The document describes requirements for an Online Examination Form Submission System (OEFSS) according to the IEEE format, including developing a software requirements specification, explaining the prototype model of software development with an example, providing a structure chart to decompose a system into executable tasks using a hotel billing system as an example, and presenting a Gantt chart showing the tasks, dependencies, and time estimates for developing the OEFSS.
The document discusses approaches to building secure web applications, including establishing software security processes and maturity levels. It covers security activities like threat modeling, defining security requirements, secure coding standards, security testing, and metrics. Business cases for software security focus on reducing costs of vulnerabilities, threats to web apps, and root causes being application vulnerabilities and design flaws.
This document discusses cloud-native DDoS attack mitigation and provides an overview of how AWS services can help. It describes the evolution from on-premise to cloud-routed to cloud-native DDoS mitigation strategies. It also outlines AWS Shield Standard and Advanced protections that provide automatic DDoS protection for AWS resources. The presentation aims to help users prepare resilient architectures, monitor applications for issues, and respond to DDoS events through demonstrations of AWS services like WAF, CloudFront, Route 53, and more.
IRJET- Android Malware Detection using Machine LearningIRJET Journal
This document discusses using machine learning algorithms to detect Android malware. It aims to extract features from Android applications (APKs) and train machine learning models to classify APKs as malware or benign. The proposed approach extracts features from an APK's manifest file and decompiled code to identify permissions, URLs, API calls, and other indicators. Random forest classifiers are trained on a dataset of benign and malicious APKs to detect known malware families. The models can classify new APKs as either malware or benign, and if malware, identify the specific malware family. The approach aims to detect malware with high accuracy while reducing analysis time by processing multiple APKs in parallel.
The document discusses technical vulnerability management and outlines the key steps in the NIST Risk Management Framework that include vulnerability analysis. It also covers establishing an effective Patch and Vulnerability Group to monitor for vulnerabilities, prioritize remediation, and deploy patches. Finally, it provides examples of different types of vulnerability analysis tools including network scanners, host scanners, and web application scanners.
The OWASP SAMM (Software Assurance Maturity Model) is an open framework that helps organizations implement software security strategies tailored to their risks. It provides resources to evaluate existing practices, build balanced security programs through iterations, and measure improvements. The SAMM model defines security practices for different business functions and maturity levels to allow for continuous, risk-based improvements tailored to each organization.
This document introduces tools and techniques for preliminary malware analysis. It discusses examining malware behavior through static analysis, behavioral tracing, and sandboxing. Specific tools are presented for observing malware snapshots, tracing its behavior, and containing it in a sandbox. Process-based and stealthy malware are discussed, along with vulnerabilities of rootkits and tools for rootkit detection. The goal is to present a model for beginning reverse engineering of malware through observation and experimentation in a contained environment.
The document discusses the waterfall model of software development. It describes the phases of the waterfall model as requirements gathering, design, coding, testing, and maintenance. Each phase must be completed before moving to the next. The advantages are that it is easy to implement and complete one phase at a time. The disadvantages are that not all requirements can be identified up front, the final working model is only seen at the end, and it is not possible to go back to a previous phase.
The document discusses approaches to building secure web applications, including establishing software security processes and maturity levels. It covers security activities like threat modeling, defining security requirements, secure coding standards, security testing, and metrics. Business cases for software security focus on reducing costs of vulnerabilities, threats to web apps, and root causes being application vulnerabilities and design flaws.
This document discusses cloud-native DDoS attack mitigation and provides an overview of how AWS services can help. It describes the evolution from on-premise to cloud-routed to cloud-native DDoS mitigation strategies. It also outlines AWS Shield Standard and Advanced protections that provide automatic DDoS protection for AWS resources. The presentation aims to help users prepare resilient architectures, monitor applications for issues, and respond to DDoS events through demonstrations of AWS services like WAF, CloudFront, Route 53, and more.
IRJET- Android Malware Detection using Machine LearningIRJET Journal
This document discusses using machine learning algorithms to detect Android malware. It aims to extract features from Android applications (APKs) and train machine learning models to classify APKs as malware or benign. The proposed approach extracts features from an APK's manifest file and decompiled code to identify permissions, URLs, API calls, and other indicators. Random forest classifiers are trained on a dataset of benign and malicious APKs to detect known malware families. The models can classify new APKs as either malware or benign, and if malware, identify the specific malware family. The approach aims to detect malware with high accuracy while reducing analysis time by processing multiple APKs in parallel.
The document discusses technical vulnerability management and outlines the key steps in the NIST Risk Management Framework that include vulnerability analysis. It also covers establishing an effective Patch and Vulnerability Group to monitor for vulnerabilities, prioritize remediation, and deploy patches. Finally, it provides examples of different types of vulnerability analysis tools including network scanners, host scanners, and web application scanners.
The OWASP SAMM (Software Assurance Maturity Model) is an open framework that helps organizations implement software security strategies tailored to their risks. It provides resources to evaluate existing practices, build balanced security programs through iterations, and measure improvements. The SAMM model defines security practices for different business functions and maturity levels to allow for continuous, risk-based improvements tailored to each organization.
This document introduces tools and techniques for preliminary malware analysis. It discusses examining malware behavior through static analysis, behavioral tracing, and sandboxing. Specific tools are presented for observing malware snapshots, tracing its behavior, and containing it in a sandbox. Process-based and stealthy malware are discussed, along with vulnerabilities of rootkits and tools for rootkit detection. The goal is to present a model for beginning reverse engineering of malware through observation and experimentation in a contained environment.
The document discusses the waterfall model of software development. It describes the phases of the waterfall model as requirements gathering, design, coding, testing, and maintenance. Each phase must be completed before moving to the next. The advantages are that it is easy to implement and complete one phase at a time. The disadvantages are that not all requirements can be identified up front, the final working model is only seen at the end, and it is not possible to go back to a previous phase.
This document summarizes information about Android malware, including its goals, installation methods, evasion techniques, and detection methods. Some key points:
- Malware goals include sending premium SMS, stealing banking info, adware click fraud, and ransomware. It can also mine bitcoin or exfiltrate personal data.
- It installs via repackaged apps, update attacks, drive-by downloads, or by misusing accessibility services. Packers encrypt the APK to evade detection.
- Evasion techniques include dynamic C&C domains, encryption, reflection, delaying attacks, and polymorphism/metamorphism. It also checks for emulators or debuggers.
- Detection analy
External Service Interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server etc.
The ability to send requests to other systems can allow the vulnerable server to be used as an attack proxy.
Type of External Service Interaction
External Service Interaction (HTTP/HTTPS)
External Servicie Interaction (DNS)
Out-of-band Resource Load (HTTP)
Note: Interactions are not limited to HTTP/HTTPS or DNS. It could lead to affect other network protocols such as FTP or SMTP etc.
