Professional Documents
Culture Documents
On
Submitted to the
Ms. Simna V S
Project Done by
SHARON MARY P.E
(Reg No: 180011012833)
February –2020
NO DESCRIPTION PAGE
2 Certificate of Organization ii
5 Declaration by Student v
6 Acknowledgement vi
8 Table of Contents ix
KMM COLLEGE OF ARTS AND SCIENCE
THRIKKAKARA, COCHIN – 21
BONAFIDE CERTIFICATE
Certified that the Project Work Entitled
2018-2020
i
ii
KMM COLLEGE OF ARTS AND SCIENCE
THRIKKAKARA, COCHIN – 21
CERTIFICATE
INTERNAL GUIDE
iii
KMM COLLEGE OF ARTS AND SCIENCE
THRIKKAKARA, COCHIN – 21
CERTIFICATE
course
INTERNAL GUIDE
iv
KMM COLLEGE OF ARTS AND SCIENCE
THRIKKAKARA, COCHIN – 21
DECLARATION
I, SHARON MARY P.E, hereby declare that the project work entitled
“DYNAMIC PASSWORD POLICY GENERATION SYSTEM” is an authentic
v
ACKNOWLEDGEMENT
I consider it as a privilege to express my sincere gratitude and respect to all those who
guided and inspired me in the successful completion of this main project work.
I would like to express my sincere thanks to Mrs. Reshmi P.R, HOD, Department of
Computer Science, KMM College of Arts and Science for her valuable advice and support
which have helped me greatly in the accomplishment of the main project.
I sincerely thank my project guide Mrs. Simna V.S, Assistant Professor, KMM College of
Arts and Science, for her consistent guidance and inspiration throughout the period for the
completion of this main project.
I would like to thank all the teaching and non-teaching staff of KMM College of Arts and
Science, for their valuable guidance and suggestions rendered during the main project.
Finally I thank my parents and all my friends for their help, encouragement and moral
support given to me during the course of this work.
vi
EXECUTIVE SUMMARY
To keep password users from creating simple and common passwords, major websites and
applications provide a password-strength measure, namely a password checker. While
critical requirements for a password checker to be stringent have prevailed in the study of
password security, regardless of the stringency, such static checkers can leak information and
actually help the adversary enhance the performance of their attacks. To address this
weakness, the Dynamic Password Policy Generator, namely DPPG, to be an effective and
usable alternative to the existing password strength checker. DPPG aims to enforce an
evenly-distributed password space and generate dynamic policies for users to create
passwords that are diverse and that contribute to the overall security of the password
database. Since DPPG is modular and can function with different underlying metrics for
policy generation, we further introduce a diversity-based password security metric that
evaluates the security of a password database in terms of password space and distribution.
The metric is useful as a countermeasure to well-crafted offline cracking algorithms and
theoretically illustrates why DPPG works well.
The data set contains data fields such as many different types of passwords and its
strength. Based on these data of password and its strength the system can predict whether
the user entered password is strong or weak. Prediction is done by training the system on
dataset. System has only one user, who has central control over the system.
Coming to the existing system. The existing system is static. The static checker set
specific condition to generate a strong password. There will be high chance of leak or theft of
the password which are created by means of static checker. The person those who know the
static password rule can easily steal the password and leak the password.
. This system provides mechanism to check the password strength using machine learning
technique. If the system predict password strength as weak, then system generate some
dynamic policy to generate a strong password. The policy changes every time. The policies
are unknown to users because each time a new policy is created for every user. System
automate the policy generation to generate strong password rather than forcing all users to
create extremely complex passwords, here the focus on the overall strength of the password.
vii
The Dynamic Password Policy Generator, namely DPPG, is an alternative to traditional
password strength checkers.
The system uses TFIDF (Term Frequency Inverse Data Frequency) for its feature
extraction. After the extraction, system splits the data into two parts where one part will
used for testing and another part will be used for training. The splitting up of data is based
on the dataset and mining technique. For performing these processes, system uses naïve
bayes classifier for classification. Using this method, system can classify the data and
using those data system can predict whether the entered password is strong or not.
The proposed system has more accuracy and it is more efficient in predicting the
strength of the password. Data set for the system is large and based on those data; the
system has more accuracy on prediction. The processing of prediction has good accuracy
rate, so the proposed system has better efficiency and accuracy.
Major objective of this project is to provide a new system which can predict the
strength of the password with the help of machine learning. The system can accurately
predict the strength of the password. So, the user can create a new strong password
Our system is developed using waterfall model. Since the dataset gathering is the first
step and more time spent in collecting all the dataset, accuracy of project is well
maintained from the beginning itself. The time limit for the completion of project is
limited and the dataset is the biggest resource that is needed for the development of
project, Waterfall model is justified to be the best in carrying out the project.
The system has developed in Python as front end. It uses Django as the framework.
