Report SWE 496 Group 3 (1) PDF

Summary

This document appears to be a graduation project report for a Software Engineering class, Part I (SWE 496). It includes a table of contents, list of figures, and an abstract. The document also includes references.

Full Transcript

Your Project Title

Graduation Project, Part-I (SWE 496)
Software Engineering Department
CCIS, KSU

Project Advisor:
Dr. Sarah Alhozaimy

Submitted by
Najla Aljarba, 443200432
Lina Alsuhaibani, 443200729
Maram Alamri, 443200518
Rawan Alqhtani, 441200407
Sarah, 443200652

Date submitted
 ABSTRACT

Write your abstract here.

1
 Table of Contents

1. INTRODUCTION................................................................................................................................................ 1
2. DOMAIN ANALYSIS.......................................................................................................................................... 1
3. RISK/CONSTRAINTS.........................................................................................................................................2
4. PROJECT PLAN..................................................................................................................................................3
5. QUALITY ASSURANCE PLAN........................................................................................................................ 3
6. REQUIREMENTS............................................................................................................................................... 4
6.1 FUNCTIONAL REQUIREMENTS...............................................................................................................................4
6.2 NON-FUNCTIONAL REQUIREMENTS...................................................................................................................... 4
7. PROBLEM COMPLEXITY................................................................................................................................4
8. SYSTEM USE-CASES......................................................................................................................................... 4
8.1 USE CASE1....................................................................................................................................................... 5
8.2 USE CASE2....................................................................................................................................................... 5
9. ANALYSIS CLASS...............................................................................................................................................6
10. INTERACTION DIAGRAM...........................................................................................................................6
11. DESIGN CLASS............................................................................................................................................... 8
12. SYSTEM ARCHITECTURE.......................................................................................................................... 8
13. USER INTERFACE MOCKUP...................................................................................................................... 8
14. DATABASE SCHEMA.....................................................................................................................................8
15. ALGORITHMS................................................................................................................................................ 9
16. EXPECTED DEPLOYMENT......................................................................................................................... 9
17. TEST SCENARIO............................................................................................................................................ 9
18. PROJECT STATUS..........................................................................................................................................9
19. CONCLUSION............................................................................................................................................... 10
20. REFERENCE..................................................................................................................................................10

2
 List of Figures
Figure 1. Smart room use cases 4
Figure 2. Successful order placement 5
Figure 3. Successful order placement 6
Figure 4. Successful face recognition log in 7
Figure 5. System deployment diagram 8

3
 List of Tables

Table 2. Test Table 8

4
1. Introduction

Problem
In light of the technical development witnessed in this era and the increasing number of Internet
users, phishing URLs have become a major threat to cybersecurity, as these URLs seek to
deceive individuals in order to steal their sensitive information such as passwords, credit card
numbers, and personal information. These phishing methods are constantly evolving, making it
difficult for traditional systems to detect them effectively, which indicates the need to develop
advanced techniques to improve the ability to detect phishing URLs.

Proposed solution
Artificial intelligence (AI) offers promising capabilities in combating phishing URLs by
analyzing data faster and more accurately than traditional methods. AI techniques, particularly
through machine learning, can rapidly and accurately assess the likelihood of URLs being
phishing attempts. By training on extensive datasets that include both phishing and legitimate
URLs. These models can learn patterns and characteristics that distinguish phishing URLs, such
as unusual patterns in addresses, or URLs that use domain names similar to well-known
domains.

Aim and Objective
The application aims to develop an advanced system to detect phishing URLs using artificial
intelligence, as it will rely on machine learning techniques to analyze URLs and recognize
patterns and details that indicate the presence of a phishing threat. The application will include a
set of tools and features that help protect users from phishing URLs, including alerts to users
when a potentially phishing URL is detected. Additionally, the application will offer educational
content to raise awareness, equipping users with knowledge on how to spot phishing attempts.
Reports and analyses of detected phishing activities will also be provided, offering insights into
trends and threats.

Document overview
The rest of this report is organized as follows. Section 2 provides Domain Analysis of the
project, Section 3 describes expected Risk/Constraints that we need to deal with, Section 4
presents the project work plan, Section 5 provides the Quality Assurance Plan, Section 6
provides functional requirements and non functional requirements, Section 7 describes problem
complexity of the project, Section 8 lists 3 critical use cases that represent significant and central
functionality of the final system, Section 9 represents the analysis class that identify all the
boundary class, control class and entity class for all the use cases, Section 10 is about interaction
diagram in terms of sequence between classes, Section 11 represents the design class, Section 12
describes System Architecture, Section 13 provides user interface mockups for critical scenarios,
Section 14 defines the database schema and how data will be stored, Section 15 gives brief
overview of special algorithms that were used, Section 16 represents the system deployment
diagram, Section 17 specifies test scenarios, Section 18 is about Project Status that illustrates the
current status of the project, the different issues we have worked on and the issues that we plan to
work on in the subsequent iterations, Section 19 gives the conclusion of this report, Section 20 is
about references that were used.

1
2. Domain Analysis

In our project, the domain under study is “Phishing Detection”, a field rich in solutions and
resources. And in this section, we present a set of existing tools and applications similar to ours
in order to analyze the field and have a good understanding of it. We will be discussing each
tool’s features, and comparing them.

PhishTank
The first phishing detection tool is PhishTank. Which is an anti-phishing website that is highly
community driven. PhishTank gathers data about phishing sites, and also allows users to report
suspected phishing URLs. This data is then verified and made public for awareness purposes,
and used to specify if user submitted URLs are phishing or legitimate. PhishTank’s community
driven nature is a big advantage of this platform, the many phishing URLs submitted enhance the
database's accuracy and timeliness. The platform also offers open access to its database of
phishing URLs, as well as integration possibilities for developers looking for phishing detection
APIs. However, PhishTank also has some downsides, One being the lack of advanced features
like AI detection, and rather relying on user submissions for phishing detection.

Google’s safe browsing site status
Google’s safe browsing site status is another example of a platform that provides phishing
detection services. This tool depends on a technology developed by google that examines billions
of URLs per day using machine learning, this technology helps google maintain a continuously
up-to-date list of websites and their statuses. Google’s site status allows the user to paste a URL
of a website to check its status, whether malicious or legitimate, this is determined by the
up-to-date list that google keeps of websites and their statuses. One huge feature of this platform
is that when dangerous phishing websites are detected google shows warnings on google search
and web browsers.

Easy DMARC’s Phishing URL checker
Another commonly used tool is Easy DMARC’s Phishing URL checker, which is a website that
scans pasted links by using an AI algorithm to determine whether it is safe or not. In addition to
the AI algorithm, the tool also compares the phishing to a database of known phishing websites
for detection. The website provides a report of each scanned URL containing its original URL,
redirected URL, and URL status. The website also has a feature that shows the most recently
scanned URLs by all users.

