Performance Analyzer Project Report Analysis

Performance Analyzer
A PROJECT REPORT
Submitted by
****
in partial fulfillment for the award of the degree
of
B.Tech
IN
Computer Science & Engineering
[2]
ACKO!"E#$E%ET
Like most effective endeavors, preparing this project was a collaborative
effort. I owe a great debt to many individuals who helped me in successful
completion of this project.
I would not have completed this journey without the help, guidance
and constant support and co-operation of certain people who acted as
guides and friends along the way. I would like to express my deepest and
sincere thanks to ****** for their invaluable guidance and help. It would
never be possible for me to take this project to this level without their
innovative ideas and their relentless support and encouragement.
In this connection I would like to express my gratitude to my parents
and friends who were constant source of inspiration during the project
report. t last I thank to lmighty for giving me the power to complete
this project successfully.
&&&&&&&
[']
TA("E O) COTET
S*no Content+
Page*no
!. Introduction"#bjectives
$
%. &ystem nalysis
'
%.!. Identification of (eed )*roblem +efinition,
!-
%.%. *reliminary Investigation )*roposed solution,
!!
%... /easibility &tudy
!!
%.0. *roject *lanning
!.
%.1. *roject &cheduling )*234 5hart and 6antt 5hart,
!'
%.$. &oftware re7uirement specifications )&3&,
%%
%.'. &oftware 2ngineering *aradigm applied
%1
%.8. +ata models
%9
%.8.!. 5ontrol /low diagrams
.!
%.8.%. 2ntity 3elationship :odel
.0
%.8... ;se-case +iagrams"ctivity +iagrams
.'
.. &ystem +esign
.8
..!. :odulari<ation details
.9
..%. +ata integrity and constraints
0!
..0. +atabase design, *rocedural +esign"#bject #riented +esign
0.
..1. ;ser Interface +esign
0$
[4]
0. 4est 5ases );nit 4est 5ases and &ystem 4est 5ases,
09
1. 5oding
1.
1.!. *roject 5oding
1.
$. 4esting
'%
$.!. 4esting techni7ues and 4esting strategies used
'.
$.%. 4esting *lan used
'1
$... 4est reports for ;nit 4est 5ases and &ystem 4est 5ases ''
$.0. +ebugging and 5ode improvement
8-
'. &ystem &ecurity measures )Implementation of security for the project
developed,
8%
'.!. +atabase"data security
80
'.%. 5reation of ;ser profiles and access rights
8$
'... /ront end and back end security
8'
8. =enfits of the project
88
9. 5ost 2stimation of the *roject along with 5ost 2stimation :odel 89
!-. 5onclusion
9$
!!. /uture scope
9'
!%. 3eferences
98
[,]
-TRO#.CT-O
In the project /performance analyzer0 we help in keeping the records of all the
employees of the organi<ation that is the storing the data of the employees. 4he
project will help the management of the organi<ation so that they can allot the
projects to their employees and can obtain good results from them which will
benefit their organi<ation.
4his project is an attempt to provide a solution for any organi<ation to manage
the skills and activity of their employees. It will help the management to analy<e
the skills of their employees n help them to enhance and improve their skills
which will indeed help in the progress of the organi<ation.
O(JECT-1ES 2
&kill and activity tracker system is an automated system that can be useful
to employee and the managers in any functional organi<ation.
It gives the facility to define the tasks in the organi<ation.
It also allows the managers to track the efforts spent by the employee for
that particular task.
report generation facility is supported in it that allows the managers to
analy<e which are those skills of employee that are utili<ed and those
which are not utili<ed.
4his tool can help managers for effort estimation per task.
4his tool helps employees to document their efforts and analy<e.
[3]
S4STE% AA"4S-S
>&ystems analysis is the dissection of a system into its component pieces to
study how those component pieces interact and work.?
@e do a systems analysis to subse7uently perform a systems synthesis.
&ystems synthesis is the re-assembly of a systemAs component pieces back into a
whole system-it is hoped an improved system.
4hrough systems analysis and synthesis, we may add, delete, and modify system
components toward our goal of improving the overall system. :oving from the
theoretical definition to something a bit more contemporary, &ystems analysis is
a term that collectively describes the early phases of systems development.
4here has never been a universally accepted definition. nd there has never
been agreement on when analysis ends and design begins. 4o further confuse
the issue, some methodologies refer to systems analysis as logical design.
4ypically, each organi<ationAs methodology of choice determines the definition
for that organi<ation. In the /&4 methodology, systems analysis is defined as
those phases and activities that focus on the business problem, independent of
technology )for the most part,. &pecifically, we refine our definition of
systems analysis as follows.
&ystems analysis is )!, the survey and planning of the system and project, )%,
the study and analysis of the existing business and information system, and ).,
the definition of business re7uirements and priorities for a new or improved
system. popular synonym is logical design.
4his definition corresponds to the first three phases of /&4. 4he phase
Bconfigure a feasible solutionB would be considered part of systems analysis by
some experts. @e prefer to think of it as an analysis-to-design transition phase.
&ystems analysis is driven by business concerns, specifically, those of system
users. Cence, it addresses the +4, *3#52&&, I(423/52, and
62#63*CD building blocks from a system user perspective. 2mphasis is
placed on business issues, not technical or implementation concerns.
[5]
B repository is a collection of those places where we keep all documentation
associated with the application and project.?
4he repository is normally implemented as some combination of the followingE
disk or directory of word processing, spreadsheet, and other computer
generated files that contain project correspondence, reports, and data. - #ne or
more 5&2 local repositories. - Card-copy documentation )stored in notebooks,
binders, and system libraries,.
Cereafter, we will refer to these as making up a singular project repository.
/&4 is a repository-based methodology. 4his means that phases )and activities
included in phases, communicate across a shared repository. 4hus, the phases
and activities are not really se7uentialF @ork in one phase can and should
overlap work in another phase, so long as the necessary information is already
in the repository. 4his accelerates development and allows /&4 to live up to
its name. /urthermore, this model permits the developer to backtrack when an
error or omission is discovered.
STRATE$-ES )OR S4STE%S AA"4S-S A# PRO("E%
SO"1-$6
4raditionally, systems analysis is associated with application development
projects, that is, projects that produce information systems and their associated
computer applications. Dour first experiences with systems analysis will likely
fall into this category. =ut systems analysis methods can be applied to projects
with different goals and scope. In addition to single information systems and
computer applications, systems analysis techni7ues can be applied to strategic
information systems planning and to the redesign of business processes. 4here
are also many strategies or techni7ues for performing systems analysis. 4hey
include modern structured analysis, information engineering, prototyping, and
object-oriented analysis. 4hese strategies are often viewed as competing
alternatives.
[7]
In reality, certain combinations complement one another. LetAs briefly examine
these strategies and the scope or goals of the projects to which they are suited.
4he intent is to develop a high-level understanding only.
%o8ern Structure8 Analy+i+6
B:odern structured analysis is a process-centered techni7ue that is used to
model business re7uirements for a system. 4he models are structured pictures
that illustrate the processes, inputs, outputs, and files re7uired to respond to
business events )such as #3+23&,.?
=y process-centered, we mean the initial emphasis in this techni7ue is on the
*rocess building blocks in our information system framework. 4he techni7ue
has evolved to also include the +4 building blocks as a secondary emphasis.
&tructured analysis was not only the first popular systems analysis strategyG it
also introduced an overall strategy that has been adopted by many of the other
techni7ues-model-driven development.
B model is a representation of reality. Hust as Ba picture is worth a thousand
words,B most models use pictures to represent reality.
:odel-driven development techni7ues emphasi<e the drawing of models to
define business re7uirements and information system designs. 4he model
becomes the design blueprint for constructing the final system.
:odern structured analysis is simple in concept. &ystems and business analysts
draw a series of process models called data flow diagrams that depict the
essential processes of a system along with inputs, outputs, and files. =ecause
these pictures represent the logical business re7uirements of the system
independent of any physical technical solution, the models are said to be a
logical design for the system.
[9]
-nformation Engineering :-E;6
Information engineering is a data-centered, but process-sensitive techni7ue that
is applied to the organi<ation as a whole )or a significant part, such as a
division,,
3ather than on an ad-hoc, project-by-project basis )as in structured analysis,.
Prototyping6
*rototyping is an engineering techni7ue used to develop partial but functional
versions of a &ystem or applications. @hen extended to system design and
construction, a prototype can evolve into the final, implemented system.
T<E E=T $EERAT-O O) RE>.-RE%ETS AA"4S-S6
B*redicting the future of re7uirements analysis is not easy, but weAll make an
attempt. 5&2 technology will continue to improve making it easier to model
system re7uirements. 4wo 5&2 technologies will lead the charge.?
PRO("E% #E)--T-O
In the project /performance analyzer0 we help in keeping the records of all the
employees of the organi<ation that is the storing the data of the employees. 4he
project will help the management of the organi<ation so that they can allot the
projects to their employees and can obtain good results from them which will
benefit their organi<ation.
[?@]
PROPOSE# SO".T-O
It should contain all the information of the employees which are registered in
the site. It should track the skills of the employees and help the managers to
decide which project should be allotted to which employee. 4he report must be
generated according to the tracking and allotment of the work is to be done on
it. 4he employees should update their skills so that tracking of all their new
skills can be done.
)ES-(-"-T4 ST.#4
*reliminary investigation examine project feasibility, the likelihood the system
will be useful to the organi<ation. 4he main objective of the feasibility study is
to test the 4echnical, #perational and 2conomical feasibility for adding new
modules and debugging old running system. ll system is feasible if they are
unlimited resources and infinite time. 4here are aspects in the feasibility study
portion of the preliminary investigationE
4echnical /easibility
#peration /easibility
2conomical /easibility
TEC<-CA" )EAS-(-"-T4 A
4he technical issue usually raised during the feasibility stage of the investigation
includes the followingE
+oes the necessary technology exist to do what is suggestedI
+o the proposed e7uipments have the technical capacity to hold the data
re7uired to use the new systemI
[??]
