domain 3(3) adeola willoughby. alternative applicationi development approaches the need to develop...
TRANSCRIPT
DOMAIN 3(3)DOMAIN 3(3)
Adeola WilloughbyAdeola Willoughby
ALTERNATIVE APPLICATIONI DEVELOPMENT ALTERNATIVE APPLICATIONI DEVELOPMENT APPROACHESAPPROACHES
The need to develop business The need to develop business application more rapidly without application more rapidly without going through the SDLC going through the SDLC (traditional life cycle/ waterfall (traditional life cycle/ waterfall model)model) has given rise to some has given rise to some contemporary application contemporary application development approaches. development approaches.
NEW APPROACHESNEW APPROACHES Incremental or Progressive development:Incremental or Progressive development:
This involves building systems in stages or This involves building systems in stages or releases rather than being delivered in its releases rather than being delivered in its entirety in one implementation. entirety in one implementation. The usual The usual practice is to deliver the basic system architecture practice is to deliver the basic system architecture in the first release whilst subsequent releases in the first release whilst subsequent releases expand the system in terms of functionality, range expand the system in terms of functionality, range of users or usage location.of users or usage location.
Iterative developmentIterative development Involves building the system in iterations or Involves building the system in iterations or
increments, with feedback occurring after each increments, with feedback occurring after each increment to facilitate any necessary adjustment of increment to facilitate any necessary adjustment of project plans and software development products.project plans and software development products.
Note:Note: Diff btw Incremental & Iteration is that Diff btw Incremental & Iteration is that iterationiteration
development development send feedback after each send feedback after each incrementincrement..
Iterative development has the following Iterative development has the following variants:variants:
Evolutionary development:Evolutionary development: Prototyping is used to Prototyping is used to build build a working model a working model that is used to elicit/verify that is used to elicit/verify requirements and explore design issues. requirements and explore design issues. Eventually, the prototype is hardened, so it can be Eventually, the prototype is hardened, so it can be implemented into production, or perhaps the system implemented into production, or perhaps the system is recoded based on learning from the prototype.is recoded based on learning from the prototype.
Spiral developmentSpiral development: : A series of prototypes is used A series of prototypes is used to develop a solution, to the point of to develop a solution, to the point of detailed detailed design,design, build and test. build and test. It spills out of the initial It spills out of the initial limited prototype to become more expansive and limited prototype to become more expansive and detailed.detailed.
Agile developmentAgile development: : The project is broken down The project is broken down into relatively short, into relatively short, time-boxed iterationstime-boxed iterations..
AGILE DEVELOPMENTAGILE DEVELOPMENT
Agile developmentAgile development refers to a family refers to a family of similar development processes that of similar development processes that adopts a nontraditional (SDLC) way of adopts a nontraditional (SDLC) way of developing complex systems. Agile… developing complex systems. Agile… in the sense that processes are in the sense that processes are designed to flexibly handle changes to designed to flexibly handle changes to the system being developed or the the system being developed or the project that is performing the project that is performing the developmentdevelopment
FEATURES OF AGILE FEATURES OF AGILE DEVELOPMENTDEVELOPMENT
Use of small, time-boxed subprojects or iterations – Use of small, time-boxed subprojects or iterations – each iteration forms the basis for planning the next each iteration forms the basis for planning the next one;one;
Replanning the project at the end of each iteration;Replanning the project at the end of each iteration; Relatively greater reliance on tacit knowledge - Relatively greater reliance on tacit knowledge -
“knowledge in peoples’ head” (unlike SDLC) as “knowledge in peoples’ head” (unlike SDLC) as opposed to external knowledge that is captured in opposed to external knowledge that is captured in project documentation – project documentation – i.e. no documentation;i.e. no documentation;
Pair-wise programming is encouraged – Pair-wise programming is encouraged – i.e. 2 i.e. 2 people work on same project (share knowledge people work on same project (share knowledge and quality check);and quality check);
Change in Project Manager roleChange in Project Manager role from planner, from planner, task allocator and monitoring task allocator and monitoring to facilitator and to facilitator and advocateadvocate. Responsibility for planning and control . Responsibility for planning and control devolves to the team members.devolves to the team members.