The document discusses the evolution of frontend architectures from monolithic to microservices-based approaches. In the past, frontends and backends were combined in a single monolith application. Now, microservices have separated the backend into independent services while frontends have evolved into independent micro frontends. In the future, micro frontends will be developed independently but composed together with a base application and routed to by an API gateway along with separate microservices for individual products, baskets, and advertising.
Pavel has over 20 years of experience in IT and software development with a focus on payroll, finance, and accounting applications. He has strong skills in Java, SQL, JavaScript, and Linux and has worked extensively with frameworks like Spring and tools like IntelliJ IDEA, Eclipse, and Git. Pavel seeks new opportunities where he can apply his experience designing and implementing enterprise applications.
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
This document discusses network security attacks, tools, and techniques. It defines what a network is and what network security entails. Several basic types of attacks are presented, including security threats, virus attacks, and unauthorized access. Each attack type is then defined in more detail. The document concludes by providing some basic security tips to secure a network, such as installing antivirus software, email scanning programs, network monitoring tools, and enforcing internet access policies.
Este documento presenta una introducción a los microservicios. Define un microservicio como una arquitectura de aplicación modular donde cada servicio tiene un ámbito específico de diseño, implementación y gestión. Explica cinco patrones clave para microservicios como la conversión de XML a JSON, la orquestación transaccional de servicios, la ubicación de la orquestación, la publicación de APIs y la gestión de APIs. El objetivo es conocer los conceptos y mejores prácticas de los microservicios.
This document is a resume for Chandrakant Pandey summarizing his experience in software development using technologies like Java, J2EE, Spring Framework and developing web services with SOAP and REST. He has over 6 years of experience working on projects using agile and waterfall methodologies. Currently he works as a Senior Java Developer at Accenture where he has developed applications and web services to automate processes around vehicle details and claims notifications.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
This document discusses Java Card technology. It provides an introduction to Java Card, describing it as a technology that allows Java-based applications to run securely on smart cards. The document then covers Java Card's history and versions, architecture, working, applications in areas like finance and mobile communication, and challenges related to its limited memory and capabilities compared to Java. It concludes that Java Card adds a new platform for Java and is a significant advancement, while also noting security threats must be addressed.
Threat Modeling workshop by Robert HurlbutDevSecCon
This document summarizes a presentation on threat modeling concepts and processes. It began with defining key threat modeling terms like assets, threats, vulnerabilities, and risk. It described threat modeling as understanding potential threats to a system. The presentation covered approaches like STRIDE and asking questions. It emphasized decomposing systems and identifying threats through data flows. Determining mitigations and risk ratings for threats was also discussed. The goal of threat modeling is to have an ongoing, living understanding of security risks to a system.
The document discusses security in information technology. It covers what security is, why it is needed for IT, physical and virtual security threats to IT environments, and how to avoid these threats. Specific topics covered include data security, cyber security, firewalls, access controls, encryption, and other methods to protect against threats like viruses, hacking, and data theft. The goal is to explain the importance of security for protecting IT systems, data, and infrastructure from both physical and virtual risks.
Puneet Nebhani is a senior Java developer with over 15 years of experience developing applications using technologies like Spring Framework, Core Java, SQL, and Agile methodologies. He has extensive experience leading development teams for clients in various industries including banking, asset management, and media & entertainment. Currently he is a lead developer at Partners Group AG where he designs and implements business applications for their global asset management platform.
This document discusses implementing a secure software development lifecycle (SDLC). It emphasizes building security into software from the start rather than adding it later. The summary is:
The document outlines a secure SDLC process involving defining security requirements, designing for security, implementing secure coding practices, testing software security, and ongoing security monitoring. It notes that software security is a shared responsibility and discusses challenges like team pushback and measuring security benefits. The document also presents a case study of a company that implemented a secure SDLC process to address client security issues and prevent future problems.
This document discusses the differences between monolithic and microservice architectures. In a monolithic architecture, all components of an application are interconnected and maintained within a single codebase, which can be inefficient to manage and scale as the codebase grows. Microservices address these issues by decomposing an application into smaller, independent services that communicate through APIs. This improves fault isolation, allows individual services to be developed and scaled independently, and makes it easier to adopt new technologies.
This document provides a summary of Manish Agrahari's career and qualifications. It outlines his 6 years of experience in IBM BPM development and Java/.Net, including designing and developing IBM BPM applications using features like BPDs, coaches, subprocesses, and integrating databases. It also lists his skills in technologies like IBM BPM, Eclipse, Java, SQL, and scripting languages. Recent projects are described, including developing insurance underwriting and claims management processes using IBM BPM.
Cybersecurity Risk Management Tools and Techniques (1).pptxClintonKelvin
A database containing sensitive information on ongoing criminal investigations is hacked and confidential case details are leaked online. The incident response plan would provide guidelines on immediate actions to contain the breach, secure remaining systems, notify relevant stakeholders, and initiate forensic analysis to identify the source of the attack.
The document discusses Android malware detection mechanisms. It outlines the major types of Android malware like backdoors and spyware. It then describes several approaches to malware detection like static analysis of APK files to examine permissions, activities, and API calls. Signature-based analysis uses a signature database to classify apps as benign or malware. Tools for static analysis like apktool, aapt, and dex2jar are also mentioned. The document concludes with comparisons of different Android malware detection systems and their abilities.
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Elasticsearch
See how Randstad Netherlands uses all the features of the Elastic Stack to monitor their environments and put their analysts first. Randstad NL, an Elastic user since version 1.7, combines events from applications, systems and third party tooling into their Elastic Stack to detect and mitigate threats at scale — all from within Elastic Security.
The document proposes features and procedures for developing an online examination system. It describes objectives like automating the exam process, reducing paperwork, and allowing remote testing. The system would allow administrators to create exams, students to take timed exams, and automatically grade multiple choice questions. The document outlines requirements like supported web browsers, database software, and minimum hardware specifications. It also provides use case descriptions and entity relationship diagrams to illustrate the planned design and functionality of the online exam system.
This document outlines the requirements for an online examination system. It allows students to take exams online, displays results automatically, and saves time. The administrator can create, modify and delete test papers and questions. Users can register, login, and take tests with their ID to see results. It provides exam forms in various languages. The system has a user manual and works on a client-server architecture to support common browsers. It requires hardware like PCs and printers and software like PHP and MySQL. Security is based on user IDs and passwords. The system aims to be reliable, available, maintainable and portable. It must be completed within 7 months.
This document summarizes information about Android malware, including its goals, installation methods, evasion techniques, and detection methods. Some key points:
- Malware goals include sending premium SMS, stealing banking info, adware click fraud, and ransomware. It can also mine bitcoin or exfiltrate personal data.
- It installs via repackaged apps, update attacks, drive-by downloads, or by misusing accessibility services. Packers encrypt the APK to evade detection.
- Evasion techniques include dynamic C&C domains, encryption, reflection, delaying attacks, and polymorphism/metamorphism. It also checks for emulators or debuggers.
