Scribd Logo
Upload

Welcome to Scribd!

  • 6044 Source Textbook

    Uploaded by

    Wesley Haripo
    17 views58 pages
    Good book

    Original Title

    6044 SOURCE TEXTBOOK

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Good book

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    17 views58 pages

    6044 Source Textbook

    Uploaded by

    Wesley Haripo
    Good book

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 58
    Software Engineering Software engineering (SE) is concemed with developing and maintaining software systems that; behave reliably and efficiently, are affordable to develop and maintain, and satisfy all the requirements that customers have defined for them. Tris important because of the impact of large, expensive software systems and the role of software in safety-critical applications. Ir integrates significant mathematics, computer science and practices whose origins are in engineering, Software engineer A software engineer isa licensed professional engineer who is schooled and skilled in the application of engineering discipline to the creation of software. A software engineer is often confused with a programmer, but the two are vastly different How many of your meetings this year have overrun or finished without any clear action being agreed? + How mmch time have you sat in meetings wondering why you were there and what time you can leave without it looking too bad? Or worse, ow much time have you spent on conference calls only half listening ‘while doing your emails or playing Candy Crush? Page 23 of 58 + Being able to sense when a meeting is going off the rails and people aren’t paying attention is a key skill for project managers. + It’s helped by sticking to the agenda but it’s also about being able to read the body language of people in the room to check that you are getting through the material quickly and comprehensively. + Don't let 2015 become another year of wasted time in meeting rooms. 14, Business Case Writing * With the ongoing focus ou delivering business value, being able to write a business case (or atleast contribute one) will be a good skill to have. Get hold of some templates so that when you are asked to finalise a business case or review one you know what should be included. + Find some business cases from past projects and evaluate what you would do sifferently. * And make sure that your next project actually has a business case —that’s @ good start! 1S. A Sense of Humour ‘The end of 2014 has been a frantic rush to get everything done before the IT change freeze, people’s holidays, the end of the financial year and what seems like a hundred other deadlines. + Getting through it has largely relied on a good sense of humour and the goodwill of colleagues prepared to pick up the slack or wait another 24 hours. * Ican’t see that changing in 2015. An ability to see the funny side of project ‘management will keep you on an even Keel during the next 12 months Now you have read the list which of these skills will you work on as a priority during 2015? Let us know in the comments and good luck in your project management career this year Characteristics of software projects We spend a lot of time examining software project failures but it’s equally important to imderstand why some projects succeed. Here's a short list. 1. Commitment. The business stakcholders and the technologists are committed to the project — not just at the outset but throughout. This takes intense collaboration. There is also an ‘executive sponsor or champion — someone with the authority to make things happen. (If there is a clicnt-consultant relationship, this is doubly important.) 2. People. The right team is assembled. There is an appropriate mix of senior, midclevel and junior people. The skill ses are also mixed and complimentary. Everyone understand their role ‘and how it fits into the project. Most importantly, there is a cote group of exceptional people ‘who are capable of leading the project both administratively and technically. 3. Goals. The project has clear goals that everyone understands and accepts. This includes the ctitical dates that the team has to hit. The scope of the project is narrow enough for everyone to ‘comprehend and cmbrace yet wide enough to deliver valuc to the business. The constraints placed on the project are reasonable and realistic. 4, Communication. Frequent and open communication is encouraged. Everyone is willing to share information and thus everyone knows what's going on. Whenever the team reaches a zilestone or achieves a major successfal outcome, everyone celebrates, 5. Foeus. The team is focused on geting the project done, They are not distracted by cultural. hhicrarchical and bureaucratic barriers. They use informal contacts and relationships to make things happen. Page 24 of 58 6. Learning, Everyone has the opportunity to learn and grow curing the course ofthe project. ‘They are encouraged to test and experiment. When mistakes are made, they are leveraged as Teaming opportunities. Change. The team deals with change effectively. That means they don't try to block change ‘but they don’t throw the doors wide open and allow anything to change any time. They find a ‘middle ground and accept change as an opportunity to leam and improve the final result. 