Discuss About The Project Preliminary Design Marking Guide.
Large repositories are the storage system in computers or it is a database of information regarding application software which involves data elements, inputs, processes, outputs and interrelationships. This project is aimed towards the study of large repositories of source code as well recognizing the vulnerable codes. In this, study has been made to find out the vulnerable code [1]. Generally, vulnerability in terms of IT is a flaw or error in code which can create potential point of security compromise for the endpoint or network. Moreover, vulnerabilities generate attack vectors by which an intruder could easily run a code and can access the memory of target system.
For finding vulnerabilities, researcher has used testing techniques and learnt regarding the testing techniques process to find the vulnerabilities [2]. Thus, this report describes the project which has been run for finding out the vulnerable code by learning large repositories of source code. Moreover, this report also describes the schedule for working on the project and methodologies used to find out the bugs or vulnerable codes in the software application. In methodology section, static analysis as well as dynamic analysis has been used by the researcher.
Gantt chart is basically a graphical description of a project schedule. It is a type of a bar chart which presents the start and end of several activities of a project. Gantt chart is prepared for identifying all the activities of the project [3]. It is a kind of monitoring tool which helps in monitoring the activity of a project in a stated manner. Furthermore, it helps the researcher to keep a track over activities so that one of the elements left undone. In this section, activity table, Gantt chart and network diagram has been mentioned. This will help to accomplish the rest of the project in an efficient manner.
Table 1 Activity Table
|
Name of the Task |
Period |
Begins on |
Ends on |
Predecessors |
Names of the Resource |
|
Vulnerable code project |
64 days |
Fri 5/4/18 |
Wed 8/1/18 |
||
|
Choosing suitable approach to identify vulnerable code |
5 days |
Friday 5-4-18 |
Thursday 5-10-18 |
Project manager, Software engineer |
|
|
Defining characteristics of vulnerable code |
10 days |
Friday 5-11-18 |
Thursday 5-24-18 |
2 |
Information Technology manager |
|
Application of static analysis |
12 days |
Friday 5-25-18 |
Monday 6-11-18 |
3 |
Software engineer |
|
Application of dynamic analysis |
15 days |
Tuesday 6-12-18 |
Monday 7-2-18 |
3,4 |
Software engineer |
|
Conforming the requirements of the project |
10 days |
Tuesday 6-12-18 |
Monday 6-25-18 |
4 |
Project manager |
|
Running the programme to identify vulnerability |
10 days |
Tuesday 6-26-18 |
Monday 7-9-18 |
6 |
Automated vulnerability scanners[1],IT manager |
|
Finding of vulnerable code |
12 days |
Tuesday 7-3-18 |
Wednesday 7-18-18 |
5,6 |
Project manager, Software engineer |
|
Working to mitigate the vulnerable code |
10 days |
Tuesday 7-10-18 |
Monday 7-23-18 |
7 |
Software engineer |
|
Review and feedback |
7 days |
Tuesday 7-24-18 |
Wednesday 8-1-18 |
8,9 |
Project manager |
Figure 1: Gantt timeline chart
Figure 2: Network Diagram
The project diagram method is a tool which is utilised for the purpose of scheduling the events in a project plan [4]. It is regarded as one of the methods to construct a project schedule network diagram which make use of boxes that is known as nodes for representing events and connecting them with arrows showcasing dependencies. The project diagram for the current project is for identifying the vulnerable codes in repositories of 127 GB hard disk are as follows:
Project methodology is defined as the mixture of rationally linked methods, practices, and processes. It determines how it can be planned, developed, put a control and send the task throughout the continuous execution process until the project is successfully completed or terminated [5]. It is an orderly as well as well-organized approach for project designing, executing and completion.
The present report is based upon the identification of vulnerable code in large repositories of source. For that aspect, researcher has applied static analysis as well dynamic analysis as a part of project methodologies and they have been described below.
Static testing is considered as a testing technique for software where testing of software by not executing the code. There are 2 parts of this testing technique and that are
Furthermore, lexical assessment will be used under static analysis in order to find out the complicated errors of security in 127 GB hard disk. Moreover, there are certain vulnerabilities which are not straight forward and it can be identified using semantic techniques. Moreover, to identify the vulnerable codes in the present software, Abstract Syntax Tree will be used under the static analysis. In order to detect the vulnerability using static analysis methodology, two forms are used. One is security code inspection and the other is static analysis automation.
Moreover, this analysis is more beneficial than security code inspection. The reason is that it includes scanning sources code that is easiest as well as rapid method and that works on source encryption for testing to find out flaws or inspection of its absence instead of running the programme [8]. During the development stage of process, programmer can use static analysis in an effective manner on a daily basis. Incurrent of cost will be lesser at that time because static analysis will help in identifying the bugs at early stage. However, it also has certain disadvantage like BOON (Buffer Overrun Detection) which is a static analysis tool that could run automatically and scan the data for detecting vulnerable code ad this can lead to buffer overflow [11]. Thus, programmer should be aware about such issues while using static analysis for identifying vulnerability.
