SECURITY AND COMPLIANCE

Project Report
Submitted in partial fulfillment of the requirements for the award of the degree of

MASTER OF COMPUTER APPLICATIONS

by

RAOUSHAN KUMAR PASWAN

(Reg. No. 15208615CA57)

DEPARTMENT OF MATHEMATICAL AND COMPUTATIONAL SCIENCES

NATIONAL INSTITUTE OF TECHNOLOGY KARNATAKA

SURATHKAL, SRINIVASNAGAR P.O. – 575025
MANGALORE, INDIA

MAY, 2018
 DECLARATION

I hereby declare that the Report of the Major Project Work entitled “Security and
Compliance” which is being submitted to the National Institute of Technology
Karnataka, Surathkal for the award of the Degree of Master of Computer Applications in
the Department of Mathematical and Computational Sciences, is a bonafide report of the
work carried out by me. The material contained in this Report has not been submitted to any
University or Institution for the award of any degree.

Raoushan Kumar Paswan

Registration No.: 15208615CA57
Department of Mathematical and
Computational Science

Place: NITK, SURATHKAL

Date: 28-05-2018

I
 CERTIFICATE

This is to certify that the project report entitled ‘Security and Compliance’ submitted by
RAOUSHAN KUMAR PASWAN (Registration Number: 15208615CA57) as the record
of the work carried out by him, is accepted as the P.G. Project work report submission in
partial fulfillment of the requirements for the award of degree of Master of Computer
Applications in the Department of Mathematical and Computational Sciences, National
Institute of Technology Karnataka, Surathkal.

Mr. Shanoop CP Dr. Chandhini G

(External Project Guide) (Internal Project Guide)

Associate Director of Engineering Department of Mathematical and

SysCloud Technologies Pvt Ltd. Computational Sciences,

Chennai. NITK, Surathkal.

Chairman DPGC

II
 ACKNOWLEDGEMENT

It gives me great pleasure and deep satisfaction in presenting this report of my project work
undertaken at SysCloud Technologies Pvt. Ltd as a part of M.C.A. last semester from
NITK SURATHKAL, KARNATAKA arranged in order to gain the practical knowledge in
the Project Development. For all efforts, behind this successful project, I am highly grateful
to the following personalities without whom this project would not have been completed.

I convey my earnest thanks to Dr. B R Shankar, Head of Department, Mathematical and

Computational Sciences, NITK, Surathkal for his invaluable guidance, support and
suggestions throughout the course of this project work.

I express my sincere thanks Dr. Chandhini G (Internal Guide), Assistant Professor,

Department of Mathematical and Computational Sciences, NITK Surathkal for his
suggestions and constructive criticisms during the course of my project and for never letting
me forget the seriousness of the purpose of my internship.

I am thankful to all the Professors and Faculty Members in the department for their
teachings.

I express special thanks to Mr. Shanoop C P, (External Guide), Associate Director of

Engineering, SysCloud Technologies Pvt Ltd, Chennai, my mentor who was very patient
with me at every step. He was there at all hours to guide and help me with all my doubts.

I have of course, received help from a great many people during this project. I am extremely
thankful to all of them.

Lastly, I would like to thank my family, friends and colleagues who have always supported
me whenever I felt down. Without their continuous words of encouragement, it wouldn’t
have been possible to complete the project.

III
 ABSTRACT
“Security and Compliance” is an application developed by “SysCloud Technologies Pvt Ltd.”
Through this application SysCloud provides security to various organizations. Basically
“Security and Compliance” prevents from uncertain activities. Using this application a
customer can scan their user domain’s data. If any data creates any violation, then automatically
initiates a notification to customer.
To achieve above objective, we have developed some tools. These tools are:
1) MailWatch Channel
2) Diagnostic Tool
3) Automation Tool and
4) Detection Tool,

These tools helps in finding offensive keywords and in turn certain algorithm are applied to
remove corresponding files and notify the administrator. These tools are developed using
technologies such as PHP, JAVA, SELENIUM, MicroSoft SQL Server, Apache tomcat,
NetBeans.

IV
 TABLE OF CONTENTS

1 INTRODUCTION
1.1 About Organization 1
1.2. Work Done by Organization 1
1.3 Security and Compliance 2
1.4 Project Overview 5
2 SYSTEM DESIGN 13
2.1 Data Flow Diagram 13
2.2 Our Product Screenshots for Various Security 15
3 METHODOLOGY 23
3.1 PHP 23
3.2 JAVA 24
3.3 Tomcat 24
3.4 MicroSoft SQL Server 2017 25
3.5 Selenium 26
3.6 NetBeans V7.3 27
4 RESULT 32
4.1 WatchChannel 32
4.2 Diagnostic Tool 32
4.3 Automation 32
4.4 Detection Tools 38
5 CONCLUSION 48
5.1 Summary 48
5.2 Future Scope 48
5.3 Advantages 48
5.4 Disadvantages 48
6 REFERENCES 49
 CHAPTER 1

INTRODUCTION

1.1 About Organization

SysCloud, a Delaware inc, USA company was founded in the year 2013. Its mission is to be the
premier machine learning analytics software for cloud security and backup. Its solution protects
data and users from cyber threats and risks while using office collaboration suites like Google G
suite and Microsoft Office 365.

Massive explosion of data, cloud apps, users, devices, events has led to productivity and quality
of life improvements but also led to massive security and ransomware attacks. Traditional
security solutions which depend on blocking firewall ports and keyword phrases are no longer
sufficient and not relevant in a mobile first cloud first world.