AGILE contd…AGILE contd…
Agile development only plans for the next Agile development only plans for the next iterationiteration of development in detail, of development in detail, rather rather than planning subsequent development than planning subsequent development phase far out in timephase far out in time;;
Agile development is adaptive in approach to Agile development is adaptive in approach to requirements and requirements and does not emphasize does not emphasize managing a requirements baselinemanaging a requirements baseline;;
Agile development’s focus is to quickly prove Agile development’s focus is to quickly prove an architecture by building actual an architecture by building actual functionality vs. formally defining ‘early-on’ functionality vs. formally defining ‘early-on’ software and data architecture in increasingly software and data architecture in increasingly more detailed models and descriptions.more detailed models and descriptions.
TEASERTEASER
Which of the following would be Which of the following would be a risk specifically associated with a risk specifically associated with the agile development process?the agile development process?A. Lack of documentationA. Lack of documentationB. Lack of testingB. Lack of testingC. Poor requirements definitionC. Poor requirements definitionD. Poor project management D. Poor project management practicespractices
EXPLANATIONEXPLANATION Explanation:Explanation:
Agile development relies on knowledge held by people Agile development relies on knowledge held by people within the organization, as opposed to external knowledge. within the organization, as opposed to external knowledge. The main issue is the necessity for providing compensating The main issue is the necessity for providing compensating controls to ensure that changes and enhancements to the controls to ensure that changes and enhancements to the system can be made later on, even if the key personnel who system can be made later on, even if the key personnel who know the implemented business logic leave the company. know the implemented business logic leave the company. Lack of testing might be an issue but without formal Lack of testing might be an issue but without formal documentation it is difficult for an auditor to gather documentation it is difficult for an auditor to gather objective evidence. Rapid response to changing objective evidence. Rapid response to changing requirements is one strength of the agile development requirements is one strength of the agile development processes. Replanning the project at the end of each processes. Replanning the project at the end of each iteration, including reprioritizing requirements, identifying iteration, including reprioritizing requirements, identifying any new requirements and determining in which release any new requirements and determining in which release delivered functionality is to be implemented, is a main delivered functionality is to be implemented, is a main aspect of the agile process. Applied project management aspect of the agile process. Applied project management practices are slightly different than those required for practices are slightly different than those required for traditional methods of software development. The project traditional methods of software development. The project manager's role. This role shifts from one primarily manager's role. This role shifts from one primarily concerned with planning the project, allocating tasks and concerned with planning the project, allocating tasks and monitoring progress, to that of a facilitator and advocate. monitoring progress, to that of a facilitator and advocate. Responsibility for planning and control shifts to the team Responsibility for planning and control shifts to the team members.members.
PROTOTYPINGPROTOTYPING Prototyping (also known as Heuristic or Prototyping (also known as Heuristic or
Evolutionary Development)Evolutionary Development) is the process of developing is the process of developing
a system through the rapid development and testing of a system through the rapid development and testing of
code. code. This process This process uses controlled trial and error uses controlled trial and error
proceduresprocedures to reduce the level of risks in developing to reduce the level of risks in developing
the system.the system. In general, In general, prototyping reduces the time prototyping reduces the time
required to deployrequired to deploy applications through iterative applications through iterative
development and testing.development and testing.
The developers create high-level code (mostly 4G The developers create high-level code (mostly 4G
languages) based on the design requirements and then languages) based on the design requirements and then
provide them to the end users for review and testing. The provide them to the end users for review and testing. The
end users can then see a high-level view of the system end users can then see a high-level view of the system
((generally screens and reportsgenerally screens and reports)) and provide input on and provide input on
changes or gaps between the code and requirements. changes or gaps between the code and requirements.
