11. SOFTWARE ENGINEERING PROCESS
AGILE - WHY
• Individuals and Interactions over processes and tools
• Working Software over comprehensive documentation
• Customer Collaboration over contract negotiation
• Responding to Change over following a plan
12. AGILE
• Agile is a time boxed, iterative approach to software delivery that builds software
incrementally from the start of the project, instead of trying to deliver it all at once
near the end.
12
14. SOFTWARE ENGINEERING PROCESS
Standard Model- Roles
Developer Tester Leader System Admin
Security Engineer Support Network Admin Business Analyst
Project Manager
17. SCRUM Model
• Commitment: Team members individually commit to achieving their team goals,
each and every sprint.
• Courage: Team members know they have the courage to work through conflict
and challenges together so that they can do the right thing.
• Focus: Team members focus exclusively on their team goals and the sprint
backlog; there should be no work done other than through their backlog.
• Openness: Team members and their stakeholders agree to be transparent about
their work and any challenges they face.
• Respect: Team members respect each other to be technically capable and to work
with good intent.
18. SOFTWARE ENGINEERING PROCESS
SCRUM
• Commitment: Team members individually commit to achieving their team goals,
each and every sprint.
• Courage: Team members know they have the courage to work through conflict and
challenges together so that they can do the right thing.
• Focus: Team members focus exclusively on their team goals and the sprint backlog;
there should be no work done other than through their backlog.
• Openness: Team members and their stakeholders agree to be transparent about
their work and any challenges they face.
• Respect: Team members respect each other to be technically capable and to work
with good intent.
27. INTEGRATIONIntegration: is the process of integrating.
Jokes APIs:
1- Get Random Joke – Call Jokes APIs
2- Translate Joke – Call google translator APIs
3- Send Joke to phone – Call SMS APIs
28. WEBSERVICE
Webservice: is any piece of software that makes itself available
over the internet and uses a standardized XML messaging system.
XML is used to encode all communications to a web service.
For example, a client invokes a web service by sending an XML
message, then waits for a corresponding XML response.
As all communication is in XML, web services are not tied to any one
operating system or programming language--Java can talk with
Perl; Windows applications can talk with Unix applications..
APIs
36. APPLICATION INTEGRATION
• Application Integration: is the sharing of processes and data among different
applications in an enterprise.
• http://localhost:8000/fci/users
• Tools
• Oracle SOA/OSB
• Mulesoft
• Oracle Api Platform
• Integration (CI/CD – Jenkins, GIT, etc.)
37. DATA INTEGRATION
• Data Integration: involves combining data residing different sources and providing
users with a unified view of them.
38. DATA INTEGRATION
• Data Integration: involves combining data residing different sources and providing
users with a unified view of them.
• ETL (Extract, Transform Load) concept
40. DATA INTEGRATION
• WHY?
• Merging two Bioinformatics Labs
• Data Science Migration
• Financial market forecasting
• Tools
• Oracle Data Integrator (ODI)
• SQL Server Integration Services (SSIS)
• MuleSoft (Data Weave)
• IBM InfoSphere Information Server
• OSB (Xquery/XSLT)
• Use case
41. APPLICATION INTEGRATION
• Application Integration: is the sharing of processes and data among different
applications in an enterprise.
• http://localhost:8000/fci/users
• Tools
• Oracle SOA/OSB
• Mulesoft
• Oracle Api Platform
• Integration (CI/CD – Jenkins, GIT, etc.)
43. MICROSERVICES
• MicroServices: an approach to application development in which a large application is built as a
suite of modular services. Each module supports a specific business goal and uses a simple,
well-defined interface to communicate with other sets of services.
Versioning
Production Support
Unified platform/Lang.
Cost against Infra.
(DB, LB, Machines)
44. APIS
• Application Programming Interface (API) is a set of subroutine definitions, protocols, and
tools for building application software.
• APIs like any application has to be managed and monitored.
• http://localhost:8000/fci/users
• API Deployments
• On-Premises
• Data Centers
• Containers
• Serverless
• Tools
• Mulesoft
• Node JS / Express / Total
• Oracle SOA/OSB
45. MICROSERVICES
• MicroServices: an approach to application development in which a large application is built as a
suite of modular services. Each module supports a specific business goal and uses a simple,
well-defined interface to communicate with other sets of services.