SysCloud machine learning models contextually identify cyber threats and risks looking at an
organization’s data content, devices, users, apps, locations, access privileges and user behavior in
real time and creating threat matrix and cards. Our threat center gives details of high risk threats
and recommends policy actions which can be turned on with a single click.

1.2 Work done by Organization

Our organization basically focused on providing backup and security of cloud data. Our
organization developed an application named as “Security and Compliance”. The Mission of
the Security and Compliance is to provide the security from danger or threats. The threats are
Cyberbullying, FERPA, HIPPA, PCI, PII, GLBA and CIPA.

1. Cyberbullying: Cyberbullying is bullying that takes place over digital devices like
cell phones, computers, and tablets. Cyberbullying can occur through SMS, Text, and
apps, or online in social media, forums, or gaming where people can view, participate
in, or share content. Cyberbullying includes sending, posting, or sharing negative,
harmful, false, or mean content about someone else. It can include sharing personal or
private information about someone else causing embarrassment or humiliation. Some
cyberbullying crosses the line into unlawful or criminal behavior.

1
 2. FERPA (Family Educational Rights and Privacy Act): The Family Educational
Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal
law that protects the privacy of student education records. The law applies to all
schools that receive funds under an applicable program of the U.S. Department of
Education.
3. HIPPA (The Health Insurance Portability and Accountability Act): A US law
designed to provide privacy standards to protect patients' medical records and other
health information provided to health plans, doctors, hospitals and other health care
providers. Developed by the Department of Health and Human Services, these new
standards provide patients with access to their medical records and more control over
how their personal health information is used and disclosed. They represent a
uniform, federal floor of privacy protections for consumers across the country. State
laws providing additional protections to consumers are not affected by this new rule.
HIPAA took effect on April 14, 2003.
4. PCI (Payment Card Industry): Payment Card Industry Data Security Standard (PCI
DSS) compliance is adherence to the set of policies and procedures developed to
protect credit, debit and cash card transactions and prevent the misuse of cardholders'
personal information. PCI DSS compliance is required by all card brands. .
5. CIPA (Children's Internet Protection Act): The Children's Internet Protection Act
(CIPA) was enacted by Congress in 2000 to address concerns about children's access
to obscene or harmful content over the Internet. CIPA imposes certain requirements
on schools or libraries that receive discounts for Internet access or internal
connections through the E- rate program – a program that makes certain
communications services and products more affordable for eligible schools and
libraries. In early 2001, the FCC issued rules implementing CIPA and provided
updates to those rules in 2011.
1.3 Security and Compliance
The “digitization of everything” trend is forever changing our lives. The growth of mobile
devices along with their increasing capabilities result in people having instant access to
information on-the-go. They can conduct business wherever they are at any time, often
blurring the line between work and leisure. Because of the always-on, always accessible

2
nature of the digital economy, your customers expect a consistently excellent user
experience regardless of whether they are at home or at work.
But keeping organizations secure in this increasingly digital world has never been tougher.
The fast-paced demands of users put even more pressure on enterprises to prevent and stop
threats and data breaches, meet regulatory compliance requirements, and govern their
operations more efficiently.
What’s the best way for your organization to address this challenge? By developing
processes to meet new digital requirements for security and compliance and automating
those processes as effectively as possible. Automation should integrate the objectives and
activities of Security and Operations teams and enable them to protect the enterprise while
providing the performance and availability required for businesses to remain competitive.
Organizations who rely on manual administration of security and compliance find it
impossible to scale, which in turn limits their ability to keep up with business opportunities
and challenges in the growing digital economy. Plus, manual administration is also
particularly subject to human error, which makes it dangerous. Delays in responding to
security threats and compliance issues can lead to breaches, failed audits, financial loss, and
damage to a company’s reputation and other serious business consequences.
In this guide, you’ll learn about the security compliance audit process, security risk
management, and how to deal with persistent threats in the digital economy. The guide will
also describe how best-practice processes and automation can help organizations meet the
challenges of today and the future while also increasing collaboration between Security and
Operations. This unifying strategy can enable these teams to improve uptime, customer
satisfaction, and security.
Having an effective strategy is critical to success. This guide will help you understand the
risks that must be mitigated or eliminated. You’ll also learn important considerations for
developing a plan that focuses on integrating the roles of people, processes, and technology
to address the increasing challenges related to security and compliance in the digital
economy. As Figure 1 indicates, vulnerabilities and exposures to threats are increasing
rapidly. Organizations must prioritize efforts and focus on the most critical vulnerabilities.

3
1. The role of Operations in maintaining security, compliance and control: Maintaining a
secured environment not just the concern Security’s. Operations teams also play a critical role in
the process, however, they do not get appreciated for their role in the process. The Security team
identifies the risks, but Operation team must implement the changes to remediate those risks.
Officially the charter of the security team is to keep the organization secure while the operations
team works on supporting the business demand for high availability to avoid risking performance
or reliability on production systems.

This situation creates a gap between Security and Operations known as the SecOps Gap: Two
groups driven by competing priorities which ultimately result in long lag times to close security
vulnerabilities, business-system downtime, excessive labor costs and challenges in meeting
regulatory requirements.

