Software quality assurance and cyber security
Download as PPTX, PDF6 likes2,125 views
The document discusses software quality assurance (QA) and cyber security, defining key concepts and processes involved in QA, such as quality control and various testing methodologies. It elaborates on types of malware including viruses, ransomware, and spyware, and outlines the tactics cyber attackers use to infiltrate systems. Additionally, it emphasizes the importance of security measures against cyber threats and introduces frameworks for assessing vulnerabilities.
Software quality assurance and cyber security
- 1. Software Quality Assurance and Cyber Security Tariqual Hassan SQA Manager, Nascenia
- 3. What is Quality Assurance What is quality? Who we are? Why we are doing IEE Glossary: Degree to which a system, component or process meets specific requirements and customer or user needs or expectations ISO Definition: The totality of features and characteristics of a product or service that beat on it’s ability to satisfy specified or implied needs “Set of systematic activities providing evidence to the ability of software process to produce a software product that is fit to use” by G.Schulmeyer and J.McManus, Software Quality Handbook, Prentice Hall, 1998
- 4. Quality Assurance • Quality assurance activities are work process oriented. • They measure the process, identify deficiencies, and suggest improvements. • The direct results of these activities are changes to the process. • These changes can range from better compliance with the process to entirely new processes. • The output of quality control activities is often the input to quality assurance activities. • Audits are an example of a QA activity which looks at whether and how the process is being followed. The end result may be suggested improvements or better compliance with the process.
- 5. Quality Control • Quality control activities are work product oriented. • They measure the product, identify deficiencies, and suggest improvements. • The direct results of these activities are changes to the product. • These can range from single-line code changes to completely reworking a product from design. • They evaluate the product, identify weaknesses and suggest improvements. • Testing and reviews are examples of QC activities since they usually result in changes to the product, not the process. • QC activities are often the starting point for quality assurance (QA) activities.
- 7. Infamous Quotes by Devs “I know how to code, I can keep up with the design so why you guys are here?”- Devops
- 8. Infamous Quotes by Devs “Why should user do this and that? I am designing the system, so they should just use it in my way.”
- 9. Infamous Quotes by Devs “Okay it’s very difficult to apply this feature, let’s change it. Users can be convinced later on.”
- 10. Infamous Quotes by Devs “I didn’t do it and it’s not my job to fix this. Someone else will fix this.”
- 11. Software Development Ecosystem QA: Things need to be done properly. Developers: Things need to be done in any way. PM: I need the product at any cost.
- 12. A Formal SQA Process Development Phase Pre-QA Phase (Sanity Test) QA Phase (Smoke Test) Bug Submission Re-Test Phase Integration Test Regression Test Alpha Test Beta Test Release
- 13. Software Quality Assurance Warm up Things
- 16. Software Quality Assurance Standard Process
- 17. QA Test flow path Black Box White Box UX Testing Accessibility Test Security Testing Performance Engineering Deployment Testing UAT User’s feedback Cycle
- 19. Popular Process Platform Tools JIRA HP ALM TFS QA Complete
- 22. Unit Testing
- 25. Performance Tool Platform Load Runner Apache Jmeter Blazemeter for distributed load testing Google Chrome Dev tools
- 26. Performance Testing Tools Server Side: Client Side: LORI (Life-of-Request Info)
- 27. Security Testing Platform for QA E-governance (SAAM V1.0) NIST Protocol Core Security Framework CISSP Concept Checklist framework for QA
- 30. Test Platform Tool (Example Set) Load Runner Soap UI Ranorex Acunetix
- 31. Let’s Talk on Cyber Security
- 32. Security Domains
- 33. Cyber Security Threats 1. Hacktivism 2. Cyber crime 3. Cyber espionage 4. Cyber war 5. Cyber Terrorism
- 39. And so on and on...
- 40. Cyber Threats in Bangladesh Information source: Report from Threat Intelligence Division BGD e- GOV CIRT
- 42. Let’s start by knowing about Malwares
- 43. Malwares and their types Malware is software written specifically to harm and infect the host system. Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware. Advanced malware such as ransomware are used to commit financial fraud and extort money from computer users.
- 44. Virus Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.
- 45. Adware Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.
- 46. Spyware This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggers may be installed intentionally in an organization to monitor activities of employees.
- 47. Worms This type of malware will replicate itself and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.
- 48. Trojan Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be programmed to steal personal and financial information, and later take over the resources of the host computer’s system files. In large systems, it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.
- 49. Ransomware Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee. Your screen might show a pop-up warning that your have been locked out of your computer and that you can access only after paying the cybercriminal. The cybercriminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.
- 50. Who are the people utilize those?
- 51. How they plot for an attack (High level)
- 52. How they plot for an attack
- 53. A Breach – Attack View (Example) 1. Attacker scans and attempts exploitation, but fails 2. Attacker utilizes social engineering against a selected population 3. Victim(s) fall for the ruse allowing attacker to enter the environment 4. Attacker leverages user/system access to spread to other systems 5. Attacker consolidates loot (data, passwords, bank access, etc.) 6. Attacker sends data back out of environment
- 54. A Breach – Attack View
- 55. Measure against security threats
- 56. OWASP Top 10 Checklists for web development A1:2017-Injection A2:2017-Broken Authentication A3:2017-Sensitive Data Exposure A4:2017-XML External Entities (XXE) A5:2017-Broken Access Control A6:2017-Security Misconfiguration A7:2017-Cross-Site Scripting (XSS) A8:2017-Insecure Deserialization A9:2017-Using Components with Known Vulnerabilities A10:2017-Insufficient Logging & Monitoring
- 57. SQL injection
- 59. SQL injection prevention (MISC)
- 64. XSS
- 65. XSS
- 67. How to find the vulnerabilities in application ?
- 71. Adopting a framework for Cyber Security
- 74. How government is protecting Cyberspace
- 76. CERT and CIRT...The people who defends the cyberspace
- 77. QUESTIONS?
- 78. Thank You