8. Environment. The team has the right environment for getting the job done. This covers ‘everything from office space to desks and chairs to software development tools Software Crisis/Failure A software crisis is a mismatch between what software can deliver and the capacities of computer systems, as well as expectations of their users. Software crisis is aterm used in the early days of eomputing science for the difficulty of writing useful and efficient computer programs in the required time. Reasons of Software Crisis Projects running overcbudgct Projects running over-time Software was very inefficient Software was of low quality Software often did not mest requirements Projects were unmanageable and code dificult to maintain Software was never delivered sn software developers and users Lack of communication bet Increase in size of software. cost of developing a software, + Increased complexity of the problem area, + Project management problem. + Lack of understanding of the problem and its environment. ‘+ Duplication of efforts due to absence of automation in most of the software development activities, ‘+ High optimistic estimates regarding software development time and cos + Increase i Project Planning Project planning is part of project management, which relates to the use of schedules such as Gantt charts to plan and subsequently report progress within the project environment. Project Plan A project plan, according to the Project Management Body of Knowledge (PMBOR), is: formal, approved document used to guide beth project execution and project control The primary uses of the project plan are to document planning assumptions and decisions, ‘ciliate communication amona project stakeholders, and document approved scope, cost, and schedule baselines Page 25 of 58 Characteristics of Project Plans a + ar- oo -_s + A project plan can be considered to have five key characteristies that have to be managed: Scope: defines what will be covered in a project. Resource: what can be used fo meet the scope. Time: what tasks are to be undertaken and when, Quality: the spread or deviation allowed from a desired standard. Risk defines in advance what may happen to drive the plan off course, and what will be done to recover the situation. rs Contents Of Project Plan ‘The project plan typically covers topies used in the project exeeution system and includes the following ‘main aspects: ‘Scope management ‘Reguisements management Schedile management Financial management ‘Quality management Resource management Stakeholder management ~ New from PMBOK S44 (Communications management Project change management Risk management PROJECT PLANNING A STEP BY STEP GUIDE Step 1: Project Goals Page 26 of 58 + A project is successful when it has met the needs of the stakeholders. A stakeholder is anybody directly, or indirectly impacted by the project. “ Asa first step, it is important to identify the stakeholders in your project. It is not always easy to determine the stakeholders of a project, particularly those impacted indirectly. Examples of stakeholders are: + The project sponsor + The customer who receives the deliverables + The users of the project output + The project manager and project team + Once you understand who the stakeholders are, the next step is to find out their needs. + The best way to do this is by conducting stakeholder interviews. Take time during the interviews to draw out the requirements that create real benefits. Sometimes stakeholders will talk about needs that aren't relevant and don't deliver benefits. These can be recorded and set as a low priority. + The next step, once you have conducted alll the interviews and have a comprehensive list of needs is to prioritise them. + From the prioritised list, create a set of easily measurable goals. A good technique for doing this is to review them against the SMART principle. + This way, the achievement of the goal will be easy to identify. + Once you have established a clear set of goals, they should be recorded in the project plan. * Itcan be usefill also to include the needs and expectations of your stakeholders. oo + Now you have completed the most difficult part of the planning process; it's time to move on and look at the project deliverables Step 2: Project Deliverables Page 27 of 58 + Using the goals you have defined in step 1, create a list of things the project needs to deliver to meet those goals. Specify when and how to deliver each item. + Add the deliverables to the project plan with an estimated delivery date, You will establish more accurate delivery dates during the scheduling phase, which is next Step 3: Project Schedule + Create a list of tasks that need to be carried out for each deliverable identified in step 2. For each task determine the following + The amount of effort (hours or days) required for completing the task + The resource who will carry out the task % Once you have established the amount of effort for each task, you can work out the effort required for each deliverable, and an accurate delivery date. Update your deliverables section with the more precise delivery dates + At this point in the planning, you could choose to use a software package such as Microsofi Project to create your project schedule Alternatively, use one of the many free templates available. Input all of the deliverables, tasks, durations and the resources who will complete each task. A common problem discovered at this point is when you have an imposed delivery deadline from the sponsor that is not realistic based on your estimates. If