- Detection analy
External Service Interaction arises when it is possible to induce an application to interact with an arbitrary external service, such as a web or mail server etc.
The ability to send requests to other systems can allow the vulnerable server to be used as an attack proxy.
Type of External Service Interaction
External Service Interaction (HTTP/HTTPS)
External Servicie Interaction (DNS)
Out-of-band Resource Load (HTTP)
Note: Interactions are not limited to HTTP/HTTPS or DNS. It could lead to affect other network protocols such as FTP or SMTP etc.
The document discusses the evolution of frontend architectures from monolithic to microservices-based approaches. In the past, frontends and backends were combined in a single monolith application. Now, microservices have separated the backend into independent services while frontends have evolved into independent micro frontends. In the future, micro frontends will be developed independently but composed together with a base application and routed to by an API gateway along with separate microservices for individual products, baskets, and advertising.
Pavel has over 20 years of experience in IT and software development with a focus on payroll, finance, and accounting applications. He has strong skills in Java, SQL, JavaScript, and Linux and has worked extensively with frameworks like Spring and tools like IntelliJ IDEA, Eclipse, and Git. Pavel seeks new opportunities where he can apply his experience designing and implementing enterprise applications.
Network Security: Attacks, Tools and Techniqueswaqasahmad1995
This document discusses network security attacks, tools, and techniques. It defines what a network is and what network security entails. Several basic types of attacks are presented, including security threats, virus attacks, and unauthorized access. Each attack type is then defined in more detail. The document concludes by providing some basic security tips to secure a network, such as installing antivirus software, email scanning programs, network monitoring tools, and enforcing internet access policies.
Este documento presenta una introducción a los microservicios. Define un microservicio como una arquitectura de aplicación modular donde cada servicio tiene un ámbito específico de diseño, implementación y gestión. Explica cinco patrones clave para microservicios como la conversión de XML a JSON, la orquestación transaccional de servicios, la ubicación de la orquestación, la publicación de APIs y la gestión de APIs. El objetivo es conocer los conceptos y mejores prácticas de los microservicios.
This document is a resume for Chandrakant Pandey summarizing his experience in software development using technologies like Java, J2EE, Spring Framework and developing web services with SOAP and REST. He has over 6 years of experience working on projects using agile and waterfall methodologies. Currently he works as a Senior Java Developer at Accenture where he has developed applications and web services to automate processes around vehicle details and claims notifications.
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
This document discusses Java Card technology. It provides an introduction to Java Card, describing it as a technology that allows Java-based applications to run securely on smart cards. The document then covers Java Card's history and versions, architecture, working, applications in areas like finance and mobile communication, and challenges related to its limited memory and capabilities compared to Java. It concludes that Java Card adds a new platform for Java and is a significant advancement, while also noting security threats must be addressed.
Threat Modeling workshop by Robert HurlbutDevSecCon
This document summarizes a presentation on threat modeling concepts and processes. It began with defining key threat modeling terms like assets, threats, vulnerabilities, and risk. It described threat modeling as understanding potential threats to a system. The presentation covered approaches like STRIDE and asking questions. It emphasized decomposing systems and identifying threats through data flows. Determining mitigations and risk ratings for threats was also discussed. The goal of threat modeling is to have an ongoing, living understanding of security risks to a system.
The document discusses security in information technology. It covers what security is, why it is needed for IT, physical and virtual security threats to IT environments, and how to avoid these threats. Specific topics covered include data security, cyber security, firewalls, access controls, encryption, and other methods to protect against threats like viruses, hacking, and data theft. The goal is to explain the importance of security for protecting IT systems, data, and infrastructure from both physical and virtual risks.
Puneet Nebhani is a senior Java developer with over 15 years of experience developing applications using technologies like Spring Framework, Core Java, SQL, and Agile methodologies. He has extensive experience leading development teams for clients in various industries including banking, asset management, and media & entertainment. Currently he is a lead developer at Partners Group AG where he designs and implements business applications for their global asset management platform.
This document discusses implementing a secure software development lifecycle (SDLC). It emphasizes building security into software from the start rather than adding it later. The summary is:
The document outlines a secure SDLC process involving defining security requirements, designing for security, implementing secure coding practices, testing software security, and ongoing security monitoring. It notes that software security is a shared responsibility and discusses challenges like team pushback and measuring security benefits. The document also presents a case study of a company that implemented a secure SDLC process to address client security issues and prevent future problems.
This document discusses the differences between monolithic and microservice architectures. In a monolithic architecture, all components of an application are interconnected and maintained within a single codebase, which can be inefficient to manage and scale as the codebase grows. Microservices address these issues by decomposing an application into smaller, independent services that communicate through APIs. This improves fault isolation, allows individual services to be developed and scaled independently, and makes it easier to adopt new technologies.
This document provides a summary of Manish Agrahari's career and qualifications. It outlines his 6 years of experience in IBM BPM development and Java/.Net, including designing and developing IBM BPM applications using features like BPDs, coaches, subprocesses, and integrating databases. It also lists his skills in technologies like IBM BPM, Eclipse, Java, SQL, and scripting languages. Recent projects are described, including developing insurance underwriting and claims management processes using IBM BPM.
Cybersecurity Risk Management Tools and Techniques (1).pptxClintonKelvin
A database containing sensitive information on ongoing criminal investigations is hacked and confidential case details are leaked online. The incident response plan would provide guidelines on immediate actions to contain the breach, secure remaining systems, notify relevant stakeholders, and initiate forensic analysis to identify the source of the attack.
The document discusses Android malware detection mechanisms. It outlines the major types of Android malware like backdoors and spyware. It then describes several approaches to malware detection like static analysis of APK files to examine permissions, activities, and API calls. Signature-based analysis uses a signature database to classify apps as benign or malware. Tools for static analysis like apktool, aapt, and dex2jar are also mentioned. The document concludes with comparisons of different Android malware detection systems and their abilities.
Full time PII data protection: How Randstad uses Elastic Security to keep cli...Elasticsearch
See how Randstad Netherlands uses all the features of the Elastic Stack to monitor their environments and put their analysts first. Randstad NL, an Elastic user since version 1.7, combines events from applications, systems and third party tooling into their Elastic Stack to detect and mitigate threats at scale — all from within Elastic Security.
The document proposes features and procedures for developing an online examination system. It describes objectives like automating the exam process, reducing paperwork, and allowing remote testing. The system would allow administrators to create exams, students to take timed exams, and automatically grade multiple choice questions. The document outlines requirements like supported web browsers, database software, and minimum hardware specifications. It also provides use case descriptions and entity relationship diagrams to illustrate the planned design and functionality of the online exam system.
This document outlines the requirements for an online examination system. It allows students to take exams online, displays results automatically, and saves time. The administrator can create, modify and delete test papers and questions. Users can register, login, and take tests with their ID to see results. It provides exam forms in various languages. The system has a user manual and works on a client-server architecture to support common browsers. It requires hardware like PCs and printers and software like PHP and MySQL. Security is based on user IDs and passwords. The system aims to be reliable, available, maintainable and portable. It must be completed within 7 months.