Two Approaches To Two Approaches To PrototypingPrototyping
1.1. Build the model to create the design (i.e. The Build the model to create the design (i.e. The
mechanism for defining requirements). Based on that mechanism for defining requirements). Based on that
model, develop the system design with all the model, develop the system design with all the
performance, quality and maintenance features performance, quality and maintenance features
needed.needed.
2.2. Gradually, build the actual system that will operate in Gradually, build the actual system that will operate in
production using a 4GL that has been determined to production using a 4GL that has been determined to
be appropriate for the system being built.be appropriate for the system being built.
Main challenge with first approach is that there will be Main challenge with first approach is that there will be
greatgreat
pressure to implement an early prototype. The second pressure to implement an early prototype. The second
approachapproach
works with small application using 4GL Tools.works with small application using 4GL Tools.
PROTOTYPING contd…PROTOTYPING contd… A couple of major challenges areA couple of major challenges are associated with associated with
prototyping:prototyping:
➤ ➤ The use of prototyping to develop applications systems The use of prototyping to develop applications systems often often results in overly optimistic expectations of results in overly optimistic expectations of project timelinesproject timelines..
➤ ➤ Change control becomes much more complicated Change control becomes much more complicated because because changes in design and requirements happen changes in design and requirements happen so quickly that they are seldom documented or so quickly that they are seldom documented or approved.approved.
➤ ➤ Because of the iterative process, end users might define Because of the iterative process, end users might define functions or extras that were not originally defined during functions or extras that were not originally defined during the requirements phase. the requirements phase. If not properly managed If not properly managed through a review and approval process, it can extend through a review and approval process, it can extend the cost and time required for the project.the cost and time required for the project.
PROTOTYPING contd…PROTOTYPING contd…
The IS auditor should be aware of risks associated The IS auditor should be aware of risks associated with prototyping and ensure that the organization with prototyping and ensure that the organization has implemented the proper controls to ensure that has implemented the proper controls to ensure that the project continues to meet the needs of the the project continues to meet the needs of the organization while providing a return on organization while providing a return on investment. investment. These controls should be found in These controls should be found in the project-management process as well as the the project-management process as well as the change - control process. Both processes change - control process. Both processes should have controls for the regular review and should have controls for the regular review and approval of changes in requirements, schedule, approval of changes in requirements, schedule, or cost.or cost.
RAPID APPLICATION RAPID APPLICATION DEVELOPMENT (RAD)DEVELOPMENT (RAD)
Rapid application development Rapid application development (RAD)(RAD) is is used to develop strategically used to develop strategically important systems important systems fasterfaster, , reduce reduce development costsdevelopment costs, and still , and still maintain maintain high qualityhigh quality..
This is achieved by using a series of This is achieved by using a series of proven application development proven application development techniques within a well-defined techniques within a well-defined methodology. These techniques include methodology. These techniques include the use of the followings:the use of the followings:
RAD INCLUDES THE RAD INCLUDES THE USE OFUSE OF
Small, well-trained development teamsSmall, well-trained development teams Evolutionary prototypesEvolutionary prototypes Integrated power tools that Integrated power tools that support support
modeling, prototyping, and modeling, prototyping, and component reusabilitycomponent reusability
A central repositoryA central repository Interactive requirements and design Interactive requirements and design
workshopsworkshops Rigid limits on development time framesRigid limits on development time framesSee P.196, 3See P.196, 3rdrd paragraph paragraph
RAPID APPLICATION DEVELOPMENTRAPID APPLICATION DEVELOPMENT RAD has four major stages:RAD has four major stages:
concept definition stage:concept definition stage: defines the business defines the business function and data subject areas that the system will function and data subject areas that the system will support and determine system scope;support and determine system scope;
functional design stage:functional design stage: uses workshop to model uses workshop to model the system’s data and processes and build a the system’s data and processes and build a working prototype of critical system components;working prototype of critical system components;
development stage:development stage: completes the construction of completes the construction of physical database and application system, build the physical database and application system, build the conversion system, and develop user aids and conversion system, and develop user aids and deployment work plans.deployment work plans.
