Embedded Files
Software Engineering
Software Engineering
Characteristics of a well-engineered software product
Characteristics of a well-engineered software product
Maintainable refers to how easy it is to identify the cause of faults , modify the software and adapt the system to new uses.
Dependable / Functional / Reliable
Efficient
Usable refers to how effectively end users can use or learn/control the system. It is easy to learn how to use the system. There is an appropriate user interface. The system is user friendly.
Portable / Scalable refers to the ability of the application to be run or be viewed on numerous platforms. NB. Machine independence is NOT considered platform independence. The nature of reusable, replaceable objects suggest that each object can be easily swapped out for a better performing , more up-to-date or functional version.
Appropriately documented
Top-Down & Bottom -Up Design
Top-Down & Bottom -Up Design
Top down design:
Top down design:
Understand the problem at its highest level and work your way down through the solution(1). Problem broken down in to more manageable task.
Bottom up design:
Bottom up design:
It starts with the building of the most specific and basic parts of the system to design and then linking these parts together to form the whole or single component. This method allows testing and coding to be done early as well as encourages code reusability. OR Reuse oriented OR Object Oriented Design
SDLC
SDLC
Phases
Phases
Analysis
Design
Design phase outcome: The design phase should produce the new system architecture and design specifications to be implemented. It should show what the proposed system should do and how it will work. This phase can include structure charts, user interfaces, reports, prototypes, CASE tools, object models, ERD.
Implementation
Validation
Evolution Maintenance, repairs, environment adaptation,
Deliverables
Deliverables
A deliverable is a product that is completed in a phase of the SDLC.
System Architecture / Architectural Design
Design Specification
Interface Design
Data Structure Design
Algorithm Design
Report Design
HIPO Chart
HIPO Chart
A HIPO chart represents the hierarchy of modules in the software system.
OR
It decomposes functions into sub-functions in a hierarchical manner .
Waterfall Model
Waterfall Model
Advantages
It is simple and easy to understand and use
It is tried and proven
Deliverables are available at each stage
Disadvantage:
It is inflexible in partitioning projects into distinct stages which do not allow iteration
Commitments must be made at an early stage in the process, which makes it difficult to response to changes in customer requirements
It used for problems that are well-understood
No feedback can be provided to customers
Real projects rarely follow a sequential flow Iterations are almost always necessary Parallelism is almost always necessary
Customers often do not state requirements explicitly
Customers must wait until deployment phase in order to see a working product
Rapid Prototyping
Rapid Prototyping
Prototyping is quickly putting together a working model to illustrate ideas/features early in the development process so as to gather user feedback
Disadvantages
If developers and customers are not committed, system development will likely fail because of the intense collaboration required between these parties.
This type of modelling is not applicable for projects with high technical risks because such projects need to be designed using a structured approach.
Development follows an ad hoc methodology and as such documentation is often minimal. This makes the project more difficult to maintain.
Rapid prototyping strategies spend little time on standard design and analysis strategies. As a result inefficient prototypes could be produced.
Rapid prototyping strategies may employ a large number of resources. There is however a risk of a high cost for programs of little or no use.
Errors can be introduced as requirements are refined and the prototype updated.
Transformational Model
Transformational Model
Formal transformation is a mathematically-based technique used for the specification, development and verification of hardware and software systems. It is most useful when developing systems that require safety, reliability/security.
Evolutionary Development
Evolutionary Development
Interleaves the activities of specification, development, and validation / allows iteration between phases
AGILE MODEL
AGILE MODEL
Agile Software Development Life Cycle (SDLC) is the combination of both iterative and incremental process models. It focuses on process adaptability and customer satisfaction by rapid delivery of working software product. Agile SDLC breaks down the product into small incremental builds. These builds are provided into iterations.
Agile model believes that every project needs to be handled differently and the existing methods need to be tailored to best suit the project requirements. In Agile, the tasks are divided to time boxes (small time frames) to deliver specific features for a release.
Iterative approach is taken and working software build is delivered after each iteration. Each build is incremental in terms of features; the final build holds all the features required by the customer.
Analysis Phase
Analysis Phase
Functional and Nonfunctional requirements.
Functional requirements describe what the system should do. Services offered by the system. For example, the system should reject character entries in the date field.
Non-functional requirements are requirements that judge the operations of a system. (How well the system should work) or constraints on how the system should work. For example, what platform the software will run on. Process/Platform used to develop the system. Response times the system must guarantee or the capacity of the system.