you discover this is the case, you must contact the sponsor immediately. The options you have in this situation are: + Renegotiate the deadline (project delay) + Employ additional resources (increased cost) + Reduce the scope of the project (less delivered) + Use the project schedule to justify pursuing one of these options. Step 4: Supporting Plans Page 28 of 58 + This section deals with the plans you should create as part of the planning process. These can be included directly in the plan. Human Resource Plan + Identify, by name, the individuals and organisations with a leading role in the project. For each, describe their roles and responsibilities on the project, Next, specify the number and type of people needed to carry out the project. For each resource detail start dates, the estimated duration and the method you will use for obtaining them. Create a single sheet containing this information. Communications Plan + Create a document showing who is to be kept informed about the project and how they will receive the information. The most common mechanism is a weekly or monthly status report describing how the project is performing, milestones achieved and the work you've planned for the next period. Risk Management Plan + Risk management is an important part of project management. Although often overlooked, it is important to identify as many risks to your project as possible and be prepared if something bad happens. + Here are some examples of common project risks + Time and cost estimate too optimistic + Customer review and feedback cycle too slow + Unexpected budget cuts + Unclear roles and responsibilities + No stakeholder input obtained + Not clearly understanding stakeholder needs Page 29 of 58 + Stakeholders changing requirements after the project has started + Stakeholders adding new requirements afier the project has started + Poor communication resulting in misunderstandings, quality problems and rework + Lack of resource commitment + Risks can be tracked using a simple risk log. Add each risk you have identified to your risk log: write down what you will do in the event it occurs, and what you will do to prevent it from happening, + Review your risk log on a regular basis, adding new risks as they occur during the life of the project + Remember, if you ignore risks, they don't go away. Software development Plan 4 The Software Development Plan (SDP) describes a developer's plans for conducting a software development effort, 4 The SDP provides the acquirer insight and a tool for monitoring the processes to be followed for software development. 4 Italso details methods to be used and approach to be followed for each activity, ‘organization, and resources What is a Quality Assurance Plan? A quality assurance plan is a document, constructed by the project team, meant to ensue the final products are of the utmost quality A quality assurance plan contains a set of documented activities meant to ensure that ‘customers are satisfied with the goods or services a company provides, There are four steps of the quality assurance process: Plan, Do, Check, and Act. ‘Validation Plans (VP) ‘Validation Plans define the scope and goals of a validation project. + The Validation Plan is written atthe start of the validation project (sometimes concurrently with the user requirement specification) and is usually specific to a single validation project. A Validation Plan should include: + Deliverables (documents) to be generated during the validation process + Resources, departments, and personnel to participate in the validation project Page 30 of 58 + Time-tines for completing the validation project, «+ Acceptance criteria to confirm that the system meets defined requirements ‘+ Compliance requirements for the system, including how the system will meet these requirements, Configuration Management (CM) Plan ‘ The Configuration Management (CM) Plan describes all Configuration and Change Control Management (CCM) activities you will perform during the course of the product or project lifecycle. * It details the schedule of activities, the assigned responsibilities, and the required resources, including staff, tools, and computer facilities ‘Maintenance Plans Software Maintenance Plans are different than other technical documents in that the focus is on how to modify software APTER it has been released and is now in ‘operations. Most other documents focus on planning, development or testing. 4 Software maintenance in software engineering isthe modification of a software product after delivery to correc faults, to improve performance or other attributes. + Developmental Plan, Staff development must be intentional, active, and potent. A plan for individual growth should reflect current personal and professional status regarding attributes needed to perform assigned duties, short- and long-term goals, ‘and alternative methods for achieving those goals. Project Scheduling ‘In project management, a schedule is a listing of a project's milestones, activities and deliverables. usually with intended start and finish dates. + Those items are often estimated by other information included in the project schedule of resource allocation, budget, task duration, and linkages of dependencies and scheduled events. + The project schedule is the tool that commnnicates what work needs to be performed, ‘which resources of the organization will perform the work and the timeframes in ‘which