Web Engineering Report: Secure

Django-Based Ecommerce Platform

1. Introduction
This report documents the structured development process of a secure and scalable
ecommerce web application using Django, aligned with modern Web Engineering principles
as outlined by Pressman and Lowe. Emphasizing modularity, performance, security, and
user experience (UX), the platform supports seamless product discovery, cart management,
and secure payment via PayPal.

2. Application Domain
Domain: Fashion & Retail Ecommerce

Justification:
- Digitalization is pivotal for the fashion sector, enabling brands to expand globally while
automating transactions.
- According to Statista, global ecommerce revenue is projected to exceed $6.3 trillion by
2025, growing at a CAGR of 14.7%.
- This platform empowers SMEs with tools for inventory control, real-time sales processing,
and customer behavior insights.

3. E-Business Plan
Strategic Objectives:
- Establish a recognizable online retail presence.
- Streamline and automate sales operations.
- Leverage analytics for business intelligence and marketing.

Platform Features:
- Real-Time Product Listings: Filterable by brand, price, and category.
- Secure PayPal Checkout: REST API integration with status handling.
- Admin Dashboard: Centralized CRUD operations for orders, products, and user roles.
- Customer Area: Profiles with saved items, purchase history, and personalization.

4. Revenue Model
Stream Mechanism

Direct Product Sales Core revenue via item purchases.

 Premium Seller Accounts Subscription plans offering advanced
analytics and SEO tools.

5. Stickiness & Retention Strategy

- User Personalization: Saved searches, personalized recommendations.
- Email Automation: Order confirmations, marketing promotions.
- Rewards Program: Tiered loyalty incentives for repeat buyers.

6. Hosting & Deployment Strategy

- Cloud Infrastructure: AWS EC2 for compute, RDS (PostgreSQL) for data, S3 for media.
- CI/CD Pipeline: Automated deployment and testing via GitHub Actions.
- Monitoring & Reliability: CloudWatch for real-time health and performance metrics.

7. Security Engineering
- Transport Security: HTTPS enforced throughout, including HSTS headers.
- Django-Level Protections: CSRF, XSS mitigation, and SQL injection resistance via ORM.
- Admin Access Controls: 2FA for sensitive accounts, granular user roles.
- Data Compliance: GDPR adherence for user data handling and storage.

8. Web Engineering Lifecycle

8.1 Planning
Phase Tasks Assignee Timeline

Requirements User stories, use Katlo, Neiso Week 1–2

Gathering cases, ER modeling

UI/UX Design Figma prototypes, Neiso Week 2–3

usability flows

Backend Models, views, Katlo Week 3–5

Development PayPal integration

Frontend Templating, JS Neiso Week 4–6

Development interactivity

Deployment & Docker, CI/CD Theo Week 6–7

DevOps setup, server
 hardening

Testing & Automated tests, Team Week 7–8

Finalization performance review