Many attacks can be prevented by closing this gap. More than 80 percent of attacks target known
vulnerabilities and 99 percent of exploits were compromised over a year after the CVE was
published. According to Rob Joyce, Chief of NSA’s Tailored Access Operations, “There’re so
many more vectors that are easier, less risky and quite often more productive than going down
that route. This includes, of course, known vulnerabilities for which a patch is available, but the
owner hasn’t installed it.”

2. Closing the SecOps Gap protects company assets and reduces costs: The misalignment
between Security and Operations goes beyond poor communication paths and conflicting
objectives. A Forbes Insights survey commissioned by BMC reported that Operations and
Security teams have only a general or little understanding of each others requirements. So, they
are not even speaking the same language or providing one another with what they need to be
successful. Some examples include – Security runs a scan and delivers it to Operations and it is
sorted by IP address. If the Operations team does not use IP address as a reference point, they
must sort through the data line by line trying to figure out what it means. Going in the other
direction, Operations provides their plans to remediate vulnerabilities to Security based on server
group. Unless Security knows which servers are in the group and what role those servers play it
does not help in giving them a view into the security posture of the organization.

Breaches occur even when vulnerabilities and their remediation have been identified, but not yet
implemented, due to a lack of coordination between the teams. Half of the organizations that

4
experienced a breach in the last year also reported a loss of data, which can result in failing to
meet compliance requirements, fines, and impact the business by having to deal with this loss. It
can also cause customer dissatisfaction that leads to litigation.

Providing a secure environment involves a clear focus on people, processes, and technology to
address vulnerability remediation and compliance. This guide, which offers a comprehensive
overview of security and compliance, helps explain how best practices and automation can
enable organizations to optimize their resources, increase efficiency, reduce costs and improve
the quality of service while meeting security and compliance objectives.

1.4 Project Overview:

Syscloud projects are created in google cloud platform. As we discussed earlier, our work
focuses on security and compliance. With the authentication oAuth 2.0 we ask to allow access of
customers’ data. Google provide the Domain Wide Delegation of Authority, so that an
authorized enterprise can access the data. In the following, the tools created for the purpose are
discussed in detail.

1.MailWatch: Putting in simple word, the purpose of this tool is to identify the users and also to
Admin faces any problem with their users.

Fig (1) MailWatch

5
  If you click in the user Id, related id details will appear and we can see all the
details related to mailwatch.

Fig (2) MailWatch Details

2. Diagnostic tool: Since the tool has global users, aim of Diagnostic tool is to detect the issues
related to our application. We can detect by knowing whether any violation has happened or not.
If violation is happened then it implies that the application works fine. If not, it leads to questions
like whether application is not working or user is not creating any violation. To overcome with
this problem, Diagnostic tool is created. Following is the screenshot of the tool.

6
1. Click on the Diagnostic link, it will direct to information regarding user.

Fig (1) Main Page

7
2. When you click on diagnostic link, it will direct to this page containing the user’s
information. In that page we can see the last violation time of drive and email.

Fig (2). Domain Info/Violation Time

8
3. Here in the previous screenshot you can see another link Policy Count. Here we can get the
last message and can access the last drive file information. So that it is helpful to know
whether the application well.

Fig (3.1). Drive Violation

9
If you click on policy Id it will show the latest violated file details.

Fig (3.2). Mail Violation

10
 If you click on the Policy Id it will Show the latest mail or chat details.
4. In fig (2) if you click on Diagnostic it will show the users necessary details and whether the
latest drive file or mail file can be downloaded.

Fig (4). User Details

Note: All information is from testing databases so, if data is not there means there is no data in
testing databases.
3. Automation Tool: This automation tools detect whether our application is getting launched
from the G-Suite Market Place or not. All the operation will be automatic, from finding
application to launching application. It is set to our server and scheduler is set to run this
program automatically. If successfully launched or not, then automatically a mail is sent to the
authorized person of the company and notify.

11
4. Detection application: Two detection applications are made to take input from csv file and
get some results and again put back into csv file. It works on several algorithms.

12
 CHAPTER 2

SYSTEM DESIGN

2.1 Data Flow Diagram: A data flow diagram (DFD) maps out the flow of information for any
process or system. It uses defined symbols like rectangles, circles and arrows, plus short text
labels, to show data inputs, outputs, storage points and the routes between each destination. Data
flowcharts can range from simple, even hand-drawn process overviews, to in-depth, multi-level
DFDs that dig progressively deeper into how the data is handled. They can be used to analyze an
existing system or model a new one. Like all the best diagrams and charts, a DFD can often
visually “say” things that would be hard to explain in words, and they work for both technical
and nontechnical audiences.

Data flow diagram for our product “Security and Compliance”

Fig 2.1: Data flow Diagram

13
1. For Trial Customers.
1.1. Google Apps marketplace: G Suite Marketplace (formerly Google Apps
Marketplace) is a product of Google Inc. It is an online store for web
applications that work with Google Apps (Gmail, Google Docs, Google
Sites, Google Calendar, Google Contacts, etc.) and with third party software. Some
Apps are free. Apps are based on Google APIs or on Google Apps Script.
1.2. Onboard Customer’s as Trial: Customers who is in trial version.
1.3. Landing app.syscloud.com for their respective domain: Customer loads the
application for the respective domain and start scanning for the users.
1.4. Start Fetching Users for Their Domain: Scan all the users for their domain.
1.5. Start threat scan: After fetching the user’s information it starts scanning for the
threats.
1.6. Authentication: Fetch the data of the users domain through oAuth 2.0
1.7. Scanning: Now data is scanned with our own rules and detect for threats. If threats
found then
1.8. Action: Threats is published and intimate to Admin.
2. For paid customers: Same process as for trial. Once the customer moved to paid then
2.1. Create a real time channels to monitor users email and drive.
2.2. Once the channel is created then, when user edit document or compose e-mail,
2.3. Google automatically notify to our server then
2.4. Catch those notification and again scan with our rules and detect threats, if found
2.5. Threats are published and intimate to Admin.