that work needs to be performed. ‘The project schedule should reflect all of the work associated with delivering the project on time. + Without a fall and complete schedule, the project manager will be tnable to ‘communicate the complete effort, in terms of cost and resources, necessary to deliver the project. ‘Tools for Schedule development 1. Critical Path method (CPM) 2. Gautt Chart Page 31 of 58 | Path method (CPM) The critical path method (CPM) is a step-by-step project ‘management technique for process planning that defines critical and nou- critical tasks with the goal of preventing time-frame problems and process bottlenecks + The CPM is ideally suited to projects consisting of numerous activities that interact in a complex manner. + In applying the CPM, there are several steps that can be summarized as follows + Define the required tasks and put them down in an ordered (sequenced) list. + Create a flowchart or other diagram showing each task in relation to the others + Identify the critical and non-critical relationships (paths) among tasks. + Determine the expected completion or execution time for each task. + Locate or devise altematives (backups) for the most critical paths. ‘Network diagram above What is a Gantt chart? A.Gantt chart, commonly used in project management, is one of the most popular and useful ways of showing activities (tasks or events) displayed against time. Page 32 of 58. Onthe loft of the chart isa ist ofthe activites and along the top is a suitable time scale. Each activity is represented by a bar, the position and length ofthe bar reflets the start date, duration ‘and end date ofthe activity This allows you to see ata glance: What the various activities are ‘When each activity begins and ends How long each activity is scheduled to last ‘Where activities overlap with other activities, and by how much ‘The stat and end date ofthe whole project To summarize, a Gantt chart shows you what has to be done (the activities) and when (the schedule) AULA Dec U6 Jon Feb'09 Mar'2 agr'OS May 19 n9 NS Aug Peng MM Research TA Design WU inglenertaion CD Follow up DD A simple Gant char SOFTWARE DESIGN + Software design is a process to conceptualize the software requirements into software implementation, + Software design takes the user requirements as challenges and tries to find optimum solution. 4 While the software is being conceptualized. a plan is chalked out to find the best possible design for implementing the intended solution. ¢ There are multiple variants of software design strategies. Let us study them briefly: © Smuctued Design Page 33 of 58 + Structured design is a conceptualization of problem into several well-organized elements of solution + Itis basically concemed with the solution design. + Benefit of structured design is, it gives better understanding of how the problem is being solved. “Structured design also makes it simpler for designer to concentrate on the problem, ‘more accurately. Structured design is mostly based on ‘divide and conquer” strategy where a problem is broken into several small problems and each small problem is individually solved until the whole problem is solved + The small pieces of problem are solved by means of solution modules, Structured design emphasis that these modules be well organized in order to achieve precise solution ¢ These modules are arranged in hierarchy. They communicate with each other. A ‘good structured design always follows some niles for communication among, multiple modules, namely - Cohesion - grouping of all functionally related elements. Coupling - communication between different modules. A good structured design has high cohesion and Jow coupling arrangements. ‘+ Function Oriented Design + In fimction-oriented design, the system is comprised of many smaller sub-systems Amnown as functions. ‘These functions are capable of performing significant task in the system. +} The system is considered as top view of all functions. ¢ Function oriented design inherits some properties of structured design where divide and conquer methodology is used. + This design mechanism divides the whole system into smaller fimetions, which provides means of abstraction by concealing the information and their operation, Page 34 of 58 + These fimctional modules can share information among themselves by means of information passing and using information available globally. % Another characteristic of functions is that when a program calls a function, the function changes the state of the program, which sometimes is not acceptable by other modules. + Function oriented design works well where the system state does not matter and rogram/finctions work on input rather than on a state. * Design Process ‘The whole system is scen as how data flows in the system by means of data flow diagram, DED depicts how functions changes data and state of entre system. The entire system is logically broken down into smaller units known as functions on the basis of their operation in the system, Each function is then deseribed at large + Object Oriented Desion + Object oriented design works around the entities and their characteristics instead of functions involved in the software system + This design strategies focuses on entities and its characteristics 4 The whole concept of software sotution revolves around the engaged entities. + Let us see the important concepts of Object Oriented Design’ + Objects All entities