This project aims to provide a software requirements and system design document with security up front. The document includes use case diagrams, abuse diagrams and misuse diagrams, idenitifiyng the system's assets, threats against them, possible exploitation vulnerabilities and countermeasure/mitigation suggestions.
Finally, a number of static analysis, dynamic testing and sample penetration tests were performed and documented against a working system, running on a physical instance. The static analysis included manual code inspection and tools analysis. Dynamic testing included ad-hoc system testing and the penetration tests consisted of sql injection attempts, port scanning and packet sniffing.
