Running head: 1

DACS3203 Secure Software Development

Nada Aljaberi 60105052

Raghad Henzab 60104224

Fitness club membership system

Part 1-2

Instructor: Mueen Uddin

 2

Table of Contents

introduction .........................................................................................................................3

High level functional requirements....................................................................................3

Heading 2.........................................................................................................................3

Heading 3.....................................................................................................................3

Functional use cases:...........................................................................................................5

Secure Design Principles:....................................................................................................6

Threat Modeling:.................................................................................................................7

Figures.................................................................................................................................8
 3

Introduction:

The fitness club membership system is designed to improve the management and operational

efficiency of a fitness club, offering a solution to track member’s subscription, schedule, trainer

assignment, and different functions related to fitness. The goal of this project is to make fitness

club managers' administrative tasks more efficient so that both employees and members have a

flawless experience. Our priority during this first stage of the project is determining the

requirements, starting with high-level functional requirements, developing use cases that

correspond with those requirements, identifying potential abuse cases, and putting security

measures in place to reduce these risks. The result will be a comprehensive requirements

specification document that will serve as a roadmap for the next stages of development and

establish the foundation for a safe and reliable fitness club membership system.

High level functional requirements:

Id Function
1 User registration and
authentication
2 Membership
management
3 Class schedule
4 Trainer assignments
5 Gym facilities
6 Workout progress
8 Equipment maintenance
Description
- User should be able to register as a member
- Authentication will ensure secure access to the system
- The ability to add, update, and delete member
information
- Track membership status and renewal dates
- View and manage class schedules
- Members should be able to enroll in classes
- Assign trainers to classes
- Track trainer availability and schedule
- Maintain a list of available facilities in the gym
- Track facility availability and usage
- Members can log and track their workout progress
- Generate reports on members fitness progress
- Track equipment status, maintain schedule, and issues
- Send notifications for equipment maintenance
 4

Functional use cases:

Id Use case Actor Description

1 User registration New The system allows the new members to register,
member providing necessary details
2 User login Member, The members, trainers and admin can log into the
Trainer system.
3 Fitness class Member, Members can enroll in classes, in addition the
enrollment trainer trainers can view and manage enrollments
4 Track workout Member Members can view and track their workout
progress progress
5 Equipment Maintenanc Maintenance staff can log equipment issues,
maintenance e staff schedule maintenance, and mark completion

Abuse cases:

Id Abuse case Description

1 Unauthorized access An attacker gains unauthorized access to member or trainer

accounts

2 Data manipulation An attacker attempts to manipulate member data or class

schedules

3 SQL Injection An attacker exploits vulnerabilities in the system's database

by injecting malicious SQL queries through input fields,
such as login forms or search queries, to gain unauthorized
access or manipulate data.
 5

Security use cases:

Id Security use case Description

1 Input Validation and Validate and sanitize all user input before using it in SQL
Sanitization queries

2 Data encryption Encrypt sensitive data by using strong cryptographic

algorithms to protect against unauthorized access

3 Role-Based Access Restrict privileged actions, such as modifying membership

Control (RBAC) data or class schedules, to authorized personnel only.

Cards:

Use Case:
Name: User Registration
Created By/Author: Raghad-Nada
Actor: User
Description/Summary: Users who intend to join the fitness club should do the membership
registration and to gain access to the club services.
Preconditions: The fitness club registration system should be operational so users can
register.
Postconditions: The user membership and account with their detail and records should
be activated and saved, they also can access the club services and
facilities as members.
Normal course of events: User register and become member in fitness club.
Exceptions: 1- The user should not be under the age of 16.
2- Expired card is not accepted.
3- Existing email will not work, the system will not accept it due to
the email already used by another user.
Acceptance Criteria: The user information is stored on the server and the user can successfully
access the club facilities as member.
 6