@ill the proposed system provide ade7uate response to in7uiries, regardless
of the number or location of usersI
5an the system be upgraded if developedI
re there technical guarantees of accuracy, reliability, ease of access and
data securityI
2arlier no system existed to cater to the needs of J&ecure Infrastructure
Implementation &ystemK. 4he current system developed is technically feasible.
It is a web based user interface for audit workflow at (I5-5&+. 4hus it
provides an easy access to the users. 4he databaseKs purpose is to create,
establish and maintain a workflow among various entities in order to facilitate
all concerned
users in their various capacities or roles. *ermission to the users would be
granted based on the roles specified. 4herefore, it provides the technical
guarantee of
accuracy, reliability and security. 4he software and hard re7uirements for the
development of this project are not many and are already available in-house at
(I5 or are available as free as open source. 4he work for the project is done
with the current e7uipment and existing software technology.
OPERAT-OA" )EAS-(-"-T42
*roposed projects are beneficial only if they can be turned out into
information system. 4hat will meet the organi<ationKs operating re7uirements.
#perational feasibility aspects of the project are to be taken as an important part
of the project implementation. &ome of the important issues raised are to test the
operational feasibility of a project includes the followingE -
Is there sufficient support for the management from the usersI
@ill the system be used and work properly if it is being developed and
implementedI
@ill there be any resistance from the user that will undermine the
possible application benefitsI
[?2]
4his system is targeted to be in accordance with the above-mentioned
issues. =eforehand, the management issues and user re7uirements have been
taken into consideration. &o there is no 7uestion of resistance from the users that
can undermine the possible application benefits.
4he well-planned design would ensure the optimal utili<ation of the computer
resources and would help in the improvement of performance status.
ECOO%-C )EAS-(-"-T4
system can be developed technically and that will be used if installed
must still be a good investment for the organi<ation. In the economical
feasibility, the development cost in creating the system is evaluated against the
ultimate
benefit derived from the new systems. /inancial benefits must e7ual or exceed
the costs.
4he system is economically feasible. It does not re7uire any addition hardware
or software. &ince the interface for this system is developed using the existing
resources and technologies available at (I5, 4here is nominal expenditure and
economical feasibility for certain.
PROJECT P"A-$
4he key to a successful project is in the planning. 5reating a project plan is the
first thing you should do when undertaking any kind of project.
#ften project planning is ignored in favor of getting on with the work. Cowever,
many people fail to reali<e the value of a project plan in saving time, money and
many problems.
[?']
4his article looks at a simple, practical approach to project planning. #n
completion of this guide, you should have a sound project planning approach
that you can use for future projects.
Step 1: ro!ect "oal#
project is successful when the needs of the stakeholders have been met.
stakeholder is anybody directly or indirectly impacted by the project.
s a first step, it is important to identify the stakeholders in your project. It is
not always easy to identify the stakeholders of a project, particularly those
impacted indirectly. 2xamples of stakeholders areE
4he project sponsor.
4he customer who receives the deliverables.
4he users of the project outputs.
4he project manager and project team.
#nce you understand who the stakeholders are, the next step is to find out their
needs. 4he best way to do this is by conducting stakeholder interviews. 4ake
time during the interviews to draw out the true needs that create real benefits.
#ften stakeholders will talk about needs that arenAt relevant and donAt deliver
benefits. 4hese can be recorded and set as a low priority.
4he next step, once you have conducted all the interviews, and have a
comprehensive list of needs is to prioriti<e them. /rom the prioriti<ed list, create
a set of goals that can be easily measured. techni7ue for doing this is to
review them against the &:34 principle. 4his way it will be easy to know
when a goal has been achieved.
#nce you have established a clear set of goals, they should be recorded in the
project plan. It can be useful to also include the needs and expectations of your
stakeholders.
[?B]
4his is the most difficult part of the planning process completed. ItAs time to
move on and look at the project deliverables.
Step $: ro!ect %eli&erable#
;sing the goals you have defined in step !, create a list of things the project
needs to deliver in order to meet those goals. &pecify when and how each item
must be delivered.
dd the deliverables to the project plan with an estimated delivery date. :ore
accurate delivery dates will be established during the scheduling phase, which is
next.
Step ': ro!ect Schedule
5reate a list of tasks that need to be carried out for each deliverable identified in
step %. /or each task identify the followingE
4he amount of effort )hours or days, re7uired to complete the task.
4he resource that will carry out the task.
#nce you have established the amount of effort for each task, you can work out
the effort re7uired for each deliverable, and an accurate delivery date. ;pdate
your deliverables section with the more accurate delivery dates.
t this point in the planning, you could choose to use a software package such
as :icrosoft to create your project schedule. lternatively, use one of the many
free templates available. Input all of the deliverables, tasks, durations and the
resources who will complete each task.
common problem discovered at this point, is when a project has an imposed
delivery deadline from the sponsor that is not realistic based on your estimates.
If you discover this is the case, you must contact the sponsor immediately. 4he
options you have in this situation areE
3enegotiate the deadline )project delay,.
[?,]
2mploy additional resources )increased cost,.
3educe the scope of the project )less delivered,.
;se the project schedule to justify pursuing one of these options.
Step 4: Supporting lan#
4his section deals with plans you should create as part of the planning process.
4hese can be included directly in the plan.
<uman Re+ource Plan
Identify by name, the individuals and organi<ations with a leading role in the
project. /or each, describe their roles and responsibilities on the project.
(ext, describe the number and type of people needed to carry out the project.
/or each resource detail start dates, estimated duration and the method you will
use for obtaining them.
5reate a single sheet containing this information.
Communication+ Plan
5reate a document showing that needs to be kept informed about the project and
how they will receive the information. 4he most common mechanism is a
weekly or monthly progress report, describing how the project is performing,
milestones achieved and work planned for the next period.
Ri+C %anagement Plan
3isk management is an important part of project management. lthough often
overlooked, it is important to identify as many risks to your project as possible,
and be prepared if something bad happens.
[?3]
Cere are some examples of common project risksE
4ime and cost estimates too optimistic.
5ustomer review and feedback cycle too slow.
;nexpected budget cuts.
;nclear roles and responsibilities.
&takeholder input is not sought, or their needs are not properly
understood.
&takeholders changing re7uirements after the project has started.
stakeholder adding new re7uirements after the project has started.
*oor communication resulting in misunderstandings, 7uality problems
and rework.
Lack of resource commitment.
3isks can be tracked using a simple risk log. dd each risk you have identified
to your risk logG write down what you will do in the event it occurs, and what
you will do to prevent it from occurring. 3eview your risk log on a regular
basis, adding new risks as they occur during the life of the project. 3emember,
when risks are ignored they donAt go away.
PROJECT SC<E#."-$
Lnowing how much time a team has to complete a project makes it easier for
the project manager to allocate tasks and get things done. 4herefore, many
project managers rely on project schedules to set timeframe parameters for
projects.
[?5]
)eature+
*roject scheduling looks at which tasks need to be performed for a project and
assigns deadlines for their completion. 4he project scheduler sets these
deadlines by calculating how long each task should take to perform. &cheduling
re7uires a comprehensive understanding of which action steps need to get done
and when.
)unction
Implementation teams use project schedules as charted timelines to stay on track
with deadlines. *rojects consist of a series of tasks, and each task is given its
own deadline. If various departments or teams are working on a project, each
group may be given its own schedule to follow for its part of the project.
Type+
:aster, milestone and detailed schedules are the three most common types of
project schedules, according to =right Cub.
:aster schedules are general summaries of the overall project, from start to
finish.
:ilestone schedules list all of the projectAs significant events, and are often
presented to senior managers so that they can see the projectAs progress.
+etailed project schedules are the most operational of the three, breaking
down all of the activities, tasks and action steps that need completing.
Effect+
*roject managers and investors are interested in project scheduling for
budgetary reasons. @hen money is budgeted for the implementation team, it is
important to monitor whether the project will be on time or not. *rojects that
do not meet deadlines may cost more for resources and staff wages.
[?7]
$ATT C<ART
$antt cDart is a type of bar chart, developed by Cenry 6antt in the !9!-s,
that illustrates a project schedule. 6antt charts illustrate the start and finish dates
of the terminal elements and summary elements of a project. 4erminal elements
and summary elements comprise the work breakdown structure of the project.
&ome 6antt charts also show the dependency )i.e. precedence network,
relationships between activities. 6antt charts can be used to show current
schedule status using percent-complete shadings and a vertical B4#+DB line
as shown here.
lthough now regarded as a common charting techni7ue, 6antt charts were
considered revolutionary when first introduced. In recognition of Cenry 6anttAs
contributions, the Cenry Laurence 6antt :edal is awarded for distinguished
achievement in management and in community service. 4his chart is also used
in information technology to represent data that has been collected.
6antt chart uses a calendar-oriented chart to represent the project schedule.
2ach activity is represented as a bar in the calendar, starting from the start date
of the activity and ending at the ending date for that activity. 4he start and end
of each activity becomes milestones for the project.
6antt chart can be developed for the entire project or a separate chart
can be developed for each function. tabular form is maintained where rows
indicate the tasks with milestones and columns indicate duration )week"months,.
4he hori<ontal bars indicate that span and columns indicate duration of the task .
[?9]
$ATT C<ART
)E(R.AR4 %ARC< APR-" %A4
3e7uirement
6athering