involved inthe solution design are known as objects. For example, person, banks, company and customers are treated as object. Every entity has some attributes associated ‘ot and has some methods to perform on the attributes. + Classes -A class is a generalized description of an object. An object is an instance of a class. Clase defines all the attributes, which an object can have and methods, which defines the functionality ofthe object. Jn the solution desian, attributes are stored as variables and fumctionalites are defined by means ‘of methods or procedures. Page 35 of 58 ‘© Encapsulation -In OOD, the atributes data variables) and methods (operation on the data) are ‘bundled together i called encapsulation. Encapsulation not only bundles important information of ‘an object together, but also restricts access ofthe data and methods from the outside world. This is called information hiding, ‘© Inheritance - OOD allows similar classes to stack up in hierarchical manner where the lawer or sub-classes can import, implement and resase allowed variables and methods from their immediate super classes. This property of OOD is known as inheritance. This makes it easier to define specific elas and to create generalized classes fiom specific ones. ‘+ Polymorphism - OOD languages provide a mechanism where methods performing similar tasks ‘but vary in arguments, ean be assigned came name. This is called polymorphism, which allows a single interface performing tasks for different types. Depending upon how the function is invoked, respective partion of the code gets executed, Design Process ‘Software design process can be perceived as series of well-defined steps. Though it varies according to design approach (function oriented or object oriented, yet It may have the following steps involved: ‘Asoltion design is created from requirement or previous used system andr syste sequence diagram. + Objects are identi and grouped into clases on behalf of similarity in atibue characterises + Class hierarchy and relation among them is defined + Application framework i defined Software Design Approaches ‘Here are two generic approaches for software designing: * Top Down Design We know that a system is composed of more than one sub-systems and it contains a ‘number of components. + ‘Further, these sub-systems and components may have their on set of sub-system and components and creates hierarchical structure in the system, + Top-down design takes the whole software system as one entity and then decomposes it to achieve more than one sub-system or component based on some characteristics. Page 36 of 58 + Each sub-system or component is then treated as a system and decomposed further + This process keeps on munning until the lowest level of system in the top-down hierarchy is achieved. + Top-down design starts with a generalized model of system and keeps on defining the more specific part of it “When all components are composed the whole system comes into existence, “& Top-down design is more suitable when the software solution needs to be designed from scratch and specific details are unknown. * Bottom-up Design + The bottom up design model starts with most specific and basic components. * Itproceeds with composing higher level of components by using basic or lower level components. * ‘It keeps creating higher level components until the desired system is not evolved as one single component. + With each higher level, the amount of abstraction is increased, * ‘Bottom-up strategy is mote suitable when a system needs to be created from some existing system, where the basic primitives can be used in the newer system. + Both, top-down and bottom-up approaches are not practical individually. Instead, a -g00d combination of both is used. USER INTERFACE User interface design (UI) or user interface enzinccrng i the design of user interfaces for machines and software, such as computers, home appliances, mobile devies, and other electronic devices with the focus on maximizing usability and the user experience. 2 The goal of user interface desian isto make the user's interaction as simple and efficient ss possible, in terms of accomplishing user goals (user-centered design) User Interface Design Basics User Interface (UT) Design focuses on anticipating what users might need to do and ensuring thatthe interface has elements that are easy to access, understand, and use to facilitate those actions. Ul brings together concepts from interaction design, visual design, and information architecture Page 37 of 58 Choosing Interface Elements + Users have become familiar with interface elements acting in a certain way, so try to be consistent and predictable in your choices and their layout. + Doing so will help with task completion, efficiency, and satisfaction. + Interface elements include but are not limited to: ‘© Input Controls: buttons, text fields, checkboxes, radio buttons, dropdown lists, list boxes, togales, date field ‘© Navigational Components: breadcrumb, slider, search field, pagination, slider, tags, icons ‘+ Informational Components: tooltips, icons, progress bar, notifications, message boxes, modal windows = Containers: accordion + ‘There are times when multiple elements might be appropriate for displaying content, + When this happens, it’s important to consider the trade-off. + For example, sometimes elements that can help save you space, put more ofa burden. ou the user mentally by