Software Development Team

You were hired by a relatively large organization, which usually uses its own software written using Microsoft products. Your position as a Security Analyst requires you to look at all aspects of corporate software. You had a meeting with the members of sales and finance departments of the organization and you found out the following:

•  The sales’ logs show some ghost transaction where merchandise was shipped to a wrong address. Further review showed that all ‘wrong’ shipments were sent to a number of addresses within one county in Ontario. Although the addresses are different you found this suspicious
•  The members of the sales’ team got complaints from the customers that inside the session on the corporate web site the clients were spontaneously redirected to the gambling page. Moreover, the same customers start receiving marketing e-mails from the companies they had no idea about shortly after such redirections occurred. The customers mentioned that they have never given their e-mail to any of the organizations sending them e-mails.
•  Finance people revealed two large problems, which they have noticed. Firstly, the number of sales of certain items did not match the sum, which was supposed to be received from such sales. Secondly, somebody just sent the internal IDs of all products to the CEO of the company via e-mail with the note that the price of the number of items is too high and if it is not lowered by the company, it will be lowered from the outside.

You need to meet with the software development team of the organization. You already have a good idea about the problems, which may be happening in the developed code. Before you go there it might be a good idea to write a note to the manager of the development group outlining your thoughts. In 1700-2000 words outline all problems happening in the organization. Because the members of development team are not strong in all aspects of ASP.NET security, supplement your note with the snippets of code, which may illustrate your guesses