Minimum OS requirement for the system is windows 7. It needs only 500 GB HDD and
minimum 4 GB RAM.
viii
TABLE OF CONTENTS
NO CONTENTS PAGE
1 Background 1
2 Project Overview 5
2.2 Stakeholders 5
4 System Modelling 11
ix
4.2 Activity Diagram 12
5 System Design 16
5.3 Dataset 18
6 Coding 23
7 Testing 27
x
8.2 Creation of user profiles and access rights 34
9 Transition 36
10 Annexure 39
10.3 References 63
xi
Dynamic password policy generation system
1.BACKGROUND
Text-based passwords have been used widely in both online and offline applications for
decades. Since passwords are personal and portable, they are not likely to be replaced in the
foreseeable future. However, the phenomenon that people choose simple passwords and reuse
common passwords has raised great security concerns as such passwords are vulnerable to
offline cracking attacks. To make things worse, a number of password leak incidents have
happened recently and frequently. Large datasets of leaked passwords can greatly enhance
attacker’s capability in conducting training-based password attacks, thus posing significant
threats on password security.
To keep password users from creating simple and common passwords, major websites and
applications provide a password-strength measuring mechanism, which evaluates the strength
of passwords proactively during user registration. While critical requirements for a password
strength checker to be stringent have prevailed in the study of password security, regardless
of the stringency, such static checkers can leak information and actually help the adversary in
enhance the performance of their attacks. To address this weakness, here the proposed system
is the Dynamic Password Policy Generator, namely DPPG, it is an effective and usable
alternative to the existing password strength checker. DPPG aims to enforce an evenly-
distributed password space and generate dynamic policies for users to create passwords that
are diverse and that contribute to the overall security of the password database. Since DPPG
is modular and can function with different underlying metrics for policy generation, also
there is a diversity-based password security metric that evaluates the security of a password
database in terms of password space and distribution. The metric is useful as a
countermeasure to well-crafted offline cracking algorithms.
The proposed system helps to check the strength of a password using machine learning
technique. The machine learning technique plays an important role in this world. The
Machine learning techniques help to find the password strength using naive bayes classifier.
The existing system is static. The static checker set specific condition to generate a strong
password. There will be high chance of leak or theft of the password which are created by
means of static checker. The person those who know the static password rule can easily steal
the password and leak the password.
checkers can leak information and actually help the adversary enhance the performance of
their attacks. The Existing checkers do not demonstrate effective or uniform
characterization of strong passwords. The password strength checkers simply cannot
demand users to create passwords that are too complex. By defining a set of password
creation policies and showing users password strength scores, password checkers can exert
a strong bias on password characteristics, especially when the policies and scoring
mechanisms remain static. The passwords registered to a database are largely similar to the
specific password patterns enforced by the associated checker. Although password
checkers vary among websites, they inevitably rely on similar rules that focus on specific
password properties. So, a system that overcomes the limitations of the existing system
and it should be developed.
The proposed system can check the password strength using machine learning technique. If
the system predict password strength as weak, then system generate some dynamic policy to
generate a strong password. The policy changes every time. The policies are unknown to
users because each time a new policy is created for every user. System automate the policy
generation to generate strong password rather than forcing all users to create extremely
complex passwords, here the focus on the overall strength of the password. The Dynamic
Password Policy Generator, namely DPPG, is an alternative to traditional password strength
checkers.
DPPG is the first password policy generator that can generate password policies dynamically
according to the current password distribution. Since the policies generated by DPPG are
dynamic and unpredictable, the attacker will find it extremely difficult, and impossible, to
learn the system or the inner password distribution. The policies themselves are in different
formats and only contain information that is ideally contrary to the distribution in the
database, because DPPG always tries to balance the current distribution and expanding
password space. Through the characteristics analysis and the attack-based evaluation, the
password datasets created with DPPG are diverse and relatively robust to training-based
cracking attacks. Furthermore, the usability of DPPG is not sacrificed for dynamic policies
according to our user study, which makes DPPG practical to use. Therefore, DPPG can be a
more secure alternative to current password strength checkers in terms of protecting password
distribution information and preventing crafted training-based offline attack.
The dynamic password policy generator is more efficient than static checker
The DPPG is not time consuming
Only Less man power is required in the DPPG.
The system generate dynamic policy each time.
The DPPG provide high security because of dynamic policy.
2. PROJECT OVERVIEW
Major objective of this project is to provide a new system which can predict the strength
of the passwords entered by the user using the machine learning technique. The Dynamic
Password Policy Generator, namely DPPG, to be an effective and usable alternative to the
existing password strength checker. DPPG aims to enforce an evenly-distributed password
space and generate dynamic policies for users to create passwords that are diverse and that
contribute to the overall security of the password database. Since DPPG is modular and can
function with different underlying metrics for policy generation, DPPG is the first password
policy generator that can generate password policies dynamically according to the current
password distribution. Since no password strength feedback is returned and the policies
generated by DPPG are dynamic and unpredictable, the attacker will find it extremely
difficult, if not impossible, to learn the system or the inner password distribution.
User: The user can enter passwords to the system and check the strength of the entered
password. If the entered password is weak password then the system will generate dynamic
policies for the user to generate a new strong password.
The proposed system can be implemented on any websites or application where password
is required. The proposed system can check the password strength using machine learning
technique. If the system predict password strength as weak, then system generate some
dynamic policy to generate a strong password. The policy changes every time. The policies
are unknown to users because each time a new policy is created for every user. System
automate the policy generation to generate strong password rather than forcing all users to
create extremely complex passwords, here the focus on the overall strength of the password.
It is an alternative to traditional password strength checkers. It aims to enforce an evenly-
distributed password space and generate dynamic policies for users to create passwords that
are diverse and that contribute to the overall security of the password database.