14
2.2 Our Product Screenshots for various security:
1. Cyberbullying screenshots of the product:
1.1 Threats Details: In this section you will be able to see an overview of the violation.

Fig 2.2: Threats Detail

15
Now, if you click on Gmail icon. It will show the related threat details. Here is the screenshot
for Gmail threat and Google Drive.

Fig 2.3: Gmail Threat Details

16
If you click on the email id, it will give you whole details related to this email id.

Fig 2.4: Mail Details

17
If you click on Google Drive icon. It will show the related threat details. Here is the screenshot
for Gmail threat and Google Drive.

Fig 2.5: Google Drive Threat Details

18
If you click on the email id for google drive, it will give you whole details related to this email
id.

Fig 2.6: Drive Details

19
1.2 Dashboard: Showing summary of the result.

Fig 2.7: Dashboard

20
1.3 History: Shows the history of the threats.

Fig 2.8: History

21
 1.4 Setting: Shows the setting of the threats.

Fig 2.9: Setting

Note: Similarly for other policies. As in the case of security policies similar screenshots can be
produced for 1. FERPA (Family Educational Rights and Privacy Act) 2. HIPPA (The Health
Insurance Portability and Accountability Act) 3.PCI (Payment Card Industry) 4.CIPA (Children's
Internet Protection Act), same process is there as Cyberbullying. So, same screenshots will be
there for all other policies.

22
 CHAPTER 3
METHODOLOGY
To develop “Security and Compliance” application there are several tools that has been used.
They are discussed in the following.
3.1 PHP (Programming Language): PHP (recursive acronym for PHP: Hypertext
Preprocessor) is a widely-used open source general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.

Nice, but what does that mean? An example:

Example #1 An introductory example

<html>
<head>
<title>Example</title>
</head>
<body>

<?php
echo "Hi, I'm a PHP script!";
?>

</body>
</html>

Instead of lots of commands to output HTML (as seen in C or Perl), PHP pages contain
HTML with embedded code that does "something" (in this case, output "Hi, I'm a PHP
script!"). The PHP code is enclosed in special start and end processing instructions <?php
and ?> that allow you to jump into and out of "PHP mode. “What distinguishes PHP
from something like client-side JavaScript is that the code is executed on the server,
generating HTML which is then sent to the client. The client would receive the results of
running that script, but would not know what the underlying code was. You can even
configure your web server to process all your HTML files with PHP, and then there is
really no possible way for users to track the code.

23
 The best things in using PHP are that it is extremely simple for a newcomer, but offers
many advanced features for a professional programmer.

Although PHP's development is focused on server-side scripting, you can do much more
with it. Whole product program is written on PHP language.

3.2 JAVA( Programming Language): Java is a programming language and computing platform
first released by Sun Microsystems in 1995. There are lots of applications and websites that
will not work unless you have Java installed, and more are created every day. Java is fast,
secure, and reliable. From laptops to datacenters, game consoles to scientific supercomputers,
cell phones to the Internet, Java is everywhere!

I used this programming language for Automation (Testing Purpose).

3.3 Tomcat: The Apache Tomcat® software is an open source implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. The
Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket
specifications are developed under the Java Communication Process..The Apache Tomcat
software is developed in an open and participatory environment and released under the
Apache License version 2. The Apache Tomcat project is intended to be a collaboration of
the best-of-breed developers from around the world. We invite you to participate in this open
development project. Apache Tomcat software powers numerous large-scale, mission-critical
web applications across a diverse range of industries and organizations. Some of these users
and their stories are listed on the PoweredBy wiki page.

Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo
are trademarks of the Apache Software Foundation.

24
3.4 Microsoft SQL Server 2017: Microsoft SQL Server is a relational database management
system, or RDBMS, that supports a wide variety of transaction processing, business
intelligence and analytics applications in corporate IT environments. It's one of the three
market-leading database technologies, along with Oracle Database and IBM's DB2. The core
component of Microsoft SQL Server is the SQL Server Database Engine, which controls data
storage, processing and security. It includes a relational engine that processes commands and
queries, and a storage engine that manages database files, tables, pages, indexes, data buffers
and transactions. Stored procedures, triggers, views and other database objects are also
created and executed by the Database Engine. The advanced security features supported in all
editions of Microsoft SQL Server starting with SQL Server 2016 SP1 include three
technologies added to the 2016 release: Always Encrypted, which lets user
update encrypted data without having to decrypt it first; row-level security, which enables
data access to be controlled at the row level in database tables; and dynamic data masking,
which automatically hides elements of sensitive data from users without full access
privileges.

Fig 3.1: Key Components for Microsoft SQL Server

25
3.5 Selenium: Selenium is an open source tool which is used for automating the tests carried out
on web browsers (Web applications are tested using any web browser).

Wait, before you get carried away, let me re-iterate that, only testing of web applications is
possible with Selenium. We can neither test any desktop (software) application nor test any
mobile application using Selenium.