deployment stage:deployment stage: User acceptance testing, User acceptance testing, training, data conversion and implementation of the training, data conversion and implementation of the systemsystem[[Note: RAD uses prototyping as its core Note: RAD uses prototyping as its core development tool irrespective of the development tool irrespective of the underlying technology]underlying technology]
TEASERTEASER
Which of the following represents a Which of the following represents a typical prototype of an interactive typical prototype of an interactive application?application?
A.A. Screens and process programsScreens and process programs
B.B. Screens, interactive edits and sample Screens, interactive edits and sample reportsreports
C.C. Interactive edits , process programs and Interactive edits , process programs and sample reportssample reports
D.D. Screens, interactive edits, process Screens, interactive edits, process programs and sample reportsprograms and sample reports
TEASERTEASER
BB Process programs are not produced Process programs are not produced
by prototyping tool. This often leads by prototyping tool. This often leads to confusion for the end user who to confusion for the end user who expects quick implementation of expects quick implementation of programs that accomplish the programs that accomplish the results that these tools produce. results that these tools produce.
ALTERNATIVE DEVELOPMENT ALTERNATIVE DEVELOPMENT METHODSMETHODS
We have different techniques of understanding,We have different techniques of understanding,designing and constructing a software system.designing and constructing a software system.
Selected method will be driven by considerationsSelected method will be driven by considerationssuch as such as organizational policyorganizational policy, , developer developer
knowledgeknowledgeand preferenceand preference and and the technology used. the technology used.
Note: The selection of any method is Note: The selection of any method is generallygenerally
independent of the selection of a project independent of the selection of a project organization model.organization model.
ALTERNATIVE DEVELOPMENT ALTERNATIVE DEVELOPMENT METHODSMETHODS
Data Oriented System Development Data Oriented System Development (DOSD)(DOSD)
Object Oriented System Development Object Oriented System Development (OOSD)(OOSD)
Component Based Development (CBD)Component Based Development (CBD) Web Based Application Development Web Based Application Development
(WBAD)(WBAD) ReengineeringReengineering Reverse ReengineeringReverse Reengineering
Data Oriented System Data Oriented System DevelopmentDevelopment
This is a method of representing software This is a method of representing software requirements by focusing on requirements by focusing on datadata and their and their structurestructure..
We have institutions that provide We have institutions that provide time-time-dependent datadependent data to their subscribers (e.g. to their subscribers (e.g. airline to their travel agencies) in pre-known or airline to their travel agencies) in pre-known or pre-specified formats. User organisation then pre-specified formats. User organisation then develop its own application to use the data develop its own application to use the data directly.directly. The major advantage of this data oriented system The major advantage of this data oriented system
development approach is development approach is that it eliminates data that it eliminates data transformation errors such as porting, transformation errors such as porting, conversion, transcription and transposition.conversion, transcription and transposition.
It is generally combined with another It is generally combined with another development technique that considers development technique that considers processing issues to develop a suitable business processing issues to develop a suitable business application.application.
OBJECT ORIENTED OBJECT ORIENTED SYSTEM DEVELOPMENTSYSTEM DEVELOPMENT
This is the process of solution specification This is the process of solution specification and modeling where and modeling where datadata and and proceduresprocedures (A set sequence of steps) can be grouped into (A set sequence of steps) can be grouped into an entity known as an an entity known as an objectobject..
An An object’s data object’s data are referred to as its are referred to as its attributesattributes (characteristic of an entity), and (characteristic of an entity), and its its functionalityfunctionality is referred to as its is referred to as its methodmethod..