Novoshield
Novoshield is another solution that exists for phishing. This tool doesn’t specify the used
phishing detection technology, but it promises to be a lightweight mobile browser extension that
prevents phishing attacks. Users can download the Novoshield app and install the extension on
their Safari browser and every time they come across a suspicious link a warning message is
shown. On the app, users can view a report of the number of suspicious URLs they came across.
One downside of this tool is that in order to use it you have to pay a subscription fee.

Through our analysis, we noticed a need for a phishing detection system that is rich in features.
Our easy-to-use mobile application will offer in-app AI phishing detection, as well as a browser
extension and other features that will aid both general users and cybersecurity professionals.

2
 Tool PhishTank Google safe Easy Novoshield Our App
Browsing site DMARC’s
status URL checker
Feature

Platform Website Website Website IOS Application IOS, Android
and Safari Application and
Extension chrome
Extension

AI for ✔ ✔ ✔
Not Specified
Detection

User-Submitted ✔ ✔
URL Reporting

Stores Phishing ✔ ✔ ✔ ✔
URLs in a
Database

URL Reports ✔ ✔ ✔ ✔ ✔

Dashboard ✔

Phishing ✔ ✔ ✔
protection in
browser

Supports ✔ ✔
Arabic
Language

Supports ✔ ✔ ✔ ✔ ✔
English
Language

Free ✔ ✔ ✔ ✔

3
3. Risk/Constraints

Risk Title Description Likelihood Impact Priority Mitigation Responsible
Strategy Parties

Maintainability Continuous High High High Automate periodic
Challenges updating of the AI updates and
model and phishing retraining of AI
URL database to models with fresh
detect new threats. data. Use version
Without consistent control and
updates, the system structured code for
may become easy future
outdated. modifications.

Skill Gaps The team may lack Medium Medium Medium Identify skill gaps
specific skills, such early and provide
as advanced AI training to bring
modeling or in the required
phishing detection expertise. Create a
algorithms, which knowledge-sharin
could slow down g environment
progress. within the team.

User Adoption Users may find the Medium High High Design an
and Usability platform too intuitive user
complicated or interface. provides
cumbersome to step-by-step
use, reducing its instructions on
adoption. how to use the
software. Collect
user feedback to
improve UX
regularly.

Accessibility The application Medium High High test across a
Issues may not function variety of devices.
well across Regularly review
different devices UI/UX
(desktop, mobile, accessibility
tablets). features and
usability testing
for inclusivity.

Scalability Issues The system may Medium High High Use cloud-based
struggle to handle infrastructure that
increasing numbers allows dynamic

4
 of users and URLs scaling. Conduct
for analysis, load testing to
leading to slow identify potential
performance or bottlenecks early.
crashes.

4. Project Plan

5. Quality Assurance Plan

Formal reviews
As these documents originate from the early phases of the project, reviews are especially critical
in the Software Quality Assurance (SQA) process. They help identify errors early, preventing
these mistakes from being carried into later stages, where they become significantly harder, more
complicated, and costly to correct.
Before meeting with the project advisor for the formal review, team members are expected to go
over the document carefully and provide their feedback. They should also take time to review
and apply any feedback from the advisor to make sure the document is polished and meets the
project’s requirements.
ref

Documentation Management
Effective documentation management is key to making sure all project documents are created
accurately, kept up-to-date, and easily accessible to team members and stakeholders throughout

5
the project lifecycle. Using tools like Google Docs helps with version control and makes
collaboration smoother. It's also important to regularly review documents to confirm their
accuracy and alignment with the latest project requirements, timelines, and progress. Team
members should consistently review and update documents to keep everything current and to
support overall project clarity and efficiency. ref
Risk management
Risk management is a useful technique in software development, used to facilitate the early
detection of possible problems, increasing understanding before they turn into emergencies. This
method increases the chances of finishing a project successfully while reducing the effects of
inevitable risks.
Effective risk management involves the identification, analysis, prioritization, and planning of
responses to mitigate the likelihood or impact of risks. This ongoing process enables the project
team to adjust to changes and retain a greater level of control over the development
process.ref

Testing
Testing plays a crucial role in the Quality Assurance Plan. Testing is to identify as many errors as
possible in the software, ensure that the software reaches an acceptable level of quality after error
correction and retesting, and perform all required tests efficiently and effectively within schedule
constraints. ref

Training team members:
To enhance our team's capabilities in Artificial Intelligence (AI) development, Each team
member will complete online courses focused on Artificial Intelligence (AI) development to gain
advanced expertise in the field.
These courses are designed to cover a range of topics, from foundational concepts to advanced
techniques, ensuring that everyone gains a robust understanding of the field.
The courses will include key Topics such as machine learning, natural language processing,
computer vision, and ethical considerations in AI.
This training will enable our team to leverage AI effectively, driving innovation and improving
the team's overall proficiency in AI development.
The training is designed to be flexible and self-paced, allowing each individual to tailor their
learning experience according to their current knowledge level and specific interests.
To evaluate the effectiveness of our training initiative, we will implement metrics to measure
individual progress and team improvement. Regular assessments and feedback sessions will help
us gauge the impact of the courses on our work and identify areas for further development.

Walkthroughs:
A walkthrough is a form of software peer review that involves examining design documents,
code, or other project artifacts. During a walkthrough, team members collaboratively review

6
each artifact, offering suggestions and feedback to identify potential issues and enhance the
quality of the final system. This informal review process helps the team improve the accuracy,
functionality, and overall quality of the software, ensuring it meets the desired standards and
requirements before finalization.

6. Information Gathering

6.1 Questionnaire

A key part of the development process involved collecting input from potential users through a
questionnaire. The questionnaire is designed to identify the expectations, behavior, and
preferences of users regarding phishing detection tools and related needs for education in online
security. This survey comprises two parts: one for regular internet users and the other for
cybersecurity experts. It was structured with both multiple-choice and open-ended questions to
capture as broad a range of views as possible.

We distributed the questionnaire to a group of casual internet users and cybersecurity experts,
and received 52 responses. These responses provided the ground to establish some key system
requirements and map out features that would satisfy the needs of the user base best.

Question 6: Interest in a list of frequently reported phishing URLs

The concept of a shared feature was very well-received. As many as 79.6% of participants would
be interested in seeing, within the app, a list of the most reported phishing URLs that gets
updated regularly, while 20.4% had no interest in it.

This major interest reflects a clear demand for a shared, accessible resource to help users stay
vigilant and avoid known threats.

7
Question 7: Preference for an awareness page on phishing and online safety

All participants agreed that an awareness page within the app will be very beneficial, where there
might be some suggestions on how to spot phishing attempts and how to be safe online.

