Strategy for attracting new users

In order to make more students know the useful and convenient system, we recommended some marketing strategies:

  • Use social media to expand this system profile, such as Facebook, Twitter.
  • Cooperate with universities, it is a better way to let this system into university official system.
  • Put more advertising in public places.
  • If this system will charge, better to free to everyone in the first three month.
  • Invite some professional people like professor or well-know student to use this system, and then expand the reputation to increase more students to download this system.

Social impacts of the system

Social impacts are defined as “the consequences to human populations of any public or private actions that alter the ways in which people live, play, work and relate to one another, organize to meet their needs and generally cope as members of society (Glasson 2000).

In addition, social impacts are the “people impacts” of development actions. Social impacts include changes in people’s culture, environment, and political systems, for the project, the module review system has two typical social impacts.

  •  Lifestyle impacts – on the way people behave and relate to friends on a day-to-day basis. The system allows users to provide feedback on them, as well as obtaining suggestions according to user patterns. It leads to a useful application in university life. For example, students can share the module materials if they choose the same module.
  •  Community impacts – on infrastructure, services, activity network and cohesion. The system aims to offer existing and prospective students a source of information about the available modules on each course, also, there will be an activity network like social one. Students will be able to provide feedback on them, and the system can suggest suitable modules for a particular user according to course enrolment which shared in the system.

Reference

Glasson, J., 2000. Socio-economic impacts 1: overview and economic impacts, in: Morris, P. and Therivel, R. (2000) (ed), Methods of Environmental Impact Assessment, Spon Press, London and New York

 

Security analysis of system requirements and design

Overview:

  • Assess likely risks of the system and specific cost by analysing the requirements and design.
  • Identify drawbacks or improper security requirements.
  • System operation security.

For LessonPlan 2.0, as it is a social media platform for module reviews, the effective operation of the system is extremely important and the main secure factors are about the design and structure of the system, including the database that used to store the useful and updated information. The detailed contents of the system architecture design were posted by one of our group members (AHMED AL-BRASHDI) on April 27, 2015. Here is the flow chart of security analysis.

security

Actually, the main security analysis of the system will focus on the technology. The system can be divided into two parts: Front-end and Backend. For the Front-end, normally, the system can be used in a public network, such as the computer room in university, when one student log in the system successfully, the second one can not enter it when using the computer that has the same IP address, so the second one will not view the status of the module option for the previous. This is one point about users’ interaction.
For the Module Review Database, as the related information of modules is too much and it may cause confusion between several modules, such as the module leader, module place, module time, etc. Managing well the database is very essential for the system operates in a correct way.

Since the system has a login and user profile information, we think about how to overcome any vulnerabilities associated with each page.
As a web application, the main possible vulnerabilities as in OWASP top ten 2013 [1]:
1- Injection: will focus more on SQL Injection here. The login form and any other form has to prevent such attach. The danger comes when the attacker can trick sql statement and gets over authentication and authorization. He /she can then login as an admin and harm the entire application or database. Also, injecting delete or drop sql statement will remove table records or remove the entire table with its structure and definition. To overcome this, we should use parametrized interface or statement like using PrepareStatement in JDBC. Another way is to escape special characters using DBMS. Third option is to use stored procedure instead.
2-Cross-Site Scripting: if the user input has not been escaped correctly, the site might be vulnerable to cross-site scripting. To overcome this, we need to escape all untrusted data and use libraries like OWASP’s AntiSamy.

The other vulnerability might not have the same weight as these main two in LessonPlan 2.0. However, the proper prevention strategy will be applied in all of them to ensure the highest security possible. This include hashing session ids, using secure HTTP and hashing user password [2].

——–
[1] The OWASP Foundation, “OWASP Top 10 for 2013″, 2013
[2] Provided by Ahmed Al-Brashdi, 2015