+esign

5oding
4est 5ases
4esting
Implementation
[2@]
PERT C<ART
4he *rogram )or *roject, 2valuation and 3eview 4echni7ue, commonly
abbreviated *234, is a statistical tool, used in project management, that is
designed to analy<e and represent the tasks involved in completing a
given project. /irst developed by the ;nited &tates (avy in the !91-s, it is
commonly used in conjunction with the critical path method )5*:,. *234 is a
method to analy<e the involved tasks in completing a given project, especially
the time needed to complete each task, and to identify the minimum time needed
to complete the total project.
[2?]
SO)T!ARE RE>.-RE%ETS SPEC-)-CAT-O:SRS;
<AR#!ARE SPEC-)-CAT-OS 2
SerEer6 F
*rocessor 6 !.-)6C<, *entium *rocessor
3: 6 ! 6=
C++ 6 8- 6=
+isplay 6 !-%0 x '$8 Cigh color-.%-bit
Client6 F
*rocessor 6 *. 8$$ :C< or later
3: 6 1!% :=
C++ 6 0- 6=
+isplay 6 !-%0 x '$8 Cigh color-.%-bit &oftware
#eEeloper6 F
*rocessor 6 !.-)6C<, *entium *rocessor
3: 6 ! 6=
C++ 6 8- 6=
+isplay 6 !-%0 x '$8 Cigh color-.%-bit
[22]
SO)T!ARE RE>.-R%ETS 2
SerEer6 F
=rowser 6 I2 $.- or later
+atabase 6 :& &ML &erver %-!%
@eb &erver 6 Internet Information &erver )II&, '.1
#perating system 6 @indows 8.!
Client6 F
#eEeloper6 F
+atabase 6 :& &ML &erver %-!%
@eb &erver 6 Internet Information &erver )II&, '.1
I+2 6 :icrosoft Nisual &tudio %-!.
+ocumentation 6 :&-@ord, :&-*ower*oint
4ool
+esigning 6 *hotoshop
4ool
[2']
).CT-OA" RE>.-RE%ETS 6
4ypical functional re7uirements areE
2mployee :anagement
4racking of &kills
6eneration of 3eport
&earching
llotment of work to 2mployees
*reparing of 6raphs on skills
;pdation of the employee skills
O ).CT-OA" RE>.-RE%ETS 6
(on-/unctional re7uirements areE
&ecurity
3eliability
:aintainability
*ortability
2xtensibility
3eusability
3esource ;tili<ation
[2B]
SO)T!ARE E$-EER-$ PARA#-$% APP"-E#
@e have used spiral model as the software engineering paradigm in our project.
4he details of the spiral model used are mentioned below6
SP-RA" %O#E"
4he spiral model is a software development process combining elements of
both design and prototyping-in-stages, in an effort to combine advantages
of top-down and bottom-up concepts. lso known as the spiral lifecycle model
)or spiral development,, it is a systems development method )&+:, used
in information technology )I4,. 4his model of development combines the
features of the prototyping and the waterfall model. 4he spiral model is intended
for large, expensive and complicated projects.
<-STOR46
4his model was defined by =arry =oehm in his !98$ article B &piral :odel of
&oftware +evelopment and 2nhancementB. It was not the first model to discuss
iterative development.
s originally envisioned, the iterations were typically $ months to % years long.
2ach phase starts with a design goal and ends with the client )who may be
internal, reviewing the progress thus far. nalysis and engineering efforts are
applied at each phase of the project, with an eye toward the end goal of the
project
4he spiral model combines the idea of iterative development )prototyping, with
the systematic, controlled aspects of the waterfall model.
[2,]
It allows for incremental releases of the product, or incremental refinement
through each time around the spiral. 4he spiral model also explicitly includes
risk management within software development. Identifying major risks, both
technical and managerial, and determining how to lessen the risk helps keep the
software development process under control.
4he spiral model is based on continuous refinement of key products for
re7uirements definition and analysis, system and software design, and
Implementation )the code,. t each iteration around the cycle, the products are
extensions of an earlier product. 4his model uses many of the same phases as
the waterfall model, in essentially the same order, separated by planning, risk
assessment, and the building of prototypes and simulations.
+ocuments are produced when they are re7uired, and the content reflects the
information necessary at that point in the process. ll documents will not be
created at the beginning of the process, nor all at the end )hopefully,. Like the
product they define, the documents are works in progress. 4he idea is to have a
continuous stream of products produced and available for user review.
4he spiral lifecycle model allows for elements of the product to be added in
when they become available or known. 4his assures that there is no conflict
with previous re7uirements and design. 4his method is consistent with
approaches that have multiple software builds and releases and allows for
making an orderly transition to a maintenance activity. nother positive aspect
is that the spiral model forces early user involvement in the system development
effort. /or projects with heavy user interfacing, such as user application
programs or instrument interface applications, such involvement is helpful.
&tarting at the centre, each turn around the spiral goes through several task
regions6
O +etermine the objectives, alternatives, and constraints on the new iteration.
O 2valuate alternatives and identify and resolve risk issues.
O +evelop and verify the product for this iteration.
O *lan the next iteration.
[23]
(ote that the re7uirements activity takes place in multiple sections and in
multiple iterations, just as planning and risk analysis occur in multiple places.
/inal design, implementation, integration, and test occur in iteration 0. 4he
spiral can be repeated multiple times for multiple builds. ;sing this method of
development,
some functionality can be delivered to the user faster than the waterfall method.
4he spiral method also helps manage risk and uncertainty by allowing multiple
decision points and by explicitly admitting that all of anything cannot be known
before the subse7uent activity starts.
APP"-CAT-OS6
4he spiral model is mostly used in large projects. /or smaller projects, the
concept of agile software development is becoming a viable alternative. 4he
military had adopted the spiral model for its /uture 5ombat &ystems program.
4he /5& project was cancelled after six years )%--.P%--9,, it had a two year
iteration )spiral,. 4he /5& should have resulted in three consecutive prototypes
)one prototype per spiralQevery two years,. It was cancelled in :ay %--9. 4he
spiral model thus may suit small )up to R. million, software applications and not
a complicated )R. billion, distributed interoperable, system of systems.
lso it is reasonable to use the spiral model in projects where business goals are
unstable but the architecture must be reali<ed well enough to provide high
loading and stress ability. /or example, the &piral rchitecture +riven
+evelopment is the spiral based &oftware +evelopment Life 5ycle )&+L5,
which shows one possible way how to reduce the risk of non-effective
architecture with the help of a spiral model in conjunction with the best
practices from other models.
[25]
SP-RA" %O#E" -
[27]
#ATA%O#E"S
?* #ATA )"O! #-A$RA%2
+ata flow diagrams )+/+s, are categori<ed as either logical or physical.
logical +/+ focuses on the business and how the business operates. It describes
the business events that take place and the data re7uired and produced by each
event. #n the other hand, a physical +/+ shows how the system will be
implemented.
Ideally, systems are developed by analy<ing the current system )the current
logical +/+,, then adding features that the new system should include )the
proposed logical +/+,. /inally the best methods to implement the new system
should be developed )the physical +/+,. fter the logical model for the new
system has been developed, it may be used to create a physical data flow
diagram for the new system.
#efining #)# Component+E - +/+s consist of four basic components that
illustrate how data flows in a systemE entity, process, data store, and data flow.
EntityE - n entity is the source or destination of data. 4he source in a +/+
represents these entities that are outside the context of the system. 2ntities either
provide data to the system )referred to as a source, or receive data from it
)referred to as a sink,. 2ntities are often represented as rectangles )a diagonal
line across the right-hand corner means that this entity is represented somewhere
else in the +/+,. 2ntities are also referred to as agents, terminators, or
source"sink.
Proce++E - 4he process is the manipulation or work that transforms data,
performing computations, making decisions )logic flow,, or directing data flows
based on business rules.
[29]
In other words, a process receives input and generates some output. *rocess
names )simple verbs and dataflow names, such as >&ubmit *ayment? or >6et
Invoice?, usually describe the transformation, which can be performed by
people or machines. *rocesses can be drawn as circles or a segmented rectangle
on a +/+, and include a process name and process number.
#ata StoreE - data store is where a process stores data between processes for
later retrieval by that same process or another one. /iles and tables are
considered data stores. +ata store names )plural, are simple but meaningful,
such as >customers,? >orders,? and >products.? +ata stores are usually drawn as
a rectangle with the right- hand side missing and labelled by the name of the
data storage area it represents, though different notations do exist.
#ata )loGE - +ata flow is the movement of data between the entity, the process,
and the data store. +ata flow portrays the interface between the components of
the +/+. 4he flow of data in a +/+ is named to reflect the nature of the data
used )these names should also be uni7ue within a specific +/+,. +ata flow is
represented by an arrow, where the arrow is annotated with the data name.
['@]
#)#2/@0"E1E" 6
['?]
#)#2/?0"E1E"6
['2]
#)#2/20"E1E"6
['']
2* ER #-A$RA%2
E2R #iagram6 n 2ntity 3elationship +iagram )23+, is a visual
representation of different data using conventions that describe how these data
are related to each other.
E2R #iagram SymHol+ & otation+6
4here are three basic elements in an 23 +iagramE entity, attribute, relationship.
4here are more elements which are based on the main elements. 4hey are weak
entity, multivalued attribute, derived attribute, weak relationship and recursive
relationship. 5ardinality and ordinality are two other notations used in 23
diagrams to further define relationships.
Entity6 2 n entity can be a person, place, event, or object that is relevant to a
given system. /or example, a school system may include students, teachers,
major courses, subjects, fees, and other items. 2ntities are represented in 23
diagrams by a rectangle and named using singular nouns.
!eaC Entity6 2 weak entity is an entity that depends on the existence of
another entity. In more technical terms it can defined as an entity that cannot be
identified by its own attributes. It uses a foreign key combined with its
attributed to form the primary key.
['B]
AttriHute6 2 n attribute is a property, trait, or characteristic of an entity,
relationship, or another attribute. /or example, the attribute Inventory Item
(ame is an attribute of the entity Inventory Item. n entity can have as many
attributes as necessary. :eanwhile, attributes can also have their own specific
attributes.
%ulti Ealue8 AttriHute6 2 If an attribute can have more than one value it is
called an multi valued attribute. It is important to note that this is different to an
attribute having its own attributes. /or example a teacher entity can have
multiple subject values.
#eriEe8 AttriHute6 2 n attribute based on another attribute. 4his is found
rarely in 23 diagrams. /or example for a circle the area can be derived from the
radius.
Relation+Dip6 2 relationship describes how entities interact. /or example, the
entity >carpenter? may be related to the entity >table? by the relationship
>builds? or >makes?. 3elationships are represented by diamond shapes and are
labelled using verbs.
Recur+iEe Relation+Dip6 2 If the same entity participates more than once in a
relationship it is known as a recursive relationship. In the below example an
employee can be a supervisor and be supervised, so there is a recursive
relationship.
Car8inality an8 Or8inality6 2 4hese two further defines relationships between
entities by placing the relationship in the context of numbers. In an email
system, for example, one account can have multiple contacts. 4he relationship
in this case follows a >one to many? model. 4here are number of notations used
to present cardinality in 23 diagrams. 5hen, ;:L, 5rowKs foot, =achman is
some of the popular notations. 5reately supports 5hen, ;:L and 5rowKs foot
notations. 4he following example uses ;:L to show cardinality.
[',]
ER #-A$RA% A
['3]
'*.SE CASE #-A$RA%2
['5]
S4STE% #ES-$
%o8ularization #etail+ 2
.%(ER O) %O#."ES6
?* A8mini+tration
2* Employee %anagement
'* SCill TracCing
B* Report $eneration
,* SearcD
3* !orC Allotment
5* Training
7* Regi+tration
['7]
#ESCR-PT-O O) %O#."ES 2
!. A8mini+trator %o8ule is further sub-divided into-
Login for dministrator
5hange *assword
/orget *assword
&ee the details of the employee
ssigning of projects to the employee
%. Employee %anagement %o8ule is further sub-divided into-
2mployee 3egistration
5hange *assword
/orget *assword
Login for employee
Niew";pdate profile
.. SCill TracCing %o8ule is further sub-divided into-
4racking the skills on the data present and the updated data by the
employee.
6ive details after tracking.
:anager can view the details.
['9]
0. Report $eneration %o8ule is further sub-divided into-
2mployee details are generated.
:anagers can view the details.
1. SearcD %o8ule is further sub-divided into-
&earching of details of the employees.
&eeing the updated skills of the employees.
$. !orC Allotment %o8ule is further sub-divided into-
:anagers divide the work to the employees.
*rojects are allotted to the employees.
'. Training %o8ule is further sub-divided into-
ccording to the skills the training is provided to the employees.
4raining sessions are arranged.
8. Regi+tration %o8ule is further sub-divided into-
3e7uest by the employee.
3esponse by the administrator.
Login management
5hange *assword
/orget password
3ole :anagement
[B@]
#ATA -TE$R-T4 A# COSTRA-T
#ata -ntegrity6
#ATA -TE$R-T46 ( In computing, data integrity refers to maintaining and
assuring the accuracy and consistency of data over its entire life-cycle, and is an
important feature of a database or 3+=:& system.
+ata warehousing and business intelligence in general demand the accuracy,
validity and correctness of data despite hardware failures, software bugs or
human error. +ata that has integrity is identically maintained during any
operation, such as transfer, storage or retrieval.
ll characteristics of data, including business rules, rules for how pieces of data
relate dates, definitions and lineage must be correct for its data integrity to be
complete. @hen functions operate on the data, the functions must ensure
integrity.
-TE$R-T4 COSTRA-TS6 2 Integrity constraints are used to ensure
accuracy and consistency of data in a relational database.