This overwhelming response pretty strongly suggests that users see real value in educational
content. If implemented, this would save the end-user by upgrading their knowledge and
developing the ability to handle online threats more confidently for safer user experiences

8
Question 8: Preferred type of awareness content

When asked about the most useful type of content they would want to receive under an
awareness program, users displayed a lot of inclination toward getting engaging and interactive
formats. The results of their choices are as follows:

67.3% claimed that real examples of phishing attempts were the most useful.
59.2% chose educational video clips.

42.9% required interactive quizzes in order to test and improve their phishing detection ability.
30.6% preferred the presence of infographics or explanatory images to make phishing
techniques clear.

9
 24.5% chose to identify phishing attempts by using step-by-step instructions.

These suggest that the user appreciates entertaining and informative formats. Real-life examples,
videos, and interactive quizzes were favored most because variety seems to be one of the keys. A
combination of video content, quizzes, and relatable examples can make the awareness section
informative and user-friendly, which will facilitate the users in recognizing and responding to
phishing threats in a more approachable and practical manner.

7. Requirements

7.1 Functional Requirements

6.1.1 User requirements
SR1. The user shall be able to Sign-up using his/her first name, last name, email
address, and password.
SR2. The user shall be able to verify email during sign-up.
SR3. The user shall be able to login using his/her email address and password.
SR4. The user shall be able to reset his/her password.
SR5. The user shall be able to view his/her account information (first name, last
name, email address, and password).
SR6. The user shall be able to edit his/her account information (first name, last

10
 name, email address, and password).
SR7.
SR8. The user shall be able to delete his/her account.
SR9. The user shall be able to logout of his/her account.
SR10. The user shall be able to enter a URL for phishing detection.
SR11. The user shall be able to view a result of the submitted URL (phishing or
legitimate).
SR12. The user shall be able to view a report of the phishing URL after submitting it,
specifying the number of times it was reported, first and last reported date, type of
phishing attack, and risk level.
SR13. The user shall be able to save the phishing URL report in PDF format.
SR14. The user shall be able to share the phishing URL report in PDF format.
SR15. The user shall be able to report phishing URLs.
SR16. The user shall be able to take a picture of a QR code in the app for phishing
detection.
SR17. The user shall be able to upload a photo of a QR code for phishing detection.
SR18. The user shall be able to view a result of the submitted QR code (phishing or
legitimate).
SR19. The user shall be able to view a report of the phishing QR code after
submitting it, specifying the number of times it was reported, first and last
reported date, type of phishing attack, and risk level.
SR20. The user shall be able to save the phishing QR code report in PDF format.
SR21. The user shall be able to share the phishing QR code report in PDF format.
SR22. The user shall be able to report phishing QR code.
SR23. The user shall be able to view a dashboard that displays statistics related to
his/her recently scanned and reported URLs.
SR24. The user shall be able to view a PDF report summarizing his/her activity,
which includes all scanned and reported URLs and QR codes, for a specified date
range.
SR25. The user shall be able to save the summary report in PDF format.
SR26. The user shall be able to share the summary report in PDF format via external
applications.
SR27. The user shall be able to view a list of top-reported phishing URLs.
SR28. The user shall be able to share a PDF file of the top-reported phishing URLs
via external applications.
SR29. The user shall be able to view a report of any of the top-reported.
SR30. The user shall be able to share the report of the top-reported URL in PDF
format via external applications.
SR31. The user shall be able to save the report of the top-reported URL in PDF
format.
SR32. The user shall be able to watch phishing awareness videos.
SR33. The user shall be able to view phishing awareness articles.
SR34. The user shall be able to solve phishing awareness quizzes.
SR35. The user shall be able to install the app’s chrome extension.

11
6.1.2 Admin requirements
SR36. The admin shall be able to login using his/her email and password.
SR37. The admin shall be able to reset his/her password.
SR38. The admin shall be able to view his/her account information (first name, last
name, email, and password).
SR39. The admin shall be able to edit his/her account information ((first name, last
name).
SR40. The admin shall be able to delete his/her account.
SR41. The admin shall be able to view usage data without tying it to users' identity.
SR42. The admin shall be able to add awareness content for users.
SR43. The admin shall be able to view awareness content.
SR44. The admin shall be able to edit awareness content.
SR45. The admin shall be able to delete awareness content.
SR46. The admin shall be able to view the list of top-reported phishing URLs.
SR47. The admin shall be able to edit the list of top-reported phishing URLs.
SR48. The admin shall be able to delete any URLs from the list of top-reported
phishing URLs.
SR49. The admin shall be able to logout of his/her account.

6.1.3 System requirements

SR50. The system shall be able to analyze extracted URLs if it is phishing or
legitimate.
SR51. The system shall send a verification email after the user registers, and
automatically verify the email when the user confirms it.
SR52. The system shall be able to display a result indicating whether the URL is
phishing or not.
SR53. The system shall be able to store phishing URLs in the database automatically.
SR54. The system shall be able to generate detailed reports of phishing URLs
detected.
SR55. The system shall be able to display detailed reports of phishing URLs
detected.
SR56. The system shall be able to download reports in PDF formats.
SR57. The system shall be able to update the list of top-reported phishing URLs.
SR58. The system shall be able to download the list of top-reported phishing URLs
in PDF formats.
SR59. The system shall be able to detect phishing URLs in browser or in the page
through the chrome extension.
SR60. The system shall be able to detect phishing QR code in the page through the
chrome extension
SR61. The system shall be able to send a notification to the user updating him/her of
the latest awareness content.

7.2 Non-Functional Requirements

6.2.1 Performance:

12
 SR62. The system shall be able to detect phishing URLs and display results within 3
seconds of scanning or search action.
SR63. The system shall be able to scale to support up to 5000 users simultaneously
without experiencing performance degradation.
6.2.2 Reliability:
SR64. The system shall maintain an availability of 99.9%, excluding scheduled
maintenance window.
SR65. The system shall be able to keep all users passwords encrypted.
6.2.3 Usability:
SR66. The user shall be able to learn to use the system within 20 minutes of training.
SR67. New users shall be able to complete the registration process within 1 minute.

8. Design Constraints

SR68. The system shall work on both iOS and Android operating systems.(edition?)
SR69. The system shall be able to integrate with ChatGPT.
SR70. The system’s database shall be stored on firebase.

9. Problem Complexity

Developing a mobile software that detects phishing URLs using AI and provides educational
tools to increase users' awareness about online fraud has many complexities. Technical
challenges include collecting comprehensive and diverse data that includes multiple types of
phishing URLs. Accurately classifying links into legitimate and fraudulent links is a major
challenge. Failure of the software to detect phishing URLs may result in the loss of users'
personal data or money. On the other hand, failure to properly classify legitimate URLs may
hinder users' access to services, causing them to lose confidence in the software and reduce their
use or abandon it altogether. In addition, there are currently no global standards for classifying
phishing URLs, which means developing an ad hoc solution without clear standards. It is
expected that the age ranges and technical knowledge of users will vary, which poses a challenge
in customizing educational tools for diverse levels of understanding and designing content to be
engaging and practical.

