test case “Pass”. It means, the system navigates to the
registered users home page when the username and password both are correct. The OZQ-Cart login
validation performs well and it needs to be performed well. if the login validation is not performed well,
then the system security is not improving and users may not satisfy about the system. They will turnover
for another online shopping Cart due to security issues.
The next test case is to test all the buttons in the home page. the home page contains 3 buttons. They are
“Register, Login and shopping cart icon”. The tester test when the button clicks perform well or not. All
the 3 buttons perform well. when the tester clicks them, it shows relevant pages for the tester. If the user
needs to register or login then they can use these buttons. According to the test results, the test case
“Pass”. It means the home page buttons are working properly. The next test case is “Register a user”.
From this test case tester try to figure out the register page is working properly and show the messages
for the user after stored data for the database. According to the test results, the test case “Pass”. It means,
it stores data for the database and show the message for the users. The register function is working
properly in the OZQ-Cart.
The next test case is “View item details”. The tester tries to figure out, the searching option is working
properly. Tester type as “Hari pins” in search bar and search. It shows the items available regarding hair
pins. According to the test results, the test case “Pass”. It means searching option is working properly in
the OZQ-Cart. The searching option is more important in this website. Because, users mostly used this
searching option to find the things that they want. Therefore, it needs to perform well. test result shows
that, OZQ-Cart searching option is working well.
The next test case is “View one item details”. The tester tries to figure out, when selecting a one
searching suggestion, it shows the full details or not. According to the test results, the test case “Pass”. It
means it shows the full details about selected item. The next test case is “View cart details”. Every page
contains a shopping cart icon. Users can add searched and preferred items for that cart. According to the
test results, the test case “Pass”. After clicking the shopping cart icon, it shows the added items for the
shopping cart. It is easy for the users to save the prefeed items and buy it in the next time. It is an
important feature for users and, According, to the test results it performs well.
The next test case is “Buy an item”. It is also an important function. The tester tries to figure out buying
function working properly. After click the “Buy It Now” button item details page, then the website needs
to navigate for payment details page. According to the test results, the test case “Pass”. It shows the
payment details page and use needs to add shipping details and select the payment to buy the product.
After filling the details, user need to click the “confirm and pay” button. OZQ-Cart “buying function”
performs well according, to the test results. The next two test cases about user personal details viewing
and updating. When user click the user icon, the user details needs to show in the page. According to the
test results, the test case “Pass”. It shows the relevant details of the page. if the user needs to update the
user details, there is link to update the personal details. After click that link, they can edit the details and
save it. If the details updated correctly, then the successful message needs to show. According to the test
results, the test case “Pass”. It means, the user personal details viewing and updating functions working
properly. The next test case is submitting a feedback. According to the test results, the test case
“Pass”. It means, users can submit feedback for the OZQ-Cart system. According to the Whitebox
testing test results, all the test cases pass and it means system functions are perform well and the internal
structure is performed well. According to these test cases, overall the OZQ- Cart system, working
properly. It is easy to use and in perform well. all the test cases are passed and it shows the performance
of the website. Overall the OZQ-Car website is success.
4.3 Critically evaluate the APIs used within your application. Provide a data security report of
your application.
OZQ-Cart system used a one customized Web API and it built using ASP.NET framework. It is
customized for the OZQ -Cart and it contains different controllers. Web API works on HTTP. It can be
called or consumed by any kind of application like Mobile App, Desktop App, and Web Application etc.
The RESTful Web APIs are accessible by a variety of HTTP clients like Windows 7, Windows 8,
Android, iPhone, iPad, WPF Client, Windows Phone 8 etc. OZQ-Cart system used a RESTful service
API. These APIs uses low bandwidth. (XML or JSON data) and can pass html content if required.
OZQ- shopping cart RESTful Web API support to handle data of the system. It used different controllers
and functions to manage the data. It used item controller, user controller and etc. these controllers
contain different methods to manage the tasks of the OZQ- shopping cart. Above mention advantages
can gain by using the Web API for OZQ- shopping cart. OZQ- shopping cart uses RESTful API. It gives
an opportunity to retrieve products, customers and orders remotely via XML web service. users can also
request for the data search and retrieve a specific item from the catalog. Shipments and brands can also
be retrieved and modified according to their needs.