+ata integrity is
handled in a relational database through the concept of referential integrity.
4here are many types of integrity constraints that play a role in referential
integrity.
Type+
5ode initially defined two sets of constraints but, in his second version of the
relational model, he came up with four integrity constraintsE
Entity integrity
4he entity integrity constraint states that no primary key value can be null. 4his
is because the primary key value is used to identify individual tuples in a
relation. Caving null value for the primary key implies that we cannot identify
some tuples. 4his also specifies that there may not be any duplicate entries in
primary key column key row.
[B?]
Referential -ntegrity
4he referential integrity constraint is specified between two relations and is used
to maintain the consistency among tuples in the two relations. Informally, the
referential integrity constraint states that a tuple in one relation that refers to
another relation must refer to an existing tuple in that relation. It is a rule that
maintains consistency among the rows of the two relations.
#omain -ntegrity
4he domain integrity states that every element from a relation should respect the
type and restrictions of its corresponding attribute. type can have a variable
length which needs to be respected. 3estrictions could be the range of values
that the element can have, the default value if none is provided, and if the
element can be (;LL.
.+er #efine8 -ntegrity
business rule is a statement that defines or constrains some aspect of the
business. It is intended to assert business structure or to control or influence the
behaviour of the business. 2.g.E geST!8 UU geVT$-.
[B2]
TaHle+
?* Employee Regi+tration2
#ATA #ATA S-IE COSTRA-TS
2mployeeWcode varchar)%-, *rimary key
/irstWname varchar)%-, (ot null
LastWname varchar)%-, (ot null
2mailWId varchar).-, (ot null
HobW4itle varchar)!1, (ot null
ddress! varchar):X, (ot null
5ity varchar)%-, (ot null
&tate! varchar)%-, (ot null
*assword! varchar)%-, (ot null
&ecurityMues varchar):X, (ot null
&ecurityns varchar):X, (ot null
mobileWno varchar).-, (ot null
5ountry varchar):X, (ot null
[B']
2* A88 ProJect2
*rojectWcode varchar)%-, *rimary key
*rojectW(ame varchar).-, (ot null
*riority varchar)%-, (ot null
5ategory varchar)%-, (ot null
#wner! varchar)%-, (ot null
&tatus! varchar)%-, (ot null
&tartW+ate! varchar)$-, (ot null
2ndW+ate varchar)$-, (ot null
#wnerId varchar)%-, (ot null
'* "ogin #etail2
;serId varchar)%-, *rimary key
*assword! varchar)%-, (ot null
;ser4ype varchar).-, (ot null
&e7urityMues varchar)%-, (ot null
&ecurityans varchar)%-, (ot null
[BB]
B* %e++age #etail2
:gsId varchar)%-, *rimary key
&ender varchar)%1, (ot null
3eceiver varchar)%1, (ot null
&ubject! varchar)%-, (ot null
ttachment varchar):X, (ot null
:essage! varchar):X, (ot null
+ate! varchar):X, (ot null
4ime! varchar):X, (ot null
,* -mage#etail2
ImageId Int *rimary key
;serId varchar)%-, (ot null
Image(ame varchar):X, (ot null
Image*ath varchar):X, (ot null
[B,]
SAPS<OTS
?* <ome Page2
[B3]
2* Contact .+2
'* "ogin Page2
[B5]
B* Employee Regi+tration Page2
,* Employee <ome Page2
3* %e++age Compo+e Page2
5* A88 ProJect Page2
[B7]
TEST CASES
test case in software engineering is a set of conditions or variables under
which a tester will determine whether an application or software system is
working correctly. 4he mechanism for determining whether a software program
or system has passed or failed such a test is known as a test oracle. In some
settings, an oracle could be a re7uirement or use case, while in others it could be
a heuristic. It may take many test cases to determine that a software program or
system is considered sufficiently scrutini<ed to be released. 4est cases are often
referred to as test scripts, particularly when written. @ritten test cases are
usually collected into test suites.
)ormal te+t ca+e+6
In order to fully test that all the re7uirements of an application are met, there
must be at least two test cases for each re7uirementE one positive test and one
negative test. If a re7uirement has sub-re7uirements, each sub-re7uirement must
have at least two test cases. Leeping track of the link between the re7uirement
and the test is fre7uently done using a traceability matrix. @ritten test cases
should include a description of the functionality to be tested, and the preparation
re7uired to ensure that the test can be conducted.
formal written test-case is characteri<ed by a known input and by an expected
output, which is worked out before the test is executed. 4he known input should
test a precondition and the expected output should test a post condition.
-nformal te+t ca+e+6
/or applications or systems without formal re7uirements, test cases can be
written based on the accepted normal operation of programs of a similar class.
In some schools of testing, test cases are not written at all but the activities and
results are reported after the tests have been run.
[B9]
In scenario testing, hypothetical stories are used to help the tester think through
a complex problem or system. 4hese scenarios are usually not written down in
any detail. 4hey can be as simple as a diagram for a testing environment or they
could be a description written in prose. 4he ideal scenario test is a story that is
motivating, credible, complex, and easy to evaluate. 4hey are usually different
from test cases in that test cases are single steps while scenarios cover a number
of steps of the key.
Typical Gritten te+t ca+e format6
test case is usually a single step, or occasionally a se7uence of steps, to test
the correct behaviour"functionality, features of an application. n expected
result or expected outcome is usually given.
dditional information that may be includedE
test case I+
test case description
test step or order of execution number
related re7uirement)s,
depth
test category
author
check boxes for whether the test can be or has been automated
pass"fail
remarks
[,@]
.-T TEST CASE6
4he basic concept of unit testing is write more code which will test the main
code weKve written, by >throwing? sample data at it and examining what it gets
back.
4here are two approaches to unit testingE black box testing and white box
testing.
;nit 4est verifies the behavior of some small part of the overall system.
@hat makes a test a unit test is that the system under test )&;4, is a very small
subset of the overall system and may be unrecogni<able to someone who is not
involved in building the software. 4he actual &;4 may be as small as a single
object or method that is a conse7uence of one or more design decisions
although its behavior may also be traced back to some aspect of the functional
re7uirements. 4here is no need for unit tests to be readable, recogni<able or
verifiable by the customer or business domain expert. In extreme
*rogramming, unit tests are also called developer tests or programmer tests.
S4STE% TEST CASE6
&ystem 4est usually occurs after the functional verification stage is complete,
which is after the core function has been verified. It is intended to find problems
with the entire system as a whole. 4he system test phase occurs near the end of a
development life cycle. It is therefore imperative that system test applications
are designed to be as efficient as possible in finding code defects.
[,?]
&ystem test usually comprises of three areas. 4hese areE
!. *erformanceE It involves the process of determining the relevant product
statistics. /or exampleE Cow many messages per secondI Cow many
simultaneous users of a service are acceptableI
%. &cenarioE It is the process of recreating an exact configuration that a customer
re7uires. ny problems found in the scenario can therefore be detected before
the customer uses the product.
.. &tress )or workload balancing,E It is different from the other two areas in that
it is designed to strain the software by applying a large workload effort. If
carried out effectively, by maintaining a highly strenuous usage of the product
)but not
beyond the limits determined by the performance statistics,, stress testing often
uncovers many obscure bugs that any of the other techni7ues mentioned above
will not find )it is also often the case that they will be the most difficult to fix,.
rguably the most efficient of the three system test components, in terms of
detecting code defects, is the area of stress testing.
.
[,2]
PROJECT CO#-$
?*Employee regi+tration2
using &ystemG
using &ystem.5ollections.6enericG
using &ystem.Lin7G
using &ystem.@ebG
using &ystem.@eb.;IG
using &ystem.@eb.;I.@eb5ontrolsG
public partial class +:I(W2mp3egisstration E &ystem.@eb.;I.*age
Y
datalayer cTnew datalayer),G
string aWIdG
protected void *ageWLoad)object sender, 2ventrgs e,
Y
4eWcode.4extTauto),G
try
Y
var s T c.6et5ountry(ame),G
foreach )country k in s,
Y
+dlcountry.Items.dd)k.countryname,G
Z
Z
catch )2xception m,

[,']
Y

Z
Z
protected void =utton!W5lick)object sender, 2ventrgs e,
Y
c.&ave)4eWcode.4ext.4rim),, 4fWname.4ext.4rim),, 4lWname.4ext.4rim),,
4emailWid.4ext.4rim),, 4pass.4ext.4rim),,
+dlWHobtitle.&electedItem.4o&tring),,4mWno.4ext.4rim),, 4add.4ext.4rim),,
+dlcountry.&electedItem.4o&tring),,+dlstate.&electedItem.4o&tring),,+dlcity.&
electedItem.4o&tring),, +dls7.4ext.4rim),, 4sans.4ext.4rim),,G
Literal!.4extTB+ata saved...BG
&ession[BuB\ T 4eWcode.4ext.4rim),G
3esponse.3edirect)B]"2:*L#D22"Image;pload.aspxB,G
Z
public string auto),
Y

int i T -G
var 7T from a in c.da.2mployeeW3egisterations
select aG
foreach )2mployeeW3egisteration p in 7,
Y
&tring id T p.2mployeeWcode.4o&tring),G
int len T 5onvert.4oInt.%)id.&ubstring)9,,G
if )i V len,
Y
i T lenG
Z
[,B]

Z
aWId T B2mployeeWB ^ )^^i,G
return aWIdG
Z
protected void 4priorityW4ext5hanged)object sender, 2ventrgs e,
Y
Z
protected void +dlcountryW&electedIndex5hanged)object sender, 2ventrgs
e,
Y
try
Y
string cn T +dlcountry.&electedItem.4extG
var s T c.6et&tate(ame)cn,G
foreach )state! k in s,
Y
+dlstate.Items.dd)k.statename,G
Z
Z
catch )2xception m,
Y
Z
Z
protected void +dlcityW&electedIndex5hanged)object sender, 2ventrgs e,
Y

Z
protected void +dlstateW&electedIndex5hanged)object sender, 2ventrgs e,
Y
try
[,,]
Y
string sn T +dlstate.&electedItem.4extG
var s T c.6et5ity(ame)sn,G
foreach )city k in s,
Y
+dlcity.Items.dd)k.cityname,G
Z
Z
catch )2xception m,
Y
Z
Z
Z
2* A88 ProJect2
using &ystemG
using &ystem.Lin7G
using &ystem.@ebG
public partial class +:I(Wdd*roject E &ystem.@eb.;I.*age
Y
datalayer c T new datalayer),G
string aWIdG