It’ a bummer right? I can feel your pain. But don’t worry, there are many tools for testing
software and mobile applications like: IBM’s RFT, HP’s QPT, Appium and many more. But,
the focus of this blog is, testing dynamic web applications and why Selenium is the best for
that purpose.

Since Selenium is open-source, there is no licensing cost involved, which is a major

advantage over other testing tools. Other reasons behind Selenium’s ever growing popularity
are:

Fig 3.2 Supported Browser

 Test scripts can be written in any of these programming
languages: Java,Python, C#, PHP, Ruby, Perl & .Net
 Tests can be carried out in any of these OS: Windows, Mac or Linux
 Tests can be carried out using any browser: Mozilla Firefox, Internet Explorer, Google
Chrome, Safari or Opera
 It can be integrated with tools such as TestNG & JUnit for managing test cases and
generating reports
 It can be integrated with Maven, Jenkins & Docker to achieve Continuous Testing

But there surely has to be shortcomings right?

26
  We can use Selenium only to test web applications. We cannot test desktop applications
or any other software
 There is no guaranteed support available for Selenium. We need to leverage on the
available customer communities
 It is not possible to perform testing on images. We need to integrate Selenium with Sikuli
for image based testing
 There is no native reporting facility. But we can overcome that issue by integrating it
with frameworks like TestNG or JUnit
3.5.1 Automation Testing Beats Manual Testing:
Automation testing beats manual testing every time. Why? Because it is faster, needs less
investment in human resource, it is not prone to errors, frequent execution of tests is
possible, supports lights out execution, supports regression testing and also functional
testing.

Fig 3.3: Automation

3.6 NetBeans V7.3 : NetBeans IDE lets you quickly and easily develop Java desktop, mobile,
and web applications, as well as HTML5 applications with HTML, JavaScript, and CSS. The

27
 IDE also provides a great set of tools for PHP and C/C++ developers. It is free and open
source and has a large community of users and developers around the world.

3.6.1 Best Support for Latest Java and PHP Technologies: NetBeans IDE is the official
IDE for Java 8. With its editors, code analyzers, and converters, you can quickly and
smoothly upgrade your applications to use new Java 8 language constructs, such as
lambdas, functional operations, and method references. Batch analyzers and converters
are provided to search through multiple applications at the same time, matching patterns
for conversion to new Java 8 language constructs. With its constantly improving Java
Editor, many rich features and an extensive range of tools, templates and samples,
NetBeans IDE sets the standard for developing with cutting edge technologies out of the
box.

Fig 3.4 NetBeans (Choose Project)

3.6.2 Fast & Smart Code Editing: An IDE is much more than a text editor. The NetBeans
Editor indents lines, matches words and brackets, and highlights source code syntactically and
semantically. It lets you easily refactor code, with a range of handy and powerful tools, while it

28
also provides code templates, coding tips, and code generators.
The editor supports many languages from Java, C/C++, XML and HTML, to PHP, Groovy,
Javadoc, JavaScript and JSP. Because the editor is extensible, you can plug in support for many
other languages.

Fig 3.5: NetBeans (Code Editing)

3.6.3 Easy & Efficient Project Management: Keeping a clear overview of large
applications, with thousands of folders and files, and millions of lines of code, is a
daunting task. NetBeans IDE provides different views of your data, from multiple project
windows to helpful tools for setting up your applications and managing them efficiently,
letting you drill down into your data quickly and easily, while giving you versioning tools
via Subversion, Mercurial, and Git integration out of the box.
When new developers join your project, they can understand the structure of your
application because your code is well-organized

29
 Fig 3.6: NetBeans (Project Management)

3.6.4 Write Bug Free Code: The cost of buggy code increases the longer it remains
unfixed. NetBeans provides static analysis tools, especially integration with the widely
used FindBugs tool, for identifying and fixing common problems in Java code. In
addition, the NetBeans Debugger lets you place breakpoints in your source code, add
field watches, step through your code, run into methods, take snapshots and monitor
execution as it occurs.
The NetBeans Profiler provides expert assistance for optimizing your application's speed
and memory usage, and makes it easier to build reliable and scalable Java SE, JavaFX
and Java EE applications. NetBeans IDE includes a visual debugger for Java SE
applications, letting you debug user interfaces without looking into source code. Take
GUI snapshots of your applications and click on user interface elements to jump back
into the related source code.

30
Fig 3.7 NetBeans (Threads)

31
 CHAPTER 4
RESULTS
As mentioned in Chapter 1, my contribution is towards developing application for Security and
Compliance. Since I do not have authorization to display actual database, I displayed the result
obtained using testing database.

