Scribd Logo
Cargar

¡Te damos la bienvenida a Scribd!

  • 9 System Analysis

    Cargado por

    kpramyait
    45 vistas4 páginas
    System Analysis

    Derechos de autor

    © © All Rights Reserved

    Formatos disponibles

    DOCX, PDF, TXT o lea en línea desde Scribd

    ¿Le pareció útil este documento?

    ¿Este contenido es inapropiado?

    Denunciar este documento
    System Analysis

    Copyright:

    © All Rights Reserved
    Descargue como DOCX, PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    45 vistas4 páginas

    9 System Analysis

    Cargado por

    kpramyait
    System Analysis

    Copyright:

    © All Rights Reserved
    Descargue como DOCX, PDF, TXT o lea en línea desde Scribd
    Marcar por contenido inapropiado
    de 4

    12

    CHAPTER 3
    SYSTEM ANALYSIS AND DESIGN

    3.1 PROBLEM DEFINITION


    The increased volume of transaction and communication over the World
    Wide Web in industries like banking, insurance, healthcare, travel and many others has
    triggered a number of unprecedented security issues. Most web applications today are
    susceptible to attacks ranging from unauthorized access, movement, alteration or deletion
    of files, virus attacks, and thefts of data. The use of perimeter defenses like firewalls, antiviruses and the likes are insufficient. Because of this, industries are seeking for more
    comprehensive security measures that can be incorporated in their web applications. There
    are people out there whose only intention is to break into computer systems and networks
    to damage them, whether it is for fun or profit. These could be novice hackers who are
    looking for a shortcut to fame by doing so and bragging about it on the internet. These
    could also be a group of organized criminals who work silently on the wire. They dont
    make noise but when their job is done, it reflects into a huge loss for the organization in
    question not to mention a huge profit for such criminals.
    3.2 EXISTING SYSTEM
    With so many techniques and so many approaches to testing the security of
    web applications, it can be difficult to understand which techniques to use and when to use
    them. Experience shows that there is no right or wrong answer to exactly what techniques
    should be used to build a testing framework. The fact remains that all techniques should
    probably be used to ensure that all areas that need to be tested are tested. What is clear,
    however, is that there is no single technique that effectively covers all security testing that
    must be performed to ensure that all issues have been addressed. Many companies adopt
    one approach, which has historically been penetration testing. Penetration testing, while

    13

    useful,cannot effectively address many of the issues that need to be tested, and is simply
    too little too late in the softwaredevelopment life cycle (SDLC). there are times
    andcircumstances where only one technique is possible; for example, a test on a web
    application that has already beencreated, and where the testing party does not have access
    to the source code.
    3.2.1 Disadvantages of Existing System

    Testing in initial or end of product development

    Does not use all available security features

    Inefficient

    Does not find all vulnerabilities

    Use only known vulnerabilitiesfor testing

    3.3 PROPOSED SYSTEM


    An inclusion of defense which will evidently reduce vulnerabilities in web
    applications is seen to be in the development lifecycle of the application itself. Developers
    need to learn and examine the vulnerabilities that could possibly occur in web applications
    so that precautionary measures can be adopted in the implementation stage. The proposed
    system serves as an elementary guideline for all those involved in the applications
    development process and more importantly designs and formulates a set of secure coding
    policies and guidelines as pro-active remediation strategies to strengthen the security of
    web applications.
    Beside that implement SDLC methodology to design a new production
    sample web site and testing the academy website which recently hosted and published. The
    balanced approach includes several techniques, from manual interviews to technical
    testing. The balanced approach is sure to cover testing in all phases of the SDLC. This
    approach leverages the most appropriate techniques available depending on the current
    SDLC phase. A balanced approach varies depending on many factors, such as the maturity

    14

    of the testing process and corporate culture. Fig 3.1 shows the proposed System
    Architecture.
    3.3.1 Advantages of Proposed System

    Testing covers all phases of Software Development

    Developers or analysist must aware of web application vulnerabilities

    Finds all security weakness while development

    Removes all kinds of vulnerabilities by combining the different techniques.

    The Testing Generated by different techniques has high secured function.

    3.4SYSTEM ARCHITECTURE

    Fig.3.1 Proposed System Architecture

    15

    3.5 SYSTEM REQUIREMENTS

    Software Requirements
    Software

    -> JDK 5, JavaEE & HTML

    Server

    -> GlassFish 3.0

    IDE

    -> NetBeans 6.9.1

    OS

    -> Windows XP

    Hardware Requirements
    RAM

    ->2GB

    Processor

    -> Pentium Dual Core

    Hard Disk

    -> 160GB

    También podría gustarte