oe: MSEI-025 Application and Indira Gandhi National Open University ; Scholot Vocational Euston and Taine —-BUSiness Security Developments Block 1 APPLICATION DEVELOPMENT LIFE CYCLE UNIT1 Analysis and Application Design 5 UNIT2 Application Coding 48 UNIT 3. Application Testing a 84 UNIT 4 Application Production and Maintenance _ 120Programme Expert/ Design Committee of Post Graduate Diploma in Information Security (PGDI: | Prot KR Savatsan Pro Vice-Chancellor, IGNOU Mr. BJ. Srinath, Se. Director &’Scicatit “G'.CERT- Jn, Department of Information Technology, Minsty ‘of Communication and Information “Technology Govt of India Mr ASA. Krismnan, rector, Department ot Information Technology, CyberLaws and E- Security Group, Ministry of Communication and Tnfoxmation Technology, Govt ofIndia Mr. S. Balasubramony, ‘Dy. ‘Superintendent of Police, CBI, Cyber Crime Investigation Cell, Delhi Inforaties Centre, Ministry of Communication and Information Technology : Prof. M.N. Deja, Profesor, Deparment of ‘Computer Engineering, Jamia Mila Islami + New Delhi De DAK. Looiyal, associate rroressor, Senoo! oF ‘Computer and Systems Sciences, INU New Delhi Mr. Omveer Singh, Scent, CERT-In, Department ‘of Information Technology, Cyber-Laws and E- Security Group, Ministry of Communication and Information Technology, Gov of India Dr. Vivek Mudgl, Director, Eninov Systems Noida Mr. V.V Subramanyam, Assistant Profesor School of Compater and Information Scenes ‘Andheri(w), Mumbai (Unit 3) Mr. Saoud Sarwar Tz Anup Girdhar, CEO, Seduliy SoUnORS & ‘Technologies, New Deli Prof. AK. ini, Professor, University School of Management Studies, Guru Gobind Singh Indrprasha Univesity, Delhi Mr. CS. Rao, Technical Director in Cyber Security _Diasion, Nabonat informatics Cents, Minty ot ‘Communication and Information Technology Prof. CG. Naidy, Director, School of Vocational duction & Training, IGNOU Prof: Manohar Lal, Director, School of Computer ‘and Information Seience, IGNOU Prof. K. Subramanian, Director, ACIIL, IGNOU Former” Deputy Direcior General, National Informatics Centre, Ministry of Communication ‘nd Information Technology, Gov. of india Prof K. Elumalai, Director, School of Law IGNOU Dr. A. Murali M Rao, Joint Director, Computer Divison, IGNOU Mr. PV. Suresh, Sr. Assistant Professor, School of ‘Computer and Information Science, IGNOU Ms, Mansi Sharma, Assistant Profesor, Schoo! of, ‘Law, IGNOU Ms. Ushla Kant Assistant Professor, School of Vocational IGNOU ‘block Preparation Unit Writers Block Ealtor Proof Reading and ‘Mr. T. Lakshmana Kumar ‘Mr. P.V. Suresh ‘Format Editing MSc(f, PGDBM , Vijayawada. Sr. Assistant Professor Ms, Ursla Kant (Unit 182) School of Computer Assistant Profesor DMs. Natna Kaushik sod information School of Vocational Assistant Professor, Computer Engineering Science IGNOU Education & , Dept, Rajiv Gandhi Instat of technology Ms. Unhla Kant Training, IGNOU. “Assistant Professor ‘School of Vocational Head .CSE Department, Al-Falsh Schoo! Education & Training ‘of Engineering & Technology, Dhauj IGNOU Faridabad (Unit 4) PRODUCTION Mi. B. Natrajan Mi Tiender Sei “Mi Hemant Paria Dy. Registrar (Pub,) Asstt Registrar (Pub.) Proof Reader Mrpp.1oNoU __Mrpp,IGNoU_MFpD.1gNou__ Feb, 2012 (© Indira Gandhi National Open University, 2011 ISBN: 978-81-2665899.3, All vighte rewrrarl. Na pt of this ink many ba sepdaced ay fare, iy mimocggoph any other means, without permission in writing from the Indira Gandhi National Open University Further information on the Indira Gandhi National Open University courses may be obtained from the University’s offce at Maidan Garki, New Delhi-110 068 or the website of IGNOU Printed and Published on behalf ofthe Indira Gandhi National Open University, New Del by the Registrar, MPDD. Print at: Bemy Art res A9, Mayapsi Phase-1 New Delhi-64COURSE INTRODUCTION This course talks about the application and business security’ developments. An application is a collection of programs that satisfies certain: specifi requirements and resolves certain problems. The solution could reside on any platform or combination of platforms, from a hardware of operating system point of view. This unit explains the development process for any application. Application development is usually composed of the following phases, such as: + Design phase + Gather requirements. User. hardware and software requirements © Perform analysis. @ Develop the design in its various iterations: + High-level design + Detailed design > Hand aver the design ta application programmers + Code and test application. Perform user tests. User tests application for functionality and usability. + Perform system tests. © Perform integration test (teat application with other programs to verify that