[,3]
Y
4pWcode.4ext T auto!),G
Z
public string auto!),
Y
int i T -G
var 7 T from a in c.da.ddW*rojects
select aG
foreach )ddW*roject p in 7,
Y
&tring id T p.*rojectWcode.4o&tring),G
int len T 5onvert.4oInt.%)id.&ubstring)8,,G
if )i V len,
Y
i T lenG
Z
Z
aWId T B*rojectWB ^ )^^i,G
return aWIdG
Z
Y
c.saveaddproj)4pWcode.4ext.4rim),, 4pWname.4ext.4rim),,
4priority.4ext.4rim),, 4category.4ext.4rim),, 4owner.4ext.4rim),,
4status.4ext.4rim),, 4startdate.4ext.4rim),, 4enddate.4ext.4rim),,
4ownerId.4ext.4rim),,G
Lproject.4ext T B+ata saved...BG
Z
Z
[,5]
'*"ogin Page2
using &ystemG
using &ystem.Lin7G
using &ystem.@ebG
public partial class Login E &ystem.@eb.;I.*age
Y
Y
Z
Y
Z
protected void =utton%W5lick)object sender, 2ventrgs e,
Y
try
Y
string uid T 4ext=ox%.4extG
var s T c.6etLogin+etails)uid,G
foreach )Login+etail k in s,
Y
&ession[BuB\ T k.;serIdG
[,7]
&ession[BpB\ T k.*assword!G
&ession[ButB\ T k.;ser4ypeG

Z
if )4ext=ox%.4ext TT &ession[BuB\.4o&tring), UU 4ext=ox..4ext TT
&ession[BpB\.4o&tring), UU &ession[ButB\.4o&tring), TT B:anagerB,
Y
&ession[BmanegerB\ T 4ext=ox%.4ext.4rim),G
3esponse.3edirect)B":(623":anagerCome.aspxB,G
Z
else if )4ext=ox%.4ext TT &ession[BuB\.4o&tring), UU 4ext=ox..4ext
TT &ession[BpB\.4o&tring), UU &ession[ButB\.4o&tring), TT B2mployeeB,
Y
&ession[BemployeeB\ T 4ext=ox%.4ext.4rim),G
3esponse.3edirect)B"2:*L#D22"2mplyoeeCome.aspxB,G
Z
else
Y
Label!.Nisible T trueG
Label!.4ext T BIncorrect ;ser Id UU *asswordBG

Z
Z
catch )2xception m,
Y
Label!.4ext T B325#3+ (#4 /#;(+B ^ m.:essageG
Z
Z
[,9]
protected void =utton.W5lick)object sender, 2ventrgs e,
Y
3esponse.3edirect)B/orget*assword.aspxB,G
Z
Z
B*A8min login2
using &ystemG
using &ystem.Lin7G
using &ystem.@ebG
public partial class dmin E &ystem.@eb.;I.*age
Y

Y
Z
Y
try
Y
string uid T 4ext=ox!.4extG

[3@]
var s T c.6etLogin+etails)uid,G
Y
&ession[BuB\ T k.;serId G
&ession[BpB\ T k.*assword!G
&ession[ButB\ T k.;ser4ypeG
Z
if )4ext=ox!.4ext TT &ession[BuB\.4o&tring), UU 4ext=ox%.4ext TT
&ession[BpB\.4o&tring), UU &ession[ButB\.4o&tring), TT BadminB,
Y
&ession[BadminB\ T uidG
3esponse.3edirect)B]"+:I("dminCome.aspxB,G
Z
else
Y
Label!.4ext T BIncorrect ;ser Id UU *asswordBG
Z
Z
catch )2xception m,
Y
Label!.4ext T B325#3+ (#4 /#;(+B ^ m.:essageG
Z
Z
Z
[3?]
,*)orgot pa++Gor82
using &ystemG
using &ystem.Lin7G
using &ystem.@ebG
public partial class /orgot*assword E &ystem.@eb.;I.*age
Y
Y
:ultiNiew!.ctiveNiewIndex T -G
Label0.Nisible T falseG
Label$.Nisible T falseG
Z
Y
try
Y
&ession[BuidB\ T 4ext=ox!.4ext.4rim),G
string userid T &ession[BuidB\.4o&tring),G
var s T c.6etLogin+etails)userid,G
string s7 T B B, sa T B BG
Y
s7 T k.&e7urityMuesG
[32]

sa T k.&ecurityansG
Z
if )4ext=ox!.4ext TT s7 UU 4ext=ox..4ext TT sa,
Y
:ultiNiew!.ctiveNiewIndex T !G
Z
else
Y
Label0.Nisible T trueG
Label0.4ext T B&ecurity Muestion and nswer +o (ot :atchBG
Z
Z
catch )2xception m,
Y
Label0.Nisible T trueG
Label0.4ext T B3ecord not /oundBG
Z
Z
Y
try
Y
string userid T &ession[BuidB\.4o&tring),G
string pass T 4ext=ox0.4ext.4rim),G
c.5hange*assword)userid, pass,G
:ultiNiew!.ctiveNiewIndex T %G
[3']
Label$.4ext T BDour *assword has been 3esetBG
Z
catch )2xception m,
Y
Label$.Nisible T trueG
Label$.4ext T B*assword could not be changedBG
Z
Z
protected void Link=utton!W5lick)object sender, 2ventrgs e,
Y
3esponse.3edirect)BLogin.aspxB,G
Z
Z
3*-mage .ploa82
using &ystemG
using &ystem.Lin7G
using &ystem.@ebG
public partial class 2:*L#D22WImage;pload E &ystem.@eb.;I.*age
Y
Y
[3B]
if )&ession[BuB\ TT null,
Y
3esponse.3edirect)B/ront page.aspxB,G
Z
else
Y
Label!.Nisible T falseG
Label!./ore5olor T &ystem.+rawing.5olor.3edG
Z
Z
Y
try
Y
string u T &ession[BuB\.4o&tring),G
""string u T B2mployeeW$BG
string spath T B B, fname T B B, path T B BG
if )/ile;pload!.Cas/ile,
Y
fname T /ile;pload!./ile(ameG
path T &erver.:ap*ath)B.."2:*L#D22"propic"B ^ u ^ fname,G
/ile;pload!.&aves)path,G
spath T B.."2:*L#D22"propic"B ^ u ^ fnameG
c.;pload*rofile*ic)u, fname, spath,G
Image%.Image;rl T spathG

"" 3esponse.3edirect)B.."2:*L#D22"2mplyoeeCome.aspxB,G
Z
else
[3,]
Y
Label!.4ext T B*lease &elect *icture 4o ;ploadBG
Z
Z
catch )2xception m,
Y
Label!.4ext T B*icture could not be ;ploadedBG
Z
Z
protected void Link=utton!W5lick)object sender, 2ventrgs e,
Y
3esponse.3edirect)B.."2:*L#D22"2mplyoeeCome.aspxB,G
Z
Z
5*)ile Cla++2
using &ystemG
using &ystem.Lin7G
using &ystem.@ebG
""" VsummaryS
""" &ummary description for datalayere
""" V"summaryS
public class datalayer
Y
public &killctivity+ata5ontext daTnew &killctivity+ata5ontext)B+ata
&ourceT)Local+=,__v!!.-Gttach+b/ilenameT`
+ata+irectory`__&killWctivityW4racker.mdfGIntegrated &ecurityT4rueB,G
public datalayer),
Y
""
"" 4#+#E dd constructor logic here
""
Z
public I2numerableVLogin+etailS 6etLogin+etails)string u,
Y
var 7 T from a in da.Login+etails
where a.;serIdTT u
select aG
return 7G
Z
public void &ave&kills)string 2mployeecode, string 3ole, string &kills, string
#ther, string +ate,
Y
dd&kill e T new dd&kill),G
e.2mpWcode T 2mployeecodeG
e.3ole! T 3oleG
e.&kills T &killsG
e.#ther T #therG
e.+ate! T +ateG
da.dd&kills.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void &avellot*rojects)string project5ode,string project(ame,string
&elect2mployee,&tring 2mployee5ode,&tring &kills,&tring #ther&kills,string
+ate,
Y
llot*roject e T new llot*roject),G
e.*rojectW5ode T project5odeG
e.*rojectW(ame T project(ameG
e.2mployee&election T &elect2mployeeG
e.2mployeeWcode T 2mployee5odeG
e.&kills T &killsG
e.#therskills T #ther&killsG
e.&tatus! T B(oBG
e.+ate! T +ateG
da.llot*rojects.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void &ave@ork*rogress)string projectcode,string projectname,string
employeeselection,string 2mployeecode, string skills,string otherskills,string
+ate,string file,
Y
@orkprogress eTnew @orkprogress),G
e.*rojectWcodeTprojectcodeG
e.*rojectW(ame T projectnameG
e.2mployee&election T employeeselectionG
e.2mployeeWcode T 2mployeecodeG
e.&kills T skillsG
e.#therskills T otherskillsG
e.+ate! T +ateG
e./ile! T fileG
e.&tatus! T B(oBG
da.@orkprogresses.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void &ave4raining3e7uest)string 2mployeeW5ode, string
4rainingheading, string 4raining+escription,string +ate,
Y
4raining3e7uest e T new 4raining3e7uest),G
e.2mployeeW5ode T 2mployeeW5odeG
e.4rainingCeading T 4rainingheadingG
e.4raining+escription T 4raining+escriptionG
e.+ate! T +ateG
e.&tatus! T B(oBG
da.4raining3e7uests.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void &ave;pcoming4raining3e7uest)string 2mployeeW5ode, string
4rainingheading, string 4raining+escription, string +ate,
Y
4raining3e7uest e T new 4raining3e7uest),G
e.2mployeeW5ode T 2mployeeW5odeG
e.4rainingCeading T 4rainingheadingG
e.4raining+escription T 4raining+escriptionG
e.+ate! T +ateG
e.&tatus! T BDesBG
da.4raining3e7uests.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void &ave4raining)string heading, string detail, string attachment,
Y
dding4raining e T new dding4raining),G
e.Ceading T headingG
e.+etail T detailG
e.ttachment T attachmentG
e.&tatus! T B(#BG
da.dding4rainings.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public I2numerableV2mployeeW3egisterationS &ave;pdated+ata)string
2mployeecode,
Y
var 7 T from a in da.2mployeeW3egisterations where a.2mployeeWcode TT
2mployeecode select aG
return 7G
Z
public void &ave)string 2mployeeWcode, string /irstWname, string LastWname,
string 2mailWId,string *assword!, string HobW4itle,string :obileW(o!, string
ddress!,string 5ountry, string 5ity, string &tate!, string &e7urity7ues,string
&e7urityans,
Y
2mployeeW3egisteration e T new 2mployeeW3egisteration),G
e.2mployeeWcode T 2mployeeWcodeG
e./irstWname T /irstWnameG
e.LastWname T LastWnameG
e.2mailWId T 2mailWIdG
e.*assword! T *assword!G
e.HobW4itle T HobW4itleG
e.mobileWno T :obileW(o!G
e.ddress! T ddress!G
e.5ountry T 5ountryG
e.5ity T 5ityG
e.&tate! T &tate!G
e.&ecurityMues T &e7urity7uesG
e.&ecurityns T &e7urityansG
da.2mployeeW3egisterations.Insert#n&ubmit)e,G