These APIs helps to organize even a very complex application into simple resources. RESTful APIs
were designed to take advantage of existing protocols. It means that developers have no need to install
additional software or libraries when creating a REST API. One of the key advantages of REST APIs is
that they provide a great deal of flexibility. REST API contain a lightweight architecture and is good for
devices, which have limited bandwidth like smart cell phones. Then users can use the OZQ- shopping
cart without stuck or freezing.
OZQ- shopping cart is an online one and there are lots of users using the website. Therefore, OZQ-
shopping cart need to cache a lot of requests then REST is the perfect solution. Therefore, author select
the RESTful API for the OZQ- shopping cart. Sometimes, clients could request for the same resource
multiple times. This can increase the number of requests which are sent to the server. By implementing a
cache, the most frequent queries results can be stored in a middle location. whenever the client requests
for a resource, it will first check the cache. If the resources exist then, it will not proceed to the server.
Caching can help in minimizing the number of trips which are made to the web server. Therefore, it
helps to maintain the server and it helps to protect the server. If all the request forward to the server, then
the OZQ- shopping cart website get crash or stuck in the middle. Then users get difficult to shopping
and they will be dissatisfied about the service. Therefore, OZQ- shopping cart used the RESTful Web
API to handle these requests. These are some reasons to select a RESTful API for the OZQ- shopping
cart. It provides more benefits for the OZQ- shopping cart and for users.
Data Security Report for OZQ-Cart
1. Introduction
2. Purpose of this document
3. Security Mechanisms
1. Introduction
OZQ-cart is an online shopping system that facilitates business-to-consumer sales through its website.
OZQ-cart system helps to buy any type of item online by choosing the listed products from the website.
The OZQ-cart have more data to store like item detail ,user details, order details, payment details… etc.
The author used MYSQL statements to create the database. And Adobe Dreamweaver software and
HTML, CSS, PHP and JavaScript languages to create interfaces and to develop the site. Author used
Visual studio IDE to develop the API using .Net.
Security is an important feature for any system. A quality system or a website needs to implement
security feature for the system. OZQ-cart is an online shopping system and it also needs to consider
about data security. It is a product selling website and, all the money transactions are performed through
the internet. All the user’s sensitive data like credit card numbers exchange through this system. This
document is design to identify security mechanism used by the OZQ-cart and the security stability. This
document shows the details of the mechanism used by OZQ-cart.
3. Security Mechanisms
OZQ- shopping cart use some security mechanism to improve the security of the website. Login and
logout are a security mechanism that used to improve the security of the website. It is easy to use for the
users the easy to develop for the developers. In their Username and password mechanism to check
validity of user or anonymous user is the basic one. Input validations are also applied for OZQ-
shopping cart system to improve the security. When user register the email, verification is applied for the
system. They system can store valid details. After, user passed the first step of authentication it may have
to manage and provide access management, which is mostly done by token mechanism. The main areas
of vulnerability arise from defects in how tokens are generated, allowing an attacker to guess the tokens
issued to other users, and defects in how tokens are handled, enabling an attacker to capture other users’
tokens. OZQ- shopping cart used a token validity time check and difficult encrypted tokens which are
not easily guessed by an attacker. These are some security mechanisms used by OZQ- shopping cart to
improve the security.
An SSL (Secured Socket Layer) certificate is the security standard. It basically encrypts data online
buyers input in the site or shopping cart to protect it from online threats. The encrypted data then goes to
the server or payment processing gateway. An SSL certificate also gives customers the confidence to buy
products on the site. OZQ- shopping cart also use SSL (Secured Socket Layer) certificate for the
website. It helps to improve the security of the website.
OZQ- shopping cart mainly used online transitions. Therefore, it needs to improve the security. OZQ-
shopping cart used an address and credit card verification system for the website. Then they can improve
the security of the website and gives customers the confidence to buy products on the site. The website
and backend software updated is important and OZQ- shopping cart updated automatically once a
month. These are some security mechanisms used by the OZQ- shopping cart. These security
mechanisms improve the security of the system and customers can confidently buy products from the
OZQ- shopping cart.
References
Differencebetween.net. (2019). Difference Between API and SDK | Difference Between. [online]
Available at: http://www.differencebetween.net/technology/software-technology/difference-
between-api-and-sdk/ [Date].
restcase.com. (2019). TOP 7 REST API Security Threats. [online] Available at:
https://blog.restcase.com/top-7-rest-api-security-threats/ [Date].
datawarehouse4u.info. (2019). DreamFactory API: Overview and Review. [online] Available at:
https://www.datawarehouse4u.info/reviews/api-management-software/dreamfactory-overview- and-
review [Date]