all programs continue to function as expected). © Perform performance (volume) test using production data. + Go into prodyction-hand off to operations. ‘+ Ensure that all documentation is in place (user training, operation proveduies). ‘+ Maintenance phase--ongoing day-to-day changes and enhancements to application. Application development involves the activities of planning, implementation, testing, documenting, deployment and maintenance. It is the process for creating something out of raw ideas and lead towards the problem solving application or software. It is a tedious process to develop software. Herein, iplementation is adopted where software engineers actually program the code for the project. Then software testing is an integral and important phase of the software development process. This part of the process ensures that defects are recognized as soon as possible. Further, documenting the internal design of software for the purpose of future maintenance and enhancement is done throughout development. Maintaining and enhancing software to cope with newly discovered problems or new requirements can take far more time than the initial development of the software. This process deals with the authentication, data access, error handling, encryption, server configuration, security assessment and other important activities for the successful development of software This course includes the following blocks: Block 1 — Application Development Life Cycle Block 2 ~ Secure Application Development-1 Block 3 — Secure Application Development -II. Block 4~ Application Testing and Ethical HackingBLOCK INTRODUCTION Many software development organizations, including many product and online services groups within Microsoft, use agile software development and management methods to build their’ applications. Historically, security has not been given the attention it needs when developing software with agile methods. Since agile methods focus on rapidly creating features that satisfy customers’ direct needs, and security is a customer need. it’s important that it not be overlooked. In todav’s highly interconnected world, where there are strong regulatory and privacy requirements to protect private data, security must be treated as a high priority. There is a perception today that agile methods do not create secure code, and, on further analysia, the perception is reality. There is very litte “secure Agile” expertise available in the market today. This needs to change. But the only way the perception and reality can change is by actively taking steps to integrate security requirements into agile development methods. This block comprises of four units and is designed in the following way: ‘The Unit One helps you by explaining the importance of Analysis and Application Design. Design is a process of translating analysis model to design models that are further refined to produce detailed design models. The process of refinement is the process of elaboration to provide necessary details to the programmer. Data design deals with data structure's selection and design. Modularity of program increases maintainability and encourages parallel development. The aim of good modular design is to produce highly cohesive and loosely coupled modules. Independence among modules is central to modularity. Good user interface design helps software to interact effectively to external environment, Tips for good interface design helps designer to achieve effective user interface. The Unit Two covers application coding. A coding standards document tells developers how they must write their code. We clarified why you need coding standards and also advantages of coding standards. We listed out the good methods fir coding and ao how to do effective source code control. This unt also gives you the rules for developing secured cade Here, we listed cusiom applications and their sec threats, and also some General advice on securing custom applications. Testing is a major component of software development, and is a major science in itself. Unit three focuses on application testing. Software testing is needed to verify and validate that the software that has been built has been built to meet these apesifieationo. Teoting enourco that what you get in the end io what you wanted to build. Testing enhances the integrity of a system by detecting deviations in design and errors in the system. Testing aims at detecting error-prone areas. This helps in the prevention of errors im a’ system. Testing also adds value to the product by conforming to the user requirements. Unit four explains about the application production and maintenance, This unit will discuss what maintenance is, its role in the software