Feasibility study is the initial design stage of any project, which brings together the elements
of knowledge that indicate if a project is possible or not. A feasibility study includes an
estimate of the level of expertise required for a project and who can provide it, quantitative
and qualitative assessments of other essential resources, identification of critical points, a
general timetable, and a general cost estimate
2.4.1.TECHNICAL FEASIBILITY
Technical feasibility study is the complete study of the project in terms of input, processes,
output, fields, programs and procedures. It is a very effective tool for long term planning
and trouble shooting. The technical feasibility study should most essentially support the
financial information of an organization.
As coming to the project, the most essential factor for this system is its data set. The
system predicts the performance based on this dataset. The data set contains data field and
these data field contains many different types of password. Based on these data, the system
can predict whether the password is strong or weak. To train the machine with the dataset,
it may take time depending upon the size of the dataset. If it is larger, the system will be
efficient. For the classifications, system uses naive bias classifier. System will choose
different techniques based on the dataset collected. The system is developed in python. It is
an open source language and it is platform independent. So it is easy to work with it and it
can be implemented anywhere. It is also an open source platform. As taking the above
2.4.2.OPERATIONAL FEASIBILITY
Operational feasibility refers to the measure of solving problems with the help of a new
proposed system. It helps in taking advantage of the opportunities and fulfills the
requirements as identified during the development of the project. It takes care that the
users support the project.
As coming to the project, to work with the system smoothly, it needs a dataset with different
types of combinations of passwords. The different types of classification makes the
prediction more accurate. For such types of calculations, the system needs a large dataset. A
high-performance system is needed for that. If a system with high performance is available,
the system will be operationally feasible. All the operations can be done smoothly and
efficiently.
2.4.3.SCHEDULE FEASIBILITY
A schedule feasibility study will take into account the period in which the project is going
to take up to its completion. A project will fail if it takes too long to be completed before it
is useful. Typically, this means estimating how long the system will take to develop, and if
it can be completed in a given time period using some methods like payback period.
Schedule feasibility is a measure of how reasonable the project timetable is.
As coming to the project, the first step is the data set collection. It needs 4-5 Days as time
duration. After getting the dataset, it must be trained in the system. It is a long process and
it will take some time. The time duration which a system takes is purely depend upon the
system specifications and the size of the dataset. If the dataset is very large and the system
has high performance, time duration for the training will decrease. Otherwise, it will take
more time. For the coding phase, it needs around 40-50 days. Testing phase can take a
week as the time period. So, the overall project can be finished within 3 months.
2.4.4.ECONOMIC FEASIBILITY
Economic feasibility analysis is the most commonly used method for determining the
efficiency of a new project. It is also known as cost analysis. It helps in identifying profit
against investment expected from a project. Cost and time are the most essential factors
involved in this field of study.
As coming to the project, definitely it has some expenditure. The system uses python as
front end. It is open source and it doesn’t need any cost. But, for the development, it needs a
high-performance system. Such systems will have a cost. The system will have a
development cost. But its benefits can surely overcome this cost. The implementation cost
can also be overcome by the benefits. So the system is economically feasible
2.4.5.COST-BENEFIT ANALYSIS
User
There is only one user in the system. The user can input password to see whether the entered
password is strong or weak. This is carried out by using machine learning technique. If the
entered password is weak then system generate some dynamic policy to generate a strong
password. The policy change every time. The policies are unknown to users because each
time a new policy is created for every user. System automate the policy generation to
generate strong password rather than forcing all users to create extremely complex
passwords.
4. SciPy packages: SciPy library is one of the core packages that make up the
SciPy stack. It provides many user-friendly and efficient numerical routines such
5. Testability: If the testability of the software artefact is high, then finding faults
in the system (if it has any) by means of testing is easier.
Use case is a list of actions or event steps typically defining the interactions between a
role (known in the Unified Modeling Language as an actor) and a system to achieve a goal.
The actor can be a human or other external system. In systems engineering use cases are
used at a higher level than within software engineering often representing missions or
stakeholder goals. The detailed requirements may then be captured in the Systems Modeling
Language (SysML) or as contractual statements.
USER:
The user can input password to see whether the entered password is strong or weak
4.SYSTEM MODELLING
result
result
4.4.THEORETICAL BACKGROUND
Python interpreters are available for many operating systems. A global community of
programmers develops and maintains CPython, an open source reference
implementation. A non-profit organization, the Python Software Foundation, manages
and directs resources for Python and CPython development.
As of March 2018, the Python Package Index (PyPI), the official repository for third-
party Python software, contains over 130,000 packages with a wide range of
functionality, including:
Web frameworks
Multimedia
Databases
Networking
Test frameworks
Automation
Web scraping
Documentation
System administration
Scientific computing
Text processing
Image processing
4.4.2. DJANGO
Django is a free and open source web application framework written in Python. A
framework is nothing more than a collection of modules that make development easier.
They are grouped together, and allow you to create applications or websites from an
existing source, instead of from scratch.
This is how websites - even simple ones designed by a single person - can still include
advanced functionality like authentication support, management and admin panels,
contact forms, comment boxes, file upload support, and more. In other words, if you were
creating a website from scratch you would need to develop these components yourself.