Name: Fitness Class Enrollment

Created By/Author: Raghad-Nada
Actor: Member, Trainer
Description/Summary: This use case enables both members and trainers to interact with the
fitness club's class enrollment system. Members can enroll in fitness
classes offered by the club, while trainers have the capability to view and
manage class enrollments.
Preconditions: The fitness club's class enrollment system must be operational, and
classes must be scheduled and available for enrollment.
Postconditions: Upon successful enrollment, members are added to the class roster, and
trainers have visibility into enrolled members. Trainers can also manage
enrollments by adding, removing, or updating member statuses.
Normal course of events: 1. Member or trainer accesses the class enrollment system.
2. Member selects desired fitness class(es) from the available
schedule.
3. Member confirms enrollment in selected class(es).
4. Trainer views enrolled members for each class and manages
enrollments as needed.
Exceptions: 1. Insufficient class capacity: If a class is already full, the system
prevents further enrollments.
2. Class cancellation: If a class is canceled, enrolled members are
notified, and their enrollment status is updated accordingly.
3. Membership status: Only active members are allowed to enroll in
classes.
Acceptance Criteria: Members can successfully enroll in available fitness classes.
Trainers can view enrolled members for each class and manage
enrollments effectively.

Name: Track Workout Progress

Created By/Author: Raghad-Nada
Actor: Member
Description/Summary: This use case allows members to monitor and track their workout
progress within the fitness club's system. It provides a platform for
members to record their exercise routines, set fitness goals, and track
their achievements over time.
Preconditions: The member must have an active account within the fitness club's system
and access to the workout tracking feature.
Postconditions: Member workout data is saved and accessible for future reference.
Progress metrics, such as exercise frequency, duration, and intensity, are
recorded and available for analysis.
Normal course of events: 1. Member logs into the fitness club's system.
2. Member navigates to the workout tracking section.
3. Member records details of their workout session, including
exercises performed, sets, reps, and weights.
 7

4. Member saves the workout data for future reference and

analysis.
Exceptions: 1. Technical issues: If there are system malfunctions or connectivity
problems, members may encounter difficulties in recording or
accessing workout data.
2. User error: Members may input incorrect or incomplete workout
information, leading to inaccurate progress tracking.
Acceptance Criteria: Members can successfully record and save workout data.
Workout progress metrics are accurately tracked and displayed for
member review.

Name: Equipment Maintenance

Created By/Author: Raghad-Nada
Actor: Maintenance Staff
Description/Summary: This use case empowers maintenance staff to manage equipment
maintenance tasks within the fitness club. It involves logging
equipment issues, scheduling maintenance activities, and marking
tasks as completed once resolved
Preconditions: The maintenance staff must have access to the equipment
maintenance module within the fitness club's management system.
Postconditions: Equipment issues are addressed promptly, scheduled maintenance
tasks are completed on time, and equipment downtime is
minimized to ensure uninterrupted club operations.
Normal course of 1. Maintenance staff logs into the equipment maintenance
events: system.
2. Staff identifies equipment issues reported by members or
identified during routine inspections.
3. Staff schedules maintenance tasks, assigning priorities and
timelines based on the severity of the issues.
4. Maintenance tasks are executed as scheduled, with staff
performing necessary repairs, replacements, or servicing.
5. Upon completion, maintenance staff updates the system to
mark tasks as resolved.
Exceptions: 1. Critical equipment failure: In the event of critical equipment
failure, maintenance tasks may need to be expedited to
minimize downtime and disruption to club operations.
2. Resource constraints: Limited availability of maintenance
staff or resources may impact the scheduling and
completion of maintenance tasks.
Acceptance Criteria:  Equipment issues are logged and addressed promptly.
 Scheduled maintenance tasks are completed within
designated timelines.
 8

 Maintenance staff can effectively manage equipment

maintenance activities to ensure the smooth functioning of
club facilities.