OOSD is unlike SDLC approach that OOSD is unlike SDLC approach that considers data separately from the considers data separately from the procedures that act on themprocedures that act on them
OOSD contd…OOSD contd…
OOSD is a OOSD is a programming techniqueprogramming technique and and not a not a software development software development methodologymethodology itself. itself.
One can do OOSD while following any of One can do OOSD while following any of the widely diverse set of software the widely diverse set of software methodologies: waterfall, iterative, methodologies: waterfall, iterative, agile, prototype e.t.cagile, prototype e.t.c
Use of a particular programming Use of a particular programming technique, does not imply or require use technique, does not imply or require use of a particular software development of a particular software development methodologymethodology
PRINCIPLES OF OOSDPRINCIPLES OF OOSD
ObjectsObjects ClassClass InheritanceInheritance EncapsulationEncapsulation PolymorphismPolymorphism
ObjectsObjects- - grouping of data and functions. Its encapsulation of grouping of data and functions. Its encapsulation of data and functionsdata and functions. . Objects include data and define its Objects include data and define its status, its methods of operation and how it interacts with status, its methods of operation and how it interacts with other objectsother objects
A classA class is a collection of objects with similar characteristics. is a collection of objects with similar characteristics. Classes are the basis for most design work in objects. Classes are the basis for most design work in objects.
InheritanceInheritance – is an attempt to avoid redundant definition of – is an attempt to avoid redundant definition of similar characteristic that can be embodied at a higher level in similar characteristic that can be embodied at a higher level in the system. (e.g. in superclasses/ subclasses)the system. (e.g. in superclasses/ subclasses)
EncapsulationEncapsulation - conceals how a class works from object that - conceals how a class works from object that uses its codes and send messages to it. It is uses its codes and send messages to it. It is the characteristic of the characteristic of objects that prevent access objects that prevent access to the attributes (data) and methods to the attributes (data) and methods (function) that has not been previously describe as (function) that has not been previously describe as publicpublic. .
PolymorphismPolymorphism – see p.198 (3 – see p.198 (3rdrd paragraph). Same code can paragraph). Same code can result in different action appropriate to each class so that a result in different action appropriate to each class so that a controlling code can issue the same instruction to series of controlling code can issue the same instruction to series of objects and get different results appropriate to each class.objects and get different results appropriate to each class.
Note:Note: Principles of Principles of OOSDOOSD
DATA OBJECT CLASSDATA OBJECT CLASS
ADVANTAGES OF OOSDADVANTAGES OF OOSD The ability to manage an unrestricted The ability to manage an unrestricted
variety of data types.variety of data types. Provision of a means to model complex Provision of a means to model complex
relationshipsrelationships The capacity to meet the demands of a The capacity to meet the demands of a
changing environments.changing environments.
Examples of applications using object-Examples of applications using object-orientedoriented
technology aretechnology are: Web applications, E-business: Web applications, E-business
applications, Artificial Intelligence (AI), CASE applications, Artificial Intelligence (AI), CASE for software development, Computer Aided for software development, Computer Aided Manufacturing (CAM)Manufacturing (CAM)
TEASERTEASER
Which of the following is an Which of the following is an object-oriented technology object-oriented technology characteristic that permits an characteristic that permits an enhanced degree of security over enhanced degree of security over data?data?
A. InheritanceA. InheritanceB. Dynamic warehousingB. Dynamic warehousingC. EncapsulationC. EncapsulationD. PolymorphismD. Polymorphism
TEASERTEASER
CC Encapsulation is a property of objects, Encapsulation is a property of objects,
and it prevents accessing either and it prevents accessing either properties or methods that have not been properties or methods that have not been previously defined as public. This means previously defined as public. This means that any implementation of the behavior that any implementation of the behavior of an object is not accessible. An object of an object is not accessible. An object defines a communication interface with defines a communication interface with the exterior and only that which belongs the exterior and only that which belongs to that interface can be accessed. to that interface can be accessed.
