Final Project_ SD6503 Testing and Secure Coding_T2_2019
Page 1 of 4
BACHELOR OF INFORMATION TECHNOLOGY
SD6503 Testing and Secure Coding
Final Project
Trimester 2, 2019
Secure Web Project Development and Testing — Group Project
Due date and time
Due: Tuesday, 8th Nov
Purpose of this Final Project
The intention of the project is to integrate your knowledge and skills of testing and security to
develop an ASP.NET Core web project. Your group development can be based on any scenario of
business application including at least three related tables of database (except the one used in our
course examples). The main objectives included in this assessment are:
1) Black-box testing: You must report your tested web pages for all the required functions.
2) White-box testing: You must report your tested web pages e.g. validations, boundary data, etc.
3) Grey-box testing: You must report your tested web pages and Unit Test.
4) Coded UI testing: You must explain and demonstrate (e.g. print screen) how you use coded UI
Testing.
5) Static code analysis: You must use code security software to identify the vulnerabilities of
your web project code. You also need to explain the issues and risks as well as to make a plan
of how you are going to prevent the risk.
6) Web performance and load test: You must provide evidence of print screen and explain how
you did your tests. You must use your own words to explain the contents of generated report
from test.
Submission details
Each Group submits a soft copy of their project in MS Visual Studio 2017 ASP.NET Core 2.0 , as
well as project documentation through digital Dropbox in Moodle on or before the due date.
Extensions
Extension of time will only be granted for students who have an acceptable documented reason for
not completing the assessment by the specified due date.
Grading
This Final Project is worth 40% of the total module. The assignment will be marked out of 100.
Final Project_ SD6503 Testing and Secure Coding_T2_2019
Page 2 of 4
BACHELOR OF INFORMATION TECHNOLOGY
SD6503 Testing and Secure Coding
Terms
See details of terms in the Bachelor of Information Technology handbook 2019.
Project Tasks:
You are required to develop an ASP.NET Core 2.0 Web project that will meet the following
requests:
For MS SQL database, it requires to have at least three tables. The fields in each table
should have different data types, e.g. numbers, text, etc.
For security reason, your Web project should include a login page. (user name and
password must be provided in your document for assessment).
The home page should be user friendly (e.g. having logos, colours, images, and etc.)
and navigate to each functional page as well as to test pages.
Validation controls are needed for user’s data entry, e.g. numeric field needs to be
protected from text data.
Web pages for each business application table require basic data processing functions
such as entering, editing, and deleting.
These web pages also should have advanced functions such as sorting and searching.
In your black box testing, you must have enough records entered into each table in
order to show the relationships of these tables.
In your white box testing, validations, you must have enough test cases to exam the
validation, boundary data, etc.
In your unit & automated testing, you must have enough test cases for classes and test
web pages for each table. You also use different test data on your test pages and in
your database tables.
In your static code analysis, you must use code security software 1) to identify the
vulnerabilities of your web project code; 2) to interpret the analysis results using your
words; and 3) to make your security plan of possible optimised solution.
Other features may be introduced by the Product Owner feedback at sprint review
Final Project_ SD6503 Testing and Secure Coding_T2_2019
Page 3 of 4
BACHELOR OF INFORMATION TECHNOLOGY
SD6503 Testing and Secure Coding
Project Documentation Requirements
The deliverables for the assignment are:
Project Files and Documentations
All your project files must have internal comments in self-documenting code
based on a coding standard.
Your testing document must clearly identify the testing purpose, testing method,
test cases, and your judgement.
Your static code analysis report must include pupose, method, tools, testing results,
your interpretation, and your plan of possible optimised solution.
Each group must prepare an MS PowerPoint slides for a 15-minute group
presenttaion.
All your project files and documentations for this project is to be uploaded on
Moodle before due date.
Class Presentation
Each group will have 15 minutes to present their project in MS PowerPoint, and
presentation time will be announced in advance.
Final Project_ SD6503 Testing and Secure Coding_T2_2019
Page 4 of 4
BACHELOR OF INFORMATION TECHNOLOGY
SD6503 Testing and Secure Coding
Marking Guide
Criteria Mark
Marks
Awarded
Comments
1. ASP.NET Core Project File (code and comments) 40%
1) SQL Server DB design and implementation 5
2) Home page: login, modify, navigation, etc. 10
3) Basic functions on application web pages 5
4) Advanced fucntions on application web pages 10
5) Unit Test and sample test page 10
2. Testing and Security Documentations 40%
1) Black-box Test (purpose, method, test cases, and your judgement) 5
2) White-box Test (purpose, method, test cases, and your judgement) 5
3) Unit Test (purpose, method, test cases, and your judgement) 5
4) Coded UI tesing (purpose, method, test cases, and your judgement) 5
5) Statice Code Aanlysis and Opitmised Solution (purpose, method,
interpretation of analysis results using your words; and possible
solution of security plan)
10
6) Web performance and load test (print screen and explain tests.
explain the contents of generated report)
10
3. Presentation 20%
1) Powpoint: legible (font, size, colour, etc.) and logical 10
2) Presentation: answering and asking questions 10
Total 100
Plagiarism
Copying the work of others, or using other people’s ideas as your own without acknowledging the source is called plagiarism.
Lecturers will not accept such work and you may be penalised by losing marks or failing an assessment.
All individual assignments and tests must be entirely your own work. Discussion and assistance between students who are
working in groups is ok, but all work handed in must be your own work and written in your own words, except for assignments
based on group achievement. To reinforce this, you are required to sign the declaration on the cover sheet of each assignment.
Further information is in the Guidelines for Written Assignments handbook and the Faculty of Business and Information
Technology Student Handbook.