13
10. System Use-Cases

14
Figure 1. System Name use cases Diagram

15
10.1 Use Case 1: View URL Result.

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: View result.
Primary actor: User Secondary actor(s): ChatGPT
Description: This use case describes how the user can view the detection results after
entering a URL or Qr code for detection.
Relationships:
Includes: None.
Extends: View phishing report.

Pre-conditions:
1. The user shall be signed-in.
2. The user shall have entered a URL or Qr code for detection.

Steps:
Primary Actor System
1. User selects “show result”.

2. System displays whether the submitted
URL or QR code is phishing or legitimate.

Alternative and exceptional flows:
1.1 If the entered URL or QR code is invalid, the system shall display an error message and
prompt the user to re-enter valid data.
2.1 If the URL or Qr code is detected as phishing, then the use case extends to: View
phishing report.
2.2 If the system is unable to process the URL or QR code, the system shall display an error
message indicating that the detection could not be completed and suggest trying again later.

Post-conditions:
Successful condition: The system shall display whether the entered URL or QR code is
phishing or legitimate.
Failure condition:The system fails to detect whether the entered URL or QR code is
phishing or legitimate.

16
10.2 Use Case 2: View Phishing Report

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: View phishing report

Primary actor: User Secondary actor(s):
Description: This use case describes how the user can view the report of any URL or Qr
code that is detected as phishing.
Relationships:
Includes: None.
Extends: Share phishing report, Save phishing report.

Pre-conditions:
1. The user shall be signed-in.
2. The URL or Qr code is detected to be phishing or the user selects a specific URL
from the top-reported list.

Steps:
Primary Actor System
1. User selects “View phishing report ”.

2. The system displays the PDF phishing
report specifying the number of times it was
reported, first and last reported date, type of
phishing attack, and risk level.

3.use case extends to: Share phishing
report, Save phishing report.

Alternative and exceptional flows:
2.1 If the report generation fails, the system shall display an error message indicating that
the report could not be generated and suggest trying again later.

Post-conditions:
Successful condition: The system shall display the phishing report.
Failure condition::The system fails to display the phishing report.

17
10.3 Use Case 3: View Top-Reported URLs List

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: View top-reported URLs list.
Primary actor: User Secondary actor(s):
Description:This use case describes how the user can view the top-reported URLs list.
Relationships:
Includes: None.
Extends: Select specific top-reported URL, share the top-reported URLs.

Pre-conditions:
1. The user shall be signed-in.

Steps:
Primary Actor System
1. The user selects the top-reported URLs list
section.
2. The system displays the top-reported
URLs list page.

Alternative and exceptional flows:
2.1 If the system cannot retrieve the top-reported URLs , an error message is displayed.

Post-conditions: None.
Successful condition: The system shall display the top-reported URLs list page.
Failure condition:The system fails to display the top-reported URLs list page.

18
10.4 Use Case 4: Take a picture of QR code

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: Take a picture of QR code.
Primary actor: User Secondary actor(s):
Description:This use case describes how the user can take a picture of a QR code to check
if it leads to a Phishing URL.
Relationships:
Includes: View result.
Extends: None.

Pre-conditions:
1. The user shall be signed-in.
Steps:
Primary Actor System
1. The user clicks on the QR code icon in the
home page.
2. The system displays a prompt to either choose
“Camera” to take a photo or “Gallery” to upload
an existing photo of a QR code.
3. The user selects Camera.
4. The system opens the camera view and
prompts the user to align the QR code within the
frame.
5. The user taps the capture button.
6. The system captures the image.

7. The system processes the image and extracts
the URL from the QR code.

8. The system displays the extracted URL.
9. Use case View result is performed.

Alternative and exceptional flows:
7.1 If the system fails to detect a QR code in the captured image, an error message is
displayed where the user is prompted to try again.
7.2 If the system fails to extract a URL from the QR code, an error message is displayed,
where the user is prompted to try again.

Post-conditions:
Successful condition: The user has successfully captured an image of the QR code and
viewed the extracted URL.
Failure condition: The user was unable to capture an image of the QR code, and view its
extracted URL.

19
10.5 Use Case 5: Upload a picture of QR code

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: Upload a picture of QR code.
Primary actor: User Secondary actor(s):
Description:This use case describes how the user can upload a picture of a QR code to
check if it leads to a Phishing URL.
Relationships:
Includes: View result.
Extends: None.

Pre-conditions:
1. The user shall be signed-in.
Steps:
Primary Actor System
1. The user clicks on the QR code icon in the
home page.
2. The system displays a prompt to either choose
“Camera” to take a photo or “Gallery” to upload
an existing photo of a QR code.
3. The user selects Gallery.

4. The system opens the device’s gallery and
prompts the user to align the QR code within the
frame.
5. The user selects a photo.

6. The system processes the image and extracts
the URL from the QR code.

7. The system displays the extracted URL.
8. Use case View result is performed.

Alternative and exceptional flows:
7.1 If the system fails to detect a QR code in the uploaded image, an error message is
displayed where the user is prompted to try again.
7.2 If the system fails to extract a URL from the QR code, an error message is displayed,
where the user is prompted to try again.

Post-conditions:
Successful condition: The user has successfully uploaded an image of the QR code and
viewed the extracted URL.

20
Failure condition: The user was unable to upload an image of the QR code, and view its
extracted URL.

10.6 Use Case 6: Save the phishing URL report in PDF format

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: Save the phishing URL report in PDF format.
Primary actor: User Secondary actor(s):
Description:This use case describes how the user can save the phishing URL report in PDF
format.
Relationships:
Includes: View phishing report.
Extends: None.

Pre-conditions:
1.the user shall view the report of the phishing URL.

Steps:
Primary Actor System
1. The User selects “Save phishing report ”.
2. The System genrate phishing URL report
in PDF format.

3. The User Save the phishing report in PDF
format.

Alternative and exceptional flows:
2.1 If the system fails to generate phishing URL report in PDF format, an error message is
displayed where the user is prompted to try again.

Post-conditions: None.
Successful condition: The user has successfully saved the phishing URL report in PDF
format.
Failure condition: The user was unable to save the phishing URL report in PDF format.

21
10.7 Use Case 7: View Summary report

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: View Summary report.
Primary actor: User Secondary actor(s):
Description:This use case describes how the user can view a PDF report summarizing their
activity, including all scanned and reported URLs and QR codes, for a specified date range.
Relationships:
Includes: None.
Extends: Save summary report, share summary report.

Pre-conditions:
1. The user shall be signed-in.
2. The user shall have activity records (scanned or reported URLs/QR codes).