Dynamic testing is a type of software testing technique and by using this technique, programmer analyses the dynamic behaviour of the code [2]. It is that type of testing which works with the system with the intention of finding errors. The major aim of this testing is to ensure that software is working properly during and after the installation is done. This also ensures a stable application without any major errors. Moreover, this test is also done for assuring consistency to the software [9].
Further, there are generally two categories of dynamic analysis and that are black box testing as well as white box testing. In latter, software is examined in which the internal structure/design is very well known to the programmer. It is applied to check that system is performing on the basis of code. Further, it is mainly performed by Developers who possess the knowledge of programming. On the other hand, former is a technique of examining where inner arrangement or code is unknown to the tester [10]. The major ain is to verify the functionality of the system within test and it requires the execution of the complete test suite and it is performed by the programmer. However, the programming knowledge is not required to run this test.
For the present study, programmer will run black box testing because the code is unknown to the researcher and for identifying vulnerable code of 127 GB hard disk, the programmer has to run the black box testing under dynamic analysis [5].
Budget is a chart which is prepared to estimate the income and expenditure for a set period of time [3]. Budgeting is an activity which is done by every researcher to estimate the total cost of the project and it also helps in completing the project without unnecessary expenditure. Furthermore, it is important to prepare because ensures the author that enough money is there for the things which is required [11]. Following the budget will keep the researcher out of debt and it will help him to work out the way out of debt if the researcher is currently under debt. The budget with allocation of cost for specific activity for the current project of vulnerability cost is as follows:
|
Activities |
Cost |
|
Choosing suitable approach to identify vulnerable code |
$1,600.00 |
|
Defining characteristics of vulnerable code |
$1,600.00 |
|
Application of static analysis |
$1,920.00 |
|
Application of dynamic analysis |
$2,400.00 |
|
Conforming the requirements of the project |
$1,600.00 |
|
Running the programme to identify vulnerability |
$6,600.00 |
|
Finding of vulnerable code |
$3,840.00 |
|
Working to mitigate the vulnerable code |
$1,600.00 |
|
Review and feedback |
$1,120.00 |
|
Total |
$22,280.00 |
References
[1] Harnefors, L., Antonopoulos, A., Norrga, S., Angquist, L. and Nee, H.P., Dynamic analysis of modular multilevel converters. IEEE Transactions on Industrial Electronics, 2103, pp.2526-2537.
[2] Aoki, M. ed., Dynamic analysis of open economies. Elsevier. 2014
[3] Yu, H., Cai, G. and Li, Y., Dynamic analysis and control of a new hyperchaotic finance system. Nonlinear Dynamics, 2012, pp.2171-2182.
[4] Glo?ser, S., Soulier, M. and Tercero Espinoza, L.A., Dynamic analysis of global copper flows. Global stocks, postconsumer material flows, recycling indicators, and uncertainty evaluation. Environmental science & technology, 2013, pp.6564-6572.
[5] Doyle, J.F., Static and dynamic analysis of structures: with an emphasis on mechanics and computer matrix methods(Vol. 6). Springer Science & Business Media. 2012
[6] Muvengei, O., Kihiu, J. and Ikua, B., Dynamic analysis of planar multi-body systems with LuGre friction at differently located revolute clearance joints. Multibody System Dynamics, 2012, pp.369-393.
[7] Hughes, T.J., The finite element method: linear static and dynamic finite element analysis. Courier Corporation. 2012.
[8] Sengupta, A., Biswas, S., Zhang, M., Bond, M.D. and Kulkarni, M., Hybrid static–dynamic analysis for statically bounded region serializability. ACM SIGPLAN Notices, 2015, pp.561-575.
[9] Santos, I., Devesa, J., Brezo, F., Nieves, J. and Bringas, P.G., Opem: A static-dynamic approach for machine-learning-based malware detection. In International Joint Conference CISIS’12-ICEUTE 12-SOCO 12 Special Sessions (pp. 271-280). Springer, Berlin, Heidelberg. 2013
[10] Damodaran, A., Di Troia, F., Visaggio, C.A., Austin, T.H. and Stamp, M., A comparison of static, dynamic, and hybrid analysis for malware detection. Journal of Computer Virology and Hacking Techniques, 2017, pp.1-12.
[11] Mesbah, A., Van Deursen, A. and Lenselink, S., Crawling Ajax-based web applications through dynamic analysis of user interface state changes. ACM Transactions on the Web (TWEB), 2012, p.3.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download