Login+etail ld T new Login+etail),G
ld.;serId T 2mployeeWcodeG
ld.*assword!T*assword!G
ld.;ser4ype T HobW4itleG
ld.&e7urityMuesT&e7urity7uesG
ld.&ecurityans T &e7urityansG
da.Login+etails.Insert#n&ubmit)ld,G
Image+etail img! T new Image+etail),G

img!.;serId T 2mployeeWcodeG
img!.Image(ame T Bdefault.pngBG
img!.Image*ath T B]"propic"default.pngBG
da.Image+etails.Insert#n&ubmit)img!,G
da.&ubmit5hanges),G

Z
public void saveaddproj)string *rojectWcode, string *rojectW(ame, string
*riority, string 5ategory, string #wner!, string &tatus!, string &tartW+ate!,
string 2nd-W+ate, string #wnerId,string ttachment,
Y
ddW*roject e T new ddW*roject),G
e.*rojectWcode T *rojectWcodeG
e.*rojectW(ame T *rojectW(ameG
e.*riority T *riorityG
e.5ategory T 5ategoryG
e.#wner! T #wner!G
e.&tatus! T &tatus!G
e.&tartW+ate! T &tartW+ate!G
e.2ndW+ate T 2nd-W+ateG
e.#wnerId T #wnerIdG
e.ttachment T ttachmentG
da.ddW*rojects.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void savecountry)string countryname,
Y
country e T new country),G
e.countryname T countrynameG
da.countries.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void savestate)string countryname, string statename,
Y
state! e T new state!),G
e.statename T statenameG
da.state!s.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void savecity)string countryname, string statename, string cityname,
Y
city e T new city),G
e.statename T statenameG
e.cityname T citynameG
da.cities.Insert#n&ubmit)e,G
da.&ubmit5hanges),G
Z
public void ;pload*rofile*ic)string u, string iname, string ipath,
Y
var 7 T from a in da.Image+etails
where a.;serId TT u
select aG
foreach )Image+etail k in 7,
Y
k.Image(ame T inameG
k.Image*ath T ipathG
Z
da.&ubmit5hanges),G
Z
public void 5hange*assword)string u, string p,
Y
var 7 T from a in da.Login+etails
where a.;serId TT u
select aG
foreach )Login+etail k in 7,
Y
k.*assword! T pG
Z
da.&ubmit5hanges),G
Z
public I2numerableVcountryS 6et5ountry(ame),
Y
var 7 T from a in da.countries select aG
return 7G
Z
public I2numerableVstate!S 6et&tate(ame)string cname,
Y
var 7 T from a in da.state!s where a.countryname TT cname select aG
return 7G
Z
public I2numerableVcityS 6et5ity(ame)string sname,
Y
var 7 T from a in da.cities where a.statename TT sname select aG
return 7G
Z
public void &end:essage)string sn, string rc, string sub, string att, string msg,
string dt, string tm,
Y
:essage+etail md T new :essage+etail),G
md.&ender T snG
md.3eceiver T rcG
md.&ubject! T subG md.:essage! T msgG
md.+ate! T dtG
md.4ime! T tmG
md.ttachment T attG
da.:essage+etails.Insert#n&ubmit)md,G
da.&ubmit5hanges),G
Z
public I2numerableV:essage+etailS getmessage)string str,
Y
var 7 T from a in da.:essage+etails
where a.:gsId TT5onvert.4oInt.%)str,
select aG
return 7G
Z
public string getimge)string str,
Y
var 7 T from a in da.Image+etails
where a.;serId TT str
select aG
string ipt T B BG
foreach )Image+etail k in 7,
Y
ipt T k.Image*athG
Z
return iptG
Z
Z

[5?]
TEST-$
4esting is a process of executing a program with the goal of finding errors. &o,
testing means that one inspects behaviour of a program on a finite set of test
cases )a set of inputs, execution preconditions, and expected outcomes
developed for a particular objective, such as to exercise a particular program
path or to verify compliance with a specific re7uirement, for which valued
inputs always exist. In practice, the whole set of test cases is considered as
infinite, therefore theoretically there are too many test cases even for the
simplest programs. In this case, testing could re7uire months and months to
execute. &o, how to select the most proper set of test casesI In practice, various
techni7ues are used for that, and some of them are correlated with risk analysis,
while others with test engineering expertise. 4esting is an activity performed for
evaluating software 7uality and for improving it. Cence, the goal of testing is
systematic detection of different classes of errors )error can be defined as a
human action that produces an incorrect result, in a minimum amount of time
and with a minimum amount of effort.
?* TEST-$ TEC<->.ES6
testing techni7ue specifies the strategy used in testing to select input test cases
and analy<e test results. +ifferent techni7ues reveal different 7uality aspects of
a software system, and there are two major categories of testing techni7ues,
functional and structural.
)unctional Te+ting6 4he software program or system under test is viewed as a
>black box?. 4he selection of test cases for functional testing is based on the
re7uirement or design specification of the software entity under test. 2xamples
of expected results, sometimes are called test oracles, includes re7uirement
"design specifications, hand calculated values, and simulated results. /unctional
testing emphasi<es on the external behaviour of the software entity.
[52]
Structural Te+ting6 the software entity is viewed as a >white box?. 4he
selection of test cases is based on the implementation of the software entity.
4he goal of selecting such test cases is to cause the execution of specific spots in
the software
entity, such as specific statements, program branches or paths. 4he expected
results are evaluated on a set of coverage criteria. 2xamples of coverage criteria
include path coverage, branch coverage, and data-flow coverage. &tructural
testing emphasi<es on the internal structure of the software entity.
TEST-$ STRATE$-ES6
.nit te+ting
;nit testing, also known as component testing refers to tests that verify the
functionality of a specific section of code, usually at the function level. In an
object-oriented environment, this is usually at the class level, and the minimal
unit tests include the constructors and destructors.
4hese types of tests are usually written by developers as they work on code
)white-box style,, to ensure that the specific function is working as expected.
#ne function might have multiple tests, to catch corner cases or other branches
in the code. ;nit testing alone cannot verify the functionality of a piece of
software, but rather is used to assure that the building blocks the software uses
work independently of each other.
;nit testing is a software development process that involves synchroni<ed
application of a broad spectrum of defect prevention and detection strategies in
order to reduce software development risks, time, and costs. It is performed by
the software developer or engineer during the construction phase of the software
development lifecycle. 3ather than replace traditional M focuses, it augments
it. ;nit testing aims to eliminate construction errors before code is promoted to
MG this strategy is intended to increase the 7uality of the resulting software as
well as the efficiency of the overall development and M process.
[5']
+epending on the organi<ationAs expectations for software development, unit
testing might include static code analysis, data flow analysis metrics analysis,
peer code reviews, code coverage analysis and other software verification
practices.
-ntegration te+ting
Integration testing is any type of software testing that seeks to verify the
interfaces between components against a software design. &oftware components
may be integrated in an iterative way or all together )Bbig bangB,. (ormally the
former is considered a better practice since it allows interface issues to be
locali<ed more 7uickly and fixed.
Integration testing works to expose defects in the interfaces and interaction
between integrated components )modules,. *rogressively larger groups of tested
software components corresponding to elements of the architectural design are
integrated and tested until the software works as a system.
Sy+tem te+ting
Sy+tem te+ting of software or hardware is testing conducted on a complete,
integrated system to evaluate the systemAs compliance with its specified
re7uirements. &ystem testing falls within the scope of black box testing, and as
such, should re7uire no knowledge of the inner design of the code or logic. s a
rule, system testing takes, as its input, all of the BintegratedB software
components that have successfully passed integration testing and also the
software system itself integrated with any applicable hardware system)s,. 4he
purpose of integration testing is to detect any inconsistencies between the
software units that are integrated together )called assemblages, or between any
of the assemblages and the hardware. &ystem testing is a more limited type of
testingG it seeks to detect defects both within the Binter-assemblagesB and also
within the system as a whole.
[5B]
&ystem testing is performed on the entire system in the context of a /unctional
3e7uirement &pecification)s, )/3&, and"or a &ystem 3e7uirement &pecification
)&3&,. &ystem testing tests not only the design, but also the behavior and even
the believed expectations of the customer. It is also intended to test up to and
beyond the bounds defined in the software"hardware re7uirements specification.