Note: As per our company’s rule, I cannot share algorithms, code, table contents and any type of
confidential data. So I discuss only the final results of the application. But I am sharing that code,
which is used to help to make easy to implementation of algorithm. However codes for
Automation Tool and Detection tool

4.1. WatchChannel: Through this application now the domain owner can check how many
users they have and if there is any issues. Then we will be able to check regarding these
issues and take some actions. I discussed already in chapter 1.
4.2. Diagnostic Tool: Now through this application we are able to detect whether the domain
user is making any violation or not. If not then, may be they are not using our application
for a long time, or our application is not working properly. To detect this problem I
made a Diagnostic Tool. From this tool, we are able to watch their latest violation and
can download the latest file, so we can confirm there is no violation and there is no
issues with our application.
4.3. Automation: This tool is a testing tool, which test whether our application is working in
G Suite Marketplace or not. So, I am checking whether the application is got launched or
not. If it gets launched or not, an e-mail will be sent to the authorized person informing
about the application is working or not in G Suite Marketplace. I set the application into
the scheduler, so every day at certain time this application get triggered automatically
and check, our application is getting launched or not. I made this application in Java
1) Automation Code:
a) Automatin.java
package selenium;
import java.util.concurrent.TimeUnit;
import org.openqa.selenium.By;
import org.openqa.selenium.JavascriptExecutor;

32
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;

public class AutomationWithEmail {

WebDriver driver;
JavascriptExecutor jse;

/*
* This Function is Used for get connected to the Chrome Browser
*/
public void browserSetting() {
try {
System.setProperty("webdriver.chrome.driver",
"D:\\workspace\\Automation\\required\\chromedriver.exe");
driver = new ChromeDriver();
driver.manage().deleteAllCookies();
driver.manage().window().maximize();
driver.manage().timeouts().implicitlyWait(30,
TimeUnit.SECONDS);
driver.manage().timeouts().pageLoadTimeout(30,
TimeUnit.SECONDS);
System.out.println("=======Automation Is
Started=========");

driver.get("https://gsuite.google.com/marketplace/app/syscloud_backup_dlp_com
pliance/700764010405");
searchProduct();
System.out.println("=========Execution Successful..!!========");
} catch (Exception e) {
e.printStackTrace();
}

33
 }

/*
* Login to google account and getting the Syscloud applications If there will
* be any exception then it will automatically send email to the user
*/
public void searchProduct() {
try {

driver.findElement(By.className("pANFDd")).click();
Thread.sleep(5000);

driver.findElement(By.id("identifierId")).sendKeys("adminEmail");
Thread.sleep(5000);
driver.findElement(By.id("identifierNext")).click();
Thread.sleep(5000);

driver.findElement(By.name("password")).sendKeys("adminpassowrd");
Thread.sleep(5000);
driver.findElement(By.id("passwordNext")).click();
Thread.sleep(2000);
driver.findElement(By.className("pANFDd")).click();
jse = (JavascriptExecutor) driver;

Mailer.send("sender email", "sender password", "receiver email",

"Automation Success", "Application Successfully Launched....!!!!");
} catch (Exception e) {
/*
* Sending an exception mail.... Mailer.send is defined in another
class of java
* program (SendMail.java)

34
 */
Mailer.send("senderemail", "password", "receiver email,
"Automation Failure", "Permission denied please run the programm again");
}
}

public static void main(String[] args) {

AutomationWithEmail newObj = new AutomationWithEmail();
newObj.browserSetting();

}
}
b) Mail.java (to send automatic email)

package selenium;

import java.util.Properties;

import javax.mail.*;

import javax.mail.internet.*;

class Mailer {

public static void send(String from, String password, String to1,

//, String to2, String to3, String to4, String to5,

String to6,

String sub, String msg) {

35
 // Get properties object

Properties props = new Properties();

props.put("mail.smtp.host", "smtp.gmail.com");

props.put("mail.smtp.socketFactory.port", "465");

props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");

props.put("mail.smtp.auth", "true");

props.put("mail.smtp.port", "465");

// get Session

Session session = Session.getDefaultInstance(props, new

javax.mail.Authenticator() {

protected PasswordAuthentication getPasswordAuthentication() {

return new PasswordAuthentication(from, password);

});

// compose message

try {

MimeMessage message = new MimeMessage(session);

// message.addRecipient(Message.RecipientType.TO,new
InternetAddress(to1));

Address[] cc = new Address[] { new InternetAddress(to1)

// , new InternetAddress(to2), new

InternetAddress(to3),

36
// new InternetAddress(to4), new
InternetAddress(to5), new InternetAddress(to6)

};

message.addRecipients(Message.RecipientType.CC, cc);

message.setSubject(sub);

message.setText(msg);

// send message

Transport.send(message);

System.out.println("======= Email sent successfully

============");

} catch (MessagingException e) {

throw new RuntimeException(e);

public class SendMail {

public static void main(String[] args) {

37
4.4. Detection Tool: This tool is used to detect some keys to a context, and according to the
matching keywords, some rules are applied and the result is applied to the algorithm.
1) Code:
<?php
ini_set('max_execution_time', 864000);
//INTENT,ASSET,MONEY,THREAT

error_reporting(0);
$keyWordFile = "D:\\Users/raoushan/Desktop/Book4.csv";
$contextFile = "D:\\Users/raoushan/Desktop/Sample.csv";
$myKey = fopen($keyWordFile, "r");

$intent = $threat = $asset = $money = array();

while (!feof($myKey)) {
$a = explode(",", fgets($myKey));
if (count($a) == 4) {
if (trim($a[0]) != "") {
$intent[$i++] = trim($a[0]);
}
if (trim($a[1]) != "") {
$asset[$i++] = trim($a[1]);
}
if (trim($a[2]) != "") {
$money[$j++] = trim($a[2]);
}
if (trim($a[3]) != "") {
$threat[$j++] = trim($a[3]);
}
}
}

38
$intent_keywords = "/\b(" . implode("|", array_filter($intent)) . ")\b/i";
$asset_keywords = "/\b(" . implode("|", array_filter($asset)) . ")\b/i";
$money_keywords = "/\b(" . implode("|", array_filter($money)) . ")\b/i";
$threat_keywords = "/\b(" . implode("|", array_filter($threat)) . ")\b/i";

