SECURDE-Talaria

In order to reach a larger market, Talaria Footwear Company has decided to set up their own online store. With your knowledge in developing secure web applications, the company anticipates that you will be able to assist them in constructing their e-commerce portal. The following are the requirements supplied by the company:

High Level Requirements

1. Customers should have the ability to search for and purchase products. These products are divided into categories namely:

• Boots
• Shoes
• Sandals
• Slippers

The portal should display the description and the price of the product. Anonymous user may search for products. However, they must be logged in when purchasing. 2. In order to purchase a product, customers must create an account via the registration page. At least the following information must be provided by the customer:

• Name (First, Middle Initial, Last)
• Username
• Password
• E-Mail Address
• Billing Address (House #, Street, Subdivision, City, Postal Code, Country)
• Shipping Address (House #, Street, Subdivision, City, Postal Code, Country)

3. Only credit card purchases are accepted. Transactions will only be simulated. 4. Customers can leave reviews only for products that they have already purchased. 5. Aside from the customer accounts, there are three additional accounts that will be part of the system:

• Product Manager – can only edit product information, add new products, and delete products.
• Accounting Manager – can only view financial records (can filter by total sales, sales per product type, and sales per product).
• Administrator – can create new Product Manager and Accounting Manager accounts and assign temporary passwords, which if not changed within 24 hours, will render the account expired.

Security Requirements

1. All essential activities must be logged for audit purposes.
2. Authentication, Access Control, Session Management, and Error Handling controls must be correctly implemented.