COMPONENT BASED COMPONENT BASED DEVELOPMENTDEVELOPMENT
This is the assemblage of applications This is the assemblage of applications from cooperating packages of executable from cooperating packages of executable software that make their services software that make their services available through defined interfacesavailable through defined interfaces it enables pieces of programs, called it enables pieces of programs, called
objectsobjects, , to communicate with one to communicate with one another regardless of what another regardless of what programming language they were programming language they were written in or what operating system they written in or what operating system they are running.are running.
Component-based software development Component-based software development (CBSD) (CBSD) focuses on building large focuses on building large software systems by integrating software systems by integrating previously-existing software previously-existing software components.components.
By enhancing the By enhancing the flexibility and and maintainability of systems, this approach of systems, this approach can potentially be used to reduce can potentially be used to reduce software development costs, assemble software development costs, assemble systems rapidly, and reduce the spiraling systems rapidly, and reduce the spiraling maintenance burden associated with the maintenance burden associated with the support and upgrade of large systems. support and upgrade of large systems.
COMPONENT BASED COMPONENT BASED DEVELOPMENT contd…DEVELOPMENT contd…
COMPONENT BASED COMPONENT BASED DEVELOPMENT contd…DEVELOPMENT contd…
At the foundation of this approach is the At the foundation of this approach is the assumption that certain parts of large assumption that certain parts of large software systems reappear with software systems reappear with sufficient regularity that common parts sufficient regularity that common parts should be written once, rather than many should be written once, rather than many times, and that common systems should times, and that common systems should be assembled through reuse rather than be assembled through reuse rather than rewritten over and over. rewritten over and over.
CBSD embodies the CBSD embodies the "buy, don't build""buy, don't build" philosophy.philosophy.
Modularity:Modularity: small units that can easily be small units that can easily be removed & repaired and make up a removed & repaired and make up a bigger programbigger program
MERITS OF COMPONENT MERITS OF COMPONENT BASED DEVELOPMENTBASED DEVELOPMENT
Components play an important role in Components play an important role in web-web-basedbased
Applications.Applications. Reduces development time;Reduces development time; Improves quality.Improves quality. Using prewritten components Using prewritten components
means a significant percentage of the system means a significant percentage of the system code has been tested and therefore ready;code has been tested and therefore ready;
Allows developers to focusAllows developers to focus more strongly more strongly on on business functionality – lower level business functionality – lower level programming are removed;programming are removed;
Promote modularity:Promote modularity: develop in modules; develop in modules; Simplifies reuse;Simplifies reuse; Reduces development cost;Reduces development cost; Support multiple development environment;Support multiple development environment; Allows a happy compromise between build & Allows a happy compromise between build &
buy optionbuy option
COMPONENT BASED COMPONENT BASED DEVELOPMENTDEVELOPMENT
NOTENOTE Considering the advantages, Considering the advantages,
attention should be given to attention should be given to software integration early and software integration early and continuously during the continuously during the development process. development process. Poorly Poorly defined system requirement leads defined system requirement leads to project failure.to project failure.
WEB BASED APPLICATION WEB BASED APPLICATION DEVELOPMENTDEVELOPMENT
This is a development method that This is a development method that aims at aims at further facilitating and standardizing code further facilitating and standardizing code module and program integration.module and program integration.
Historically, software written in one Historically, software written in one language on a particular platform uses a language on a particular platform uses a dedicated API (Application Programming dedicated API (Application Programming Interface).Interface). The use of specialized APIs has The use of specialized APIs has caused difficulties in integrating software caused difficulties in integrating software modules across platforms.modules across platforms.
Web based application development and Web based application development and associated XML (Extensible Markup Language) – associated XML (Extensible Markup Language) – (also known as (also known as Simple Object Access Protocol Simple Object Access Protocol SOAPSOAP) ) technologies are recent developments technologies are recent developments designed to further facilitate and standardize designed to further facilitate and standardize code module and program integration.code module and program integration.