Abuse Case:
Name: Unauthorized access to the system
Created By/Author: Raghad-Nada
Priority: High
Scope: The club system
Mis-actors: By external threats such as hackers and competitors
Access Right Levels: Low Level System Users
Point of Entry: There could be vulnerability that the attacker could exploit to launch
an attack such as injections attacks or brute force also the attacker
can use phishing.
Security Attributes Affected: Confidentiality (privacy) and Integrity (accuracy) and Availability
(accessibility) of user data.
Description: An attacker attempts to gain an access to the system or the user
data by illegal ways and unauthorized access.
Sophistication: Depends on how the attacker accessed the system what attack did
the attacker use.
Preconditions: The club system is operational.
Assumptions: Assume that the system is secured properly and there are access
privileges.
Postconditions: The user gained unauthorized access to the system and now can
manipulate the data or cause data breaches.
Related Use Cases: User login and registration
Related Threats: Brute force attack – phishing – SQL injection.
Exceptions: N/A
Acceptance Criteria: The attacker can now view data in the database and steal them
(credit card information) or manipulate the data also can cause data
breaches.

Name: Data manipulation

Created By/Author: Raghad-Nada
Priority: High
Scope: The club system
Mis-actors: External threats such as hackers and disgruntled employees
Access Right Levels: Low to high-level system users, depending on the specific
vulnerability exploited
Point of Entry: Vulnerabilities in the system's data processing mechanisms,
including inadequate input validation or insufficient access controls.
Security Attributes Affected: Integrity (accuracy) and Confidentiality (privacy) of member data
 9

and class schedules.

Description: An attacker attempts to manipulate member data or class schedules
within the club system for malicious purposes, such as altering
membership statuses, class schedules, or trainer assignments.
Sophistication: Depends on the attacker's knowledge of the system's structure and
functionality, as well as the complexity of the manipulation
attempted.
Preconditions: The club system is operational and accessible to the attacker.
Assumptions: Assumes that the system may have vulnerabilities or weaknesses
that could be exploited for data manipulation.
Postconditions: The attacker successfully manipulates member data or class
schedules, potentially causing confusion, disruption, or financial loss
for the fitness club and its members.
Related Use Cases: N/A
Related Threats: Brute force attack – phishing – SQL injection.
Exceptions: N/A
Acceptance Criteria: The attacker gains unauthorized access to manipulate member data
or class schedules, resulting in altered records or schedules within
the club system.

Name: SQL Injection

Created By/Author: Raghad-Nada
Priority: High
Scope: The club system's database
Mis-actors: External threats such as hackers and competitors
Access Right Levels: Low to high-level system users, depending on the specific
vulnerability exploited
Point of Entry: Vulnerabilities in the system's database interface, typically through
input fields such as login forms or search queries.
Security Attributes Affected: Integrity (accuracy), Confidentiality (privacy), and Availability
(accessibility) of the club system's database.
Description: An attacker exploits vulnerabilities in the system's database by
injecting malicious SQL queries through input fields, such as login
forms or search queries, to gain unauthorized access or manipulate
data.
Sophistication: Depends on the attacker's knowledge of SQL injection techniques
and the specific vulnerabilities present in the system.
Preconditions: The club system's database is operational and accessible to the
attacker.
Assumptions: Assumes that the system may have inadequate input validation or
insufficient protection against SQL injection attacks.
Postconditions: The attacker gains unauthorized access to the club system's
database or successfully manipulates data within the database,
 10

potentially leading to data breaches, information disclosure, or

Related Use Cases:
Related Threats:
Exceptions:
Acceptance Criteria:
system compromise.
Fitness class enrollment - Track workout progress - Equipment
maintenance
Data manipulation, unauthorized access, information disclosure.
N/A
The attacker successfully exploits vulnerabilities in the system's
database to execute malicious SQL queries, resulting in unauthorized
access or data manipulation within the club system.

Security Case:

Name: Validate and sanitize all user input before using it in SQL queries
Created By/Author: Raghad - Nada
Actor: Everyone who attempt to login.
Description/Summary: Reject input that doesn't conform to expected patterns (e.g.,
alphanumeric characters for names, numeric values for IDs).
Preconditions: User attempt to access the system.
Postconditions: Access is denied if the user enters malicious input.
Exceptions: None.
Acceptance Criteria: When user is authenticated successfully then the user can access
otherwise access is denied.