This document outlines the software requirements specification for an online aptitude test system. The system allows students to register, take tests, and view results online. It aims to remove flaws in manual exam systems by providing flexibility for students to take exams anywhere at any time. The system has modules for registration, adding questions, taking tests, and viewing results. It defines requirements for users like students and faculty, as well as performance, security, usability, and other non-functional requirements.
This document describes an online quiz system created by students to allow other students to take exams online and view their results. It includes an introduction, objectives, description of functions and technologies used, data flow diagrams, working principles from both developer and user perspectives, screenshots, benefits, and a conclusion. The system allows users to register, take different types of tests, view results and explanations, and administrators to update questions. It aims to improve on manual exam systems and provide learning opportunities for the creators.
This Is OEMS, Online Exam Management System. OEMS Help to give Exam Online. It's Helpful to Student on Teacher Also. It helps to complete Exam sort time. This Project Submitted By Md. Galib Hossain. Founder BdEngineers.
Synopsis on Online examination system using phpArchana Jha
This document provides a synopsis for an online examination system project submitted to Inter Institute of Education and Skill Training. It acknowledges the guidance provided by the project supervisor Rani Ojha. The abstract explains that the proposed online examination system is a web-based application that aims to streamline the examination process and evaluation of student progress. It also outlines the scope, objectives, users and modules of the proposed system including the student, exam and administrative modules.
The Grade Companion system is a web-based grade sheet creator for teachers at the National Institute of Technology Silchar. It allows faculty to upload exam marks and automatically generate grade sheets for all students, saving significant time over manual methods. Students can also view current and past grades online. The system aims to reduce workload for over 100 faculty members and provide grades to around 2500 students in a secured, scalable and easy-to-use manner.
This document describes the development of a mobile quiz application for the Android platform. It aims to develop an interactive app to conduct quiz sessions in the classroom or for employee recruitment. The app will allow administrators to add, edit, and delete questions, quizzes, and users. It will also allow users to take timed quizzes on mobile devices and view their scores. The development of the app intends to save time and effort compared to traditional paper-based testing.
This project aims to develop a brick factory management system to help brick factory owners maintain their business activities. The system will store information such as brick categories, expenses, customers, purchases, raw materials, production, deliveries, payments and generate reports. It is being developed using HTML, CSS, JavaScript, Bootstrap, PHP and a MySQL database. Currently, maintaining factory records, communications and finances is difficult. The proposed system aims to simplify this through a basic web-based application.
This document describes an online exam project created using J2EE. It was submitted as a thesis project to fulfill requirements for an industrial training program. The project aims to automate exam assessment and provide instant results and reports to reduce workload. It allows multiple choice questions and sending score notifications via email. Future enhancements could include additional question types and improved reusability, extensibility, and portability.
This document is a project report submitted for the degree of Bachelor of Technology. It summarizes the development of an Online Quiz Examination System. The system was developed to automate the exam process and reduce workload for faculty. It allows students to take exams online without needing to go to a physical location. The system includes modules for administrators, faculty, and students. Testing was performed and the system was validated against requirements. Screenshots of the system are also included.
This document describes an online examination system developed by students as a class project. The system allows multiple students to take timed exams online and automatically generates results without waiting. Administrators can create, modify, and delete test papers and questions. Users register with IDs and passwords to login, take tests, and view results. The system was built with ASP.NET, VB.NET, and a DB2 database to provide a web-based alternative to paper-based exams.
The document proposes a College Project Management System to help reduce the workload of project coordinators in managing student projects. It describes the existing manual process and outlines the features and design of the new system, which uses Spring Boot and React to allow project coordinators, students, and guides to submit and view project details online. The system aims to save time and effort by automating tasks like batch and guide assignment and communication of submission deadlines.
A Survey on Design of Online Judge SystemIRJET Journal
This document summarizes a survey on the design of online judge systems. It discusses how online judge systems can be used to help students improve their programming skills through competitive programming contests and receiving personalized feedback. It describes the key components of an online judge system, including the user interface, sandbox environment for securely executing submissions, and database for storing results. Features like code similarity checking, test case generation, and allowing partial solutions to be built upon are discussed. The advantages of using docker containers for the sandbox environment and how online judge systems can also be used for education, online compiling, and recruitment are summarized.
The document contains details about the development of a bug tracking system as part of an industrial training program. It includes diagrams of the system architecture at different levels of abstraction, an entity relationship diagram, and descriptions of features, technologies used, and the development process. The training focused on analyzing requirements, designing data models and interfaces, implementing functionality, and testing the system to track bugs and monitor their resolution.
This document provides an overview of manual testing materials and concepts. It includes:
- The address for manual testing training materials.
- Definitions of key testing terms like software testing, defects, quality, and software development life cycles.
- Descriptions of different testing methodologies like black box testing, white box testing, and grey box testing.
- Explanations of different levels of testing like unit testing and module/component testing.
Similar to IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx (20)
Online train ticket booking system project.pdfKamal Acharya
Rail transport is one of the important modes of transport in India. Now a days we
see that there are railways that are present for the long as well as short distance
travelling which makes the life of the people easier. When compared to other
means of transport, a railway is the cheapest means of transport. The maintenance
of the railway database also plays a major role in the smooth running of this
system. The Online Train Ticket Management System will help in reserving the
tickets of the railways to travel from a particular source to the destination.
This study Examines the Effectiveness of Talent Procurement through the Imple...DharmaBanothu
In the world with high technology and fast
forward mindset recruiters are walking/showing interest
towards E-Recruitment. Present most of the HRs of
many companies are choosing E-Recruitment as the best
choice for recruitment. E-Recruitment is being done
through many online platforms like Linkedin, Naukri,
Instagram , Facebook etc. Now with high technology E-
Recruitment has gone through next level by using
Artificial Intelligence too.
Key Words : Talent Management, Talent Acquisition , E-
Recruitment , Artificial Intelligence Introduction
Effectiveness of Talent Acquisition through E-
Recruitment in this topic we will discuss about 4important
and interlinked topics which are
3rd International Conference on Artificial Intelligence Advances (AIAD 2024)GiselleginaGloria
3rd International Conference on Artificial Intelligence Advances (AIAD 2024) will act as a major forum for the presentation of innovative ideas, approaches, developments, and research projects in the area advanced Artificial Intelligence. It will also serve to facilitate the exchange of information between researchers and industry professionals to discuss the latest issues and advancement in the research area. Core areas of AI and advanced multi-disciplinary and its applications will be covered during the conferences.