Cost over Network
Multiple Deployment
Calling failed service
46. MICROSERVICES
• MicroServices: an approach to application development in which a large application is built as a
suite of modular services. Each module supports a specific business goal and uses a simple,
well-defined interface to communicate with other sets of services.
Facebook application style
RAM Consuming
Scrum Projects
47. MICROSERVICES
• MicroServices: an approach to application development in which a large application is built as a
suite of modular services. Each module supports a specific business goal and uses a simple,
well-defined interface to communicate with other sets of services.
48. MICROSERVICES
• MicroServices: an approach to application development in which a large application is built as a
suite of modular services. Each module supports a specific business goal and uses a simple,
well-defined interface to communicate with other sets of services.
66. SECURITY
• Know as cyber security or IT security, is the protection of computer systems from
the theft and damage to their hardware, software or information, as well as
from disruption or misdirection of the services they provide.
It’s all about DATA
DAMAGE BREACHCorruption
67. SECURITY
• Know as cyber security or IT security, is the protection of computer systems from
the theft and damage to their hardware, software or information, as well as
from disruption or misdirection of the services they provide.
Hardware Security
Software Security
Data Security
69. DATA SECURITY - DATA
• Data is distinct pieces of information, usually formatted in a special way. All
software is divided into two general categories: data and programs. Programs are
collections of instructions for manipulating data.
• Data can exist in a variety of forms
72. DATA SECURITY
• protecting digital data, such as those in a database, from destructive forces and
from the unwanted actions of unauthorized users, such as a cyberattack or a data
breach.
73. DATA PROTECTION
• Disk encryption
• Software-based security solutions encrypt the data to protect it from theft.
However, a malicious program or a hacker could corrupt the data in order to make
it unrecoverable, making the system unusable.
• Hardware-based security solutions can prevent read and write access to data and
hence offer very strong protection against tampering and unauthorized access.
(e.g. MFA)
• Backups
• Data masking
• Data erasure
• Data Encryption (Server/Client Side)
74. DATA PROTECTION
DISK ENCRYPTION
• Disk encryption: is a technology which protects information by converting it into
unreadable code that cannot be deciphered easily by unauthorized people. Disk
encryption uses disk encryption software or hardware to encrypt every bit of data that
goes on a disk or disk volume. It is used to prevent unauthorized access to data
storage.
75. DATA PROTECTION
BACKUPS
• Backup: the process of backing up, refers to the copying and archiving of
computer data so it may be used to restore the original after a data loss event. The verb
form is to back up in two words, whereas the noun is backup.
77. DATA PROTECTION
DATA ERASURE
• Data erasure: (data clearing or data wiping) is a software-based method of overwriting
the data that aims to completely destroy all electronic data residing on a hard disk drive or
other digital media by using zeros and ones to overwrite data onto all sectors of the device
78. DATA PROTECTION
DATA ENCRYPTION
• Server Side Encryption
• HTTP/HTTPS – ex.sni.
• End-to-End
Client Side Encryption
Encrypt-Decrypt
Symmetric Private key
HSM
KMS
82. SOFTWARE SECURITY
Computer security software or cybersecurity software is any computer program designed to enhance
information security. The defense of computers against intrusion and unauthorized use of resources is called
computer security. Similarly, the defense of computer networks is called network security.
83. A MALICIOUS ATTACK
• A malicious attack is an attempt to forcefully abuse or take advantage of
someone's computer, whether through computer viruses, social engineering,
phishing, or other types of social engineering.
Email - Web Content – Legitimate/reward Sites - File Downloads
• Malware (Adware, Spyware, Trojan Horse, Crimeware, Viruses, Worms)
• Social Engineering (Phishing, Baiting, Spam)
84. EMAIL PHISHING
is the attempt to obtain sensitive information such as usernames, passwords,
and credit card details (and money), often for malicious reasons, by disguising as a
trustworthy entity in an electronic communication.
87. HARDWARE SECURITY
Thieves HW Damage
1. Hardware Protection: Cloud IAAS has to be protected from DAMAGE. security solutions can prevent
read and write access to data and hence offer very strong protection against tampering and
unauthorized access. (e.g. MFA).
Data Corruption/Loss
88. HARDWARE SECURITY
2. Hardware Security Module (HSM): is a physical computing device that safeguards and
manages digital keys for strong authentication and provides cryptoprocessing.