Name: Data Encryption

Created By/Author: Raghad-Nada
Actor: System administrators, developers, and any personnel handling sensitive
data.
Description/Summary: Encrypt sensitive data using strong cryptographic algorithms to safeguard
it from unauthorized access. Encryption ensures that even if
unauthorized parties gain access to the data, they cannot decipher its
contents without the encryption key.
Preconditions: Sensitive data is being stored or transmitted within the system.
Postconditions: Sensitive data is encrypted, adding an extra layer of protection against
unauthorized access.
Normal course of events: User register and become member in fitness club.
Exceptions: Just encrypt the important data such as passwords to unauthorized
access.
Acceptance Criteria: Sensitive data, such as user credentials, payment information, and health
records, are stored and transmitted in an encrypted format. Only
authorized users with access to the encryption keys can decrypt and
access the data.

Name: Role-Based Access Control (RBAC)

 11

Created By/Author: Raghad-Nada

Actor: System administrators, database administrators, and any personnel
responsible for managing access rights.
Description/Summary: Implement Role-Based Access Control (RBAC) to restrict privileged
actions, such as modifying membership data or class schedules, to
authorized personnel only. RBAC ensures that users are granted
permissions based on their roles and responsibilities within the
organization.
Preconditions: Access control mechanisms are being established within the system.
Postconditions: Access to privileged actions is restricted based on the roles assigned to
users.
Normal course of events: User register and become member in fitness club.
Exceptions: When an admin enters the system he can have access to the whole
application.
Acceptance Criteria: Users are assigned roles with specific permissions, such as administrator,
manager, or regular user. Access to sensitive functionalities, such as
modifying membership data or class schedules, is limited to users with
appropriate roles and permissions. Unauthorized users are prevented
from accessing or modifying sensitive data or system configurations.

Part 2:

Secure Design Principles:

Decompose the application:

 12

- Threat model information:

Threat model information

Application version 1.0
Description The Fitness Club Membership System is like a smart helper for
gyms. It makes things easy by keeping track of who's a member,
organizing class schedules, and assigning trainers to members. It
helps with payments, sends messages to members, and gives
insights into how the gym is doing. It's simple to use, keeps things
safe and private, and makes the whole gym experience smooth for
both the staff and the members. However since it’s the first
implementation, we are offering limited functionalities. The
application users are: Trainers – maintenance team – members.
Document owner Nada
Participants Raghad
Reviewer Mueen Uddin

- External dependencies :

External dependencies
ID Description
1 For the application to store and manage member profiles, subscription
data, class schedules, trainer assignments, and other crucial data, a
dependable database management system is required. For effective data
storage and retrieval, popular database systems like MySQL,
PostgreSQL, or MongoDB can be used.
2 Using Apache as the web server, a Linux server will power the Fitness
Club Membership System. The server will be updated with operating
system and application patches on a regular basis, and security measures
that adhere to industry standards will be implemented.
 13

3 A private network will be used to connect the web server and database
server in order to provide secure communication and improve data
privacy and integrity.

4 A firewall will protect the web server and allow connectivity only via
TLS (Transport Layer Security) for improved encryption and safe data
transfer. This method guarantees the privacy and security of all
interactions with the system

- Entry points:
Entry Points

ID Name Description Trust levels

1 User registration and Captures user data - Anonymous

authentication form during registration, it application
includes the users user
personal information - User with
and authentication valid login
details. credentials
- User with
invalid login
credentials
- Administrative
personnel
2 Class schedule input Allow authorized - Anonymous
 14

personnel to modify Web User

fitness class details - User with
and any change in Valid Login
timings. Credentials
- Unauthorized
Access
Restricted
- Administrative
Personnel
3 HTTPS port The fitness - Anonymous
application will be Web User
only via TLS. - User with
Valid Login
Credentials
- Unauthorized
Access
Restricted
- Administrative
Personnel
4 Search entry page The page used to - User with
enter a search query valid login
credentials
- Trainer
5 Payment Processing External API for - Authorized
API processing Payment
membership Processing
payments securely. Personnel