By using a framework instead, these components are already built, you just need to
configure them properly to match your site. The official project site describes Django as
"a high-level Python Web framework that encourages rapid development and clean,
pragmatic design. Built by experienced developers, it takes care of much of the hassle of
Web development, so you can focus on writing your app without needing to reinvent the
wheel. It’s free and open source." Django offers a big collection of modules which you
can use in your own projects. Primarily, frameworks exist to save developers a lot of
wasted time and headaches and Django is no different.
Django was created in the fall of 2003, when the web programmers at the Lawrence
Journal- World newspaper, Adrian Holovaty and Simon Willison, began using Python to
build applications. It was released publicly under a BSD license in July 2005. The
framework was named after guitarist Django Reinhardt. In June 2008, it was announced
that a newly formed Django Software Foundation (DSF) would maintain Django in the
future.
5. SYSTEM DESIGN
Preprocessing
Feature extraction
Classification
Training
Testing
Password generation based on dynamic policy (if password is weak)
Pre-processing: The dataset can be used in machine learning techniques. The dataset consist
of available password combinations both strong and weak. The system can learn password
strength based on this available dataset. The pre-processing steps helps to remove unwanted
noises from the dataset and convert it into a format that is understood by the system.
Feature Extraction: The passwords available in the dataset have their own features. The
feature extraction steps helps to gather the features of the password in the given dataset. it
helps to gather the feature of the password like the length ,character combination etc of the
password.
Classification: The classification can be performed using naive bayes classifier. The
classifier can be used to split our dataset for both training and testing. The classifier work
based on probability distribution.
Training: The training process is carried out by using machine learning technique. The
training process makes the system learn new things from the available dataset. The features
of each password can be extracted and learned through the training process. A model file will
be created after training process. The model file include features of password.
Testing: The testing process helps to check whether the given password is strong or not. The
model file can be used to predict whether the password is strong or not.
Password Generation: The weak password can’t be able to produce security. There will be
certain policy to generate a strong password. This module can be used when the password
strength is poor or weak.
The input design is the link between the information system and the user. It comprises the
developing specification and procedures for data preparation and those steps are necessary to
put the data in to a usable form for processing can be achieved by inspecting the computer to
read data from a written or printed document or it can occur by having people keying the data
directly into the system. The design of input focuses on controlling the amount of input
required, controlling the errors, avoiding delay, avoiding extra steps and keeping the process
simple. The input is designed in such a way so that it provides security and ease of use with
retaining the privacy. Input Design considered the following things:
1. Input Design is the process of converting a user-oriented description of the input into a
computer-based system. This design is important to avoid errors in the data input process and
show the correct direction to the management for getting correct information from the
computerized system.
to be free from errors. The data entry screen is designed in such a way that all the
data manipulates can be performed. It also provides record viewing facilities.
3. When the data is entered it will check for its validity. Data can be entered with
the help of screens. Appropriate messages are provided as when needed so that
the user will not be in maize of instant. Thus the objective of input design is to
create an input layout that is easy to follow.
5.3. DATASET
The training data set in Machine Learning is the actual dataset used to train the model
for performing various actions. This is the actual data the ongoing development process
models learn with various API and algorithm to train the machine to work automatically.
First task is to extract the dataset suitable for prediction. For this, we have collected
different passwords. Data set includes passwords and its strength range. The strength
range is labeled as one and two. The weak password is labeled as one and the strong
password is labeled as two. After the extraction of data, then it is trained by the system.
A quality output is one, which meets the requirements of the end user and presents the
information clearly. In any system results of processing are communicated to the users and to
other system through outputs. In output design it is determined how the information is to be
displaced for immediate need and also the hard copy output. It is the most important and
direct source of information to the user. Efficient and intelligent output design improves the
system’s relationship to help user in decision-making.
1. Designing computer output should proceed in an organized, well thought out manner; the
right output must be developed while ensuring that each output element is designed so that
people will find the system can use easily and effectively. When analysis design computer
output, they should Identify the specific output that is needed to meet the requirements.
3. Create document, report, or other formats that contain information produced by the system.
The output form of an information system should accomplish one or more of the following
objectives.
Convey information about past activities, current status or projections of the Future.
Signal important events, opportunities, problems, or warnings.
Trigger an action.
Confirm an action.
Form 1
Form 2
Form 3
Form 4
Form 5
Form 6
6. CODING
It is seen that good quality software and code is not as easy as pie. It requires
consistent efforts and sheer focus of the software development team to meet the
quality goals. This is an essential thing for the software project. The developers are
often seen side-stepping the quality standards when they are required to complete their
tasks in a short span of time.
Coding Standards:
They are a series of procedures that can be defined for a particular programming
language specifying a programming style, the methods, & different procedures. These
procedures can be for various aspects of the program written in that language. They
can be considered as essential attributes of software development. A coding standard
makes sure that all the developers working on the project are following certain
specified guidelines. The code can be easily understood and proper consistency is
maintained.
Consistency has a positive impact on the quality of the program and one should
maintain it while coding. Also, it should be taken care that the guidelines are
homogeneously followed across different levels of the system and they do not
contradict each other. The finished program code should look like that it has been
written by a single developer, in a single session.
Why coding standards are important?