These modules traditionally come in the form of a plug-in card or an external device that attaches
directly to a computer or network server.
• intrusion-resistant, tamper-evident, FIPS Validated
• Self destruction
• AWS CloudHSM
• Microsoft KeyVault
• Google Cloud Key management
89. SECURITY POLICIES
COMPLIANCES
Security Policies: is a definition of what it means to be secure for a system, organization or other entity.
For an organization, it addresses the constraints on behaviour of its members as well as constraints imposed
on adversaries by mechanisms such as doors, locks, keys and walls.
Health Insurance Portability
and Accountability Act
Payment Card Industry Data
Security Standard
90. SECURITY POLICIES
COMPLIANCES
PCI DSS (Payment Card Industry Data Security Standard)
• Firewall at each internet Connection
• Components protected from security vulnerabilities
• Review Logs & Security Events
• Protect Card Holder Data
• Retain Audit history for at least 1 Year
• Security Group, NACL
• etc.
92. SECURITY
Security Engineer
• Network Security Engineer
• Information Assurance Engineer
• Information Security Engineer
• Information Systems Security Engineer
Digital Forensics
96. DIGITAL CURRENCY
Centralized Centralized Issues
• Cyprus Banks
• Third Party is an Owner
• Banks
• Facebook, Google
• Uber, Careem
• Single Point of failure
• Fake Signature
• Hacked data (Stolen, Edited)
• Double Spend Problem
98. CURRENCY
• Programmed using C++. – [Electronic]
• Set of transactions recorded into public database & Verified by Miners. –
[Decentralized]
• Ownership is verified by Keys. [Secure]
• Transactions are stored into Block. – [Blockchain, Public Ledger]
• Records are stored on User’s Side. – [P2P – Peer-to-Peer]
• Everyone can see other’s Bitcoins Masked by VK(PK)
• Bitcoin equals 17750 USD now.
• There are 700 Altcoins.
105. CRYPTOCURRENCY
• Satoshi Nakamoto, the unknown inventor of Bitcoin, the first and still most important
cryptocurrency, never intended to invent a currency.
“A Peer-to-Peer Electronic Cash
System.“
Peer-to-peer file sharing is the distribution and sharing of digital media using peer-
to-peer (P2P) networking technology. P2P file sharing allows users to access media
files such as books, music, movies, and games using a P2P software program that
searches for other connected computers on a P2P network to locate the desired
content
106. CRYPTOCURRENCY
• Satoshi Nakamoto, the unknown inventor of Bitcoin, the first and still most important
cryptocurrency, never intended to invent a currency.
• Decentralized, No Central Authority.
• so anyone with access to the Internet can transfer money to anybody anywhere in the
world.
• Limited entries in a database no one can change without fulfilling specific conditions.
• Shared Ledger - Blockchain
• Encrypted using SHA 256
“Peer-to-peer Decentralised Electronic Cash System.“
107. CENTRALIZED DIGITAL CURRENCY
Double-spending is a potential flaw in a digital
cash scheme in which the same single digital token can
be spent more than once. This is possible because a
digital token consists of a digital file that can be duplicated
or falsified.[1]
Example:
You go to Starbucks and order a cappuccino worth $10.
You pay in cash. Now that $10 in cash is in the cash vault
of Starbucks. By all means, you simply cannot spend the
same $10 somewhere else to make another purchase.
108. CRUPTOCURRENCT
• Programmed using C++. – [Electronic]
• Set of transactions recorded into public database & Verified by Miners. –
[Decentralized]
• Ownership is verified by Keys. [Secure]
• Transactions are stored into Block. – [Blockchain, Public Ledger]
• Records are stored on User’s Side. – [P2P – Peer-to-Peer]
• Everyone can see other’s Bitcoins Masked by VK(PK)
• Bitcoin equals 17750 USD now.
• There are 700 Altcoins.
114. BITCOIN MINING
Bitcoin mining is the process by which
transactions are verified and added to
the public ledger, known as the block
chain, and also the means through which
New bitcoin are released.
50 BTC half-ed each four years.
21,000,00 BTC forever!
Miners verify balance by calculating
All previous transactions for particular user.
