SlideShare a Scribd company logo

LOW LEVEL DESIGN INSPECTION SECURE CODING

Download as PPTX, PDF
S
Sri Latha

LLD PPT

Engineering
1 of 39
Low level design inspections • Low-level design (LLD) is a component-level design process that follows a step-by-step refinement process. • This process can be used for designing data structures, required software architecture, source code and ultimately, performance algorithms.
Low-Level Design (LLD) • In LLD, the focus is more on designing each component in detail such as what classes are needed, what abstractions to use, how object creation should happen, how data flows between different objects, etc. LLD converts the high-level design into detailed design (ready to code) components.
High Level Design • In HLD, the focus is more on designing the high-level architecture of the system, defining the high-level components with their interactions, and also the database design. HLD converts the business requirements to a high-level solution.
Phases of code inspection • Planning: The inspection is planned by the moderator. • Overview meeting: The author describes the background of the work product. • Preparation: Each inspector examines the work product to identify possible defects.
Components of LLD • The LLD comprises granular-level details of the functional logic of each module as pseudocode, database tables, all the properties with their type and size, interface, API details, dependencies as well as error message listings. • With a well-analyzed low-level design document, creating programs becomes fairly easy.
Purpose Of Code Inspection • The main purpose of code inspection is to find defects and it can also spot any process improvement if any. • An inspection report lists the findings, which include metrics that can be used to aid improvements to the process as well as correcting defects in the document under review. • Preparation before the meeting is essential, which includes reading of any source documents to ensure consistency. • Inspections are often led by a trained moderator, who is not the author of the code.
Purpose Of Code Inspection • The inspection process is the most formal type of review based on rules and checklists and makes use of entry and exit criteria. • It usually involves peer examination of the code and each one has a defined set of roles. • After the meeting, a formal follow-up process is used to ensure that corrective action is completed in a timely manner.
Code Review • Code Review is a systematic examination, which can find and remove the vulnerabilities in the code such as memory leaks and buffer overflows. • Technical reviews are well documented and use a well-defined defect detection process that includes peers and technical experts. • Reviewers prepare for the review meeting and prepare a review report with a list of findings.
Advantages Of Code Inspection • Improves overall product quality. • Discovers the bugs/defects in software code. • Marks any process enhancement in any case. • Finds and removes defective efficiently and quickly. • Helps to learn from previous defeats.
Unit Tests • Unit testing is a software development process in which the smallest testable parts of an application, called units, are individually scrutinized for proper operation. • Software developers and sometimes QA staff complete unit tests during the development process.
Purpose of Unit Test • A unit test is a type of software test that focuses on components of a software product. • The purpose is to ensure that each unit of software code works as expected. • A unit can be a function, method, module, object, or other entity in an application's source code.
Unit Testing Best Practices Tests should be isolated: • While writing unit tests, it is important to keep in mind that the unit tests are written individually from each other. • The arrangement of the cases might vary from person to person. • The clusters also can be defined by your own choice. • Just note that each test must be orthogonal in a certain way that it must be different from other test cases.
High Speed: • Unit tests are planned by developers to be executed repeatedly to make sure that there are no errors and minor bugs in the system. • If the time taken to execute these tests is more and the speed is slow, it will consequently increase the execution time of the test cases. • Even the speed of one slow test case will have an impact on the overall speed of execution of the test cases. • That’s why, developers must use the best coding methods to lessen the execution time of every test case, which will result in an overall decrease in the execution time.
High Readability • The readability of any unit test must be very easy and high. • The test has to be clear and readable. • One must be able to understand the functionality error the test is explaining only by reading it. • It must properly state the scenario that is going under test and if it is failing, it should mention the reasons for the failure in a clear way.
Securing Information • Information security protects sensitive information from unauthorized activities, including inspection, modification, recording, and any disruption or destruction. • The goal is to ensure the safety and privacy of critical data such as customer account details, financial data or intellectual property.
practical ways to keep Information safe and secure 1. Back up your data 2. Use strong passwords and multi-factor authentication 3. Be aware of your surroundings 4. Be wary of suspicious emails 5. Install anti-virus and malware protection 6. Protect your device when it’s unattended 7. Make sure your Wi-Fi connection is secure 8. Take care when sharing your screen
3 Principles of Information Security Confidentiality • Confidentiality measures are designed to prevent unauthorized disclosure of information. • The purpose of the confidentiality principle is to keep personal information private . • To ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions.
Integrity • Consistency includes protection against unauthorized changes (additions, deletions, alterations, etc.) to data. • The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally or maliciously.
Availability • Availability is the protection of a system’s ability to make software systems and data fully available when a user needs it (or at a specified time). • The purpose of availability is to make the technology infrastructure, the applications and the data available when they are needed for an organizational process or for an organization’s customers.
Data Integrity • Data integrity is a concept and process that ensures the accuracy, completeness, consistency, and validity of an organization's data. • By following the process, organizations not only ensure the integrity of the data but guarantee they have accurate and correct data in their database.
Components of Data Integrity
• Data integrity means the data has been collected and stored accurately, as well as being contextually accurate to the model at hand. • To maintain integrity, data must be collected and stored in an ethical, law-abiding way and must have a complete structure where all defining characteristics are correct and can be validated.
• Data can become compromised in a variety of ways: • Human error, such as unintended alterations • Errors in transferring • Malware/hacker interference • Disk crashes • Bugs and physical device damage • Illegal data collection
Different Types of Data Integrity • Physical integrity • logical integrity • PHYSICAL INTEGRITY • Physical integrity is the overall protection of the wholeness of a data set as it is stored and retrieved. • Anything that impedes the ability to retrieve this data, such as power disruption, malicious disruption, storage erosion and a slew of additional issues may cause a lack of physical integrity.
• Many companies outsource their data storage to cloud providers, such as AWS, to manage the physical integrity of the data. This is particularly useful for small companies that benefit from offloading data storage to spend more time focusing on their business.
LOGICAL INTEGRITY • Logical integrity allows data to remain unchanged as it is utilized in a relational database. • Maintaining logical integrity helps protect from human error and malicious intervention as well, but does so in different ways than physical integrity depending on its form.
Databases use four variations of logical integrity: • Entity integrity • Referential integrity • Domain integrity • User-defined integrity
Entity integrity • It involves the creation of primary keys to identify data as distinct entities and ensure that no data is listed more than once or is null. • This allows data to be linked to and enables its usage in a variety of ways.
Referential integrity • It is the series of processes that is used to store and access data uniformly, which allows rules to be embedded into a database’s structure regarding the use of foreign keys. • This allows for a consistent and meaningful combination of data sets across the database. • Critically, referential integrity allows the ability to combine various tables within a relational database, facilitating uniform insertion and deletion practices.
• Domain integrity refers to the collection of processes that ensure accuracy in each piece of data included in a domain, or a set of acceptable values that a column may contain. • User-defined integrity provides rules and constraints that are created by the user in order to use data for their specific purpose.
Java- Managing Denial of Service • The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. • There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others.
• Denial of service is typically accomplished by flooding the targeted machine or resource with surplus requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. • For example, if a bank website can handle 10 people a second by clicking the Login button, an attacker only has to send 10 fake requests per second to make it so no legitimate users can log in.
• The most famous DoS technique is the Ping of Death. • The Ping of Death attack works by generating and sending special network messages specifically, ICMP (Internet Control Message Protocol)packets of non-standard sizes, that cause problems for systems that receive them.
Following is the command for performing flooding of requests on an IP. ping ip_address –t -65500 • “ping” sends the data packets to the victim. • “ip_address” is the IP address of the victim. • “-t” means the data packets should be sent until the program is stopped. • “-l(65500)” specifies the data load to be sent to the victim.
Challenges faced by Dos attacks • Ineffective services • Inaccessible services • Interruption of network traffic • Connection interference
Features to help mitigate DoS attacks: • Network Segmentation: Segmenting the network can help prevent a DoS attack from spreading throughout the entire network. • This limits the impact of an attack and helps to isolate the affected systems. • Implement Firewalls: Firewalls can help prevent DoS attacks by blocking traffic from known malicious IP addresses or by limiting the amount of traffic allowed from a single source.
• Use Intrusion Detection and Prevention Systems: Intrusion Detection and Prevention Systems (IDS/IPS) can help to detect and block DoS attacks by analyzing network traffic and blocking malicious traffic.

Recommended

Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptDrBasemMohamedElomda
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptxdotco
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Data integrity 03.pptx
Data integrity 03.pptxData integrity 03.pptx
Data integrity 03.pptxAyeCS11
 
Chapter 7
Chapter 7Chapter 7
Chapter 7Seth Nurul
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 

Recommended

Lecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptLecture 2 - Security Requirments.ppt
Lecture 2 - Security Requirments.pptDrBasemMohamedElomda
 
CISA_WK_4.pptx
CISA_WK_4.pptxCISA_WK_4.pptx
CISA_WK_4.pptxdotco
 
crisc_wk_5.pptx
crisc_wk_5.pptxcrisc_wk_5.pptx
crisc_wk_5.pptxdotco
 
CISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsCISSP Chapter 7 - Security Operations
CISSP Chapter 7 - Security OperationsKarthikeyan Dhayalan
 
Data integrity 03.pptx
Data integrity 03.pptxData integrity 03.pptx
Data integrity 03.pptxAyeCS11
 
Chapter 7
Chapter 7Chapter 7
Chapter 7Seth Nurul
 
Network security, change control, outsourcing
Network security, change control, outsourcingNetwork security, change control, outsourcing
Network security, change control, outsourcingNicholas Davis
 
Network Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNetwork Security, Change Control, Outsourcing
Network Security, Change Control, OutsourcingNicholas Davis
 
chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
 
Quality attributes in software architecture
Quality attributes in software architectureQuality attributes in software architecture
Quality attributes in software architectureGang Tao
 
auditing-190520092523.pdf
auditing-190520092523.pdfauditing-190520092523.pdf
auditing-190520092523.pdfchetanvchaudhari
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
UNIT TESTING.pptx
UNIT TESTING.pptxUNIT TESTING.pptx
UNIT TESTING.pptxDrTThendralCompSci
 
Designing Flexibility in Software to Increase Security
Designing Flexibility in Software to Increase SecurityDesigning Flexibility in Software to Increase Security
Designing Flexibility in Software to Increase Securitylawmoore
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Address book
Address bookAddress book
Address bookSiva Rushi
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
chapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfchapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfMahmoudSOLIMAN380726
 
Chapter 7: Data Security Management
Chapter 7: Data Security ManagementChapter 7: Data Security Management
Chapter 7: Data Security ManagementAhmed Alorage
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security AssessmentKarthikeyan Dhayalan
 
presentation on property buy and sell
presentation on property buy and sellpresentation on property buy and sell
presentation on property buy and sellHarshikesh Kumar
 
Fa10 mcs-005
Fa10 mcs-005Fa10 mcs-005
Fa10 mcs-005Danish Nauman
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxSakshiGawde6
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptxdotco
 
testing strategies and tactics
testing strategies and tactics testing strategies and tactics
testing strategies and tacticsPreeti Mishra
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2Raj vardhan
 
key management in cryptography and network security
key management in cryptography and network securitykey management in cryptography and network security
key management in cryptography and network securitySri Latha
 
owasp features in secure coding techniques
owasp features in secure coding techniquesowasp features in secure coding techniques
owasp features in secure coding techniquesSri Latha
 

More Related Content

Similar to LOW LEVEL DESIGN INSPECTION SECURE CODING

chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information SystemsKashfUlHuda1
 
Quality attributes in software architecture
Quality attributes in software architectureQuality attributes in software architecture
Quality attributes in software architectureGang Tao
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Designing Flexibility in Software to Increase Security
Designing Flexibility in Software to Increase SecurityDesigning Flexibility in Software to Increase Security
Designing Flexibility in Software to Increase Securitylawmoore
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Knoldus Inc.
 
chapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfchapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfMahmoudSOLIMAN380726
 
Chapter 7: Data Security Management
Chapter 7: Data Security ManagementChapter 7: Data Security Management
Chapter 7: Data Security ManagementAhmed Alorage
 
presentation on property buy and sell
presentation on property buy and sellpresentation on property buy and sell
presentation on property buy and sellHarshikesh Kumar
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxSakshiGawde6
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptxdotco
 
testing strategies and tactics
testing strategies and tactics testing strategies and tactics
testing strategies and tacticsPreeti Mishra
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2Raj vardhan
 

Similar to LOW LEVEL DESIGN INSPECTION SECURE CODING (20)

chap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systemschap-1 : Vulnerabilities in Information Systems
chap-1 : Vulnerabilities in Information Systems
 
Quality attributes in software architecture
Quality attributes in software architectureQuality attributes in software architecture
Quality attributes in software architecture
 
auditing-190520092523.pdf
auditing-190520092523.pdfauditing-190520092523.pdf
auditing-190520092523.pdf
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
 
UNIT TESTING.pptx
UNIT TESTING.pptxUNIT TESTING.pptx
UNIT TESTING.pptx
 
Designing Flexibility in Software to Increase Security
Designing Flexibility in Software to Increase SecurityDesigning Flexibility in Software to Increase Security
Designing Flexibility in Software to Increase Security
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Address book
Address bookAddress book
Address book
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
 
chapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdfchapter7-220725121544-6a1c05a5.pdf
chapter7-220725121544-6a1c05a5.pdf
 
Chapter 7: Data Security Management
Chapter 7: Data Security ManagementChapter 7: Data Security Management
Chapter 7: Data Security Management
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security Assessment
 
presentation on property buy and sell
presentation on property buy and sellpresentation on property buy and sell
presentation on property buy and sell
 
Fa10 mcs-005
Fa10 mcs-005Fa10 mcs-005
Fa10 mcs-005
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptx
 
CISM_WK_3.pptx
CISM_WK_3.pptxCISM_WK_3.pptx
CISM_WK_3.pptx
 
testing strategies and tactics
testing strategies and tactics testing strategies and tactics
testing strategies and tactics
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2Introduction To Software Concepts Unit 1 & 2
Introduction To Software Concepts Unit 1 & 2
 

More from Sri Latha

key management in cryptography and network security
key management in cryptography and network securitykey management in cryptography and network security
key management in cryptography and network securitySri Latha
 
owasp features in secure coding techniques
owasp features in secure coding techniquesowasp features in secure coding techniques
owasp features in secure coding techniquesSri Latha
 
supraja technologies material for secure coding
supraja technologies material for secure codingsupraja technologies material for secure coding
supraja technologies material for secure codingSri Latha
 
Ml Fundamentals and applications using python
Ml Fundamentals and applications using pythonMl Fundamentals and applications using python
Ml Fundamentals and applications using pythonSri Latha
 
COMPUTER ENGINEERING WORKSHOP MATERIALS UNIT-1
COMPUTER ENGINEERING WORKSHOP MATERIALS UNIT-1COMPUTER ENGINEERING WORKSHOP MATERIALS UNIT-1
COMPUTER ENGINEERING WORKSHOP MATERIALS UNIT-1Sri Latha
 
Network-20210426203825.ppt
Network-20210426203825.pptNetwork-20210426203825.ppt
Network-20210426203825.pptSri Latha
 
unit5 graphs (DS).pptx
unit5 graphs (DS).pptxunit5 graphs (DS).pptx
unit5 graphs (DS).pptxSri Latha
 
Network-20210426203825.ppt
Network-20210426203825.pptNetwork-20210426203825.ppt
Network-20210426203825.pptSri Latha
 
introdution-to-html.ppt
introdution-to-html.pptintrodution-to-html.ppt
introdution-to-html.pptSri Latha
 

More from Sri Latha (11)

key management in cryptography and network security
key management in cryptography and network securitykey management in cryptography and network security
key management in cryptography and network security
 
owasp features in secure coding techniques
owasp features in secure coding techniquesowasp features in secure coding techniques
owasp features in secure coding techniques
 
supraja technologies material for secure coding
supraja technologies material for secure codingsupraja technologies material for secure coding
supraja technologies material for secure coding
 
Ml Fundamentals and applications using python
Ml Fundamentals and applications using pythonMl Fundamentals and applications using python
Ml Fundamentals and applications using python
 
COMPUTER ENGINEERING WORKSHOP MATERIALS UNIT-1
COMPUTER ENGINEERING WORKSHOP MATERIALS UNIT-1COMPUTER ENGINEERING WORKSHOP MATERIALS UNIT-1
COMPUTER ENGINEERING WORKSHOP MATERIALS UNIT-1
 
CNS PPT.ppt
CNS PPT.pptCNS PPT.ppt
CNS PPT.ppt
 
UNIT-4.ppt
UNIT-4.pptUNIT-4.ppt
UNIT-4.ppt
 
Network-20210426203825.ppt
Network-20210426203825.pptNetwork-20210426203825.ppt
Network-20210426203825.ppt
 
unit5 graphs (DS).pptx
unit5 graphs (DS).pptxunit5 graphs (DS).pptx
unit5 graphs (DS).pptx
 
Network-20210426203825.ppt
Network-20210426203825.pptNetwork-20210426203825.ppt
Network-20210426203825.ppt
 
introdution-to-html.ppt
introdution-to-html.pptintrodution-to-html.ppt
introdution-to-html.ppt
 

Recently uploaded

College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxwendy cai
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSCAESB
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 

Recently uploaded (20)

College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
What are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptxWhat are the advantages and disadvantages of membrane structures.pptx
What are the advantages and disadvantages of membrane structures.pptx
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
GDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentationGDSC ASEB Gen AI study jams presentation
GDSC ASEB Gen AI study jams presentation
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 

LOW LEVEL DESIGN INSPECTION SECURE CODING

  • 1. Low level design inspections • Low-level design (LLD) is a component-level design process that follows a step-by-step refinement process. • This process can be used for designing data structures, required software architecture, source code and ultimately, performance algorithms.
  • 2. Low-Level Design (LLD) • In LLD, the focus is more on designing each component in detail such as what classes are needed, what abstractions to use, how object creation should happen, how data flows between different objects, etc. LLD converts the high-level design into detailed design (ready to code) components.
  • 3. High Level Design • In HLD, the focus is more on designing the high-level architecture of the system, defining the high-level components with their interactions, and also the database design. HLD converts the business requirements to a high-level solution.
  • 4. Phases of code inspection • Planning: The inspection is planned by the moderator. • Overview meeting: The author describes the background of the work product. • Preparation: Each inspector examines the work product to identify possible defects.
  • 5. Components of LLD • The LLD comprises granular-level details of the functional logic of each module as pseudocode, database tables, all the properties with their type and size, interface, API details, dependencies as well as error message listings. • With a well-analyzed low-level design document, creating programs becomes fairly easy.
  • 6. Purpose Of Code Inspection • The main purpose of code inspection is to find defects and it can also spot any process improvement if any. • An inspection report lists the findings, which include metrics that can be used to aid improvements to the process as well as correcting defects in the document under review. • Preparation before the meeting is essential, which includes reading of any source documents to ensure consistency. • Inspections are often led by a trained moderator, who is not the author of the code.
  • 7. Purpose Of Code Inspection • The inspection process is the most formal type of review based on rules and checklists and makes use of entry and exit criteria. • It usually involves peer examination of the code and each one has a defined set of roles. • After the meeting, a formal follow-up process is used to ensure that corrective action is completed in a timely manner.
  • 8. Code Review • Code Review is a systematic examination, which can find and remove the vulnerabilities in the code such as memory leaks and buffer overflows. • Technical reviews are well documented and use a well-defined defect detection process that includes peers and technical experts. • Reviewers prepare for the review meeting and prepare a review report with a list of findings.
  • 9. Advantages Of Code Inspection • Improves overall product quality. • Discovers the bugs/defects in software code. • Marks any process enhancement in any case. • Finds and removes defective efficiently and quickly. • Helps to learn from previous defeats.
  • 10. Unit Tests • Unit testing is a software development process in which the smallest testable parts of an application, called units, are individually scrutinized for proper operation. • Software developers and sometimes QA staff complete unit tests during the development process.
  • 11. Purpose of Unit Test • A unit test is a type of software test that focuses on components of a software product. • The purpose is to ensure that each unit of software code works as expected. • A unit can be a function, method, module, object, or other entity in an application's source code.
  • 12.
  • 13.
  • 14. Unit Testing Best Practices Tests should be isolated: • While writing unit tests, it is important to keep in mind that the unit tests are written individually from each other. • The arrangement of the cases might vary from person to person. • The clusters also can be defined by your own choice. • Just note that each test must be orthogonal in a certain way that it must be different from other test cases.
  • 15. High Speed: • Unit tests are planned by developers to be executed repeatedly to make sure that there are no errors and minor bugs in the system. • If the time taken to execute these tests is more and the speed is slow, it will consequently increase the execution time of the test cases. • Even the speed of one slow test case will have an impact on the overall speed of execution of the test cases. • That’s why, developers must use the best coding methods to lessen the execution time of every test case, which will result in an overall decrease in the execution time.
  • 16. High Readability • The readability of any unit test must be very easy and high. • The test has to be clear and readable. • One must be able to understand the functionality error the test is explaining only by reading it. • It must properly state the scenario that is going under test and if it is failing, it should mention the reasons for the failure in a clear way.
  • 17. Securing Information • Information security protects sensitive information from unauthorized activities, including inspection, modification, recording, and any disruption or destruction. • The goal is to ensure the safety and privacy of critical data such as customer account details, financial data or intellectual property.
  • 18. practical ways to keep Information safe and secure 1. Back up your data 2. Use strong passwords and multi-factor authentication 3. Be aware of your surroundings 4. Be wary of suspicious emails 5. Install anti-virus and malware protection 6. Protect your device when it’s unattended 7. Make sure your Wi-Fi connection is secure 8. Take care when sharing your screen
  • 19. 3 Principles of Information Security Confidentiality • Confidentiality measures are designed to prevent unauthorized disclosure of information. • The purpose of the confidentiality principle is to keep personal information private . • To ensure that it is visible and accessible only to those individuals who own it or need it to perform their organizational functions.
  • 20. Integrity • Consistency includes protection against unauthorized changes (additions, deletions, alterations, etc.) to data. • The principle of integrity ensures that data is accurate and reliable and is not modified incorrectly, whether accidentally or maliciously.
  • 21. Availability • Availability is the protection of a system’s ability to make software systems and data fully available when a user needs it (or at a specified time). • The purpose of availability is to make the technology infrastructure, the applications and the data available when they are needed for an organizational process or for an organization’s customers.
  • 22. Data Integrity • Data integrity is a concept and process that ensures the accuracy, completeness, consistency, and validity of an organization's data. • By following the process, organizations not only ensure the integrity of the data but guarantee they have accurate and correct data in their database.
  • 23. Components of Data Integrity
  • 24. • Data integrity means the data has been collected and stored accurately, as well as being contextually accurate to the model at hand. • To maintain integrity, data must be collected and stored in an ethical, law-abiding way and must have a complete structure where all defining characteristics are correct and can be validated.
  • 25. • Data can become compromised in a variety of ways: • Human error, such as unintended alterations • Errors in transferring • Malware/hacker interference • Disk crashes • Bugs and physical device damage • Illegal data collection
  • 26. Different Types of Data Integrity • Physical integrity • logical integrity • PHYSICAL INTEGRITY • Physical integrity is the overall protection of the wholeness of a data set as it is stored and retrieved. • Anything that impedes the ability to retrieve this data, such as power disruption, malicious disruption, storage erosion and a slew of additional issues may cause a lack of physical integrity.
  • 27. • Many companies outsource their data storage to cloud providers, such as AWS, to manage the physical integrity of the data. This is particularly useful for small companies that benefit from offloading data storage to spend more time focusing on their business.
  • 28. LOGICAL INTEGRITY • Logical integrity allows data to remain unchanged as it is utilized in a relational database. • Maintaining logical integrity helps protect from human error and malicious intervention as well, but does so in different ways than physical integrity depending on its form.
  • 29. Databases use four variations of logical integrity: • Entity integrity • Referential integrity • Domain integrity • User-defined integrity
  • 30. Entity integrity • It involves the creation of primary keys to identify data as distinct entities and ensure that no data is listed more than once or is null. • This allows data to be linked to and enables its usage in a variety of ways.
  • 31. Referential integrity • It is the series of processes that is used to store and access data uniformly, which allows rules to be embedded into a database’s structure regarding the use of foreign keys. • This allows for a consistent and meaningful combination of data sets across the database. • Critically, referential integrity allows the ability to combine various tables within a relational database, facilitating uniform insertion and deletion practices.
  • 32. • Domain integrity refers to the collection of processes that ensure accuracy in each piece of data included in a domain, or a set of acceptable values that a column may contain. • User-defined integrity provides rules and constraints that are created by the user in order to use data for their specific purpose.
  • 33. Java- Managing Denial of Service • The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. • There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others.
  • 34. • Denial of service is typically accomplished by flooding the targeted machine or resource with surplus requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. • For example, if a bank website can handle 10 people a second by clicking the Login button, an attacker only has to send 10 fake requests per second to make it so no legitimate users can log in.
  • 35. • The most famous DoS technique is the Ping of Death. • The Ping of Death attack works by generating and sending special network messages specifically, ICMP (Internet Control Message Protocol)packets of non-standard sizes, that cause problems for systems that receive them.
  • 36. Following is the command for performing flooding of requests on an IP. ping ip_address –t -65500 • “ping” sends the data packets to the victim. • “ip_address” is the IP address of the victim. • “-t” means the data packets should be sent until the program is stopped. • “-l(65500)” specifies the data load to be sent to the victim.
  • 37. Challenges faced by Dos attacks • Ineffective services • Inaccessible services • Interruption of network traffic • Connection interference
  • 38. Features to help mitigate DoS attacks: • Network Segmentation: Segmenting the network can help prevent a DoS attack from spreading throughout the entire network. • This limits the impact of an attack and helps to isolate the affected systems. • Implement Firewalls: Firewalls can help prevent DoS attacks by blocking traffic from known malicious IP addresses or by limiting the amount of traffic allowed from a single source.
  • 39. • Use Intrusion Detection and Prevention Systems: Intrusion Detection and Prevention Systems (IDS/IPS) can help to detect and block DoS attacks by analyzing network traffic and blocking malicious traffic.