If the coding standards are not defined, developers could be using any of their own
methods, which might lead to certain negative effects such as:
Security Concerns
Software becomes vulnerable to attacks if it is inconsistent, contains bugs and errors
in logic. Most of the aforementioned problems arise due to the faulty programming
code that might have resulted from poor coding practices.
Performance Issues
Poor coding has an adverse effect on the performance of the site. The performance
issues comprise a multitude of things like when the user is interacting with the site,
server response issues, reusability & flow of the code, etc.When the coding standards
are implemented, these problems can be easily overcome giving you a secure site with
minimum or no performance issues. While formulating a code, the following should
be kept in mind The code should be easy to be read, for this:Try to define different
sections of the code by segmenting blocks of code into a paragraph Make use of
indentation for indicating the start and end of the control structures along with a clear
specification of where the code is between them There should be consistency in the
naming convention of the variables throughout the code. Also, the data should be
described that is there in the code Name the functions according to what they perform
The code should be such that one should be able to understand it even after returning
to it after some time gap, without that person having to look at every line of it
Follow a specific method for commenting on the work
The language functions that are complex or the structure that is difficult to be
comprehended should be avoided There are many advantages to the following coding
standards while coding the software.
Error handling helps in handling both hardware and software errors gracefully and helps
execution to resume when interrupted. When it comes to error handling in software, either the
programmer develops the necessary codes to handle errors or makes use of software tools to
handle the errors. In cases where errors cannot be classified, error handling is usually done
with returning special error codes. Special applications known as error handlers are available
for certain applications to help in error handling. These applications can anticipate errors,
thereby helping in recovering without actual termination of application.
Logical errors
Generated errors
Compile-time errors
Runtime errors
As errors could be fatal, error handling is one of the crucial areas for application designers
and developers, regardless of the application developed or programming languages used. In
worst-case scenarios, the error handling mechanisms force the application to log the user off
and shut down the system.
Python has many built-in exceptions which forces your program to output an error when
something in it goes wrong.
When these exceptions occur, it causes the current process to stop and passes it to the calling
process until it is handled. If not handled, our program will crash.
The mechanism used to pass parameters to a procedure (subroutine) or function. The most
common methods are to pass the value of the actual parameter (call by value), or to pass the
address of the memory location where the actual parameter is stored (call by reference). The
latter method allows the procedure to change the value of the parameter, whereas the former
method guarantees that the procedure will not change the value of the parameter. Other more
complicated parameter-passing methods have been devised, notably call by name in Algol 60,
where the actual parameter is re-evaluated each time it is required during execution of the
procedure.
Validation is an automatic check to ensure that data entered is sensible and feasible.
Validation cannot ensure data is accurate.
When programming, it is important that you include validation for data inputs. This stops
unexpected or abnormal data from crashing your program and prevents you from receiving
impossible garbage outputs.
7. TESTING
A test case is a document that has a set of test data predictions and expected results and post
conditions, devloped for a perticular test scenario in order to varify complaince against a
specific requirement Test case acts as starting point of test execution and after applying a set
of input values, the application has a definitive outcome and leaves the system at some point
or also known as execution post condition
Following is the basic test cases use in this project testing
Enter password Weak Password Weak password Strong password Failed Code is not
message working
properly
Testing is a process of executing a program with the aim of finding error. To make our
software perform well it should be error free.If testing is done successfully it will remove all
the errors from the software.The system undergoes experimental testing so as to check that
the system does not fail i.e. to check whether the required system is running according to
specification and user expectation. System testing also tests to find discrepancies between the
system and its original objective, current specification and systems documentation
7.1.1.TEST TYPES
The basic levels are unit testing, integration testing, system testing and acceptance testing.
These different levels of testing attempt to detect different types of faults.
The different levels of testing are as follows:
7.1.2.UNIT TESTING
Unit testing include focuses at the very lowest level of software design. Modules are tested
separately. Unit testing is essential for verification of the code produced during the coding
phase, and hence the goal is to test the internal logic of the modules
We have tested the code of each activity that contains various events of objects for various
test cases. For each unit we made sure that the results produced are accurate and not found
any abnormal conditions in our project.
In this testing we test each modules individually and are tested separately for each functions
and methods . After this testing it was clear that satisfactory as regard to the expected output
from the module.
7.1.3.INTEGRATION TESTING:
Integration testing involves bottom – up integration, top – down integration and sandwich
integration strategy. Bottom up integration the traditional strategy used to integrate the
components of software system into a functioning whole.
Top – down integration starts with the main routine and one or two immediate subroutines in
the system structure. Sandwich integration is predominantly top-down, but bottom-up
techniques are used in some modules and sub systems.
Integration testing ensured that the model is able to uncover errors with the interface. For
integration testing sample data were used and the results were satisfactory. The integration
testing checks the overall system performs.
The Model is working efficiently and user-friendly no complexity is seen while the testing. In
this phase each and every module of the system is tested with all the possible inputs. And the
whole system is tested finally.
7.1.4.SYSTEM TESTING:
Acceptance testing involves planning and execution of functional tests, performance tests and
stress tests in order to demonstrate the implemented system satisfies its requirements.
Model we created are satisfying the user need, confirm to its requirements and design
satisfaction and exhibits an absence of errors.
White Box testing, sometimes called glass box, is a test case design method that uses the
control structure of the procedural design to derive test cases. Using white box testing
methods, we can derive test case that
Guarantee that all independent paths with a module have been exercised at least once.