116. DOUBLE SPEND CONFIRMATION
Double-spending is a potential flaw in a digital cash scheme in which the same single digital token can be spent
more than once. This is possible because a digital token consists of a digital file that can be duplicated or falsified.[1]
1- Alice Purchases a product from Bob
2- Alice will create two bitcoin transactions; one that include payments
for the product or service he seeks from Bob, the other pays the same
amount to himself/herself.
3- Alice will broadcast the “A to B” transaction and then
start secretly mining the block that includes the “A to A”
payment.
Once he/she successfully mines this block, further blocks will be added to it.
4- Bob will give the service or product to Alice,
on seeing the transaction on the public ledger, whether or not the
transaction was confirmed, if he/she doesn’t wait for the confirmation
to send the products.
5- Alice can be lucky and the attack succeeds ,
117. 6 CONFIRMATIONS
Double-spending is a potential flaw in a digital
cash scheme in which the same single digital token can
be spent more than once. This is possible because a
digital token consists of a digital file that can be duplicated
or falsified.[1]
Example:
You go to Starbucks and order a cappuccino worth $10.
You pay in cash. Now that $10 in cash is in the cash vault
of Starbucks. By all means, you simply cannot spend the
same $10 somewhere else to make another purchase.
120. BLOCKCHAIN
originally block chain,[4][5] is a continuously growing list
of records, called blocks, which are linked and secured
using cryptography.[1][6] Each block typically contains
a hash pointer as a link to a previous
block,[6] a timestamp and transaction data.[7] By design,
blockchains are inherently resistant to modification of
the data. Harvard Business Review defines it as "an
open, distributed ledger that can record transactions
between two parties efficiently and in a verifiable and
permanent way."[8] For use as a distributed ledger, a
blockchain is typically managed by a peer-to-
peer network collectively adhering to a protocol for
validating new blocks. Once recorded, the data in any
given block cannot be altered retroactively without the
alteration of all subsequent blocks, which requires
collusion of the network majority.
125. BLOCKCHAIN
APPLICATIONS
Is just a contract automates transactions
committing and rollback.
Applications:
1. Data storage (storj, beta)
2. Digital Identity (Passport, Birth cert.,
wedding cert.)
3. Smart Contracts
4. Digital Voting
5. Decentralised Notary
126. BLOCKCHAIN
APPLICATIONS BY EXAMPLES
Is just a contract automates transactions
committing and rollback.
Applications By Examples:
1. Pay for Cinema
2. Fund raising (full Fund vs No Fund)
3. Groceries history
4. Commission deals
5. Banks ran out of money
6. Notaries
131. KEEP IN TOUCHKeep in touch
Join slack.com & subscribe to our channel (#fciteam)
https://dirtyhandsws.slack.com/
Send your email to Amr.salah.2010@gmail.com
to add you to the list with the following pattern:
Subject: #fciteam-Please Add Me
142. What Companies are looking for ?
Well Educated
Confidence
Clear Vision
High Score
Courses & Certificates
Blogs & Events
Publications & WP
One-Paper CV
PASSION
143. BEST PRACTICE
• Study using best practices
• Develop using best practices
• Minding best practice
• Practice for the best practice
Speed Learning Tech., Mind Mapping
Design Pattern, DS, Algorithms
The Best Practice Of the B.P is to Focus - Mindful
How to reach the best Practice.
146. KEEP IN TOUCHKeep in touch
Join slack.com & subscribe to our channel (#fciteam)
https://dirtyhandsws.slack.com/
Send your email to Amr.salah.2010@gmail.com
to add you to the list with the following pattern:
Subject: #fciteam-Please Add Me
Editor's Notes
Data extraction is where data is extracted from homogeneous or heterogeneous data sources;
Data transformation where the data is transformed for storing in the proper format or structure for the purposes of querying and analysis;
Data loading where the data is loaded into the final target database, more specifically, an operational data store, data mart, or data warehouse.
Data extraction is where data is extracted from homogeneous or heterogeneous data sources;
Data transformation where the data is transformed for storing in the proper format or structure for the purposes of querying and analysis;
Data loading where the data is loaded into the final target database, more specifically, an operational data store, data mart, or data warehouse.
We are using services separately, for instance, EC2 has to be attached to EBS/Network
What is important is data storage and data sensitivity
What is important is data storage and data sensitivity
security solutions encrypt the data to protect it from theft. However, a malicious program or a hacker could corrupt the data in order to make it unrecoverable, making the system unusable.