Steps:
Primary Actor System
1. User navigates to the dashboard page.
2. System displays all reports.
3. User enters the desired start and end dates.
4. System filters and displays all reports within
the selected date range.
5. User selects "Generate Summary Report."
6. System displays the PDF report for the user to
view.
Alternative and exceptional flows:
4.1 If the entered start date is after the end date, the system displays an error message
indicating that the date range is invalid and prompts the user to correct it.
4.2 If no activity exists for the selected date range, the system displays a message stating
that no data is available for the selected period.
6.1 If the report generation fails, the system displays an error message indicating that the
report could not be generated and suggests trying again later.

Post-conditions:
Successful condition: The system shall display a PDF report summarizing all scanned and
reported URLs and QR codes for the specified date range.
Failure condition: The system fails to generate the PDF report due to an error or lack of
data.

22
10.8 Use Case 8: Edit Top-Reported URLs List

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: Edit top-reported URLs list.
Primary actor: Admin Secondary actor(s):
Description:This use case describes how the Admin can Editthe top-reported URLs list.
Relationships:
Includes: None.
Extends: None.

Pre-conditions:
1. The admin shall be signed-in.
2. The admin shall have viewed the top-reported URLs list.

Steps:
Primary Actor System
1. The admin clicks on the edit button.
2. The system displays the edit page for
top-reported URLs list.
3. The admin selects specific URL
4. The system displays the URL information.
5. The admin edit URL information.
6. The system saves changes to URL
information.
Alternative and exceptional flows:
6.1 If the system cannot save changes to URL information , an error message is displayed.

Post-conditions:
Successful condition: The system shall save changes to URL information.
Failure condition:The system fails to save changes to URL information.

23
10.9 Use Case 9: Add awareness content

Use Case Description
System: Ai-Enhanced Phishing Detector.
Use Case name: Add awareness content
Primary actor: Admin Secondary actor(s):
Description:This use case describes how the Admin can add awareness content.
Relationships:
Includes: None.
Extends: None.

Pre-conditions:
1. The admin shall be signed-in.

Steps:
Primary Actor System
1. The admin clicks on “Add awareness
content”.
2. The system displays awareness content
form.
3. The admin fills out the form and submits
it.
4. The system adds awareness content.

Alternative and exceptional flows:
4.1 If the system cannot add awareness content , an error message is displayed.

Post-conditions:
Successful condition: The system shall add awareness content.
Failure condition:The system fails to add awareness content.

11. Analysis Class
Here you identify all the boundary class, control class and entity class for all the use cases. You
should also identify the attributes and methods in the classes.

24
 Figure 2. Successful order placement

12. Interaction Diagram

25
12.1.1 View URL result use case

Figure 3. Successful order placement

12.1.2 View phishing report use case

26
Figure 4. Successful face recognition log in

27
12.1.3 View phishing report use case

Figure 5. Successful face recognition log in

28
12.1.4 View awareness content use case

Figure 6. Successful face recognition log in

29
12.1.5 View summary report use case

Figure 6. Successful face recognition log in

30
13. Design Class
https://lucid.app/lucidchart/0ddfbcb7-7bdf-4a56-8293-981b0015b0e0/edit?viewp
ort_loc=-6675%2C-1314%2C4020%2C2352%2C0_0&invitationId=inv_59f404b
9-90f7-4789-a330-134ee26f9a4e

31
14. System Architecture
https://lucid.app/lucidchart/c43f24db-cc18-4fc6-a809-df286ff64828/edit?viewport
_loc=-309%2C819%2C4972%2C2909%2C0_0&invitationId=inv_0ca52355-1060
-4a0f-a642-45e17126b5a9

Choosing the Model-View-Controller (MVC) architecture for an AI-Enhanced
Phishing URL Detection System can bring significant benefits in terms of
maintainability, scalability, and clear separation of concerns.

Clear Separation of Concerns: Each component has a specific responsibility, which
helps manage complex tasks and apply updates without interfering with other parts of
the system. For instance, updating the phishing detection model (Model) does not
affect the View, where results are displayed to the user.

Easier Testing and Maintenance: MVC’s structure allows individual testing for each
layer. The Model can be tested independently with various phishing URL datasets, the
View can be tested for proper UI functionality, and the Controller can be tested to
handle request flow and error scenarios.

Enhanced Modularity: MVC makes it easier to integrate additional features, such as
new detection methods, without impacting the existing system structure. For example,
updating phishing awareness resources only requires adjustments in the Model or
View, not the entire system.

The MVC architecture is ideal for the AI-Enhanced Phishing URL Detection System
because it allows clear separation of responsibilities, maintains flexibility for future
updates, and enhances scalability. This structure will support efficient handling of
phishing data, seamless user interaction, and future-proofing against emerging threats.

32
33
15. User Interface Mockup
Sign up and Sign in pages

34
35
User Homepage (scan URL)

36
User Dashboard page

User Top Reported URLs pages

37
User Awareness Page

38
User Account settings

39
Admin Top Reported page

Admin Awareness

40
Admin Account settings

41
42
16. Database Schema

43
17. Algorithms
//1
Phishing attacks are considered a grave threat in today’s digital world, using deceptive
techniques to steal sensitive information like financial details, and personal data. Our proposed
solution is to combat this using ChatGPT, a tool powered by OpenAI’s GPT (Generative
Pre-trained Transformer) architecture, which will be employed via an API as an intelligent tool
to identify and differentiate phishing URLs from legitimate ones. GPT is a deep learning model
that was trained using large amounts of text data, which enables it to understand human-like text
and recognise patterns and contextual language relationships. Through the API, ChatGPT can be
integrated into our application, and utilized to analyze linguistic patterns in phishing URLs, such
as altered spellings, misleading subdomains, and suspicious keywords. ChatGPT adapts
dynamically to evolving phishing tactics, unlike traditional detection systems that rely on static
rules.

In this section, we will highlight how the model will be trained, including the data preparation
process, how it identifies key detection features, as well as the process for testing and fine-tuning
the model to enhance its accuracy.

//2
We will train the model with a labeled dataset that contains both phishing and legitimate URLs to
help to get ChatGPT prepared to recognize phishing URLs. For ChatGPT to effectively learn and
differentiate between malicious and legitimate URLs, a balanced dataset is essential. We used
resources such as OpenPhish, PhishTank, and Hugging Face datasets to gather both phishing and
legitimate URLs. The data is arranged in two columns: one for the URL and another identifying
it as "legitimate " or "phishing."