In the past, technologies, such as CORBA and In the past, technologies, such as CORBA and COM that use RPCs were developed to allow COM that use RPCs were developed to allow real-time integration of code across platforms. real-time integration of code across platforms. Using RPC (remote procedure call) Using RPC (remote procedure call) approach for different APIs still remained approach for different APIs still remained complex.complex.
Now, with Web based application Now, with Web based application development, an XML language, known as development, an XML language, known as Simple Object Access Protocol (SOAP) is Simple Object Access Protocol (SOAP) is used to define APIs.used to define APIs.
SOAP will work with any operating system and SOAP will work with any operating system and programming language that understands XML.programming language that understands XML.
SOAP is simpler than using an RPC based SOAP is simpler than using an RPC based approach.approach.
WEB BASED WEB BASED APPLICATION APPLICATION
DEVELOPMENT contd…DEVELOPMENT contd…
KEY COMPONENTS OF KEY COMPONENTS OF WEB DEVELOPMENTWEB DEVELOPMENT
Key components of web development include:Key components of web development include: SOAP SOAP – used to define APIs.– used to define APIs. It is programming It is programming
language and platform independent.language and platform independent. Web Services Description LanguageWeb Services Description Language (WSDL) – (WSDL) –
used to identify SOAP specification, the used to identify SOAP specification, the format of SOAP messages used as input and format of SOAP messages used as input and output to the code module, and also to output to the code module, and also to identify the particular web service accessible identify the particular web service accessible via intranet or internetvia intranet or internet by publishing same to a by publishing same to a relevant intranet or internet web server.relevant intranet or internet web server.
Universal Description, Discovery and Universal Description, Discovery and IntegrationIntegration (UDDI) (UDDI) – is used to make an entry in – is used to make an entry in a UDDI directory, which acts as electronic a UDDI directory, which acts as electronic directory of all available web services by allowing directory of all available web services by allowing interested parties to learn of the existence of web interested parties to learn of the existence of web services.services.
WEB-BASED APPLICATION WEB-BASED APPLICATION DEVELOPMENT contd…DEVELOPMENT contd…
Its Its primary purpose is to facilitate primary purpose is to facilitate the sharing of data across different the sharing of data across different informationinformation systems, particularly systems, particularly systems connected via the systems connected via the Internet..
Web based application also seeks to Web based application also seeks to avoid the performance of redundant avoid the performance of redundant computing tasks with the inherent computing tasks with the inherent need for redundant code.need for redundant code.
WEB-BASED APPLICATION WEB-BASED APPLICATION DEVELOPMENT contd…DEVELOPMENT contd…
An obvious example is a change of address An obvious example is a change of address notification from a customer. Instead of notification from a customer. Instead of having to update details separately in having to update details separately in multiple database e.g. contact multiple database e.g. contact management, account receivables and management, account receivables and credit control; it is preferable that a credit control; it is preferable that a common update process, executed to common update process, executed to update the address, includes details in the update the address, includes details in the multiple places required. Web services are multiple places required. Web services are intended to make this relatively easy to intended to make this relatively easy to achieveachieve
BUFFER OVERFLOWBUFFER OVERFLOW
This is a This is a consequence of poorly consequence of poorly written code, especially in web-written code, especially in web-based applicationsbased applications, is often , is often exploited by hackers using buffer exploited by hackers using buffer overflow techniques. overflow techniques.
