Embed Size (px)
DESCRIPTION
Citation preview
UNT BANKSecure Online Bank Website
Robert Walker & Sai Kavuru
OVERVIEW
• Introduction• Research• Technical Details• Requirements• Web Pages• Testing Scenarios• Experimental Observation• Conclusion• References
Introduction
• Electronic Bankingo provides financial services for clients over the Internet
• UNT Banking websiteo perform various functions on their accounts over the web
• HTML/CSS/PHP/MySQL• HASH+SALT: Password Protection• PHP Sessions• SQL Injection• HTTPS
Research
Web Page Hierarchy• Banking web sites studied:
o Bank of Americao Corporate America
• Information Architecture diagram
Research on Database• Entity-Relationship diagram• Relational Schema diagram
Information Architecture
Entity-Relationship Diagram
Relationship Schema
End user requirementsIn order to execute this application on the end user system, the end user and local host computer must meet the following requirements: • Bank Membership• Web Browser• Internet Service Provider• Modem or Network Interface Card
System requirementsThe application will be installed on a remote web server and must meet the following requirements:
• UNIX based web server • PHP support available• Common Gateway Interface (CGI) support
available • MySQL support available
Web pages
Home students.cse.unt.edu/~ssk0083/untbank/index.cgi
Register students.cse.unt.edu/~ssk0083/untbank/register.cgi
About us students.cse.unt.edu/~ssk0083/untbank/about_us.cgi
Contact us students.cse.unt.edu/~ssk0083/untbank/contact_us.cgi
Accounts students.cse.unt.edu/~ssk0083/untbank/accounts.cgi
UNT Visa students.cse.unt.edu/~ssk0083/untbank/unt_visa.cgi
Loans students.cse.unt.edu/~ssk0083/untbank/loans.cgi
Profile students.cse.unt.edu/~ssk0083/untbank/profile.cgi
Web pages(cont..)
Testing Scenarios• https://students.cse.unt.edu/~ssk0083/untbank/• Sign in
o Member number o Password
• Registeringo Already bank member o Provide correct information
• Menuo Navigate among the web pages
Testing scenario(cont..)
Input Restrictions• Alphabetic characters
• converted to lower case
• Bounds and value checking• MySQL_real_escape_string()
• SQL injection attempts safely escaped
• Preg_replace(): • Find and replace • Used on the numeric values
Experimental observation
Log In page• Member number • Password
Registration• Member number • Phone number • ZIP code• State • Email address
Log in and Registration• About us• Contact us
Experimental observation
Accounts• Checking and Savings
• View statements
• UNT Visa and Loans • View statements• Pay bills
• View statements• Date
• Pay bill• Amount• Account type
• Sign out• Enter member number and password again
Experimental observation
UNT Visa and Loans• Balance• Payment due• Due date• Interest rate
• View statements • Date
• Pay bill• Amount• Account
Experimental observation
Profile• Updatable• All the fields must be entered correctly• Email addresses verification• Fields cannot be left empty• Error messages• Profile updated message
Conclusion• Secure online banking website• Secure login• HTTPS connection• SHA1 hashing and SALT
References
• “Bank of America.” bankofamerica.com. https://www.bankofamerica.com/ (March 11, 2012).
• “Corporate America Family Credit Union.” cafcu.org. http://cafcu.org/ (March 4, 2012).
• “Wells Fargo.” wellsfargo.com. https://www.wellsfargo.com/ (March 8, 2012).
• “Identity Guide.” unt.edu. https://identityguide.unt.edu/download/graphics (March 7, 2012).
• Silberschatz, Abraham, Korth, Henry F., and Sudarshan, S. Database System Concepts McGraw-Hill, 2005
• “MySQL commands.” pantz.com, http://www.pantz.org/software/mysql/mysqlcommands.html (April 7, 2012).
• “PHP scripting language” php.net, https://www.php.net (April 14, 2012).• “HTML and PHP tutorials” w3schools.com, https://www.w3schools.com
(April 14, 2012).