Exercise all logical decisions on their true and false sides.
Execute all loops at their boundaries and within their operational bounds.
Exercise internal data structures to ensure their validity.
Through this testing each module are individually tested and examine that each module work
correctly. In each activity, there were loops and that loops are also individually tested.
Black box testing focuses on the functional requirements of the software. That is, black box
testing enables the software engineer to derive sets of input conditions that will fully exercise
all functional requirements for a program.
Black Box testing is not an alternative to white box testing. Rather it is a complementary
approach that is likely to uncover a different class of errors than white box method.
System Validation
Validation testing can be defined in many ways, but a simple definition is that validation
succeeds when the software function is in a manner that is reasonably expected by the
customer. The process of evaluating software during the development process or at the end of
the development process to determine whether it satisfies specified business requirements.
Validation Testing ensures that the product actually meets the client's needs. It can also be
defined as to demonstrate that the product fulfills its intended use when deployed on
appropriate environment.
def index(request):
return render(request,'index.html',{})
def check_password(request):
try:
symbol = 0
lower = 0
upper = 0
number = 0
count = 0
password = []
paswd=request.POST.get("password")
print("password",paswd)
NaiveBayes_Model = joblib.load('NaiveBayes_Model.joblib')
print("model loaded")
pass_word = [paswd]
NaiveBayes_Test = NaiveBayes_Model.predict(pass_word)
print("tested output",NaiveBayes_Test)
output=NaiveBayes_Test[0]
if output==1:
out="Weak"
length = random.randrange(6,10)
length = 128 if length is '' else int(length)
while count < length:
rand = random.randint (0,3)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
word = "".join([chr(c) for c in password])
## print("generated password",word)
elif output==2:
out="Strong"
word="Strong Password"
else:
out="Weak"
#randomly select ascii character classes and individual characters
length = random.randrange(6,10)
length = 128 if length is '' else int(length)
while count < length:
rand = random.randint (0,3)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
#convert ascii code to characters
word = "".join([chr(c) for c in password])
print("########################")
print("generated password",word)
print("output label",out)
return render(request,'index.html',{'out':out,'passw':word})
return render(request,'index.html',{})
Database security refers to the various measures organizations take to ensure their databases
are protected from internal and external threats. Database security includes protecting the
database itself, the data it contains, its database management system, and the various
applications that access it. Organizations must secure databases from deliberate attacks such
as cyber security threats, as well as the misuse of data and databases from those who can
access them.
Security concerns for internet-based attacks are some of the most persistent challenges to
database security. Hackers devise new ways to infiltrate databases and steal data almost daily.
Organizations must ensure their database security measures are strong enough to withstand
these attacks.
Some of these cyber security threats can be difficult to detect, like phishing scams in which
user credentials are compromised and used without permission. Malware and ransomware are
also common cyber security threats.
Another critical challenge for database security is making sure employees, partners, and
contractors with database access don’t abuse their credentials. These exfiltration
vulnerabilities are difficult to guard against because users with legitimate access can take data
for their own purposes. Organizations must also make sure users with legitimate access to
database systems and applications are only privy to the information they need for work.
Otherwise, there’s greater potential for them to compromise database security.
User, role, and access management are three different types of permissions commonly found
within project management software. Permissions determine what information users can view
and edit within the software.flexible and customizable permissions allow you to maintain the
appropriate balance of collaboration and control,
User management allows you to manage permissions at the level of an individual user. user
management enables you to select exactly what users can see and edit.
In this project the is no limit in access rights and permission for Users The users can create
and maintain interaction with all segments in the application
9.TRANSITION
The implementation phase of the software development is concerned with translating design
specification into source code. The user tests the developed system and changes are made
according to their needs. Our system has been successfully implemented. Before
implementation several tests have been conducted to ensure that no errors are encountered
during the operation. The implementation phase ends with an evaluation of the system after
placing into the operation for a period of time.
The process of putting the developed system in actual use is called system implementation.
This includes all those activities that take place to convert from old system to new system.
The system can be implemented only after testing is done and is found to be working to
specifications. The implementation stage is a systems project in its own right. The
implementation stage involves following tasks:
Careful planning.
Investigation of system and constraints.
Design of method to achieve change over.
Evaluation of the changeover method.
9.2.SYSTEM MAINTENANCE
In the case of this system, the accuracy and efficiency can be improved according to the
changing technologies. The User Interface can also be changed into more user friendly one.
Some more features can be added to the system for its simplicity and efficiency. To use the
system easily by the users, developers provided a user manual with the system. It includes
how to use the system to use its several process For the purpose of convenience, maintenance
may be categorized into three classes they are:
9.2.1.CORRECTIVE MAINTENANCE
This type of maintenance implies removing errors in a program, which might have kept in the
system due to faulty design or wrong assumption.
9.2.2.ADAPTIVE MAINTENANCE
In adaptive maintenance program functions are changed to enable the information system to
satisfy the information needs of the user.
9.2.3.PERFECTIVE MAINTENANCE
In perfective maintenance means adding new programs or modifying the existing programs to
enhance the performance of the information system. This type of maintenance under taken to
respond to user addition needs which may be due to the changes within or outside of the
organization.