forcing them to guess what is within the dropdown or what the element might be Best Practices for Designing an Interface * Everything stems from knowing your users, including understanding their goals, skills, preferences, and tendencies. + Once you know about your user, make sure fo consider the following when designing your interface: ‘+ Keep the interface simple. The best interfaces are almost invisible to the user. They avoid ‘umecessary clements and are clear in the language they use on labels and in messaging. ‘+ Create consistency and use common UI elements. By using common clewieuts in your UL, users feel more comfortable and are able to get things done more quickly. It is also important to create pattems in language. layout and design throughout the site to help facilitate efficiency. Once a user learns how to do something, they should be able to transfer that skill to other pars ofthe site ‘+ Be purposeful in page layout, Consider the spatial relationships between items on the page and structure the page based on importance. Careful placement of items can help draw attention to the ‘most important pieces of information and can aid scanning and readability. ‘+ Strategically use color and texture, You can direct attention toward or redirect attention away ‘fom items using color, light, contrast, and texture to your advantage, Page 38 of 58 ‘+ Use typography to create hierarchy and clarity. Carefully consider how you use typeface. Different sizes, fonts, and arrangement ofthe text to help increase scanability. legibility and readability ‘+ Make sure that the system communicates what's happening. Always inform your users of location, actions, changes in state, or erors. The use of various UT elements to communicate status and, if necessary, next steps can reduce frustration for your use. ‘+ Think about the defaults. By carefully thinking about and anticipating the goals people bring to ‘your site, you can create defanlts that reduce the burden on the user. This becomes particularly ‘important when it comes to form design where you might have an opportunity fo have some fields pre-chosen or filled out. DATA STRUCTURE AND ALGORITHMS % A data structure is a specialized format for organizing. and storing data, General data structure types include the array, the file, the record, the table, the tree, and so on. Any data structure is designed to organize data to suit a specific purpose so that it can be accessed and worked with in appropriate ways ¢ An algorithm is a procedure or formula for solving a problem, based on condnctiong.a sequence of specified actions. A computer program can be viewed as an elaborate algorithm. In mathematics and computer science, an algorithm usually means a small procedure that solves a recurrent problem. © Variables are used to store information to be referenced and manipulated in a computer ‘program, They also provide a way of labeling data with a descriptive name, so our ‘programs can be understood more clearly by the reader and ourselves, Itis helpful to think of variables as containers that hold information. Their sole purpose is to label and store data in memory. This data can then be used throughout your program. Pseudo code structures (see pdf tutorial on pseudocode basics) Sorting algorithms Bubble sort Bubble Sort is the simplest sorting algorithm that works by repeatedly swapping the adjacent ‘elements ifthey are in wrong order Example: First Pass: (81428) (18428), Here, algoritim compares the frst two elements, and swaps since 5 > 1 (48428) (14828), Swap since S>4 (14828) (14268), SwapsinceS>2 (414288) —> (14288), Now since these elements are already inorder (@ > 5), algontin does rot swap them ‘Second Pass: (14258) (14258) (14258) (12458), Swap since 4>2 (42488)> (12488) (12468) (12468) VB code for bubble sort Public Sub BubbleSori(ByRet Amrayind As Long) Dim i,j As Integer Dim AsLong For i= UBound(Amayln) To 0 Step -1 Forj=0Toi-1 1 Anrayig)> AraylnG + 1) Them Call swap(Arraytn(), Array + 1)) Euatt Next Neti End Sub Private Sub swap(ByRef datal As Long, ByRef data2 As Lona) Quick sort Page 40 of 58 ‘Quieksort i a Divide and Conquer algorithm. 1 picks an elemeat as pivot and partitions the given array around the picked pivot. There ae azn different versions of quickSor that pick pivot in differeat ways. 1. Always pick first element as pivot 2. Always pick lst clement as pivot (implemented below) 3. Picka random element a pet 44. Pick median a pivot ‘The Key process in quickSort is parttion(). Target of partitions is, given an array and an element x of array as pivot, put x a is comect position ia sorted aray and put all smaller elements (smaller than x) before x and put all greater elements (qeater thanx) after x. All tis should be done i linear tine. 10, #0, 30, 90, 40, 80, (8) a fo 10, 20, 40, G0) “00 Berthion ecomd) i a4 Partition around 80 410, “@ ty ty {90} = ote, @ ¢) NE oy ‘VB QUICK SORT PROGRAM 1 2 3. Private Sub Form Load) 4 DimMystrArnay() As String, K As Long, Q As Tong, 5. ReDim MyStrAray(! To 10) 6 7 8 Randomize 9. Debup-rint "Unsorted stings” 10, ForK= LBound MyStanay) To UBoundiaystearray) 12. ‘creates random string 1. MyStrarrayfK)= String(10,"") 14 ForQ=1 To 10 Is ‘Mids(MyStrAsray(K), Q. 1) ~ Chr(Ase(*A") + Fix(26 * Rod) 16, NextQ v7. 18, "prin the string tothe immediate window 19. Debug Print MySArrayK) 2 NetK a. 22. sonthe aay 23. Quicksort MyStrAsray, LBound MyStrAmray,, UBound’ MySwAmray) 2, 25, print te sorted sting tothe immediate window 26, DebupPrint voNewLine & "Sorted strings." 