development process, how it is carried out, and its role in iterative development, agile development, component- based development and open source development. Hope you benefit from this block. ‘ACKNOWLEDGEMENT ‘The material we have used is purely for educational purposes. Every effort has been made to trace the copyright holders of material reproduced in this book. Should any infringement have occurred, the publishers and editors apologize and will be pleased to make the necessary corrections in future editions of this book.UNIT 1 ANALYSIS AND APPLICATION . DESIGN Structure 1.0 Introduction 1.1 Objectives 1.2 Analysis 1.2.1 Requirements Analysis 1.2.2 Different Ways of Performing Requirements Analysis 1.3. Design Process and Design Quality 1.4 Characteristics of Good Design process L.> Design Engineering Concepts 1.6 Characteristics of Well Formed Design 1.7 Design Model 1.8 — Design Elements in Design Model 1.9 Architectural Design 1.10 Data Design at the Architectural Level and the Component Level 1.10.1. Architectural Styles 1.10.2. Architectural Pattern 1.10.3 Pata Centered Architecture 1.104 Data Flow Architecture 1.10.5 Call and Retum Architecture and Layered Architecture 1.11 Object-Oriented Design 1.11.1 Design Models of Object-Oriented Design Process 1.11.2. Importance of Object Interface Specification 1.12 User Interface Design 1.13 Interface Design Steps 1.14 Let Us Sum Up 1.15 Check Your Progress: The Key 1.16 Suggested Readings 1.0 INTRODUCTION Software development consists of the first phase called software requirements. To develop any software firs its requirement is to be taken care off. Software requirement is to be analyzed and modeled where application design plays an important role. Application design is the last software engineering action within the modeling activity. Application design compromises of the code generation and testing activities which are collectively known as construction. Therefore softwareApplication Development Life Cyele development consist of the analysis and modeling phase where in modeling the application design takes place. ‘The foundation of all elements in Design starts with the consideration of data ‘The next step is the derivation of the architecture and lastly all the d ign tasks are performed. Application designing is as simple as architect's plans for a house. To start with, all the things to be 'uilt and slowly progressing towards refining the ings, progressing the construction, and taking care of each detail Similarly, the design model that is created for software provides a variety of different views of the system. Designing of software falls in the technical aspect of software engineering like Kernel. design is a core engineering acti Application design is applied to every software process model as isos the sot ,. Design engineering compr of principles, concepts and practices that constructs high quality system or product. ~The goal of design’ erigineering is to produce a model or representation that exhibits firmness, commodity, and delight. id OBJECTIVES ‘After going through this unit, you should be able to explain: 12 Analysis design engineering concepts; architectural design; data design; object-oriented design; and user interface design ANALYSIS Analysis is the process of breaking a complex topic or substance into smaller parts to gain a better understanding of it. It is the examination and evaluation of the relevant information to select the best course of action from among various alternatives. 124 Requirements Analysis Encompasses those tasks that go into determining the needs or conditions tom eet for a new or altered product, taking account of the possibly conflicting requirements of the various stakeholders, such as beneficiaries or users.Requirements analysis in systems engineering and sofware engineering, encompasses those tasks that go into determining the needs or conditions to meet for a new or altered product, taking account of the possibly conflicting requirements of the various stakeholders, such as beneficiaries or users Requirements analysis is critical to the success of a development project. Requirements must be documented, actionable, measurable, ‘stable, traceable, tclated to identified business needs or opportunities, and dcfived tw a level of detail sufficient for system design, Requirements can be architectural, structural, behavioral, functional, and non-functional. 