It is critical to use a diverse and representative dataset that captures various phishing tactics and
legitimate URL structures to help ChatGPT accurately identify subtle differences between
malicious and safe URLs. Phishers employ many strategies to make harmful URLs appear
legitimate, which can trick users into unsafe interactions. Without this variety, ChatGPT’s ability
to understand and detect common phishing tactics would be limited. For example, phishers often
use slight misspellings or minor character changes in URLs, like “g00gle.com” instead of
“google.com,” and by training on these variations, ChatGPT learns to recognize such suspicious
alterations. Attackers may also use homograph attacks, substituting characters with lookalikes
from other languages, such as the Cyrillic “а” in place of the English “a.” Including these
examples in the training data allows ChatGPT to detect these subtle tricks as well. Also, without
a sufficient number of legitimate sites in the dataset, ChatGPT could become overly cautious,
marking genuine sites as suspicious. A balanced dataset lets ChatGPT recognize standard
patterns, identify trusted domains, and effectively distinguish between phishing and legitimate
URLs, creating a more reliable and accurate detection tool.

//3
To detect phishing URLs, ChatGPT will analyze key features within each URL by examining
aspects like unusual domain structures, unexpected subdomains or suspicious Words:

44
 Unusual Domain Names: Most phishing URLs try to create confusion among users by
changing the tiniest bit of any website name. They would replace "amazon.com" with
"amaz0n.com," adding a "0" instead of an "o". These minor changes will be detected, and
ChatGPT will send alerts about them being unsafe.

Unexpected subdomains: the URLs may contain spurious subdomains, like
"login.bank-secure.com." ChatGPT finds URLs with an abnormal or irrelevant
subdomain and identifies trusted subdomain patterns.

Suspicious Words: Displaying words like "login," "verify," or "secure" within a phishing
URL entices the visitor to input personal information. In such instances, something like
"secure-account.com" might appear in the URL even though the URL is not actually
secure. Such words can be identified by ChatGPT, which raises an alarm whenever they
occur in suspicious places.

4//
Training ChatGPT to Identify Phishing URLs and Provide Feedback
ChatGPT can be enhanced to not only classify URLs as phishing or legitimate but also to provide
informative feedback and warnings for users:
- Contextual Analysis: Train the model to detect suspicious patterns in URLs, such as:
- Misspelled domains (e.g., "paypa1.com" instead of "paypal.com").
- Suspicious keywords like "secure" or "login" in odd contexts.
- Overly complex or hidden links that redirect users unexpectedly.

5//
The testing phase validates ChatGPT's ability to classify URLs accurately:
1. Test Dataset:Use a labeled dataset containing phishing and legitimate URLs, sourced from
real-world examples.
2. Performance Metrics: Evaluate:
- Accuracy: The percentage of correctly identified URLs.
- False Positives:Legitimate URLs flagged as phishing.
- False Negatives: Phishing URLs identified as legitimate.

Feedback Loops for Continuous Improvement
Feedback loops help refine ChatGPT's phishing detection capabilities:
1. Error Analysis: Review misclassifications to understand why they occurred.
2. Incorporate Feedback:Retrain ChatGPT with updated data, focusing on identified gaps.
3. Iterative Refinement: Regular testing and re-training cycles improve accuracy over time.

Example:
- If the model struggles with shortened URLs (e.g., "bit.ly/secure-login"), include more such
examples in its training data.

45
 6//
Strategy for Updating ChatGPT
Phishing techniques evolve, requiring ChatGPT to adapt constantly:
1. Data Collection: Gather new phishing and legitimate URLs regularly from platforms like
OpenPhish or PhishTank.
2. Pattern Recognition: Train ChatGPT to detect emerging phishing trends, such as:
- Redirects for URLs with unusual structures.
3. User Interaction Monitoring: Analyze real-world user interactions to identify cases where
ChatGPT's classifications need improvement.

Retraining ChatGPT
Periodic retraining ensures the model stays effective against new threats:
1. Fresh Datasets:Regularly update training data with the latest phishing tactics.
2. Fine-Tuning: Use focused retraining sessions to adapt ChatGPT without disrupting its overall
performance.
3. Post-Update Testing: Validate the updated model to ensure it handles new phishing techniques
effectively before deployment.

18. Expected Deployment

Global Overview

Figure []. System deployment diagram

Mobile Device and Chrome extensions: End-users interact with the phishing detection
system through these devices.
Firewall: Protects the server layer from unauthorized access through the public internet.

46
 Internet: The public network that connects the mobile device and chrome extensions to
backend server
Application server: The main core backend, where business logic for URL and QR code
phishing detection is handled. This server is responsible for processing requests, running
the detection model, and generating reports.
Firebase server: Stores data such as user information, phishing URLs, reports, and
activity logs and manages user login and credentials for secure access , also sends
notifications to users.

19. Test Scenario

47
Test case ID 1

Test Title User registration

Test summary/ description Check if a user can successfully register with
valid inputs.

Precondition The user is on the registration page.

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Register" button.

Test data First name = "Sarah"
Last name = "Ahmad"
Email = “[email protected]”
Password=”Sarah@12345”

Expected output The user is successfully registered

Test Status Pass

Test case ID 2

48
Test Title User registration

Test summary/ description Check if a user can register with invalid first
name.

Precondition The user is on the registration page.

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Register" button.

Test data First name = "S"
Last name = "Ahmad"
Email = “[email protected]”
Password=”Sarah@12345”
Confirmed password=”Sarah@12345”

Expected output The user is not successfully registered
“First name should have at least two letters”

Test Status Pass

Test case ID 3

Test Title User registration

Test summary/ description Check if a user can register with invalid last
name.

Precondition The user is on the registration page.

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Register" button.

Test data First name = "Sarah"
Last name = "A"
Email = “[email protected]”

49
 Password=”Sarah@12345”
Confirmed password=”Sarah@12345”

Expected output The user is not successfully registered
“Last name should have at least two letters”

Test Status Pass

Test case ID 4

Test Title User registration

Test summary/ description Check if a user can register with invalid email.

Precondition The user is on the registration page.

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Register" button.

Test data First name = "Sarah"
Last name = "Ahmad"
Email = “sarahgmail.com”
Password=”Sarah@12345”
Confirmed password=”Sarah@12345”

Expected output The user is not successfully registered
“Please enter a valid email address”

Test Status Pass

Test case ID 5

Test Title User registration

Test summary/ description Check if a user can register with invalid
password.

Precondition The user is on the registration page.

50
Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Register" button.

Test data First name = "Sarah"
Last name = "Ahmad"
Email = “[email protected]”
Password=”sarah12345”
Confirmed password=”sarah12345”

Expected output The user is not successfully registered
“Please enter a valid password (rules)”

Test Status Pass

Test case ID 6

Test Title User registration

Test summary/ description Check if a user can register with incompatible
passwords.

Precondition The user is on the registration page.

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Register" button.

Test data First name = "Sarah"
Last name = "Ahmad"
Email = “[email protected]”
Password=”Sarah@@12345”
Confirmed password=”Sarah@12345”

Expected output The user is not successfully registered
“Passwords don’t match”

Test Status Pass

51
Test case ID 7

Test Title User registration

Test summary/ description Check if a user can register with an empty
field.