10 ANNEXURE
Terms Definition
NumPy It is a library for the Python programming language,
adding support for large, multi-dimensional arrays
and matrices, along with a large collection of high-
level mathematical functions to operate on these
arrays.
def index(request):
return render(request,'index.html',{})
def check_password(request):
try:
symbol = 0
lower = 0
upper = 0
number = 0
count = 0
password = []
paswd=request.POST.get("password")
print("password",paswd)
NaiveBayes_Model = joblib.load('NaiveBayes_Model.joblib')
print("model loaded")
pass_word = [paswd]
NaiveBayes_Test = NaiveBayes_Model.predict(pass_word)
print("tested output",NaiveBayes_Test)
output=NaiveBayes_Test[0]
if output==1:
out="Weak"
#randomly select ascii character classes and individual characters
length = random.randrange(6,10)
length = 128 if length is '' else int(length)
while count < length:
rand = random.randint (0,3)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
#convert ascii code to characters
word = "".join([chr(c) for c in password])
## print("generated password",word)
elif output==2:
out="Strong"
word="Strong Password"
else:
out="Weak"
#randomly select ascii character classes and individual characters
length = random.randrange(6,10)
length = 128 if length is '' else int(length)
while count < length:
rand = random.randint (0,3)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
#convert ascii code to characters
word = "".join([chr(c) for c in password])
print("########################")
print("generated password",word)
print("output label",out)
return render(request,'index.html',{'out':out,'passw':word})
return render(request,'index.html',{})
import random
def index(request):
return render(request,'index.html',{})
def check_password(request):
try:
symbol = 0
lower = 0
upper = 0
number = 0
count = 0
password = []
paswd=request.POST.get("password")
print("password",paswd)
NaiveBayes_Model = joblib.load('NaiveBayes_Model.joblib')
print("model loaded")
pass_word = [paswd]
NaiveBayes_Test = NaiveBayes_Model.predict(pass_word)
print("tested output",NaiveBayes_Test)
output=NaiveBayes_Test[0]
if output==1:
out="Weak"
length = random.randrange(6,10)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
## print("generated password",word)
elif output==2:
out="Strong"
word="Strong Password"
else:
out="Weak"
length = random.randrange(6,10)
if rand == 0:
lower += 1
b = int(random.randint (97,123))
password.append(b)
elif rand == 1:
upper += 1
b = random.randint (65,91)
password.append(b)
elif rand == 2:
number += 1
b = random.randint (48,58)
password.append(b)
elif rand == 3:
r = random.randint(0,2)
symbol += 1
if r == 0:
b = random.randint (33,48)
password.append(b)
elif r == 1:
b = random.randint (91,97)
password.append(b)
elif r == 2:
b = random.randint (123,126)
password.append(b)
count += 1
print("########################")
print("generated password",word)
print("output label",out)
return render(request,'index.html',{'out':out,'passw':word})
import pandas as pd
data = pd.read_csv('training.csv')
classifier_model = Pipeline([
('tfidf', TfidfVectorizer(analyzer='char')),
('bernoulliNB',BernoulliNB()),
])
import pandas as pd
data = pd.read_csv('training.csv')
classifier_model = Pipeline([
('tfidf', TfidfVectorizer(analyzer='char')),
('bernoulliNB',BernoulliNB()),
])
classifier_model.fit(features, labels)
# Training Accuracy
joblib.dump(classifier_model, 'NaiveBayes_Model.joblib')
classifier_model.fit(features, labels)
# Training Accuracy
joblib.dump(classifier_model, 'NaiveBayes_Model.joblib')
return render(request,'index.html',{})
{% load staticfiles %}
<!DOCTYPE html>
<html>
<head>
<title>Password Strength</title>
<link href="{% static 'css/bootstrap.css' %}" rel='stylesheet' type='text/css' />
<link href="{% static 'css/style.css' %}" rel='stylesheet' type='text/css' />
<meta name="viewport" content="width=device-width, initial-scale=1">
<script type="application/x-javascript"> addEventListener("load", function() {
setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); }
</script>
<script src="{% static 'js/jquery-1.11.0.min.js' %}"></script>
<link rel="stylesheet" href="{% static 'css/flexslider.css' %}" type="text/css" media="screen"
/>
<script src="{% static 'js/modernizr.js' %}"></script>
<!--Start-smoth-scrolling-->
<script type="text/javascript" src="{% static 'js/move-top.js' %}"></script>
<script type="text/javascript" src="{% static 'js/easing.js' %}"></script>
<script type="text/javascript">
jQuery(document).ready(function($) {
$(".scroll").click(function(event){
event.preventDefault();
$('html,body').animate({scrollTop:$(this.hash).offset().top},1000);
});
});
</script>
<!--end-smoth-scrolling-->
<!--animated-css-->
</ul>
</div>
<div class="banner">
<div class="slider">
</div>
<div
class="content-right">
<h3>CESTIBULUM AUCT</h3>
<P>Praesent dapibus,
neque id cursus fauci-bus, tortor neque egestas augue,euin vulputate magna eros lipsum</P>
<a href="#">MORE</a>
-->
</div>
<div class="clearfix"> </div>
</div>
</div>
<div class="col-md-4">
<div class="content-grids">
<div class="content-left">
<span class="cnt2"> </span>
</div>
<div class="content-right">
</div>
</div>
<div class="clearfix"> </div>
</div>
</div>
</div>
<div class="project">
<div class="container">
<div class="project-1 clock wow bounceIn" id="services">
<!-- <h3>MORBI IN SEM LOREM PLACERAT</h3> -->
<P style="position: relative;right: 15%;">Check Your Password Strength</P>
<form action="{% url 'check_password' %}" method="post">{% csrf_token %}
<input type="text" size="30px" name="password" value="Enter Your Password..."