TEASERTEASER
During the review of a web-based During the review of a web-based software development project, the IS software development project, the IS auditor realizes that coding standards auditor realizes that coding standards are not enforced and code reviews are are not enforced and code reviews are rarely carried out. This will MOST likely rarely carried out. This will MOST likely increase the likelihood of a successful:increase the likelihood of a successful:A. buffer overflow.A. buffer overflow.B. brute force attack.B. brute force attack.C. distributed denial-of-service attack.C. distributed denial-of-service attack.D. war dialing attack D. war dialing attack
ExplanationExplanation
Explanation:Explanation:Poorly written code, especially in web-based Poorly written code, especially in web-based applications, is often exploited by hackers applications, is often exploited by hackers using buffer overflow techniques. A brute-force using buffer overflow techniques. A brute-force attack is used to crack passwords. A distributed attack is used to crack passwords. A distributed denial-of-service (DOS) attack floods its target denial-of-service (DOS) attack floods its target with numerous packets, to prevent it from with numerous packets, to prevent it from responding to legitimate requests. War dialing responding to legitimate requests. War dialing uses modem-scanning tools to hack PBXs.uses modem-scanning tools to hack PBXs.
REENGINEERINGREENGINEERING
Reengineering is a process of updating Reengineering is a process of updating an existing system by extracting and an existing system by extracting and reusing design and program reusing design and program components. components.
This process is used to support major This process is used to support major changes in the way an organization changes in the way an organization operates.operates.
It eliminate redundancy. It also It eliminate redundancy. It also increases profitability and reduce increases profitability and reduce cost.cost.
REVERSE ENGINEERINGREVERSE ENGINEERING This is the process of taking apart an This is the process of taking apart an
application, a software application or a application, a software application or a product to see how it functions and to use product to see how it functions and to use that information to develop a similar that information to develop a similar system. This process can be carried out in system. This process can be carried out in several ways:several ways: decompiling object or executable code decompiling object or executable code
(machine code(machine code) into ) into source codesource code and using it and using it to analyze the program;to analyze the program;
Utilizing the reverse-engineered application as Utilizing the reverse-engineered application as a black box test and unveiling its functionality a black box test and unveiling its functionality using test datausing test data
Major Merits of Reverse Major Merits of Reverse EngineeringEngineering
Major merits of Reverse Engineering Major merits of Reverse Engineering includeinclude:: Faster development and reduced SDLC durationFaster development and reduced SDLC duration The creation of an improved system using the The creation of an improved system using the
reverse-engineering drawbacks.reverse-engineering drawbacks. Major risks/limitation of Reverse Major risks/limitation of Reverse
Engineering include:Engineering include: Software license agreement often include reverse Software license agreement often include reverse
engineering prohibiting clauses;engineering prohibiting clauses; De-compilers are relatively new tools with De-compilers are relatively new tools with
functions that depends on specific computers, functions that depends on specific computers, operating systems and programming language. operating systems and programming language. Any change in one of these components will Any change in one of these components will require developing or purchasing a new compilerrequire developing or purchasing a new compiler
TEASERTEASER
An existing system is being An existing system is being extensively enhanced by extensively enhanced by extracting and reusing design extracting and reusing design and program components. This is and program components. This is an example of: an example of:
A. reverse engineering.A. reverse engineering.B. prototyping.B. prototyping.C. software reuse.C. software reuse.D. reengineering.D. reengineering.
TEASERTEASER DD Old (legacy) systems that have been corrected, Old (legacy) systems that have been corrected,
adapted and enhanced extensively require adapted and enhanced extensively require reengineering to remain maintainable. reengineering to remain maintainable. Reengineering is a rebuilding activity to Reengineering is a rebuilding activity to incorporate new technologies into existing incorporate new technologies into existing systems. Using program language statements, systems. Using program language statements, reverse engineering involves reversing a program's reverse engineering involves reversing a program's machine code into the source code in which it was machine code into the source code in which it was written to identify malicious content in a program, written to identify malicious content in a program, such as a virus, or to adapt a program written for such as a virus, or to adapt a program written for use with one processor for use with a differently use with one processor for use with a differently designed processor. Prototyping is the designed processor. Prototyping is the development of a system through controlled trial development of a system through controlled trial and error. Software reuse is the process of and error. Software reuse is the process of planning, analyzing and using previously planning, analyzing and using previously developed software components. The reusable developed software components. The reusable components are integrated into the current components are integrated into the current software product systematically. software product systematically.