Acceptance te+ting
Acceptance te+ting is a test conducted to determine if the re7uirements of a
specification or contract are met. It may involve chemical tests, physical tests,
or performance tests.
In systems engineering it may involve black-box testing performed on
a system )for exampleE a piece of software, lots of manufactured mechanical
parts, or batches of chemical products, prior to its delivery.
&oftware developers often distinguish acceptance testing by the system provider
from acceptance testing by the customer )the user or client, prior to accepting
transfer of ownership. In the case of software, acceptance testing performed by
the customer is known as user acceptance testing );4,, end-user testing, site
)acceptance, testing, or field )acceptance, testing. smoke test is used as an
acceptance test prior to introducing a build to the main testing process.
2* TEST P"A6
Static Te+ting6 2 &tatic testing is the testing of the objects in a web browser that
do not change, or are not transaction based. 4his type of testing is done on a
web page that has already been loaded into a web browser. 4here are several
types of static testing, and they will be discussed in this section.
Content CDecCingE - #nce the web page has been loaded, it has to be tested for
accuracy, completeness, consistency, spelling and accessibility.
[5,]
4hese terms have the traditional meanings, and the tests are as elementary as
they sound. Cowever, it is in areas like these where the site is first judged by
the website visitor. /or example, if the site has numerous misspellings, the
product that the website is offering may come into 7uestion as the visitor may
feel that if the attention to detail is not given to the site, it may not be given to
the product either. 4hese tests are mentioned in this research paper as these are
simple things that may not automatically be on a web testerKs test plan, as most
of these are uni7ue to the web.
(roG+er SyntaK CompatiHility6 2 4his test is one level below the actual
content. It is the technology of how to represent the content, whether that
content consists of text, graphics, or other web objects. 4his is an important test
as it determines whether or not the page under test works in various browsers.
2ven regarding only :icrosoftKs Internet 2xplorer and (etscapeKs (avigator
web browsers, this is a significant issue due to the fact that there are many
versions of both still in use. 4hese versions do not work the same, and
depending on what the minimum version and browser type re7uirements are, the
pages need to be tested in each supported browser
1i+ual (roG+er 1ali8ation6 2 &imply, does the content look the same,
regardless of supported browser usedI If the re7uirements are that only one
browser and version will be supported by the application, this test is not
necessary. Cowever, even if more than one version of the same browser will be
supported, the page under test should loaded into both browsers, and they
should be visually checked to see if there are any differences in the physical
appearance of the objects in the page. If there are, they may be things such as
the centering of objects, table layouts, etc.
4he differences should be reviewed by the users to see if there is any need to
change the page so that it appears exactly the same )if possible, in all of the
supported browsers.
[53]
Te+t (roG+ingE -4est browsing tests aim to find the defects regarding
navigation through web pages, including the availability of linked pages, and
other objects, as well as the download speed of the individual page under test.
4he integration of web pages to server-based components is tested, to ensure
that the correct components are called from the correct pages.
(roG+ing tDe Site6 2 @hen traversing links and opening new pages, when a
new page is opened, several 7uestions should be addressed on each and every
page the system links to. 5an the page be downloaded and displayedI +o all
objects load in an acceptable time )>acceptable? would be based on the business
re7uirements,I @hen user turns the browser option of >images-load? to >off? P
does the page still workI +o all of the text and graphical links workI ll of
these 7uestions are important, as if the answer to any of them is in the negative,
it would be considered a defect.
#ther issues to validate are whether the site still works if Hava&cript or Hava is
disabled, or if a certain plug-ins is not loaded or disabled. good test case is to
use a browser with no plug-ins loaded during testing, and when the tester is
7ueried to download a plug-in, they should not load them, and see how the site
reacts without the plug-in.
)unctional Te+ting
(roG+er2Page Te+t+6 2 4his type of test covers the objects and code that
executes within the browser, but does not execute the server-based components.
/or example, Hava&cript and N=&cript code within C4:L that does rollovers,
and other special effects. 4his type of test also includes field validations that are
done at the C4:L level. dditionally, browser-page tests include Hava applets
that implement screen functionality or graphical output.
[55]
on2)unctional Te+ting
Configuration Te+ting6 2 =eyond the browser validation, this type of test takes
into consideration the operating system platforms used, the type of network
connection, internet service provider type, and browser used )including version,.
4he real work for this type of test is ensuring that the re7uirements and
assumptions are understood by the development team, and that a test
environment with those choices is put in place to properly test it.
.+aHilityE - /or usability, the tests can be subjective, but there are standards and
guidelines that have been established throughout the industry and it would be
easy for a project team to blindly follow them, and feel that the site will be
acceptable since the standards are followed.
Cowever, human-computer interaction standards and guidelines cannot
guarantee a usable website. +esigners should not rely on them for all or even
most of the design decisions, and project managers should not let standards
compliance lull the team into complacency, thinking that since the standards are
followed, that the site will automatically meet the needs of the users, their tasks,
and their work environment.
proactive suggestion is that while establishing the design guidelines, to define
re7uirements that can be positively identified and measured. way to do this is
to capture and 7uantify the meaning of learn ability, understandability, and
operability in a testable form.
PerformanceE - *erformance testing is the validation that the system meets
performance re7uirements. 4his can be as simplistic as ensuring that a web
page loads in less than eight seconds, or can be as complex as re7uiring the
system to handle !-,--- transactions per minute, while still being able to load a
web page within eight seconds. 4he section below offers best practices for the
execution of performance testing.
[57]
+uring research, one topic that was repeated was the importance that the
performance-testing server is exactly like the production serverG in fact, it
ideally should be an exact replica in every way. It is very important to make
sure every component )networks, firewalls, servers, mainframes, matches the
production e7uipment.
*erformance testing can be done through the >window? of the browser, or
directly on the server. If done on the server, some of the performance time that
the browser takes is not accounted for. &cripting 6;I orientated transactions to
drive the browser interface can be much more complicated and the
synchroni<ation between test tool and browser it not always reliable. 4herefore,
if testers decide to ignore the performance time taken by the browsers, it is
important to get >buy in? from project team members and users to understand
the compromise. If there are issues, testers should advise management that
performance-testing using the 6;I will introduce a time-intensive effort that
may or may not impact the project timeline.
4o assist with load and performance testing, testers should use the test scripts
that have been created early in the project as a basis for initial load testing. =y
using the existing scripts, this avoids rework and allows the scripts to be used at
different times by different virtual users when validating system performance.
ScalaHilityE - 4he term >scalability? can be defined as a web applicationKs
ability to sustain its re7uired number of simultaneous users and"or transactions,
while maintaining ade7uate response times to its end users.
@hen testing scalability, configuration of the server under test is critical. ll
logging levels, server timeouts, etc. need to be configured just like production.
In an ideal situation, all of the configuration files should be simply copied from
test environment to the production environment, with only minor changes to the
global variables )Cagen, %---,.
[59]
In order to test scalability, the web traffic loads must be determined to know
what the threshold re7uirement for scalability should be.
SecurityE - &ecurity is a critical part of an e-commerce website. =est practices
to best test how secure the site is are in this section.
#ata CollectionE - @eb sites collect data in log files, as well as through forms
in which users supply to the website information that is saved on the web server.
4he web server should be setup so that users cannot browse directories and
obtain file names.
CooCie+E cookie is a text file that is placed on a website visitorKs system that
identifies the userKs >identity.? 4he cookie is retrieved when the user re-visits
the
site at a later time. 5ookies can expire in a short period of time, such as minutes
or hours )session cookie, or can last for months or years )persistent cookie,.
5ookies can be controlled by the user, regarding whether they want to allow
them or not. If the user does not accept cookies, will the site still workI re the
cookies necessaryI
'* #E(.$$-$ & CO#E -%PRO1E%ET6
#eHugging6 fter I have created my website and resolved the build errors. I
must now correct those logic errors that keeps my application or stored
procedures from running correctly. I have done this with the development
environmentAs integrated debugging functions. 4hese allowed me to stop at
procedure locations, inspect memory and register values, change variables,
observe message traffic, and get a close look at what my code does.
Nisual &tudio %-!% supports various types of debugging which helped me to
debug my website.
[7@]
Parallel #eHugging6
4wo new windows have been added for debugging parallel applicationsE
4he 6*; 4hreads window displays the status and the details of the threads
running on the 6*;.
4he *arallel @atch window displays values of a single expression across
multiple threads at the same time.
Dou can sort, reorder, configure, and group on the columns in the 6*; 4hreads,
4hreads, *arallel 4asks, and *arallel @atch windows.
-ntelliTrace #eHugging6
Dou can record diagnostic events with the Intelli4race collector for &hare*oint
%-!- applications running outside Nisual &tudio. 4his lets you save user profile
events, ;nified Logging &ystem );L&, events, and Intelli4race events to an
.i4race file. Dou can open this file in Nisual &tudio ;ltimate to start diagnosing
&hare*oint %-!- applications in production or other environments.
CO#E -%PRO1E%ET6
/or the improvement of the code, I have used following types of codes to
optimi<e it.
Cla++ )ile6 4he class file is used to declare and define the methods for various
multiple
[7?]
S4STE% SEC.R-T4 %EAS.RES
#ATA(ASE SEC.R-T46
:ost @eb sites need to selectively restrict access to some portions of the site.
Dou can think of a @eb site as somewhat analogous to an art gallery. 4he
gallery is open for the public to come in and browse, but there are certain parts
of the facility, such as the business offices, that are accessible only to people
with certain credentials, such as employees. @hen a @eb site stores its
customersA credit card information in a database, for example, access to the
database must be restricted. &*.(24 security features help you address this
and many other security issues.
&*.(24, in conjunction with :icrosoft Internet Information &ervices )II&,,
can authenticate user credentials such as names and passwords using any of the
following authentication methodsE
@indowsE =asic, digest, or Integrated @indows uthentication )(4L:
or Lerberos,.
:icrosoft *assport authentication
/orms authentication
5lient 5ertificate authentication
&*.(24 controls access to site information by comparing authenticated
credentials, or representations of them, to (4/& file system permissions or to
an X:L file that lists authori<ed users, authori<ed roles )groups,, or authori<ed
C44* verbs.
Nisual &tudio.(24 hides so many technical details behind the scenes that
developers need only concentrate on the core business logic. Cowever, hackers
are on the lookout for any opportunity to hack into your application. @hich
means the pressure is on you to keep defense top of mind.
[72]
If you donAt, youAll 7uickly find your &*.(24 apps vulnerable to attack.
I have used few vital defences which will arm my website against the security
threats. 4he threats with the defences are mentioned below as followsE
Cro++2+ite ScriptingE] 5ross-site &cripting )X&&, is one of the most common
attacks on @eb applications today. *ut simply, X&& happens when a hacker
injects a script into your @eb application )normally through user inputs, and
your application accepts it without checking. @hen the data )containing the
script, gets saved into your @eb application, subse7uent users may be affected
as the script may inadvertently get loaded onto their @eb browsers.
4o better understand X&&, consider an example in which your @eb application
asks for a userKs name via a text box. @hen the user clicks on the button, his
name will be displayed in the label control.
Cowever, instead of entering his name, the user might enter a line of script,
such as >VscriptSalert)BCello thereFB,GV"scriptS?
. /or example, one type of script could read and display the current cookie
values or redirect the user to another @eb site.
/ortunately, &*.(24 0.1 ships with built-in re7uest protection to detect
inputs that contain scripts. /igure 0 shows what would happen in &*.(24 0.1