Impartiality as per ISO /IEC 17025:2017 StandardMuhammadJazib15
This document provides basic guidelines for imparitallity requirement of ISO 17025. It defines in detial how it is met and wiudhwdih jdhsjdhwudjwkdbjwkdddddddddddkkkkkkkkkkkkkkkkkkkkkkkwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwioiiiiiiiiiiiii uwwwwwwwwwwwwwwwwhe wiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq gbbbbbbbbbbbbb owdjjjjjjjjjjjjjjjjjjjj widhi owqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq uwdhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhwqiiiiiiiiiiiiiiiiiiiiiiiiiiiiw0pooooojjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj whhhhhhhhhhh wheeeeeeee wihieiiiiii wihe
e qqqqqqqqqqeuwiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiqw dddddddddd cccccccccccccccv s w c r
cdf cb bicbsad ishd d qwkbdwiur e wetwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww w
dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffw
uuuuhhhhhhhhhhhhhhhhhhhhhhhhe qiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii iqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc ccccccccccccccccccccccccccccccccccc bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbu uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuum
m
m mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm m i
g i dijsd sjdnsjd ndjajsdnnsa adjdnawddddddddddddd uw
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Transcat
Join us for this solutions-based webinar on the tools and techniques for commissioning and maintaining PV Systems. In this session, we'll review the process of building and maintaining a solar array, starting with installation and commissioning, then reviewing operations and maintenance of the system. This course will review insulation resistance testing, I-V curve testing, earth-bond continuity, ground resistance testing, performance tests, visual inspections, ground and arc fault testing procedures, and power quality analysis.
Fluke Solar Application Specialist Will White is presenting on this engaging topic:
Will has worked in the renewable energy industry since 2005, first as an installer for a small east coast solar integrator before adding sales, design, and project management to his skillset. In 2022, Will joined Fluke as a solar application specialist, where he supports their renewable energy testing equipment like IV-curve tracers, electrical meters, and thermal imaging cameras. Experienced in wind power, solar thermal, energy storage, and all scales of PV, Will has primarily focused on residential and small commercial systems. He is passionate about implementing high-quality, code-compliant installation techniques.
An In-Depth Exploration of Natural Language Processing: Evolution, Applicatio...DharmaBanothu
Natural language processing (NLP) has
recently garnered significant interest for the
computational representation and analysis of human
language. Its applications span multiple domains such
as machine translation, email spam detection,
information extraction, summarization, healthcare,
and question answering. This paper first delineates
four phases by examining various levels of NLP and
components of Natural Language Generation,
followed by a review of the history and progression of
NLP. Subsequently, we delve into the current state of
the art by presenting diverse NLP applications,
contemporary trends, and challenges. Finally, we
discuss some available datasets, models, and
evaluation metrics in NLP.
IGNOU BCS-051 Software Engineering December 2022 - Exam Solutions.docx
1. BACHELOR OF COMPUTER APPLICATIONS
(BCA) (Revised)
Term-End Examination
December, 2022
BCS-051 : INTRODUCTION TO SOFTWARE
ENGINEERING
1. (a) Develop SRS for Online Examination Form Submission System (OEFSS). SRS should be in IEEE
format. Make necessary assumptions. [ Dec. 2022]
Answer :
1. Purpose :
1:This Web Application Provides facility to submit Online Examination Form and Generate the
Academic Results as well as display news related to Exams.
2: It saves Time as it allows number of Departmental students to login and fill the exam form
at a time and submit it.
3: After submitting the exam form, Exam Fees challan will be automatically generated,
Student can take print out of that Challan.
4: Administrator has a privilege to Create, Generate, modify, delete, Exam Form, Hall Ticket,
Result, any Exam related news or any Content on this Web Application.
5: Teacher or supervisor can Generate a patterns (Block Creation) of a Sitting Arrangement
as well as Report ([Roll Number][ Exam Seat Number],name, [Internal Exam Marks],
Signature) and take a printout of it.
2. System Scope
This system will be used by the students, teachers and administrator of an autonomous institute
to keep details of the students related to their exams and generating reports as well as results.
3. Requirements
This section gives the list of Functional and non-functional requirements which are applicable to the
Online Exam Form Submission and Academic Result Generation System.
3.1. Functional Requirements
Functional requirements are nothing but the services provided by the system to its end users.
3.1.1. User types:
There are three kinds of user types in this Application.
Student module.
Teacher / Supervisor module.
Administrator module.
2. The functionality of each module is as follows. :
Student module:
The student will logon to this web Application and can fill examination form, Can take
printout of Bank Challan after generating it.
Examination form will be automatically generated following things: Roll Number, Name of
Student, Examination Name or Semester, Subject Code, Subject Name, Number of Backlogs
(if any), Exam fees, etc.
Student will have facility to select the subject, where he will appear in exam.
Administrator module:
The administrator can create, modify, insert, update , delete any stuff on this web
application. He should be approve Exam from to generate a Exam hall tickets for students. He
can manage other Accounts related to this web application (add user, delete user..etc.).
He can upload any exam related document on this web application.
Exam Hall Ticket will Contains information like:
Student information (Name, Roll No/Exam Seat Number, Mothers Name, PRN, Exam Center
Code, etc.).
Subject Code, Subject Name, Exam Date, etc.
Teacher module:
Teacher will logon to this web Application and can generate report for
that exam and also generate Exam sitting arrangement (Block creation) and take a printout.
In block creation teacher can generate some exam sitting
arrangement patterns by just giving total number of students appearing for exam,
Total number of rooms will use to conduct exam, total number of benches in room,
examination name and date of examination.
Teacher will enter marks (Internal + External).
Depending upon Internal or External or both marks, System will generate Report as well as
ledger and Result if student cleared all subjects then result will contain percentage, overall
grade.
In report generation following things will auto generate: Name of the Exam, Date, [Exam seat
No.] or [Roll No.], name of student, [internal examination marks], Signature, etc.
Blank space for total number of student, Total number of student present, Total number of
student absent, name of the supervisor, signature of supervisor etc.
3.1.2 Interface Requirements
This section describes how the software interfaces with
other software products or users for input or output.
3.1.3 User Interface
3. Application will be accessed through a Browser Interface. The interface
would be viewed best using 1024 x 768 and 800 x 600 pixels resolution setting. The software
would be fully compatible with Microsoft Internet Explorer and Mozilla Firefox for version 7
and above. No user would be able to access any part of the application without logging in to
the system.
3.2 Non Functional Requirements
3.2.1. User Interfaces
Application will be accessed through a Browser Interface. The
inter face would be viewed best using 1024 x 768 and 800 x 600 pixels resolution setting.
The software would be fully compatible with Microsoft Internet Explorer and or Mozilla Firefox
for version 7 and above. No user would be able to access any part of the application without
logging in to the system.
3.2.2 Hardware Interfaces
Server Side:
> Operating System: Windows XP or Above Versions or any Linux Distros
> Processor: Pentium 4.0 GHz or higher
> RAM: 512 Mb or more
> Hard Drive: 10 GB or more
Client side:
Operating System: Windows XP or above, MAC OS or any UNIX Distros.
Processor: Pentium IV or 2.0 GHz or higher.