Requirement Gathering Techniques
Interviews
Advantages
Can obtain a vast amount of details.
Disadvantages
Time consuming in terms of listening to and assessing responses.
Questionnaires
Advantages
Large audience-research.
Supervision is not necessary.
Disadvantages
Possible to suffer from low response rates.
Analyzing responses can be a very time-consuming task.
Developing a good survey instrument can be difficult.
Prototyping
Observation
Advantages
A good technique to use when users are not able to clearly describe current/new system.
Focusses on existing systems as opposed to the new system requirement.
Disadvantages
Time consuming
Case Tools Computer Aided Software Engineering
Case Tools Computer Aided Software Engineering
It is the use of computer-based tools used to provide automated support for software development activities OR Used to develop and/or maintain software
A CASE tool can be used in requirements specification for developing data flow diagrams and entity-relationship models .
A CASE tool can be used throughout the development process for generating documents, both technical and user documentation, in standard formats .
A CASE tool can be used during design for maintaining a data dictionary (database) and for developing graphical models of the system being built (e.g., object-oriented class diagrams).
E.g. Prototyping, Diagramming (flowcharts, DFDs, ERDs), form and report (interface) Design
Disadvantages:
1. CASE tools are normally very expensive.
2. Personnel must be trained to use CASE tools which increases costs even more
ERD Entity Relationship Diagram
ERD Entity Relationship Diagram
Cardinality is the number instances of an entity that may exist between two related entities. For example, one to one, one to many or many to many. It refers to the degrees of a relationship
OR
The number of times an instance in one entity can be associated with instances in the related entity
Modality refers to the minimum number of times an instance in one entity can be associated with an instance in the related entity .
OR
Modality is 0 or 1 respectively depending whether a relationship is optional of mandatory.
DFD Data Flow Diagram
DFD Data Flow Diagram
Data Dictionary
Data Dictionary
A set of information describing the contents, format, and structure of a database and the relationship between its elements, used to control access to and manipulation of the database.
Risk Assessment
Risk Assessment
Factors
Skill level of development team,
legal, ethical and political issues,
Technology,
operational environment,
Availability, Security
Time
Costs
Testing
Testing
White box testing involves designing tests based on the known coded functionality of a program unit
Black box testing involves applying tests to a program unit based on its expected behaviour without knowing the coded functionality.
Grey Box testing – Testing with limited knowledge of internal details
Unit/Component testing validates that individual units of code or modules operate as intended ensure it meets the requirements. Example: A test can be done on the function to calculate students grades only to ensure it produces the expected output against the given input. Similar examples for test done on individual modules / functions / components are accepted. Unit testing is done by the programmer.
Integration testing combines software modules as a group to ensure that the program operates as intended.
System testing tests the system as a whole to validate that it meets its specification and the objectives of its users. (Similar to subsystem testing)
Acceptance testing Test done on the completed system to verify/determine if the system meets the specified requirements and work as expected as outlined by the customer. This test determine whether the customer should accept the system. Acceptance testing is done by the user of the system.
Example: The customer given the system to use using real data.
Regression Testing is defined as a type of software testing to confirm that a recent program or code change has not adversely affected existing features. Regression Testing is nothing but a full or partial selection of already executed test cases which are re-executed to ensure existing functionalities work fine. This testing is done to make sure that new code changes should not have side effects on the existing functionalities. It ensures that the old code still works once the latest code changes are done.
Alpha testing – test system with end user using simulated data
Beta testing – test system with end user using actual data
Stress/Performance testing – attempt to overload the system to see what happens if system crashes.
Recovery testing – observing how the system reacts after it has crashed e.g. is data lost.
Usability testing – testing the ease of user interfaces.
A test case describes a set of actions or inputs to be applied to the system and the expected outputs
Issues confronting modern computer systems, societies and users.
Issues confronting modern computer systems, societies and users.
Software piracy is the illegal copying of copyrighted software. It has become a global problem. Piracy of music, movies, and books is also a growing problem. Millions of people copy songs, digital books, or movies onto their computer or their iPod illegally. They download the media they want for free from a peer-to-peer file sharing website like BitTorrent. This process denies the original artists, authors, or entrepreneurs the legitimate compensation they deserve for their work.