1.2.2. Different Ways of Performing Requirements Analysis Brainstorm sessions bring together a set of design and task experts to inspire each other in the creative, idea generation phase of the problem solving process. ‘They are used to generate new ideas by freeing the mind to accept any idea that is suggested, thus allowing freedom for creativity. ‘Ihe method has been widely used the early phases of design. Ihe results of a brainstorming session are, it 1s hoped, a set of good ideas and a general feel for the solution area to meet user needs. Card sorting is a technique for uncovering the hierarchical structure in a set of concepts by asking users to group items written on a set of cards This is often used, for instance, to work out the organisation of a website. Users would be given cards with the names of the intended web pages on the site and asked to group the cards into related categories. After gathering the groupings fram several users, designers can typically spat clear structures across many users. Statistical analysis ean uncover the hest ‘groupings from the data where it is not clear by inspection. IBM (2002) is an example of an analysis programme. Affinity diagramming ic a related technique that can be used for organising the structure of a new system, and allows participants to work as a group. Designers or users write down items such as potential screens or functions on sticky notes and then organise the notes by grouping them, to uncover the structure and relationships in a domain. Affinity diagrams are ‘often a ‘good next step after a brainstorming session. See Beyer & ‘Holtzblatt (1998) for more information. Storyboards, also termed “Presentation Scenarios", are sequences of images that show the relationship between user actions or inputs and system outputs. A typical storyboard will contain a number of images depicting features such as menus, dialogue boxes and windows. Storyboard sequences provide a platform for exploring and refining user requirements options via a static representation of the future system by showing them to potential users and members of a design team (Andriole, 1989).Application Development Life Cycle Prototyping is where designers create paper or software-based simulations of user interface elements. (menus, buttons, icons, windows, dialogue sequences, etc.) in a static or dynamic way. When a paper prototype has been prepared, a member of the design team sits before a user and ‘plays the computer’ by moving the paper and card interface elements around in response to the user's actions. The difficulties encountered by the user and user comments, are recorded by an observer. Software prototypes provide a greater vel of realism than is normally possible with simple paper mock- ups. Here, the aim is to create a rapid prototype that is used to establish an acceptable design for the user but is then thrown away prior to full implementation. Some design processes are based on a rapid application development (RAD) approach. Here a small group of designers: and users work intensively on a prototype, making. frequent changes in response to user comment. The prototype evolves into the full system. Hall (2001) discusses the merits and cost-benefits of varying fidelity levels of prototypes. Allocation of function is an important element for many systems. As ISO 13407 (1999) states in clause 7.3.2, allocation of function is "the division of system tasks into those performed by humans and those performed by technology” to specify a clear system boundary. A range of options is established to identify the optimal division of labour, to provide job satisfaction and efficient operation of the whole work process. User cost- benefit analysis can then be carried out to determine how acceptable each user guup will find the new arrangement. The use of task allocation charts and aas-benefit analysis is most useful for systems that affect whole ‘work processes rather than single user, single task products. They also provide the opportunity to rethink the system design or user roles to, provide @ ne acceplable sulution fur all yioups. A process fur performing a user cost- benefit analysis is described by Eason, (1988). Design guidelines and standards are referred to by designers and HCI specialists for guidance on ergonomic issues associated with the system being developed. The ISO 9241 standard (ISO, 1997) covers many aspects of hardware and software user-interface design, and contains a widely agreed body of software ergonomics advice. See Bevan (2001) for more information on ISO standards. Style guides embody good practice in interface design. Following a style guide will increase the consistency between screens and can reduce the development time. For a GUI (graphic user interface) an operating. Stakeholder interviews Stakeholder interviews are a common technique used in requirement analysis. ‘Though they are generally idiosyncratic in nature and focused upon the perspectives and perceived needs of the stakeholder, very often without larger