RAM: 256 Mb or more
3.2.3 Software Interfaces
Client Side :
. Web Browser, Windows XP or Above Versions / any Unix Distro/ MAC OS
Web Server:
. Web Browser, Windows XP or Above Versions / any Unix Distro/ MAC OS
3.2.4 Communications Interfaces
The Customer must connect to the Internet to access the Website:
Dialup Modem of 52 kbps or more.
Broadband Internet
Dialup or Broadband Connection with an Internet Provider.
4. Other Non-functional Requirements
4.1. Performance Requirements
Some Performance requirements identified is listed below:
The database shall be able to accommodate a minimum of 5,000 records of students.
The software shall support use of multiple users at a time. There are no other specific
performance requirements that will affect development.
4.2. Safety Requirements
4. The database may get crashed at any certain time due to virus or operating system failure.
Therefore, it is required to take the database backup.
4.3. Security Requirements
Some of the factors that are identified to protect the software from accidental or malicious
access, use, modification, destruction, or disclosure are described below.
1. Keep specific log or history data sets.
2. Assign certain functions to different modules
3. Restrict communications between some areas of the program
4. Communication needs to be restricted when the application is validating the user or license.
(i.e., using https).
4.4. Software Quality Attributes
The Quality of the System is maintained in such a way so that it can be very user
friendly to all the users.
The software quality attributes are assumed as under:
1) Accurate and hence reliable. 2) Secured. 3) Fast speed. 4) Compatibility.
(b) Explain Prototype Model, with the help of an example. What are its advantages and
disadvantages over Waterfall Model ? [Dec. 2022]
Answer :
Prototyping Model
In this model, a working model of actual software is developed initially. The prototype is just like
sample software having lesser functional capabilities and low reliability and it does not undergo
through the rigorous testing phase. Developing a working prototype in the first phase overcomes
the disadvantage of the waterfall model where the repotting about serious errors is possible only
after completion of software development.
The working prototype is given to the customer for operation. The customer, after its use, gives the
feedback. Analysing the feedback-given-by the customer, the developer refines, adds the
requirements and prepares the final specification document. Once the prototype becomes
operational, the actual product is developed using the normal waterfall model. Below depicts the
prototyping model:
.The prototype model has the following features:
1. It helps in determining user requirements more deeply.
2. At the time of actual product development, the customer feedback is available.
3. It does consider any types of risks at the initial level.
5. Advantages of prototype model
There are various advantages of prototype model. Some of them are discussed below:
1. Active involvement : With this approach, consumers are actively participating in the
development process, making it simpler to tailor the model to their preferences.
2. Easy detection of missing functionality: The prototype model’s lacking functionality is
clearly discernible. The chances of failure are decreased as a result. Additionally, confusing
or challenging functions might be found.
3. Quick feedback : Feedback from customers is provided much more quickly since they may
engage directly with the prototype model. Customers may rapidly offer their opinions and
indicate adjustments that are necessary for the project, and the developers can
subsequently adjust the project as required.
4. Customer satisfaction : The prototype model offers much higher levels of client satisfaction.
Early on, the consumer has the opportunity to touch and feel the product, which helps them
better comprehend its requirements to create the operational version of their idea that adds
satisfaction.
5. Flexibility :The prototype model’s design is adaptable. It is easily transferable to the
interests and requirements of the client or the developer
6. Saves money : A prototype model might make it easier to see mistakes during the project’s
early phases. As a result, the project’s total cost and duration are decreased. The use of
prototype models enables the developer to anticipate areas of expense that weren’t
previously considered.
Disadvantages of prototype model
1. Time-consuming : The creation of the prototype model takes a lot of time. Multiple
prototypes are tested before the final product is developed, which takes a lot of time.
2. Misconception regarding the arrival of the final product :Early on, the consumer has the
opportunity to interact directly with the prototype. Because of this, the buyer could believe
that the real goods would likewise come earlier than expected, which could result in
confusion.
3. Poor decision-making : The creator is constantly concerned with the quality of their
creation. However, they could make bad choices about the prototype’s quality while rushing
to create it, which could have an impact on the final product.
4. Misunderstanding regarding the final version : Customers may become annoyed and upset
with the prototype model and lose interest in the final product. Customers may believe that
the final version will have the same flaws even though it is enhanced and polished.
5. High upfront cost : Using a prototype model throughout the last phases of development can
help you save money. However, there are up-front expenditures associated with creating a
prototype model. Additionally, since there’s a potential that the entire prototype would be
discarded, the money spent on producing it can be utterly wasted.
6. Insufficient analysis :There is a potential that the developer may focus on a particular
prototype and neglect to do a thorough evaluation of the entire project. As a consequence,
the developer may miss better options, forget about important details, and the project as a
whole could be poorly designed, necessitating difficult maintenance
6. (c) What is a Structure Chart ? Explain with the help of an example. [Dec 2022]
Answer :
A structure chart (SC) decomposes the high level system into multiple, executable tasks. It follows
the top-down design approach and represents module hierarchy in tree structure. Structure chart
essentially describes the list of functions, sub-functions along with their relationship that constitute
a system along with data and control flow. Structure chart is the next step after DFD during design
and implementation as SC provides more details than DFD. SC uses information from Data dictionary
which is detailed in subsequent sections. .
A structure serves following purposes during design:
• Breaks the system into smaller and executable functional tasks
• Depicts the complexity and size of the system
Element of Structure Chart
The main building blocks of Structure Chart are given below along with their symbols
• Module depicts a function or a sub-function and is represented by a rectangle. If a function
invokes multiple sub-functions, then the main module branches to .sub-modules. It is basically a unit
of execution which accepts input parameters and produces output parameters.
It is denoted as follows:
Main module invoking sub modules is depicted below:
• Condition decides which module is to be invoked based on the condition. It is denoted by a
diamond. A conditional invocation of sub module is denoted by in the main module.
• Loop indicates the repetition of one or more modules and is depicted by a curved arrow
Execution of sub modules within a loop is denoted as follows:
• Data couple is shown by an arrow with empty circle and it denotes the data that is-flown from
one module to another. The flow of information has a direction.
7. • Control Flow is shown by an arrow with filled circle and denotes the function call from one
module to another.
Data and control flow are depicted below:
• Devices such as peripheral devices and external interfaces are denoted by·
• Software infrastructure and connections to external systems, databases, ERP
systems are denoted by
Process for Construction of a Structure Chart
Let us construct a structure chart for calculating a hotel bill for a customer. This high level function is
decomposed into four sub functions:
Calculate total order amount
Calculate value added tax (VAT) ,
Calculate service charge
Calculate any discounts applicable for the customer
Each of these sub-functions take input and output parameters. The structure chart along
with data flow is shown in Figure
8. 2. (a) Draw the zero and first level DFDs for Online Examination Form Submission System (OEFSS)
Make necessary assumptions. [Dec. 2022]
Answer :
Zero Level DFD
Level – 1 DFD
Student Teacher
Administrator
0
Online
Examination
Form
Submission
Registers for exam
Receive Exam Hall ticket Assign Marks
Student details
Manage Exam Registration /Hall Ticket
1.0
Student Module
2.0
Teacher Module
3.0
Administrator
Module
Student
Student Database
Exam Registration Database
Course Database
Marks Database
Course Database
Exam Registration Database
Student Database
Hall Ticket Database
Hall Ticket Database
Teacher
Administrator
Login / Password
Exam registration Receipt
/ Hall Ticket
Login / Password
Exam Seating arrangement
/ Assign Marks
Login / Password
Manage Registration details
/ Generate Hall Tickets
9. (b) Draw GANTT Chart for the development of Online Examination Form Submission System (OEFSS).
