The biggest challenge for any software tutorial is what the example to use. Most software engineering tutorials are just too simple. They have the basic functionality of a to do application. Most software security tutorials use perceived high value data set like financial data.
The reason for this is that these tutorials often used to teach concepts at a basic level. The challenge is going from the basic level to the complex level leads to false assumptions or uncertainty. Our goal is to provide a sample application which demonstrates how factoring security in, even if the law doesn’t require it, can provide a cleaner implementation and reduce the total cost of ownership.
On-line educational software has become more widely available and a necessity for remotely learning. This software package provides the areas where the law does require better security, areas where security is needed for business reasons, and areas where security is not really needed at all.
It is important to note that we will only be discussing implementation at a theoretical level. This will not really involve detailed code examples. That would make it way more complicated. We are going to try to walk that gray line of enough detail to get the points across while not getting way too in the weeds that the story is lost. We will also not be going into all of the features that would be required.
The following table demonstrates the features that will be the focus on the tutorial
| Feature Name | Description | Roles Needing Access |
|---|---|---|
| User Management | Allows for the creation, management, and deletion of user accounts. | Administrators |
| Course Creation | Enables educators to create, edit, and organize course content, including syllabus and materials. | Educators, Administrators |
| Enrollment Management | Manages student enrollment in courses, including adding, dropping, and waitlisting. | Students, Educators, Administrators |
| Assignment Submission | A platform for students to submit assignments and for educators to review and grade them. | Students, Educators |
| Grading System | Facilitates the grading of assignments and exams, including the calculation of final grades. | Educators |
| Discussion Forums | Online forums for students and educators to discuss course material and related topics. | Students, Educators |
| Quizzes and Exams | Enables the creation, administration, and grading of quizzes and exams. | Educators |
| Attendance Tracking | Records and monitors student attendance for classes. | Educators, Administrators |
It is important to note that there are a significantly larger set of features that will be required in order for a really complete system.
The next section will discuss the prioritization of characteristics for the software. This will include a discussion on prioritizing the security attributes of availability, confidentiality, and integrity.