Вы находитесь на странице: 1из 4

5.

4 Security Issues:

1) Validation of input and output data:


All data used by the website (from users, other servers, other websites and internal systems) must be validated for type (e.g. numeric, date, string), length (e.g. 200 characters maximum, or a positive integer) and syntax and business rules All data written as output (displayed) needs to be safe to view in a browser, email client or other software and the integrity of any data that is returned must be checked. Utilizing Asynchronous JavaScript and AJAX control increase complexity and the possible attack vectors.

2) Direct data access:


If data exists, it can potentially be viewed or extracted. Avoid storing data that you do not need on the website and its database. Poorly developed systems may allow access to data through insufficient input and output data validation or poor system security.

3) Authentication and session management:


Websites rely on identifying users to provide access permissions to data and functions. If authentication (verification of identity, registration and logging in), authorization (granting access rights) and session management (keeping track of the identity of a logged in user while they browse a website) can be altered, a user could access resources they are not allowed to. Beware especially of how password reminders, change password, log out and updating account details are handled, how session tokens are used and always have login forms on dedicated Pages.

4)

System architecture and configuration:


The information system architecture model should address the sensitivity of data identified during the requirements and specification phase of a website. This may having separate web, application and database servers, load balancing or virtualization. Additional security issues can be created through the way the live environment is configured. Sufficient and safe logging, monitoring and alerting facilities need to be built in to allow audit.

5) System information leakages:


Web servers, errors, staff, partner organizations, search engines and rubbish can all be the source of important information about your website - its technologies, business logic and security methods. An attacker can use such information to their advantage so it is important to avoid system information leakage as far as possible.

6) Error handling:
Exception such as user data validation messages, missing pages and server errors should be handled by the code so that a custom page is displayed that does not provide any system information to the user. Logging and alerting of unusual conditions should be enabled and these should allow subsequent audit.

5.5 Quality / Reliability Measures:


To produce High quality software is a goal to develop the software with all kinds of the satisfaction with user, cost and assurance, and also with the developers. If requirement is not consider or gathered properly then the lack of the adaption or conformation to requirement is also lack of quality. So to build quality software first we define and consider the meaningful and useful requirement. To develop quality software we must compare our software with some known data. So for that we measure our software in 3 different divisions. 1) Software Operation 2) Software Revision 3) Software Transition

1) Software Operation:
In these we define the quality with correction, reliability, usability, efficiency, and integrity. In our system there are many different modules and sub modules are exists and to manage their quality we follows all above factors. Correction: If any changes occurred in our modules then we easily correct them. So the qualities of those modules become as usual and not decrease. Integrity: If all modules are complete successfully then we integrate them and manage the quality of all those modules.

2) Software Revision:
In these we concerned with those aspects related to modification of the program such as maintainability, testability.

3) Software Transition:
It deals with quality factors like portability, interoperability and reusability. Interoperability: is the effort required to couple the system with other system and the relation of two modules.

Reusability: is the extent to which parts of software can be reused in other related application.

Quality in different views: When any software is develop, developers consider two main views for software quality. 1) Quality with user satisfaction:
If user satisfied with all requirements of the product and accept the system with no any excuses then we can save that our software has good quality and ratability. To work on the user satisfaction we consider the following aspect.

2) Quality with product cost:


Costs of quality are conducted to provide a baseline for the current cost of the product and identify opportunities for reducing the cost of the product. In which we reduce unnecessary modules and division.

For example:
In our system we used many modules (Admin information, user information), if when these two modules are different then we maintain these individually, correct them individually, all cost related to the quality and function for all modules are increased. So we combine above two modules into a one single module. Therefore all cost of the module is decreases and the quality of the cost is increases.