Web application security - the fast guide 1.1 | Page 61
Chapter 3 - Vulnerabilities and threat models
P a g e | 61
b) Architecture
DMZ
Data
Browser HTTP(s)
Biz logic
Web
Application
identity
TCP/IP
Windows
authentication+
Database pass
DB
Products
info
+User
accounts
Form
Authentication+
Role check
c) Roles
Application roles are:
Internet users
Catalog administrators
d) Key Scenarios
Important application scenarios are:
Anonymous user browses the product catalog to view product details.
Anonymous user searches to locate a specific product.
Anonymous user adds an item to the shopping cart.
Anonymous user logs in to authenticate prior to placing an order.
Anonymous user creates a new account prior to placing an order.
Authenticated user places an order.
e) Technologies
The application uses the following technologies:
f)
Web Server: Microsoft Internet Information Server (IIS)
Presentation logic: ASP.NET (C#)
Business logic: C# Class Libraries
Data access logic: ADO.NET, T-SQL Stored Procedures
Database Server: Microsoft SQL Server 2000
Application Security Mechanisms
The most important application security mechanisms known at this time are: