SlideShare ist ein Scribd-Unternehmen logo

Software quality assurance and cyber security

Als PPTX, PDF herunterladen
Nascenia IT
Nascenia IT

Processes and tools for software quality assurance, security vulnerability measurement and mitigation techniques.

Software
1 von 78
Software Quality Assurance and Cyber Security Tariqual Hassan SQA Manager, Nascenia
Software Quality Assurance
What is Quality Assurance What is quality? Who we are? Why we are doing IEE Glossary: Degree to which a system, component or process meets specific requirements and customer or user needs or expectations ISO Definition: The totality of features and characteristics of a product or service that beat on it’s ability to satisfy specified or implied needs “Set of systematic activities providing evidence to the ability of software process to produce a software product that is fit to use” by G.Schulmeyer and J.McManus, Software Quality Handbook, Prentice Hall, 1998
Quality Assurance • Quality assurance activities are work process oriented. • They measure the process, identify deficiencies, and suggest improvements. • The direct results of these activities are changes to the process. • These changes can range from better compliance with the process to entirely new processes. • The output of quality control activities is often the input to quality assurance activities. • Audits are an example of a QA activity which looks at whether and how the process is being followed. The end result may be suggested improvements or better compliance with the process.
Quality Control • Quality control activities are work product oriented. • They measure the product, identify deficiencies, and suggest improvements. • The direct results of these activities are changes to the product. • These can range from single-line code changes to completely reworking a product from design. • They evaluate the product, identify weaknesses and suggest improvements. • Testing and reviews are examples of QC activities since they usually result in changes to the product, not the process. • QC activities are often the starting point for quality assurance (QA) activities.
Software Quality Assurance
Infamous Quotes by Devs “I know how to code, I can keep up with the design so why you guys are here?”- Devops
Infamous Quotes by Devs “Why should user do this and that? I am designing the system, so they should just use it in my way.”
Infamous Quotes by Devs “Okay it’s very difficult to apply this feature, let’s change it. Users can be convinced later on.”
Infamous Quotes by Devs “I didn’t do it and it’s not my job to fix this. Someone else will fix this.”
Software Development Ecosystem QA: Things need to be done properly. Developers: Things need to be done in any way. PM: I need the product at any cost.
A Formal SQA Process Development Phase Pre-QA Phase (Sanity Test) QA Phase (Smoke Test) Bug Submission Re-Test Phase Integration Test Regression Test Alpha Test Beta Test Release
Software Quality Assurance Warm up Things
Software Quality Assurance Standard Process
QA Test flow path Black Box White Box UX Testing Accessibility Test Security Testing Performance Engineering Deployment Testing UAT User’s feedback Cycle
Popular Process Platform Tools JIRA HP ALM TFS QA Complete
Functional Test Platform
Automated Test Platform
Unit Testing
Integration Testing
Performance Tool Platform Load Runner Apache Jmeter Blazemeter for distributed load testing Google Chrome Dev tools
Performance Testing Tools Server Side: Client Side: LORI (Life-of-Request Info)
Security Testing Platform for QA E-governance (SAAM V1.0) NIST Protocol Core Security Framework CISSP Concept Checklist framework for QA
QA Infrastructure Test Plan Test Case Traceabi lity Matrix Automati on Report
QA Infrastructure
Test Platform Tool (Example Set) Load Runner Soap UI Ranorex Acunetix
Let’s Talk on Cyber Security
Security Domains
Cyber Security Threats 1. Hacktivism 2. Cyber crime 3. Cyber espionage 4. Cyber war 5. Cyber Terrorism
Some Attack Examples
Some Attack Examples
And so on and on...
Cyber Threats in Bangladesh Information source: Report from Threat Intelligence Division BGD e- GOV CIRT
Let’s start by knowing about Malwares
Malwares and their types Malware is software written specifically to harm and infect the host system. Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware. Advanced malware such as ransomware are used to commit financial fraud and extort money from computer users.
Virus Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.
Adware Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.
Spyware This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggers may be installed intentionally in an organization to monitor activities of employees.
Worms This type of malware will replicate itself and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.
Trojan Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be programmed to steal personal and financial information, and later take over the resources of the host computer’s system files. In large systems, it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.
Ransomware Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee. Your screen might show a pop-up warning that your have been locked out of your computer and that you can access only after paying the cybercriminal. The cybercriminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.
Who are the people utilize those?
How they plot for an attack (High level)
How they plot for an attack
A Breach – Attack View (Example) 1. Attacker scans and attempts exploitation, but fails 2. Attacker utilizes social engineering against a selected population 3. Victim(s) fall for the ruse allowing attacker to enter the environment 4. Attacker leverages user/system access to spread to other systems 5. Attacker consolidates loot (data, passwords, bank access, etc.) 6. Attacker sends data back out of environment
A Breach – Attack View
Measure against security threats
OWASP Top 10 Checklists for web development A1:2017-Injection A2:2017-Broken Authentication A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) A5:2017-Broken Access Control A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging & Monitoring
SQL injection
SQL injection prevention
SQL injection prevention (MISC)
Broken Authentication
Broken Access Control
Broken authentication prevention
Sensitive Data Exposure
XSS
XSS
Careful about redirection
How to find the vulnerabilities in application ?
Penetration Testing
Adopting a framework for Cyber Security
Red Team Assessment
How government is protecting Cyberspace
CERT and CIRT...The people who defends the cyberspace
QUESTIONS?
Thank You

Empfohlen

Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Sqa plan
Sqa planSqa plan
Sqa plan
Wains Jutt
 
Burp suite
Burp suiteBurp suite
Burp suite
SOURABH DESHMUKH
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
Cygnet Infotech
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 

Empfohlen

Security testing presentation
Security testing presentationSecurity testing presentation
Security testing presentation
Confiz
 
Sqa plan
Sqa planSqa plan
Sqa plan
Wains Jutt
 
Burp suite
Burp suiteBurp suite
Burp suite
SOURABH DESHMUKH
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
edavid2685
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
Cygnet Infotech
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
Yvonne Marambanyika
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
Bhavin Shah
 
Security testing
Security testingSecurity testing
Security testing
Rihab Chebbah
 
Testing Services
Testing ServicesTesting Services
Testing Services
QA Programmer
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
Kashyap Mandaliya
 
documentation-testing.ppt
documentation-testing.pptdocumentation-testing.ppt
documentation-testing.ppt
Roopa slideshare
 
Testing methodology
Testing methodologyTesting methodology
Testing methodology
Dina Hanbazazah
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
Krisshhna Daasaarii
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta
 
2. access control
2. access control2. access control
2. access control
7wounders
 
Software quality assurance
Software quality assuranceSoftware quality assurance
Software quality assurance
Aman Adhikari
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
osandadeshan
 
Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide
Protect724manoj
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
RomSoft SRL
 
Software Test Metrics and Measurements
Software Test Metrics and MeasurementsSoftware Test Metrics and Measurements
Software Test Metrics and Measurements
Davis Thomas
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
 
Software Testing or Quality Assurance
Software Testing or Quality AssuranceSoftware Testing or Quality Assurance
Software Testing or Quality Assurance
Trimantra Software Solutions
 
Software Testing Process
Software Testing ProcessSoftware Testing Process
Software Testing Process
guest1f2740
 
3.software testing
3.software testing3.software testing
3.software testing
Deepak Sharma
 
Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
Osama Salah
 
Malware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptxMalware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptx
alishapatidar2021
 

Weitere ähnliche Inhalte

Was ist angesagt?

2. access control
2. access control2. access control
2. access control
7wounders
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
PECB
 

Was ist angesagt? (20)

Security testing
Security testingSecurity testing
Security testing
 
Testing Services
Testing ServicesTesting Services
Testing Services
 
User authentication
User authenticationUser authentication
User authentication
 
VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )VULNERABILITY ( CYBER SECURITY )
VULNERABILITY ( CYBER SECURITY )
 
documentation-testing.ppt
documentation-testing.pptdocumentation-testing.ppt
documentation-testing.ppt
 
Testing methodology
Testing methodologyTesting methodology
Testing methodology
 
Mobile App Security Testing -2
Mobile App Security Testing -2Mobile App Security Testing -2
Mobile App Security Testing -2
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
2. access control
2. access control2. access control
2. access control
 
Software quality assurance
Software quality assuranceSoftware quality assurance
Software quality assurance
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
 
Security Testing.pptx
Security Testing.pptxSecurity Testing.pptx
Security Testing.pptx
 
Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide Brute Force Attack Security Use Case Guide
Brute Force Attack Security Use Case Guide
 
Penetration Testing
Penetration Testing Penetration Testing
Penetration Testing
 
Software Test Metrics and Measurements
Software Test Metrics and MeasurementsSoftware Test Metrics and Measurements
Software Test Metrics and Measurements
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
Understanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for OrganizationUnderstanding Penetration Testing & its Benefits for Organization
Understanding Penetration Testing & its Benefits for Organization
 
Software Testing or Quality Assurance
Software Testing or Quality AssuranceSoftware Testing or Quality Assurance
Software Testing or Quality Assurance
 
Software Testing Process
Software Testing ProcessSoftware Testing Process
Software Testing Process
 
3.software testing
3.software testing3.software testing
3.software testing
 

Ähnlich wie Software quality assurance and cyber security

Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
SecPod Technologies
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
ShivamSharma909
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer viruses
UltraUploader
 

Ähnlich wie Software quality assurance and cyber security (20)

Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...Application Whitelisting - Complementing Threat centric with Trust centric se...
Application Whitelisting - Complementing Threat centric with Trust centric se...
 
Malware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptxMalware Detection By Machine Learning Presentation.pptx
Malware Detection By Machine Learning Presentation.pptx
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
mastering_web_testing_how_to_make_the_most_of_frameworks.pptx
mastering_web_testing_how_to_make_the_most_of_frameworks.pptxmastering_web_testing_how_to_make_the_most_of_frameworks.pptx
mastering_web_testing_how_to_make_the_most_of_frameworks.pptx
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
Software Testing
Software Testing Software Testing
Software Testing
 
mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdfmastering_web_testing_how_to_make_the_most_of_frameworks.pdf
mastering_web_testing_how_to_make_the_most_of_frameworks.pdf
 
Top 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answerTop 20 certified ethical hacker interview questions and answer
Top 20 certified ethical hacker interview questions and answer
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Demand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docxDemand for Penetration Testing Services.docx
Demand for Penetration Testing Services.docx
 
CICD.pptx
CICD.pptxCICD.pptx
CICD.pptx
 
A software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer virusesA software authentication system for the prevention of computer viruses
A software authentication system for the prevention of computer viruses
 
OSB120 Beat Ransomware
OSB120 Beat RansomwareOSB120 Beat Ransomware
OSB120 Beat Ransomware
 
Software Testing: History, Trends, Perspectives - a Brief Overview
Software Testing: History, Trends, Perspectives - a Brief OverviewSoftware Testing: History, Trends, Perspectives - a Brief Overview
Software Testing: History, Trends, Perspectives - a Brief Overview
 
(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing(VAPT) Vulnerability Assessment And Penetration Testing
(VAPT) Vulnerability Assessment And Penetration Testing
 
Security Testing Training With Examples
Security Testing Training With ExamplesSecurity Testing Training With Examples
Security Testing Training With Examples
 

Mehr von Nascenia IT

AI Tools for Productivity: Exploring Prompt Engineering and Key Features
AI Tools for Productivity: Exploring Prompt Engineering and Key FeaturesAI Tools for Productivity: Exploring Prompt Engineering and Key Features
AI Tools for Productivity: Exploring Prompt Engineering and Key Features
Nascenia IT
 

Mehr von Nascenia IT (20)

AI Tools for Productivity: Exploring Prompt Engineering and Key Features
AI Tools for Productivity: Exploring Prompt Engineering and Key FeaturesAI Tools for Productivity: Exploring Prompt Engineering and Key Features
AI Tools for Productivity: Exploring Prompt Engineering and Key Features
 
Introduction to basic data analytics tools
Introduction to basic data analytics toolsIntroduction to basic data analytics tools
Introduction to basic data analytics tools
 
Communication workshop in nascenia
Communication workshop in nasceniaCommunication workshop in nascenia
Communication workshop in nascenia
 
The Art of Statistical Deception
The Art of Statistical DeceptionThe Art of Statistical Deception
The Art of Statistical Deception
 
করোনায় কী করি!
করোনায় কী করি!করোনায় কী করি!
করোনায় কী করি!
 
GDPR compliance expectations from the development team
GDPR compliance expectations from the development teamGDPR compliance expectations from the development team
GDPR compliance expectations from the development team
 
Writing Clean Code
Writing Clean CodeWriting Clean Code
Writing Clean Code
 
History & Introduction of Neural Network and use of it in Computer Vision
History & Introduction of Neural Network and use of it in Computer VisionHistory & Introduction of Neural Network and use of it in Computer Vision
History & Introduction of Neural Network and use of it in Computer Vision
 
Ruby on Rails: Coding Guideline
Ruby on Rails: Coding GuidelineRuby on Rails: Coding Guideline
Ruby on Rails: Coding Guideline
 
iphone 11 new features
iphone 11 new featuresiphone 11 new features
iphone 11 new features
 
Job Market Scenario For Freshers
Job Market Scenario For Freshers Job Market Scenario For Freshers
Job Market Scenario For Freshers
 
Modern Frontend Technologies (BEM, Retina)
Modern Frontend Technologies (BEM, Retina)Modern Frontend Technologies (BEM, Retina)
Modern Frontend Technologies (BEM, Retina)
 
CSS for Developers
CSS for DevelopersCSS for Developers
CSS for Developers
 
Big commerce app development
Big commerce app developmentBig commerce app development
Big commerce app development
 
Integrating QuickBooks Desktop with Rails Application
Integrating QuickBooks Desktop with Rails ApplicationIntegrating QuickBooks Desktop with Rails Application
Integrating QuickBooks Desktop with Rails Application
 
Shopify
ShopifyShopify
Shopify
 
TypeScript: Basic Features and Compilation Guide
TypeScript: Basic Features and Compilation GuideTypeScript: Basic Features and Compilation Guide
TypeScript: Basic Features and Compilation Guide
 
Clean code
Clean codeClean code
Clean code
 
Ruby conf 2016 - Secrets of Testing Rails 5 Apps
Ruby conf 2016 - Secrets of Testing Rails 5 AppsRuby conf 2016 - Secrets of Testing Rails 5 Apps
Ruby conf 2016 - Secrets of Testing Rails 5 Apps
 
COREXIT: Microsoft’s new cross platform framework
COREXIT: Microsoft’s new cross platform frameworkCOREXIT: Microsoft’s new cross platform framework
COREXIT: Microsoft’s new cross platform framework
 

Kürzlich hochgeladen

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 

Kürzlich hochgeladen (20)

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 

Software quality assurance and cyber security

  • 1. Software Quality Assurance and Cyber Security Tariqual Hassan SQA Manager, Nascenia
  • 3. What is Quality Assurance What is quality? Who we are? Why we are doing IEE Glossary: Degree to which a system, component or process meets specific requirements and customer or user needs or expectations ISO Definition: The totality of features and characteristics of a product or service that beat on it’s ability to satisfy specified or implied needs “Set of systematic activities providing evidence to the ability of software process to produce a software product that is fit to use” by G.Schulmeyer and J.McManus, Software Quality Handbook, Prentice Hall, 1998
  • 4. Quality Assurance • Quality assurance activities are work process oriented. • They measure the process, identify deficiencies, and suggest improvements. • The direct results of these activities are changes to the process. • These changes can range from better compliance with the process to entirely new processes. • The output of quality control activities is often the input to quality assurance activities. • Audits are an example of a QA activity which looks at whether and how the process is being followed. The end result may be suggested improvements or better compliance with the process.
  • 5. Quality Control • Quality control activities are work product oriented. • They measure the product, identify deficiencies, and suggest improvements. • The direct results of these activities are changes to the product. • These can range from single-line code changes to completely reworking a product from design. • They evaluate the product, identify weaknesses and suggest improvements. • Testing and reviews are examples of QC activities since they usually result in changes to the product, not the process. • QC activities are often the starting point for quality assurance (QA) activities.
  • 7. Infamous Quotes by Devs “I know how to code, I can keep up with the design so why you guys are here?”- Devops
  • 8. Infamous Quotes by Devs “Why should user do this and that? I am designing the system, so they should just use it in my way.”
  • 9. Infamous Quotes by Devs “Okay it’s very difficult to apply this feature, let’s change it. Users can be convinced later on.”
  • 10. Infamous Quotes by Devs “I didn’t do it and it’s not my job to fix this. Someone else will fix this.”
  • 11. Software Development Ecosystem QA: Things need to be done properly. Developers: Things need to be done in any way. PM: I need the product at any cost.
  • 12. A Formal SQA Process Development Phase Pre-QA Phase (Sanity Test) QA Phase (Smoke Test) Bug Submission Re-Test Phase Integration Test Regression Test Alpha Test Beta Test Release
  • 13. Software Quality Assurance Warm up Things
  • 14.
  • 15.
  • 16. Software Quality Assurance Standard Process
  • 17. QA Test flow path Black Box White Box UX Testing Accessibility Test Security Testing Performance Engineering Deployment Testing UAT User’s feedback Cycle
  • 18.
  • 19. Popular Process Platform Tools JIRA HP ALM TFS QA Complete
  • 24.
  • 25. Performance Tool Platform Load Runner Apache Jmeter Blazemeter for distributed load testing Google Chrome Dev tools
  • 26. Performance Testing Tools Server Side: Client Side: LORI (Life-of-Request Info)
  • 27. Security Testing Platform for QA E-governance (SAAM V1.0) NIST Protocol Core Security Framework CISSP Concept Checklist framework for QA
  • 30. Test Platform Tool (Example Set) Load Runner Soap UI Ranorex Acunetix
  • 31. Let’s Talk on Cyber Security
  • 33. Cyber Security Threats 1. Hacktivism 2. Cyber crime 3. Cyber espionage 4. Cyber war 5. Cyber Terrorism
  • 35.
  • 37.
  • 38.
  • 39. And so on and on...
  • 40. Cyber Threats in Bangladesh Information source: Report from Threat Intelligence Division BGD e- GOV CIRT
  • 41.
  • 42. Let’s start by knowing about Malwares
  • 43. Malwares and their types Malware is software written specifically to harm and infect the host system. Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware. Advanced malware such as ransomware are used to commit financial fraud and extort money from computer users.
  • 44. Virus Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.
  • 45. Adware Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.
  • 46. Spyware This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggers may be installed intentionally in an organization to monitor activities of employees.
  • 47. Worms This type of malware will replicate itself and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.
  • 48. Trojan Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be programmed to steal personal and financial information, and later take over the resources of the host computer’s system files. In large systems, it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.
  • 49. Ransomware Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee. Your screen might show a pop-up warning that your have been locked out of your computer and that you can access only after paying the cybercriminal. The cybercriminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.
  • 50. Who are the people utilize those?
  • 51. How they plot for an attack (High level)
  • 52. How they plot for an attack
  • 53. A Breach – Attack View (Example) 1. Attacker scans and attempts exploitation, but fails 2. Attacker utilizes social engineering against a selected population 3. Victim(s) fall for the ruse allowing attacker to enter the environment 4. Attacker leverages user/system access to spread to other systems 5. Attacker consolidates loot (data, passwords, bank access, etc.) 6. Attacker sends data back out of environment
  • 54. A Breach – Attack View
  • 56. OWASP Top 10 Checklists for web development A1:2017-Injection A2:2017-Broken Authentication A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) A5:2017-Broken Access Control A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging & Monitoring
  • 64. XSS
  • 65. XSS
  • 67. How to find the vulnerabilities in application ?
  • 68.
  • 70.
  • 71. Adopting a framework for Cyber Security
  • 72.
  • 74. How government is protecting Cyberspace
  • 75.
  • 76. CERT and CIRT...The people who defends the cyberspace