$myContext = fopen($contextFile, "r");

$outputfile = fopen("D:\\Users/raoushan/Desktop/newOutput.csv", "w+");

fputcsv($outputfile, array("Context", "Intent2intent", "Difference", "intent2Asset",
"Difference", "intent2Money", "Difference", "intent2Threat", "Difference",
"AssetToAsset", "Difference", "AssetToMoney", "Difference", "AssetToThreat",
"Difference",
"Money2Money", "Difference", "Money2Threat", "Difference", "Threat2Threat",
"Difference"));

while (($line = fgetcsv($myContext, 100000, ",")) !== FALSE) {

$string = trim($line[0]);
if (strlen($string) == 0) {
continue;
}
$Words = explode(" ", $string);

/*
* Finding matching keywords and offset from context for INTENT,ASSET,MONEY
and THREAT
*/

$intentMatches = array();

39
 preg_match_all($intent_keywords, $string, $intentMatches,
PREG_OFFSET_CAPTURE);

$assetMatches = array();
preg_match_all($asset_keywords, $string, $assetMatches,
PREG_OFFSET_CAPTURE);

$moneyMatches = array();
preg_match_all($money_keywords, $string, $moneyMatches,
PREG_OFFSET_CAPTURE);

$threatMatches = array();
preg_match_all($threat_keywords, $string, $threatMatches,
PREG_OFFSET_CAPTURE);

/*
* Finding Intent Match Data
*/

$intentMatchData = array();
foreach ($intentMatches[0] as $match) {
$intentMatchData[] = array("keyword" => $match[0], "offset" => $match[1]);
}

$assetMatchData = array();
foreach ($assetMatches[0] as $match) {
$assetMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}

$moneyMatchData = array();
foreach ($moneyMatches[0] as $match) {

40
 $moneyMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}

$threatMatchData = array();
foreach ($threatMatches[0] as $match) {
$threatMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}

/*
* Intent related Combinations and Difference
*/

$intentToIntentDiff = array();
$intentToAssetDiff = array();
$intentToMoneyDiff = array();
$intentToThreatDiff = array();

$intentToIntent = array();
$intentToAsset = array();
$intentToMoney = array();
$intentToThreat = array();

for ($i = 0; $i < count($intentMatchData); $i++) {

for ($j = $i + 1; $j < count($intentMatchData); $j++) {
$intentToIntent[] = array($intentMatchData[$i]['keyword'],
$intentMatchData[$i]['offset'], $intentMatchData[$j]['keyword'],
$intentMatchData[$j]['offset']);
$intentToIntentDiff[][] = abs($intentMatchData[$i]['offset'] -
$intentMatchData[$j]['offset']);
}

41
 for ($j = 0; $j < count($assetMatchData); $j++) {
$intentToAsset[][] = array($intentMatchData[$i]['keyword'],
$intentMatchData[$i]['offset'], $assetMatchData[$j]['keyword'],
$assetMatchData[$j]['offset']);
$intentToAssetDiff[][] = abs($intentMatchData[$i]['offset'] -
$assetMatchData[$j]['offset']);
}
for ($j = 0; $j < count($moneyMatchData); $j++) {
$intentToMoney[][] = array($intentMatchData[$i]['keyword'],
$intentMatchData[$i]['offset'], $moneyMatchData[$j]['keyword'],
$moneyMatchData[$j]['offset']);
$intentToMoneyDiff[][] = abs($intentMatchData[$i]['offset'] -
$moneyMatchData[$j]['offset']);
}
for ($j = 0; $j < count($threatMatchData); $j++) {
$intentToThreat[][] = array($intentMatchData[$i]['keyword'],
$intentMatchData[$i]['offset'], $threatMatchData[$j]['keyword'],
$threatMatchData[$j]['offset']);
$intentToThreatDiff[][] = abs($intentMatchData[$i]['offset'] -
$threatMatchData[$j]['offset']);
}
}

/*
* Finding Asset Matches Data
*/

$assetMatchData = array();
foreach ($assetMatches[0] as $match) {
$assetMatchData[] = array("keyword" => $match[0], "offset" => $match[1]);

42
 }

$moneyMatchData = array();
foreach ($moneyMatches[0] as $match) {
$moneyMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}

$threatMatchData = array();
foreach ($threatMatches[0] as $match) {
$threatMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}

/*
* Asset related Combinationa And Difference
*/

$assetToAssetDiff = array();
$assetToMoneyDiff = array();
$assetToThreatDiff = array();

$assetToasset = array();
$assetToMoney = array();
$assetToThreat = array();

for ($i = 0; $i < count($assetMatchData); $i++) {

for ($j = $i + 1; $j < count($assetMatchData); $j++) {
$assetToasset[][] = array($assetMatchData[$i]['keyword'],
$assetMatchData[$i]['offset'], $assetMatchData[$j]['keyword'],
$assetMatchData[$j]['offset']);
$assetToAssetDiff[][] = abs($assetMatchData[$i]['offset'] -
$assetMatchData[$j]['offset']);

