PricingBlogAbout Us

M111CEM: Secure Web Application Design & Development for XYZ Bank

Verified

Added on  2023/06/08

|28
|5417
|357
Project
AI Summary
This project focuses on the secure design and development of an internet banking web application for XYZ Bank. The design phase includes prototypes for the home page, balance checking, and login page, with a focus on authentication and authorization using PHP and database interactions. Security measures such as preventing unauthorized page access, using object-oriented PHP, and employing secure development standards like up-to-date technology and parameterized queries to prevent SQL injection attacks are discussed. The development phase presents the PHP code for key pages like index.php, login.php, and registrationpage.php, emphasizing dynamic content based on user sessions. Potential security issues, including broken session management, are identified and illustrated with code examples. Data flow analysis is conducted using context diagrams and DFDs to visualize system processes. Formal methods, such as Finite State Machines and Petri Net Models, are considered for modeling system behavior. Desklib offers a wealth of resources, including similar projects and solved assignments, to aid students in their studies.
Document Page
Running head: WEBSITE DESIGN AND DEVELOPMENT
Website Design and Development
Name of the Student
Name of the University
Author’s note
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
1WEBSITE DESIGN AND DEVELOPMENT
Table of Contents
1. Design:.........................................................................................................................................2
1.a Prototype:...............................................................................................................................2
1.b Using Principe to Secure Website Design for XYZ Bank:....................................................4
2. Development:...............................................................................................................................6
2.a Developed Website:...............................................................................................................6
2.b Secure Development Standards and Methodologies:..........................................................15
3. Security:.....................................................................................................................................16
3.a Data Flow Analysis:.............................................................................................................16
3.b Potential Security Issues:.....................................................................................................18
4. Formal Methods:........................................................................................................................23
4.a Finite State Machine:...........................................................................................................23
4.b Petri Net Model:..................................................................................................................24
Bibliography:.................................................................................................................................25
Document Page
2WEBSITE DESIGN AND DEVELOPMENT
1. Design:
1.a Prototype:
Figure 1: Home Page of XYZ Bank
(Source: Created by author)

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
3WEBSITE DESIGN AND DEVELOPMENT
Figure 2: Balance Checking
(Source: Created by Author)
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
4WEBSITE DESIGN AND DEVELOPMENT
Figure 3: Login Page of XYZ Bank
(Source: Created by Author)
1.b Using Principe to Secure Website Design for XYZ Bank:
Authentication: The authentication is the process of verifying the user access to the
system. The user registers into the system by providing the required values like name, email,
contact number, password and few more. User have to confirm the provided password in order to
be registered. If the password does not match then an error message will appear on the
registration form. The user will use the email id and password for logging into the system. The
PHP code has been used for connecting the GUI of the website with the database. The PHP code
Document Page
5WEBSITE DESIGN AND DEVELOPMENT
checks the use inputted value against the entireties in the database. If the email and password
match with existing record, the system will login the user. It is to be noted that the email id and
password have to be in the same row.
Authorization: Authorization is similar to authentication in basic functionality but has
huge difference while executing. The authorization is the protocol for checking the user access to
the requested data and functions. The system will apply the authorization at the time of login.
Based on the email, the system will determine the user access. Authorization and authentication
are the part of user management concept of information and communication technology. If the
user will try to access the unauthorized data or page, the system will show an error message. The
authorization will be implemented in two levels. With the advancement of the system, the
authorization level will be increased. Authorization and authentication are the basic factors in
implementing security in the web-based system.
Preventing Access to Page: The system will check if the user has logged into the system
or not. The PHP uses the session to check the login. When the user logs in successfully, the
system starts a session and it will be active until the user logs out of the system. Taken as an
example, the user has not logged in to the system and tries to access the balance.php page, the
system will show the “Please login first” message on the screen. There is no way, the user can
see the account details until logged in. On the other hand, the user cannot access the login or
registration page after login is successful. The system will check if the session is active or not. If
the session is active, the PHP code written in the page will prevent the user to access login or
registration page.
Using Object Oriented PHP Code: The PHP code used within the pages are object
oriented and as per W3 school standard. The codes are secure more than procedural coding. The

