From deef3ad3cc69dd2d1fbce219eb0ab4362042b00a Mon Sep 17 00:00:00 2001 From: "Achim D. Brucker" Date: Sun, 12 Aug 2018 07:57:07 +0100 Subject: [PATCH] Improved system description. --- README.md | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 10da649..a5241ae 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,24 @@ -# Grade Management - An Intentionally Vulnerable Rails Application +# Insecure Grade Management - An Intentionally Vulnerable Rails Application -Grade Management is an **intentionally vulnerable** grade management application that can -be used for teaching *security testing* and *security programming*. +Insecure Grade Management is an **intentionally vulnerable** grade management application +that can be used for teaching *security testing* and *security programming*. -Grade Management implements a simplistic system for managaing university grade, i.e., students -can check their marks and academics can enter marks. +## Application Scenario + +Insecure Grade Management implements a simplistic system for managing university grades. +Students can view their grades for their lectures. Moreover, students can add comments +to the grades that can be viewed by lecturers. Thus, the applications knows three roles: +*admins*, *lecturers*, and *students*. + +* *Admins* can create new students, lecturers, and other admins. Admins can create + new lectures, held by any lecturer. Admins can also create, view, and edit new + grades for all lectures and students and can create, view, and edit comments. +* *Lecturers* can create new students. They can also create new lectures that are + being held by them. Lecturers can can view grades for all students, but only enter + new grades for their own students. Lecturers can see comments for all grades, + but can not change any. +* *Students* can view their grades. For their convenience, they have the ability to filter + their grade list by a lecturer name. ## Setup