Software license
Software license
A software license is a document that provides legally binding guidelines for the use and distribution of software. A software license is a document that states the rights of the developer and user of a piece of software. It defines how the software can be used and how it will be paid for. The following are some examples of specifications a license might include:
how many times the software can be downloaded;
what the software will cost; and
what level of access users will have to the source code.
What are the different types of software licenses?
What are the different types of software licenses?
There are two general types of software licenses that differ based on how they are viewed under copyright law.
Free and open source software (FOSS) licenses are often referred to as open source. FOSS source code is available to the customer along with the software product. The customer is usually allowed to use the source code to change the software.
Proprietary licenses are often referred to as closed source. They provide customers with operational code. Users cannot freely alter this software. These licenses also usually restrict reverse engineering the software's code to obtain the source code.
https://www.techtarget.com/searchcio/definition/software-license
Freeware is free to use, at no cost but is under copyright, while free software is copyright-free and has no constraints or limitations. Users of free software can make changes to the programs’ core elements, rewrite or overwrite whatever they want, and change it as they please. Freeware is completely free but copyrighted nonetheless, and its source code may or may not be freely available. Unlike free software, it isn’t necessarily editable or modifiable to create a whole new program.
Shareware is commercial software that’s available at no cost but is designed for sharing with others. Developers distribute shareware on a trial basis or in a limited format with an expiry date, so that users can test run the software and hopefully decide to purchase the full versions.
A good example of shareware is the new games developers make available on a limited basis, allowing gamers to experience and share before purchasing the full version.
https://helpdeskgeek.com/reviews/freeware-versus-shareware-whats-the-difference/
Data protection
Data protection
is the process of safeguarding important information from corruption, compromise or loss.
The importance of data protection increases as the amount of data created and stored continues to grow at unprecedented rates. There is also little tolerance for downtime that can make it impossible to access important information.
Consequently, a large part of a data protection strategy is ensuring that data can be restored quickly after any corruption or loss. Protecting data from compromise and ensuring data privacy are other key components of data protection.
https://www.techtarget.com/searchdatabackup/definition/data-protection
Data Protection Act of Trinidad and Tobago
Data Protection Act of Trinidad and Tobago
https://rgd.legalaffairs.gov.tt/laws2/Alphabetical_List/lawspdfs/22.04.pdf
Computer Misuse Act of Trinidad and Tobago
Computer Misuse Act of Trinidad and Tobago
https://rgd.legalaffairs.gov.tt/laws2/alphabetical_list/lawspdfs/11.17.pdf
Computer Misuse Act
Computer Misuse Act
Data stored electronically is easier to misuse and this can have an impact on data becoming corrupted, either accidentally or deliberately.
Types of computer misuse
Misuse of computers and communications systems comes in several forms:
Hacking: is where an unauthorised person uses a network, internet or modem connection to gain access past security passwords or other security to see data stored on another computer. Hackers sometimes use software hacking tools and often target, for example, particular sites on the internet.
Data misuse and unauthorised transfer or copying
Data misuse and unauthorised transfer or copying
Copying and illegal transfer of data is very quick and easy using online computers and large storage devices such as hard disks, memory sticks and DVDs. Personal data, company research and written work, such as novels and textbooks, cannot be copied without the copyright holder's permission.
Copying and distributing copyrighted software, music and film
Copying and distributing copyrighted software, music and film
This includes copying music and movies with computer equipment and distributing it on the internet without the copyright holder's permission. This is a widespread misuse of both computers and the internet that breaks copyright regulations.
Email and chat room abuses
Email and chat room abuses
Internet services such as chat rooms and email have been the subject of many well-publicised cases of impersonation and deception where people who are online pretend to have a different identity. Chat rooms have been used to spread rumours about well known personalities. A growing area of abuse of the internet is email spam, where millions of emails are sent to advertise both legal and illegal products and services.
Pornography
Pornography
A lot of indecent material and pornography is available through the internet and can be stored in electronic form. There have been several cases of material, which is classified as illegal, or which shows illegal acts, being found stored on computers followed by prosecutions for possession of the material.
Identity and financial abuses
Identity and financial abuses
This topic includes misuse of stolen or fictional credit card numbers to obtain goods or services on the internet, and use of computers in financial frauds. These can range from complex well thought out deceptions to simple uses such as printing counterfeit money with colour printers.