Precondition The user is on the registration page.

Test steps 1. User leaves first name empty
2. User leaves last name empty
3. User leaves email empty
4. User leaves password empty
5. User leaves confirms password empty
6. User clicks on the "Register" button.

Test data First name = ""
Last name = ""
Email = “”
Password=””
Confirmed password=””

Expected output The user is not successfully registered
“This field cannot be empty”

Test Status Pass

Test case ID 8

Test Title Sign In

Test summary/ description Check if a user can successfully sign in with
valid inputs.

Precondition The user has registered and verified their
email and on the sign in page.

Test steps 1. User enters email
2. User enters password
3. User clicks on the “Sign in” button.

Test data Email = “[email protected]”
Password=”Sarah@12345”

52
Expected output The user is logged in successfully

Test Status Pass

Test case ID 9

Test Title Sign In

Test summary/ description Check if a user can sign in with an email that
does not exist.

Precondition The user has registered and verified their
email and on the sign in page.

Test steps 4. User enters email
5. User enters password
6. User clicks on the “Sign in” button.

Test data Email = “[email protected]”
Password=”Sarah@12345”

Expected output The user is not successfully signed in
“Incorrect email or password

Test Status Pass

Test case ID 10

Test Title Sign In

Test summary/ description Check if a user can sign in with invalid
password.

Precondition The user has registered and verified their
email and on the sign in page.

Test steps 7. User enters email
8. User enters password
9. User clicks on the “Sign in” button.

Test data Email = “[email protected]”
Password=”Abcd@12345”

53
Expected output The user is not successfully signed in
“Incorrect email or password”

Test Status Pass

Test case ID 11

Test Title Sign In

Test summary/ description Check if a user can sign in with invalid email.

Precondition The user has registered and verified their
email and on the sign in page.

Test steps 10. User enters email
11. User enters password
12. User clicks on the “Sign in” button.

Test data Email = “sarahgmail.com”
Password=”Sarah@12345”

Expected output The user is not successfully signed in
“Please enter a valid email address”

Test Status Pass

Test case ID 12

Test Title Sign In

54
Test summary/ description Check if a user can sign in with an empty
field.

Precondition The user has registered and verified their
email and on the sign in page.

Test steps 1. User leaves email empty
2. User leaves password empty
3. User clicks on the “Sign in” button.

Test data Email = “”
Password=””

Expected output The user is not successfully signed in
“This field cannot be empty”

Test Status Pass

Test case ID

Test Title Forgot Password

55
Test summary/ description Verify that the user can request a password
reset email using the "Forgot Password"
feature

Precondition The user has registered and verified their
email and on the sign in page.

Test steps 1. User clicks "Forgot Password" on the
login page.
2. The "Reset Your Password" screen
appears, prompting the user to enter
their email address.
3. User enters a valid registered email
address in the email input field.
4. User clicks the "Next" button.
5. User sets a new password from the
link sent in the email.
6. User clicks "Back to Login”.
7. User enters their email address and
the newly set password, and clicks the
"Sign In" button.

Test data Email = “[email protected]”
Password=”NewPassword12345”

Expected output The user is logged in successfully

Test Status Pass

Test case ID

Test Title Forgot Password

56
Test summary/ description Verify that the system handles unregistered
email inputs during the "Forgot Password"
process and allows the user to re-enter the
correct email address to proceed.

Precondition The user has registered and verified their
email and on the sign in page.

Test steps 1. User clicks "Forgot Password" on the
login page.
2. The "Reset Your Password" screen
appears, prompting the user to enter
their email address.
3. User enters an unregistered email
address in the email input field.
4. User clicks the "Next" button.
5. User doesn’t receive email and clicks
"Re-enter your email address”.
6. The input field is cleared, and the user
enters a valid registered email
address.
7. User clicks the "Next" button.
8. User sets a new password from the
link sent in the email.
9. User clicks "Back to Login”.
10. User enters their email address and
the newly set password, and clicks the
"Sign In" button.

Test data Email = “[email protected]”
Email = “[email protected]”
Password=”NewPassword12345”

Expected output The user is logged in successfully

Test Status Pass

Test case ID

57
Test Title Forgot Password

Test summary/ description Verify that the system handles invalid email
inputs during the "Forgot Password" process
and allows the user to re-enter a valid email
address to proceed.

Precondition The user has registered and verified their
email and on the sign in page.

Test steps 1. User clicks "Forgot Password" on the
login page.
2. The "Reset Your Password" screen
appears, prompting the user to enter
their email address.
3. User enters an invalid email address
in the email input field.
4. User clicks the "Next" button.

Test data Email = “sarah@@gmail.com”
Email = “[email protected]”
Password=”NewPassword12345”

Expected output An error message appears, “Please enter a
valid email address”.

Test Status Pass

58
Test case ID 13

Test Title Check a URL

Test summary/ description This test case verifies the functionality that
allows users to check a URL they suspect is
phishing.

Precondition User is logged in and on the Home page.

Test steps 1. Enter a valid phishing URL in the URL
submission field.
2. Click on the "Submit" button.

Test data URL=”http://procontrolbit.top/?u=a44354&”

Expected output URL result is displayed, URL is flagged as
phishing.

Test Status Pass

Test case ID 14

Test Title Check a URL

Test summary/ description This test case verifies the functionality that
allows users to check a URL they suspect is
phishing.

Precondition User is logged in and on the Home page.

Test steps 1. Enter a valid clean URL in the URL
submission field.
2. Click on the "Submit" button.

Test data URL=”https://github.com/”

Expected output URL result is displayed, URL is flagged as
clean.

Test Status Pass

59
Test case ID 15

Test Title Check a URL

Test summary/ description This test case verifies the functionality that
allows users to check a URL they suspect is
phishing.

Precondition User is logged in and on the Home page.

Test steps 1. Enter an invalid URL in the URL
submission field.
2. Click on the "Submit" button.

Test data URL=”https://githu@com”

Expected output Error message is shown “Please enter a valid
URL”

Test Status Pass

Test case ID 16

Test Title Check a URL

Test summary/ description This test case verifies the functionality that
allows users to check a URL they suspect is
phishing.

Precondition User is logged in and on the Home page.

Test steps 1. Leave the URL submission field
empty.
2. Click on the "Submit" button.

Test data URL=””

Expected output Error message is shown “This field cannot be
empty.”

Test Status Pass

60
Test case ID 17

Test Title Check a QR code by taking a photo of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by taking a photo of it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. User selects “Camera” from the
bottom menu and takes a picture of
valid phishing QR code.
3. Click on the "Submit" button.

Test data

Expected output Qr code result is displayed, URL is flagged as
phishing.

Test Status Pass

61
Test case ID 18

Test Title Check a QR code by taking a photo of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by taking a photo of it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. User selects “Camera” from the
bottom menu and takes a picture of a
valid clean QR code.
3. Click on the "Submit" button.