[Ded. 2022]
The following table shows the tasks, dependencies, and estimated times a
project manager might input to a basic GANTT chart for a software development
project for Online Student Admission system
Project start date: 12 June 2023
Task
Identifier
Task Description Predecessor
Task(s)
Time (Weeks)
1 Establish project - 2
2 Establish customer
requirements
1 3
3 Produce software
specification documents
2 4
4 Write test plans 3 1
5 Write code 3 2
6 Developer testing 5 1
7 System testing 4, 6 3
8 Write customer
documentation
3 3
Task 1 has no predecessors, and can thus start on 12 June. The GANTT chart
shows the task as a box starting on 12 June and finishing on 25th
June on the
horizontal access. Task 2 requires Task 1 to be completed, and the duration is
three days, so the box covers the Week 3 to 5 till 16th
July. The line from the
finish of Task 1 to the start of Task 2 indicates the dependency. Note that Tasks 4,
5 and 8 all require Task 3 to be completed, and have no other dependencies, so
these all start on the same date. The chart below show all seven days of the week,
but often, weekend days are excluded.
ID Activity Duration
(Weeks)
Timeline
Week-
1
12/06-
18/06
Week-
2
19/06-
25/06
Week-
3
26/06-
02/07
Week-
4
03/07-
09/07
Week-
5
10/07-
16/07
Week-
6
17/07-
23/07
Week-
7
24/07-
30/07
Week-
8
31/07-
06/08
Week-
9
07/08-
13/08
Week-
10
14/08-
20/08
Week-
11
21/08-
27/08
Week-
12
28/08-
03/09
Week-13
28/08-
03/09
Week-
14
04/09-
10/09
Week-
15
11/09
17/09
1 Establish
project
2 `
2 Establish
customer
requirements
3
3 Produce
software
specification
documents
4
4 Write test plans 1
5 Write code 2
6 Developer
testing
2
7 System testing 3
8 Write customer
documentation
3
10. 3. (a) Draw ERD for Online Examination Form Submission System (OEFSS).. Make necessary
assumptions.
1
N
N
N
N
Student
Student_Id
Student_Name
Course_id
Exam_Id
Registers
Examination
Online Exam Form
Submission
System
Login_Id Password
attend
Exam_Id
Administrator
Admin_Id Admin_Role
Admin_rights
Exam_Name
Subject_Id
Conducts
has
Subject
Subject_Name
generate
s
Hall Tickets
Exam_Roll_No
Exam_id
Student_id
Student_Name
Exam_Center_No
Exam_Center_Address
Manage
Subject_Name
Date
Time
11. (b) Briefly explain different levels of SEI-CMM [Dec. 2022]
Answer : Levels Of SEI-CMM
The process models are based on various software development phases whereas the capability
models have an entirely different basis of development. They are based upon the capabilities of
software. It was developed by Software Engineering Institute (SEI). In this model, significant
emphasis is given to the techniques to improve the "software quality" and "process maturity". In this
model a strategy for improving Software process is devised. It is not concerned which life cycle mode
is followed for development. SEI has laid guidelines regarding the capabilities an organisation should
have to reach different levels of process maturity. This approach evaluates the global effectiveness
of a software company.
It defines five maturity levels as described below. Different organisations are certified for
different levels based on the processes they follow.
1. Level-1 (Initial): At this maturity level, software is developed an ad hoc basis and no
strategic approach is used for its development. 'The success of developed software entirely
depend upon the skills of the team members. As no sound engineering approach is followed,
the time and cost of the project are not critical issues. In Maturity Level 1 organisations, the
software process is unpredictable, because if the developing team changes, the process will
change. The testing of software is also very simple and accurate predictions regarding
software quality are not possible. SEI's assessment indicates that the vast majority of
software organisations are Level 1 organisations
2. Level 2 (Repeatable): The organisation satisfies all the requirements of Level 1. At this
level, basic project management policies and related procedures are established. The
institutions achieving this maturity level learn with experience of earlier projects and
reutilise the successful practices in on- going projects. The effective process can be
characterised as practised, documented, implemented and trained. In this maturity level,
the manager provides quick solutions to the problem encountered in software
development and corrective action is immediately taken. Hence, the process of
development is much disciplined in this maturity level. Thus, without measurement,
sufficiently realistic estimates regarding cost, schedules and functionality are
performed. The organisations of this maturity level have installed basic management
controls.
3. Level 3 (Defined): The organisation satisfies all the requirements of Level 2. At this maturity
level, the software development processes are well defined, managed and documented.
Training is imparted to staff to gain the required knowledge. The standard practices are
simply tailored to create new projects.
4. Level 4 (Managed): The organisation satisfies all the requirements of Level 3. At this
level quantitative standards are set for software products and processes. The project
analysis is done at integrated organisational level and collective database is created. The
performance is measured at integrated organisation level. The Software development is
performed with well defined instruments. The organisation's capability at Level 4 is
"'predictable" because projects control their products and processes to ensure their
performance within quantitatively specified limits. The quality of software is high.
5. Level 5 (Optimising): The organisation satisfies all the requirements of Level 4. This is
last level. The organisation at this maturity level is considered almost perfect. At this
level, the entire organisation continuously works for process improvement with the help
of quantitative feedback obtained from lower level. The organisation analyses its'
weakness and takes required corrective steps proactively to prevent the errors.' Based on
the cost benefit analysis of new technologies, the organisation changes their Software
development processes.
12. 4. (a) Explain the terms “Black Box Testing” and “White Box Testing”.
Answer :
White Box Testing
White Box testing is also known as structural testing or glass box testing. Its goal is to test the
internal code of the software. It tests the program at the level of the source code. Here, the tester
has the knowledge of the actual source code of the software and what is tested, is the inner
structure of the program. Test cases are written with the knowledge of the logic of the program. We
are only concerned with the testing of accuracy of the logic of the program. We do not focus upon
the requirements of the software.
We may state that white box testing is the deep and detailed inspection of the logic and structure of
the source code of an application or program. Here, the main focus is to exhaustively execute the
program several times, with different inputs to ensure that each statement of the code is executed
and tested .
In white box testing, all the test cases are written with the knowledge of the internal structure and
logic of the code to make maximum test coverage of the code. This is primarily done by the
programmer or developer who develops the code. It is a first step to testing and to ensure that what
is implemented in the code promises to execute accurately.