if a user tried to enter scripting code in an input control.
@hile this vulnerability has been hot-fixed, it is nevertheless important that
you employ added precaution. #ne good method is to use the &erver.Ctml
2ncode ), method to encode all user inputs into C4:L-encode strings. @hen
this C4:L-encoded string is displayed in a browser, it will be displayed as a
string, and not executed as a client-side script.
If you need to turn off the built-in script protection in &*.(24 !.! for some
reason, you can set the validate 3e7uest attribute in your page to false.
S>" -nJectionE] &ML Injection is another well-known exploit that hackers
love. =ut surprisingly there are still a lot of people who donAt seem to care
about this problem.
[7']
nother exploit the hacker can try is known as the &ML ;nion attack. 4he
following text, entered as a string in either the user name or password text box
will give the hacker plenty of information about your server.
xy<A union select aaserver name, aaservice name, aaversion --
much safer way to formulate your &ML string is to use the *arameters object
in the &7l5ommand object. 4he advantage to using this approach is that
+#.(24 doesnAt do the substitutionG it passes the parameters to &ML &erver
where the substitution and validation occurs.
;se of &tored *rocedures also kills the &ML Injection and we are safe from the
threat of &ML Injection from the hackers.
1ali8ate your .+er -nput+6F Nalidate your user inputs religiously. 4he rule of
thumb here is to assume the worst about your end users. 4hey are bound to
enter inputs that are totally unexpected. =e sure to check for illegal characters
and limit the amount of data they can enter. &*.(24 ships with a lot of
validation controls of which I had make full use of them, both at the client side
and server side.
<a+Ding to Store your Pa++Gor8+6 I have seen a number of cases where
developers simply store usersK passwords in plain text. 4his is a dangerous
thing to do, if your &ML &erver is compromised, you run the risk of exposing
all the passwords. )4here are those who argue that if your database server is
compromised, it doesnKt matter how you save your passwordsQthey are no
longer secure,.
much better way to store passwords in your database is to use hashing.
Cashing is a one-way process of mapping data )plain text, of any length to a
uni7ue fixed-length byte se7uence. 4his fixed-length byte se7uence is called a
hash. &tatistically, two different pieces of data would not generate the same
hash. nd a hash cannot be used to reverse-generate the plain text. In the case
of saving passwords in the database, saving the hash value of each password is
preferred over the saving the plain password.
[7B]
@hen a user logs in, the hash value of the password is computed and then
compared to the hash value stored in the database. In this case, even if the
database server is compromised, the hackers have no way of knowing the usersK
real passwords )though he could still alter the hash value of a userKs password
to one he generated himself and gain illegal access,.
4here are many encryption algorithms provided in the &ystems.
5ryptographyclass. @e can use any type of algorithm provided such as &C!
or :+1 or any other to encrypt our passwords.
4he following function shows how to use the &C! hash algorithm
implementation in the .(24 /ramework. 4he hash value could then be stored in
place of the userKs password.
hashNalue T
5omputeCashNalue)2ncoding.&5II.6et=ytes)txt*assword.4ext,,
Encrypt Sen+itiEe #ata E &*.(24 @eb developers know that it is sometimes
useful to store information such as database connection strings in the
@eb.config file rather than hardcode them in the application. +oing so allows
the database server to be changed without modifying and recompiling the
application. Cowever, storing sensitive information such as the connection
string )which may contain user information and password, in plain text format
in @eb.config file is not a very good idea, as @eb.config is an X:L document
stored as a text file and thus easily accessed.
&o, a safer way would be to encrypt the sensitive information and store the
cipher text into the @eb.config file. 4here are two types of encryption
algorithms that you can useE
&ymmetric symmetric
&ymmetric algorithms encrypt and decrypt information using a common key. It
is a simple and efficient way of encrypting"decrypting information. Cowever
the use of a common key makes it less secure if more than one party needs to
know the key.
[7,]
symmetric algorithms encrypt and decrypt information using a pair of keys.
4his pair of keys is made up of a private and a public key. +ata encrypted
using the public key can only be decrypted using the private key and vice
versa.
symmetric algorithms are much more complex and are computationally
expensive. Cowever, it is also much more secure than symmetric algorithms.
=ecause &#* messages are sent in plain text, @eb services could also benefit
from encryption. Instead of using &&L to protect the entire communication path
)which is overkill,, you could use encryption to protect sensitive information
such as credit card numbers from prying eyes.
Store Secure -nformation in tDe Regi+try6 =esides encrypting data manually,
you might also want to use the registry to store sensitive information. /or
example, you might configure your @eb server to log in to a remote database
server using @indows authentication. nd so you might configure your @eb
application to use impersonation, specifying the username and passwordE
Videntity impersonateTBtrueB usernameTBsome userB passwordTBto
secretB "S.
.+e Se++ion+L Hut ot CooCie2le++ Se++ion+E If there is a need to persist
sensitive information about a user, use &ession objects. &ession objects in
&*.(24 use cookies to store the &ession I+ on the cookie, which gets passed
to-and-fro between the client and the server. 4he &ession objects containing
sensitive information are stored on the server side. Cence, the only information
exposed is the &ession I+, and not the sensitive information.
&*.(24 supports cookie-less sessions, which might seem tempting since
many users turn cookies off in their browsers. =ut donAt go down that roadE
;sing cookie-less sessions subjects you to session hijacking, where a hacker
can simply use the ;3L that you are accessing and assume the browsing. 4he
bottom line is, always avoid cookie-less sessions.
[73]
)ROT E# A# (ACK E# SEC.R-T4
/3#(4 2(+ &25;3I4D-
4his security level is developed or designed by the s"w developer or designer.
&he provides her"his s"w the security for the system, by considering many
factors regarding to the particular s"w.
In this software following are used to provide security.
L#6I( 5C25LI(6-
4here are two loginKs are provided in this software one for user and another for
admin. In order to avail the services of user have to provide a valid id and
password and only after entering correct id and password user will get entry
otherwise they will be blocked from accessing any services of this site.
&imilarly a login check is provided for admin that check credentials for admin
which can do any admin job. In this way, security has been provided for both
user section and admin section. 4here is also provision to change the password
in case password is known by other. *assword recover section provides users to
recover their password whenever they have forgotten their password.
=5L 2(+ &25;3I4D-
In this particular software our back end used is &7l-&erver. &o all the inbuilt
security aspects provided by the &7l-&erver database is used as it is. It will
provide the strong feature of security so that it will be difficult to change,
modify any personal or university data. Information is vital to success, but when
damaged or in the wrong hands, it can threaten success. &7l-&erver provides
extensive security features to safe guard your information from both
unauthori<ed viewing and intentional or inadvertent damage. 4his security is
provided by granting or revoking privileges on a person- by- person and
privilege-by-privilege basis.
[75]
(enfit+ of tDe proJect
llows supervisors and managers to view, at a glance, all current and
future schedules.
:akes it easy to manage and anticipate staffing levels for the present and
future.
*rovides daily"weekly views of all current projects and jobs.
6enerates real-time, multi-dimensional reports and views
6ives management full visibility and maximum control
&upport work-life balance
2ncourages employee self-service
[77]
COST EST-%AT-O O) PROJECT
Proce++ main pDa+e+6 In this simple top-down estimate process you can
identify five main phases.
!. +efine ctivities
%. +efine 4ask
.. +efine Cuman 3esources
0. ssign Cuman 3esources to 4asks
1. 2stimate times and costs
4he process start with a general definition of macro-activities and with a
detailed definition of tasks, human resources used, times and costs related to
each task.
[79]
!. #efine ActiEitie+E In this first phase you have to define the main activities
which compose your projectE
/or example, in a generic web project you can identify the following main
activitiesE
!. 3e7uirements definition
%. +esign
.. Implementation
0. 4est
1. 3elease
(ext step is to detail each activity with a certain number of specific tasks.
2* #efine Ta+C+6 2ach activity is composed from some tasks. 2ach task is a
smaller piece of work which composes a main activityE
[9@]
!. 3e7uirements definition
!.! +efine application scope
!.% +efine technical re7uirements
....
%. +esign
%.! pplication :ap
%.% +atabase 2ntity relationship model
...
.. Implementation
..! &ML code
..% C4:L code
... 5&& code
...
'* #efine <uman Re+ource+6 (ext step is defining human resources in terms of
category, seniority and hourly costE
2ach category has a specific hourly cost related to specific seniority. Dou can
organi<e these information using a simple category"seniority matrix. /or
example if you have to estimate a big"medium si<e project you can identify the
following categoriesE
[9?]
- nalyst
- *rogrammer
- *roject manager
- ...
and the following senioritiesE
- Hunior
- &enior
- ...
(ow, define hourly cost for each category"seniority combination )in a more
complex project you can also define a standard rate and an overtime rate for
each combination,. In the spreadsheet, you can create the table above in a new
sheet called 3esources in the same spreadsheet. t this point you have two
sheetsE
first sheet with activities and a second sheet with resources. In this way when
you assign resources to tasks you can link the cost of a specific resource with a
reference formula )T,.
4his is a good practice because if you have to change the cost related to a
specific combination category"seniority, you can do it only once in the
sheet B3esourcesB and automatically all changes will be reported in all instances
)task, which use that combination in the sheet BctivitiesB.
B* A++ign <uman Re+ource+ to Ta+C+6 (ext stepE assigning one or more
resources to each task estimating the effort which a task re7uires. 4his is a very
delicate activity because you have to calibrate the right combination between
category and seniority of resources you want to use in your project in order to
estimate correctly project times and costs.
[92]
In the spreadsheet, in the sheet BctivitiesB create the following three columnsE
!. (um )number of resources assigned to a task,
%. 5ategory
.. &eniority
4his is the resultE
Dou can add different resources to each task )different category or different
seniority, by simply adding a row below the task name )for example take a look
at B+efine application scopeB where I added ! analyst junior in the first row and
! analyst senior in a new row below the task name,.
[9']
,* E+timate Time+ an8 Co+t+6 (ow, for each resource, estimate the daily effort
)Cours"day column,, number of days )+ays column,, get cost related to
category"seniority combination from the sheet B3esourcesB using a reference
formula )Courly 5ost column,, and calculate 4otal costsE
/or each task )row, Total )o#t i# e*ual to: Total )o#t + ,our#-day . ,ourly
)o#t . %ay#
4ake a mind some task could have specific costs which are independent from
the number of resources you assign to that task. Dou can add this costs adding a
new column to the left of the column 4otal 5ost called Bdditional 5ostsB.
In this case 4otal 5ost will be e7ual toE
Total Co+t M :<our+N8ay & <ourly Co+t & #ay+; O A88itional Co+t
[9B]
Co+t E+timation of my ProJect
Project Activityes
Total
Resources
Rs
30990.00
WBS Activity Num Category Seniority Hours!ay
Hourly
Cost
"ays Total Cost
#
Re$uirements
!e%inition
Rs &'(0.00
1.1 Define application scope 1 Analyst Junior ) Rs &*.00 & Rs #&&0.00
1 Analyst Senior & Rs **.00 & Rs ))0.00
1.2
Define technical
requirements
2 Analyst Senior ) Rs **.00 & Rs #'(0.00
1
Project
Manager
Senior 3 Rs )0.00 + Rs &)0.00
+ "esign Rs ()30.00
1
Project
Manager
8 Rs 8. ! Rs 3+00.00
2.1 Application Map 1 Analyst Junior 8 Rs !!. " Rs #'(0.00
1 Analyst Senior ! Rs !!. 2 Rs **0.00
2.2
Data#ase $nitity%
relationship mo&el
1 Analyst Senior 8 Rs !!. ' Rs #3+0.00
2.' ...
3 ,m-lementation
Rs
#9.&00.00
1
Project
Manager
8 Rs 8. ! Rs 3+00.00
'.1 S() co&e 2 Programmer Senior 8 Rs !!. 1 Rs &&00.00
'.2 *+M) co&e 2 Programmer Senior 8 Rs !!. 1 Rs &&00.00
'.' ,SS co&e 2 Programmer Senior 8 Rs !!. 1 Rs &&00.00
'." ...
[9,]
COC".S-O
4he proposed PSK-"" A# ACT-1-T4 TRACKER? is made to help
management of the organi<ation to for the growth of the organi<ation and
development of the employees in their skills.
ll the re7uirements that are gathered in the nalysis phase are given a
basic structure by following the +esign principles in the +esign phase and data
from the analysis stage is converted in to design in the form interface.
[93]
).T.RE SCOPE6
#ur @ebsite /S0ill and 1cti&ity Trac0er2 has wide scope.
s in an organi<ation the skills of the employees cannot be tracked as per there
updation in the skills and work allotment cannot be done as per it.
4his website will in use of the organi<ation so that they can track the
employeeKs skills and work accordingly for the growth of the organi<ation.
[95]
RE)ERECE
GGG*google*com
GGG*+oftGorC+2GorCfroce*com
[97]

Performance Analyzer Project Report Analysis

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Performance Analyzer Project Report Analysis

Caricato da

Copyright:

Formati disponibili

Performance Analyzer

Potrebbero piacerti anche