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
6WEBSITE DESIGN AND DEVELOPMENT
system will check and verify the entered input data. After successful verification, the system will
store the data into system.
2. Development:
2.a Developed Website:
Figure 2: Home Page of XYZ Bank
(Source: Created by Author)
Index.php Code:
<?php
require('connection.php');
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7WEBSITE DESIGN AND DEVELOPMENT
<link rel="stylesheet" type="text/css" href="CSS/style.css">
<title>Untitled Document</title>
</head>
<body>
<div class="top">
<a id="time"></a>
<?php
if(isset($_SESSION['user'])){
?>
<a href="logoutpage.php">Logout(<?php echo $_SESSION['user']; ?>)</a>
<?php
} else { ?>
<a href="loginpage.php">Login</a>
<a href="registrationpage.php">Register</a>
<?php
}
?>
</div>
<div class="header">
<name><a href="index.php">XYZ Bank</a></name>
<div class="menu">
<a href="balance.php">Check Balance</a>
<a href="transfer.php">Transfer Money</a>
<a href="payCredit.php">Pay Credit</a>
</div>
</div>
<div class="content">
<h2>How may we</h2>
<h1>Help you today?</h1>
Document Page
8WEBSITE DESIGN AND DEVELOPMENT
<a href="">Open an Account</a>
<a href="">Apply for Loan</a></br>
<a href="">Make investment</a>
<a href="">Get a credit Card</a></br>
<a href="">Customizable Savings Account</a>
<a href="">Knowledge Reports</a></br>
<a href="">Investor Relations</a>
</div>
<div class="footer">
<div class="option">
<a href="">How to</a>
<a href="">Official App</a>
<a href="">About Us</a>
<a href="">Contact Us</a>
</div></br>
<a>&copy;XYZ Bank</a>
</div>
<script type="text/javascript">
var d = new Date().toLocaleString();;
document.getElementById("time").innerHTML = d;
</script>
</body>
</html>

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
9WEBSITE DESIGN AND DEVELOPMENT
Figure 5: Login Page of XYZ Bank
(Source: Created by Author)
Login.php Code:
<?php
require('connection.php');
session_start();
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="CSS/style.css">
<title>Untitled Document</title>
</head>
<body>
<div class="top">
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
10WEBSITE DESIGN AND DEVELOPMENT
<a id="time"></a>
<?php
if(isset($_SESSION['user'])){
?>
<a href="logoutpage.php">Logout(<?php echo $_SESSION['user']; ?>)</a>
<?php
} else { ?>
<a href="loginpage.php">Login</a>
<a href="registrationpage.php">Register</a>
<?php
}
?>
</div>
<div class="header">
<name><a href="index.php">XYZ Bank</a></name>
<div class="menu">
<a href="balance.php">Check Balance</a>
<a href="transfer.php">Transfer Money</a>
<a href="payCredit.php">Pay Credit</a>
</div>
</div>
<div style="text-align: center;">
<?php if(isset($_SESSION['user'])){
echo "<h1>You are already logged in</h1>";
header('Refresh: 2; index.php');
}
else {
?>
</div>
<div class="login">
Document Page
11WEBSITE DESIGN AND DEVELOPMENT
<?php
if(isset($_POST['login'])){
$email = $_POST['email'];
$password = $_POST['pass'];
$sql = "Select * From customer Where email = '$email' AND password = '$password'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
$_SESSION['user']= $email;
header('Refresh: 1; index.php');
}
else {
echo "<h3 style='color:red;'>!!You have entered a wrong username or password!!
</h3><h3>Please login again!</h3>";
$conn->close();
header('Refresh: 2; loginpage.php');
}
}
?>
<h1>Login Form</h1>
<form action="" method="post" name="loginForm" onSubmit="return
formValidation();">
<input type="text" id="email" name="email" placeholder="Enter your email"><br>
<input type="password" id="pass" name="pass" placeholder="********"><br>
<button type="submit" id="login" name="login" value="login">Login</button>
<button type="reset" name="reset" value="reset">Reset</button>
</form>
</div>
<?php } ?>
<div class="footer">
<div class="option">

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 28
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.