Viruses
Viruses
Viruses are relatively simple programs written by people and designed to cause nuisance or damage to computers or their files.
https://www.bbc.co.uk/bitesize/guides/zt8qtfr/revision/1
Threats
Threats
viruses, worms, distributed denial of service attacks, malware, ransomware, hacking
and countermeasures.
https://www.geeksforgeeks.org/difference-between-rootkit-and-worms/
https://wustl.edu/about/compliance-policies/computers-internet-policies/legal-ethical-software-use/
https://www.crowdstrike.com/cybersecurity-101/malware/types-of-malware/
Distributed Denial of Service attack
A Distributed Denial of Service (DDoS) attack is an attempt made to take a website or online service offline. Attackers use a variety of ways to do this, but they all are designed to overwhelm the site with traffic from multiple sources. In recent months, Spotify and Twitter were targeted by a DDoS attack and one was planned for Donald Trump's inauguration on January 20 as a protest against the divisive leader.
In a DDoS attack, the traffic flooding the site can come from hundreds or thousands of sources, which makes it near-impossible to stop the attack simply by blocking a single IP address. They can be distributed by infected computers via botnets, or coordinated (like in the case of the Trump protests). Sites also struggle to differentiate between a legitimate user and attack traffic.
A DDoS attack differs from a Denial of Service (DoS) attack, which typically uses a single computer and connection to flood a system or site.
Viruses
In simpler times, the term virus referred to any type of infection, similar to the way in which you might now say you 'have a cold' when you feel ill. However, as new threats have emerged, the words for each have changed.
Now, virus generally refers to a malicious program that self-replicates but requires some user interaction to be initiated.
Spyware
The term 'spyware' is a sub-division of viruses and refers to those programs dedicated to stealing your personal details (logins, passwords, personal info, etc) once they've found a way onto your computer or phone.
Malware and trojans
Malware is a more generic term that can be used to refer to nefarious software, which has been specifically designed to disrupt or damage a computer system, while trojans are programs that pretend to be something they're not, and include malicious additions.
Trojans are often bundled with legitimate software (eg, downloaded via P2P or file-download sites) but keep the original software intact to avoid suspicion and allow the trojan to spread further.
Once silently installed, a trojan can have a number of different payloads - including letting hackers install additional malicious software, which expands the access these hackers have to your machine.
Much of the confusion around the different types threat arise from the difference between focusing on what each one is and what each one does.
Phishing scams
Phishing attacks take many forms – malicious emails, fake web forms, pharming – but the ultimate aim of each is to gain access to private information. At the heart of phishing attacks is deception. Each attacker is attempting to convince you they are a person or brand you are familiar with.
Ransomware
Ransomware, for example, will hold your most sensitive (or indeed, all) your files hostage until you pay a ransom, but it could get onto your computer via a trojan, virus or worm.
Worms
Much like viruses (and arguably a sub-class of them), worms differ in one key way: viruses require an action on the part of the user for them to spread, or for the initial infection to take place. For example, receiving a malicious file attached to an email would require you to open the file for a virus to execute.
Worms, on the other hand, need no such interaction and can happily replicate and spread to different computers (on a network or via a USB key, for example) with no warning whatsoever.
This makes worms potentially more dangerous than viruses, trojans or other malware, as they're harder to contain.
While traditional anti-virus software will take care of a lot of the better-known viruses and trojans, the ability to replicate itself to networked resources without any interaction makes containing a worm a much harder task.
Doxing
In a doxing attack, hackers publicly release personal information about one or more individuals. In 2011, a hacking collective associated with Anonymous posted the names and addresses of dozens of LAPD officers online after accusing the department of shutting down the Occupy L.A. Movement. In 2015, Anonymous itself then released the names of hundreds of people allegedly associated with the Ku Klux Klan.
A US hacker, Mira Islam, was sentenced to two years in prison in 2016 after posting the names, addresses and phone numbers of dozens of celebrities including Michelle Obama, Jay Z and Ashton Kutcher. The US Department of Justice said the information was used by "countless others" in subsequent fraud attacks.
Baiting
Baiting attacks exploit the curiosity or greed of unsuspecting victims. A hacker may plant a USB stick loaded with malware in the lobby of a business. If an employee then put that USB into their work computer – perhaps because it had the logo of a rival company on it – it could install malware onto the company's internal computer network. Emails with intriguingly named files attached, or websites that offer free downloads, may also be baiting scams designed to trick people into downloading viruses onto their computers.
https://www.wired.co.uk/article/ransomware-viruses-trojans-worms
Page updated
Report abuse