43
 }
for ($j = 0; $j < count($moneyMatchData); $j++) {
$assetToMoney[][] = array($assetMatchData[$i]['keyword'],
$assetMatchData[$i]['offset'], $moneyMatchData[$j]['keyword'],
$moneyMatchData[$j]['offset']);
$assetToMoneyDiff[][] = abs($assetMatchData[$i]['offset'] -
$moneyMatchData[$j]['offset']);
}
for ($j = 0; $j < count($threatMatchData); $j++) {
$assetToThreat[][] = array($assetMatchData[$i]['keyword'],
$assetMatchData[$i]['offset'], $threatMatchData[$j]['keyword'],
$threatMatchData[$j]['offset']);
$assetToThreatDiff[][] = abs($assetMatchData[$i]['offset'] -
$threatMatchData[$j]['offset']);
}
}

/*
* Finding Money Match Data
*/

$moneyMatchData = array();

foreach ($moneyMatches[0] as $match) {

$moneyMatchData[] = array("keyword" => $match[0], "offset" => $match[1]);
}

$threatMatchData = array();
foreach ($threatMatches[0] as $match) {
$threatMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);

44
 }

/*
* Money related Combination and Difference
*/

$moneyToMoneyDiff = array();
$moneyToThreatDiff = array();

$moneyToMoney = array();
$moneyToThreat = array();

for ($i = 0; $i < count($moneyMatchData); $i++) {

for ($j = $i + 1; $j < count($moneyMatchData); $j++) {
$moneyToMoney[][] = array($moneyMatchData[$i]['keyword'],
$moneyMatchData[$i]['offset'], $moneyMatchData[$j]['keyword'],
$moneyMatchData[$j]['offset']);
$moneyToMoneyDiff[][] = abs($moneyMatchData[$i]['offset'] -
$moneyMatchData[$j]['offset']);
}
for ($j = 0; $j < count($threatMatchData); $j++) {
$moneyToThreat[][] = array($moneyMatchData[$i]['keyword'],
$moneyMatchData[$i]['offset'], $threatMatchData[$j]['keyword'],
$threatMatchData[$j]['offset']);
$moneyToThreatDiff[][] = abs($moneyMatchData[$i]['offset'] -
$threatMatchData[$j]['offset']);
}
}

/*

45
 * Finding Threat Match Data
*/

$threatMatchData = array();
foreach ($threatMatches[0] as $match) {
$threatMatchData[] = array("keyword" => $match[0], "offset" => $match[1]);
}

/*
* Threat to Threatd related Combination and Difference
*/

$threatToThreatDiff = array();
$threatToThreat = array();
for ($i = 0; $i < count($threatMatchData); $i++) {
for ($j = $i + 1; $j < count($threatMatchData); $j++) {
$threatToThreat[][] = array($threatMatchData[$i]['keyword'],
$threatMatchData[$i]['offset'], $threatMatchData[$j]['keyword'],
$threatMatchData[$j]['offset']);
$threatToThreatDiff[][] = abs($threatMatchData[$i]['offset'] -
$threatMatchData[$j]['offset']);
}
}

/*
* Writing to csv file
*/

$max = 0;

46
 $max = max(count($intentToIntent), count($intentToAsset), count($intentToMoney),
count($intentToThreat), count($assetToasset), count($assetToMoney),
count($assetToThreat), count($moneyToMoney), count($moneyToThreat),
count($threatToThreat));
for ($i = 0; $i < $max; $i++) {
fputcsv($outputfile, array($string,
implode(",", $intentToIntent[$i]),
implode(",", $intentToIntentDiff[$i]),
implode(",", $intentToAsset[$i][0]),
implode(",", $intentToAssetDiff[$i]),
implode(",", $intentToMoney[$i][0]),
implode(",", $intentToMoneyDiff[$i]),
implode(",", $intentToThreat[$i][0]),
implode(",", $intentToThreatDiff[$i]),

implode(",", $assetToasset[$i][0]),
implode(",", $assetToAssetDiff[$i]),
implode(",", $assetToMoney[$i][0]),
implode(",", $assetToMoneyDiff[$i]),
implode(",", $assetToThreat[$i][0]),
implode(",", $assetToThreatDiff[$i]),

implode(",", $moneyToMoney[$i][0]),
implode(",", $moneyToMoneyDiff[$i]),
implode(",", $moneyToThreat[$i][0]),
implode(",", $moneyToThreatDiff[$i]),

implode(",", $threatToThreat[$i][0]),
implode(",", $threatToThreatDiff[$i])
));
}}fclose($outputfile);

47
 CHAPTER 5
CONCLUSIONS
5.1 Summary: The Mission of the Security and Compliance is to provide the security from
danger or threats. The threats are Cyberbullying, FERPA, HIPPA, PCI and CIPA. Through this
application an organization can secure their data as well as provide protection from threats.

5.2 Future Scope

 If the policies are applied in every institution, then we can be able to stop many crimes.
 As the fast growing internet and data, this application will help to secure it.

5.3 Advantages

 Provides security.
 Prevents from uncertain activities.
 No need for manual check and take some action against the threat, it all done
automatically

5.4 Disadvantages

 Private data can be viewed by Administrator.

 Private Data can be downloaded Administrator.

48
 REFERENCES

1. https://www.w3schools.com/pHP/default.asp
2. http://tomcat.apache.org/
3. https://searchsqlserver.techtarget.com/definition/SQL-Server
4. https://netbeans.org/features/
5. https://www.edureka.co/blog/what-is-selenium/
6. https://www.javatpoint.com/java-mail-api-tutorial
7. https://www.techonthenet.com/sql_server/intersect.php

49