onfocus="this.value = '';" onblur="if (this.value == '') {this.value = 'Enter Your
Password...';}">
</form>
</div>
</div>
</div>
<!--Responsive-tabs-Starts-Here-->
<div class="responsive-tabs" id="project">
<div class="container">
<div class="tabs-box clock wow bounceIn">
<!-- <ul class="tabs-menu">
<li><a href="#tab1"><img src="{% static 'images/f.png' %}"
alt="">SED EGEST ASTEET</a></li>
<li><a href="#tab2"><img src="{% static 'images/d.png' %}"
alt="">MORBI INTERDUM</a></li>
<li><a href="#tab3"><img src="{% static 'images/u.png' %}"
alt="">MORBI INTERDUM</a></li>
</ul> -->
<div class="clearfix"> </div>
<div class="tab-grids">
{% if out == "Weak" %}
<p style="font-weight: bold;font-size: 25px;position: relative;
left: 40%;">{{out}} Password</p>
<p id="passwd" style="font-weight: bold;font-size: 25px;position: relative;
left: 40%;">Generated Password: {{passw}}</p>
{% elif out == "Strong" %}
<!-- <p>{{out}} Password</p> -->
<p id="passwd" style="font-weight: bold;font-size: 25px;position: relative;
left: 40%;">{{passw}}</p>
{% elif out == "Nothing" %}
{% endif %}
adipiscing, commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor.
Sed semper at felis lorem ipsum dolor.</p>
</div> -->
<div class="clearfix"> </div>
</div>
<!-- <div id="tab3" class="tab-grid">
<div class="col-md-6 line1">
<img src="{% static 'images/melt.jpg' %}"
alt="">
<p>Sed egestas, ante et vulputate volutpat, eros
pede semper est, vitae luctus metus libero eu augue. Morbi purus libero, faucibus adipiscing,
commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor. Sed semper
lorem at felis lorem ipsum dolor.</p>
</div>
<div class="col-md-6 line2">
<img src="{% static 'images/beef.jpg' %}" alt="">
<p>Lorem egestas, ante et vulputate volutpat,
eros pede semper est, vitae luctus metus libero eu augue. Morbi purus libero, faucibus
adipiscing, commodo quis Gravida id, est. Sed lectus. Praesent elementum hendrerit tortor.
Sed semper at felis lorem ipsum dolor.</p>
</div>
<div class="clearfix"> </div>
</div> -->
</div>
</div>
</div>
<!--Script-->
<script src="{% static 'js/jquery-1.11.0.min.js' %}"></script>
<script src="{% static 'js/myscript.js' %}"> </script>
` <!--Script-->
</div>
<!--Responsive-tabs-ends-Here-->
<!-- <div class="contact" id="contact">
<div class="container">
</div>
<div class="contact-right1">
<h4>@amanda</h4>
<p>Morbi interdum mollis sapien sed
ac risus. Phasellus lacinia</p>
</div>
<div class="clearfix"> </div>
</div>
<div class="contact-grid1">
<div class="contact-left1">
<a href="#"><img src="{% static 'images/twitter.png' %}" alt=""></a>
</div>
<div class="contact-right1">
<h4>@peter</h4>
<p>Morbi interdum mollis sapien sed ac
risus. Phasellus lacinia</p>
</div>
<div class="clearfix"> </div>
</div>
</div>
<div class="col-md-6 contact-top3">
<h3>QUICK CONTACT</h3>
<iframe
src="https://www.google.com/maps/embed?pb=!1m14!1m12!1m3!1d30912.73175219394!2
d79.98639619999999!3d14.4218904!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!5e0!3m2!1
sen!2sin!4v1410591500477" width="600" height="450" frameborder="0" style="border:0">
</iframe>
<h4>Address</h4>
<p>Building name, some street name, some city name, country</p>
<a href="mailto:info@example.com">info@sitename.com / (000)
888 888 8888</a>
</div>
<div class="clearfix"> </div>
</div>
</div>
</div> -->
<div class="footer">
<div class="container">
<div class="footer-text">
<p> Maintained By<a
href="#">Admin</a></p>
</div>
</div>
<a href="#home" id="toTop" class="scroll"
style="display: block;"> <span id="toTopHover" style="opacity: 1;"> </span></a>
</div>
</body>
</html>
10.3 REFERENCES
Shukun Yang, Member, IEEE, Shouling Ji, Member, IEEE, and Raheem Beyah,
Senior Member, IEEE “Password Strength Analysis And Dynamic Policies”
Python: The Complete Reference Book by Martin C. Brown
The Definitive Guide to Django :Web Development Done Right . Book by
Adrian Holovaty and Jacob Kaplan-Moss
https://www.geeksforgeeks.org
https:// www.programiz.com
https:// /www.tensorflow.org