- Assets:
Assets
 15

ID Name Description Trust levels

1 User login The login credentials that a - User with valid

credentials member or trainer will use to log login
into the fitness application credentials
- Database server
administrator
- Database read
user
- Database
read/write user
2 Trainers login The login credentials that a - Trainer
details trainer will use to login into the - Database server
fitness application administrator
- Database read
user
- Database
read/write user
3

1. Principle of Least Privilege:

 Role-Based Access Controls (RBAC):

 Define roles like "Member," "Trainer," and "Administrator."

 16

 Assign minimum necessary permissions to each role. For instance,

members can access their data, trainers can view schedules, and

administrators have full system access.

 Data Isolation:

 Implement data segmentation to ensure members can only access their

own information.

 Restrict access to sensitive data like financial records to authorized

personnel.

2. Defense in Depth:

 Firewalls and Secure API Gateways:

 Employ firewalls to monitor and control incoming and outgoing network

traffic.

 Use a secure API gateway to manage and secure API endpoints, ensuring

only authorized requests are processed.

 Secure Coding Practices:

 Follow coding best practices to prevent common vulnerabilities, such as

input validation, output encoding, and proper error handling.

 Apply the principle of defense in depth within the application architecture

itself, considering secure design patterns.

3. Fail-Safe Defaults:

 Secure Default Configurations:

 Configure the app with secure default settings, including secure

passwords, account lockout policies, and secure communication protocols.

 17

 Ensure that default configurations minimize potential attack vectors.

4. Data Encryption:

 End-to-End Encryption:

 Implement end-to-end encryption to protect sensitive data from

unauthorized access.

 Encrypt data at rest using strong encryption algorithms.

 Secure Communication:

 Enforce the use of HTTPS for all communication between the app and the

server to prevent data interception.

5. Input Validation:

 Client-Side and Server-Side Validation:

 Validate user inputs on the client side to provide a responsive user

experience.

 Implement thorough server-side validation to prevent injection attacks and

ensure data integrity.

Threat Modeling:

1. Identify Assets:

 Member Data:

 Personal information, health records, and payment details.

 System Functionality:

 Class schedules, trainer assignments, and financial records.

 18

 User-Generated Data:

 Workout progress, nutrition plans, and personal preferences.

2. Identify Threats:

 Unauthorized Access:

 Mitigate through robust authentication mechanisms and secure session

management.

 Data Tampering:

 Ensure data integrity through encryption and proper input validation.

 Financial Fraud:

 Implement secure payment processing and regularly monitor transactions.

 Social Engineering:

 Train staff and users to recognize and report phishing attempts.

3. Assess Vulnerabilities:

 Authentication Vulnerabilities:

 Evaluate the strength of authentication methods, including password

policies and multi-factor authentication.

 Authorization Weaknesses:

 Review access controls to identify and rectify any potential weaknesses.

 Data Storage Vulnerabilities:

 Assess the security of data storage solutions, including encryption and

access controls.

4. Mitigation Strategies:

 Biometric Authentication:
 19

 Integrate biometric authentication options for members.

 Regular Security Updates:

 Keep the app and all dependencies up-to-date with the latest security

patches.

 User Education:

 Conduct regular security awareness sessions for users and staff to prevent

social engineering attacks.

 Incident Response Plan:

 Develop a plan to respond effectively to security incidents, including

communication protocols and recovery strategies.

5. Regular Security Reviews:

 Penetration Testing:

 Conduct regular penetration testing to identify and address vulnerabilities.

 Ongoing Monitoring:

 Implement continuous monitoring of the app's security posture.

 Utilize intrusion detection systems to identify and respond to potential

threats.