An exhaustive white box testing:
Guarantees that all independent paths-have been executed.
Executes all logical decisions on their true and false sides.
Executes all loops at their boundary values and within values.
Executes internal data structure to ensure their validity
Example-1
If we have a line of code as below:
If(age >= 18) 0
For testing this code, we must run the program to test three different test cases,
T1: when the value of age is less than 18,.
T2: when the value of age is equal to 18
T3: when the value of is greater than 18.
And for each test case we must ensure that the right code is executed.
Example-2
if - then - else type of decision making code is tested for the true as well as false value.
If (choice == 1) {
}
else If (choice == 2) {
}-
else If (choice == 3) {
}
In the above case, we must test it for all the cases for the choice value i.e. 1,2, and 3.
Example-3
For a loop structure like
for (counter = 0; counter <= 10; counter++) {}
We must test it separately for boundary values of loop variable counter i.e. 0 and 10. We must test
for within values like 1 to 9:
Black Box Testing
13. Black box testing is also known as functional testing. The sole purpose of black box testing is to test
the application or software from its functionality point of view. In this types of testing, the software
is tested to check whether the software fulfils all the specified requirements. In Jack box testing, a
tester is not concerned about testing the logic of the program. The' internal details of the program
are not known to the tester. In this types of testing, the software is like a black box to the tester
where internal details are undisclosed. The tester only tests the functionality of the program by
supplying an input and observing the output. As already stated, an application or software is
developed to fulfil certain objectives or requirements. Black box testing is a detailed inspection of
the software functionality against the already specified requirements for which it is developed. The
test cases are carefully written for each and every requirement specified. We may agree that black
box testing verifies a software to ensure that it does exactly that, which it is required to do.
Example :
Suppose ,we are required to build software for purchasing books online. The
simpler r quirements can be stated as
Requirementl - User should be able to login to the website
Requirement2 - User should be able to see books catalogue
Requirement3 - User should be able to place an order
R uirement4 - User should be able to make the payment
Reqnirementf - User should be able to logout
Now, developers will write the complete code for implementing all the above stated five
requirements. A tester will then test the software to see if the developed software meets all the
stated five requirements. For this, a tester will write the test cases for testing each requirement.
Requlrement 1 :User should be able to login to the website
For this requirement, a basic set of test cases would be something such as:
(b) How will you ensure that the software developed by you meets the Quality benchmarks ? Define
the term “Software Quality”.
Answer :
SOFTWARE QUALITY ASSURANCE (SQA)
The term "Software Quality" refers to conformance to explicitly stated requirements and standards,
as well as implicit characteristics that customers assume will be present in any professionally
developed software. The SQA group must look at software from the customer's perspective, as well
as assessing its technical merits. Software Quality Assurance controls variation among products.
14. Software engineers are concerned-with controlling the variation in their processes, resource
expenditures, and the quality attributes of the end products. The activities performed by the SQA
group involve quality planning, oversight, record keeping, analysis and reporting. An elaborate
definition of SQA can be given as the following:
A systematic, planned set of actions necessary to provide adequate confidence that the
software development process or the maintenance process of the software system product
conforms to established functional technical requirements as well as with the managerial
requirements of keeping" the schedule and operating within budgetary confines.
Software Quality Assurance (SQA) consists of a means of monitoring the software
engineering processes and methods used to ensure quality. It does this by means of audits
of the quality management system under which the software system is created. These
audits are backed by one or more standards, usually ISO 9000.
It is distinct from software quality control. Quality Control (QC) is a set of activities (including
reviewing requirements documents, and software testing) carried out with the main objective of
withholding products from shipment if they do not qualify. Quality Assurance (QA) is meant to
minimize the costs of quality by introducing a variety of activities throughout the development
process and maintenance process in order to prevent the causes of errors; detect them, and correct
them in the early stages of the development. As a result, quality assurance substantially reduces the,
rate of non qualifying products. Software quality control is a control of products, software-quality
assurance is a control of processes.
5. (a) In Object Oriented Design, list the common utility objects and criteria for identifying
utility objects.
Answer :
Utility objects are often provided in a framework to address specific utility functions.
They are often used as "helpers" by the rest of the objects.
Criteria for Identifying Utility Objects
The following are the key criteria for identifying utility objects:
The object should act as a helper to other framework classes.
The object should provide a re-usable context-independent utility throughout the system
The utility provided by the object should be used across various layers.
Common Utility Objects
The following are the list of utility objects generally used in a typical enterprise
application:
CachingUtility: For handling the caching requirements
LoggingHelper: For logging info, debug and error statements
FileReaderUtility: For reading the required files
ResourceLocator: For providing the URL for a given resource
BuildUtility: For handling build activities
EncryptionUtility: For-encrypting/decrypting the values as per enterprise standards
ExceptionHandlerUtility: For handling exceptions
EncoderUtility: For performing HTML encoding/decoding
StringConverterUtility: For converting string into appropriate display formats
MultiLangUtility: Forgeting the language specific resource bundle for a given key
ConfigurationHandler: For handling different configuration files
ValidationUtility: For performing required field validations
15. (b) Explain various Debugging strategies.
Answer :
Debugging Strategies
Effective debugging involves deep knowledge of underlying systems and processes and
creative thinking; it involves careful generation of hypothesis and testing it. Some of the
most commonly used strategies for debugging are listed below:
• Debugging by cause elimination: This strategy is adopted for complex issues that
involve different layers and components. Here, we systematically eliminate one
layer or component at a time starting with the layer/component that is has most.
For instance, if there is an issue probably defective with the page performance, we
start eliminating various components on that page followed by removing all
interfacing components. If a page is integrated with number of data sources, an
issue with one of those data sources may hog the entire page.
• Combination of test data and conditions: This strategy is used when there are
multiple causes for the defect. We try out various permutations and combinations of
the variables/test data and conditions till we identify with certainly the exact set of
variables that can accurately reproduce the issue. For instance, if a function call with
three arguments rises an exception, we try combinations of three arguments to
understand the exact argument that is causing the issue.
• Memory profiling: This strategy is normally followed for memory related issues. A
profiler tool is used to analyse heap memory during program execution. This would
give insights into components consuming more memory and the ones which are
orphan/not garbage-collected. With this information we can then deduce the cause
for memory leak issues. This technique also involves analysing memory/thread
dumps.
• Step-wise debugging: This is another technique which is often carried out with the
help of Integrated development environment (IDE) tools, In this technique; we start
the program in "debug mode" wherein, we can control each step of program
execution using IDE. We can then "step-in" and "step-out" each line of code
inspecting values of various variables. This helps us to get the exact method, line and
variable value where the defect has accused/occurs.
• Call tracing: This is a top-down approach wherein, we trace the call from the top-
most component to the root data source. We examine the return value at each level
to isolate the code that is the cause for the issue.