27. ForK=LBound(MyStrArmay) To UBound MyStrarray) Page 41 of 58 28. Debug Print Mystramayik) 2. Nek. 430, End Seb 3. 132. Private Sub QuickSortiC() As String, ByVal First As Long, ByVal Last As Long) 33. 34, * Made by Michael Ciurescu (CVMichae! from voforums.com) ‘35. * Oxjinal thread: [ur]itp/iwww.vbforums.com/showthread phprt=23192sf/u], 36, 37, Dim Low As Long, High As Long 38. DimMidValue Ac Sting = 40. Low=First 41, Bigh=Last 42, MidValve = C(First~Last) \2) 6 4. Do 45, While C(Low) MidValue 50. “High = igh | 51, Wend 52, 53, MFLow<-High Then 34 ‘Swap CiLow), C High) ss Low=Low+ 1 56 “High = High | sv Endl 38. Loop While Low <= High s, 60, Fitst< High Then QuickSortC, First, High 61. WFLow16, take2~nat_2 | 5 | 8 | 12 BBM 23 | 38 [ 56 [ 72 | 91 L H 23< 56, take 1* half 23 | 38 EI m2 | 9 Found 23, peturn 5 ED ‘Task: Use Visual basic programming to implement linear and binary search. DYNAMIC AND STATIC DATA STRUCTURES, NORMALISATION 1st Normal Form Definition A database is in first normal form if it satisfies the following conditions: © Contains only atomic values © There are no repeating groups An atomic value isa value that cannot be divided, For example, in the table shown below, the values in the [Color] column in the first row can be divided into “red” and “green”, hence [TABLE_PRODUCT] is not in INF. A repeating group means that a table coutains two or more colnmns that are closely related. For example, a table that records data on a book and its author(s) with the following columns’ [Book ID]. [Author 1], [Author 2], [Author 3] is not in INF because [Author 1], [Author 2], and [Author 3] are all repeating the same attribute. 1st Normal Form Example How do we bring an unnomalized table into first normal form? Consider the following example: Page 44 of 58 This table is not in first normal form because the [Color] column can contain multiple values. For example, the first row includes values “red” and "green." To bring this table to first normal form, we split the table into two tables and now we have the resulting tables: TABLE_PRODUCT PRICE TABLE PRODUCT COLOR ProduatiD Price Produet 1 7509 2 2309 a 770 a 388 3 2089 2nd Normal Form Definition ‘A database is in second normal form if it satisfies the following conditions: + Tris in first normal form + Allnon-key attributes are fully functional dependent on the primary key Ina table, if anribute B is fimetionally dependent on A, but is not functionally dependent on a proper subset of A. then B is considered fully fictional dependent on A. Hence, ina 2NF table, all non-key attributes cannot be dependent on a subset of the primary key. Note that if the primary Key is not a composite key, all non-Key attributes are always fully functional dependent on the primary key. A table that is in Ist normal form and contains only a single key as the primary key is automatically in 2nd normal form, 2nd Normal Form Example ‘Consider the following example: Page 45 of 58 TABLE_PURCHASE_DETAIL Cusomer' | Store1o) Purchase Location 1 1 Los Angew 7 3 San Francisco 2 4 Los Angers 3 2 NewYork 4 3 ‘San Francisco This table has a composite primary key [Customer ID, Store ID]. The non-key attribute is [Purchase Location]. In this case, [Purchase Location] only depends on [Store ID], which is only part ofthe primary key. Therefore, this table does not satisfy second normal form. To bring this table to second normal form, we break the table into two tables, and now we have the following: Sarma eg) (GEREI aE 3 tS ‘What we have done is to remove the partial functional dependency that we initially had. Now, in the table [TABLE_ STORE], the column [Purchase Location] is fully dependent on the primary key of that table, which is [Store ID]. SYTEM SECURITY Top 10 Secure Coding Practices/Programming Practices alidate input. Validate input from all untrusted data sources. Proper input validation can eliminate the vast majority of software vulnerabilities, Be suspicious of most extemal data sourees, including command line arguments, network interfaces, environmental variables, and user controlled files [Seacord 05] [Heed compiler warnings. Compile code using the hiahest warning level available for your compiler and eliminate warnings by modifying the code [C MSCO0-A, C++ MSCOO-A]. Use state and dynamic analysis tools to detect and eliminate additional security flaws Architect and design for security policies. Crests a software architecture and design your software to ‘implement and enforee security policies. For example, if your system requires different privileges at different times, consider dividing the system into distinct intercommunicating subsystems, each with an appropriate privilege set Keep it simple. Keep the design as simple and small as possible [Saltzer 74, Saltzer 75]. Complex designs increase the likelihood that errors will be made in their implementation, configuration, and use. Additionally, the effort required to achieve an appropriate level of assurance increases dramatically as security mechanisms become more complex. Page 46 of 58 10, Default deny. Base access decisions on permission rather than exchsion. This means that, by fant, aceess is denied and the protection scheme identifies coraitions under which access is permitted [Sallzee 74, Sater 75]. Adhere tothe principe of least privilege. Every process should execute withthe