Test data

Expected output Qr code result is displayed, URL is flagged as
clean.

Test Status Pass

Test case ID 19

Test Title Check a QR code by taking a photo of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by taking a photo of it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. User selects “Camera” from the
bottom menu and takes a picture of
an invalid QR code.
3. Click on the "Submit" button.

Test data

Expected output Error message is shown “Please submit a
valid QR code”

Test Status Pass

62
Test case ID 20

Test Title Check a QR code by taking a photo of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by taking a photo of it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. Clicks on the "Submit" button without
providing any QR code.

Test data QR Code:(no QR code submitted)

Expected output Error message is shown “Please submit a
valid QR code”

Test Status Pass

63
Test case ID

Test Title Check a QR code by uploading a picture of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by uploading a picture of
it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. User selects “Gallery” from the bottom
menu and selects a picture of valid
phishing QR code.
3. Click on the "Submit" button.

Test data

Expected output Qr code result is displayed, URL is flagged as
phishing.

Test Status Pass

64
Test case ID

Test Title Check a QR code by uploading a picture of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by uploading a picture of
it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. User selects “Gallery” from the bottom
menu and selects a picture of a valid
clean QR code.
3. Click on the "Submit" button.

Test data

Expected output Qr code result is displayed, URL is flagged as
clean.

Test Status Pass

65
Test case ID

Test Title Check a QR code by uploading a picture of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by uploading a picture of
it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. User selects “Gallery” from the bottom
menu and selects a picture of an
invalid QR code.
3. Click on the "Submit" button.

Test data

Expected output Error message is shown “Please submit a
valid QR code”

Test Status Pass

66
Test case ID

Test Title Check a QR code by uploading a picture of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by uploading a picture of
it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. User selects “Gallery” from the bottom
menu and selects a file that doesn’t
match the allowed picture formats.
3. Click on the "Submit" button

Test data Invalid file type…

Expected output Error message is shown “File type not
supported”

Test Status Pass

67
Test case ID

Test Title Check a QR code by uploading a picture of it.

Test summary/ description This test case verifies the functionality that
allows users to check a QR code they
suspect is phishing by uploading a picture of
it.

Precondition User is logged in and on the Home page.

Test steps 1. User Clicks the QR code icon
2. Clicks on the "Submit" button without
providing any QR code.

Test data QR Code:(no QR code submitted)

Expected output Error message is shown “Please submit a
valid QR code”

Test Status Pass

Test case ID 21

Test Title Edit Account Information

Test summary/ description This test case verifies the functionality that
allows users to edit their account information

Precondition User is logged in and on the account settings
page.

Test steps 1. User enters new first name
2. User enters new last name
3. User enters new email
4. User enters new password
5. User confirms password
6. User clicks on the "Save Changes"
button.

Test data First name = "Norah"
Last name = "Omar"
Email = “[email protected]”
Password=”Norah@12345”

68
 Confirmed password=”Norah@12345”

Expected output The user’s account information is
successfully updated

Test Status Pass

Test case ID 21

Test Title Edit Account Information

Test summary/ description This test case verifies the functionality that
allows users to edit their account information

Precondition User is logged in and on the account settings
page.

Test steps 7. User enters new first name
8. User enters new last name
9. User enters new email
10. User enters new password
11. User confirms password
12. User clicks on the "Save Changes"
button.

Test data First name = "Norah"
Last name = "Omar"
Email = “[email protected]”
Password=”Norah@12345”
Confirmed password=”Norah@12345”

Expected output The user’s account information is
successfully updated

Test Status Pass

Test case ID 22

Test Title Edit Account Information

69
Test summary/ description Check if a user can edit their account
information with invalid first name.

Precondition User is logged in and on the account settings
page

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Save Changes"
button.

Test data First name = "N"
Last name = "Omar"
Email = “[email protected]”
Password=”Norah@12345”
Confirmed password=”Norah@12345”

Expected output The user is not successfully edited account
“First name should have at least two letters”

Test Status Pass

Test case ID 23

Test Title Edit Account Information

Test summary/ description Check if a user can edit their account
information with invalid last name.

Precondition User is logged in and on the account settings
page

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Save Changes"
button.

Test data First name = "Norah"

70
 Last name = "O"
Email = “[email protected]”
Password=”Norah@12345”
Confirmed password=”Norah@12345”

Expected output The user is not successfully edited account
“Last name should have at least two letters”

Test Status Pass

Test case ID 24

Test Title Edit Account Information

Test summary/ description Check if a user can edit their account
information with invalid email.

Precondition User is logged in and on the account settings
page

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Save Changes"
button.

Test data First name = "Norah"
Last name = "Omar"
Email = “norahgmail.com”
Password=”Norah@12345”
Confirmed password=”Norah@12345”

Expected output The user is not successfully edited account
“Please enter a valid email address”

Test Status Pass

Test case ID 25

Test Title Edit Account Information

71
Test summary/ description Check if a user can edit their account
information with invalid password.

Precondition User is logged in and on the account settings
page

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Save Changes"
button.

Test data First name = "Norah"
Last name = "Omar"
Email = “[email protected]”
Password=”Norah12345”
Confirmed password=”Norah12345”

Expected output The user is not successfully edited account
“Please enter a valid password (rules)”

Test Status Pass

Test case ID 26

Test Title Edit Account Information

Test summary/ description Check if a user can edit their account
information with incompatible passwords.

Precondition User is logged in and on the account settings
page

Test steps 1. User enters first name
2. User enters last name
3. User enters email
4. User enters password
5. User confirms password
6. User clicks on the "Save Changes"
button.

Test data First name = "Norah"

72
 Last name = "Omar"
Email = “[email protected]”
Password=”Norah@@12345”
Confirmed password=”Norah@12345”

Expected output The user is not successfully edited account
“Passwords don’t match”

Test Status Pass

Test case ID 27

Test Title Edit Account Information

Test summary/ description Check if a user can edit their account
information with an empty field.

Precondition User is logged in and on the account settings
page

Test steps 1. User leaves first name empty
2. User leaves last name empty
3. User leaves email empty
4. User leaves password empty
5. User leaves confirms password empty
6. User clicks on the "Save Changes"
button.

Test data First name = ""
Last name = ""
Email = “”
Password=””
Confirmed password=””

Expected output The user is not successfully edited account
“This field cannot be empty”

Test Status Pass

73
Test case ID

Test Title Download Chrome Extension

Test summary/ description Verify that the user can download the Chrome
extension from the provided button and is
redirected to the correct download page.

Precondition The user is logged in and is on the home
page.

Test steps 1. User clicks download.
2. User is redirected to the Chrome Web
Store.
3. User clicks "Add to Chrome".

Test data None required for this test.

Expected output The extension installs successf