the least set of Fsileges necessary to complete the jo. Any clevated permission shouldbe held for «minum tim. ‘This approach redices the opportunities an attacker has to execute arbitrary code with elevated privileges {Salzer 74, Saker 75) Sanitze data sent to other systems. Saitize all data passed to complex subsystems [© STRO2-A] such as command shells, relational databases, and commercial oftthe-shelf (COTS) components. Attackers may be able to invoke mised functionality in these componcats through the use of SQL. command, or other injection attacks, This is not necessarily an inp validation problem because the complex subsystem being invoked does not understand the context in which the calls made. Because the calling process understands the conten, its responsible for sanitizing the data before invoking the subsystem. Practice defense in depth. Manage nak nth multiple dafensive stratesies, so that if one layer of dafence tums out to be inadequate, another layer of defense can prevent a security law from becoming an exploitable vulnerability and/or limit the consequences of«suceessful exploit. For example, combining secure programming techniques with secure runtime environments should reduce the Hkelihood that ‘vulnerabilities remuining in the code at deployment time can be exploited inthe operational environment {Sescord 03) Use effective quality assurance techniques. Good quality assurance techniques can be effective in identifying and eliminating vulnerabilities. Fuzz testing, penetration testing, and source eode audits should all be incorporated as par ofan effective quality assurance program. Independent security reviews can lead to more secure systems. Extemal reviewers bring an independent perspective; for example, in identifying and correcting invalid assumptions [Seacord 05]. Adopt a secure coding standard. Develop andior apply a secure coding standard for yourtaract development language and platform (COMMON THREATS AND SOFTWARE VULNERABILITIES 1, Malware is any program or file that is harmful to a computer user. Malwareincludes computer viruses, worms, Trojan horses and spyware. 2. Botnets A botnet is a collection of internet-connected devices, which may include PCs, servers, ‘mobile devices and intemet of things devices that are infected and controlled by a common type of malware. Users are often unaware of botnet infecting their system. Infected devices are controlled remotely by threat actors, often cybercriminals, and are used for specific fumctions, so the malicious operations stay hidden to the user. Botnets are ‘commonly used to send email spam, engage in click frand campaigns and generate malicious traffic for distributed denial-of-service attacks. Page 47 of 58 How botnets work ‘The term dotnet is derived from the words robot and network. A bot in this case is a device infected by malware, which then becomes part of a network, or net, of infected devices controlled by a single attacker or attack group. ‘The botnet malware typically looks for vulnerable devices across the intemet, rather than targeting specific individuals, companies or industries. The objective for creating. a botnet is to infect as many connected devices as possible, and to use the computing power and resources of those devices for automated tasks that generally remain hidden to the users of the devices. For example, an ad fraud botnet that infects a user's PC will take over the system's web browsers to divert fraudulent traffic to certain online advertisements. However, to stay concealed, the botuet won't take complete control of the web browsers, which would alert the user. Instead, the botnet may use a small portion of the browser's processes, often running in the background, to send a barely noticeable amount of trafic from the infected device to the targeted ads. Phishing Phishing is a form of fraud in which an attacker masquerades as a reputable entity o person in email of other comnmnication channels. The attacker uses phishing emails to distribute ‘malicious links or attachments that can perform a variety of fimctions, including the extraction of login credentials or account information from victims. How phishing works Phishing attacks typically rely on social networking techniques applied to email or other electronic communication methods, including direct messages sent over social networks, SMS text messages and other instant messaging modes. Phishers may use social engineering and other public sources of information, including social networks like Linkedin, Facebook and Twitter, to gather background information about the victim's personal and work history, his interests, and his activities. Control measures Page 48 of 58. Firewalls A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. A firewall acts as a barrier between a trusted network and and an untrusted network. A. firewall controls access to the resources of a network through a positive control model. This ‘means that the only traffic allowed onto the network is defined in the fitewall policy: all other is denied. Tools used to eliminate vulnerabilities at programming level ‘Vulnerability Analysis Tools During the process of producing software products, vendors tnintentionally create vulnerabilities that are later discovered and mitigated. By paying greater attention to the early phases of the development lifecycle, we can change the nature of the engineering process to

    You might also like