Qc Certification Process

8/7/2019 Qc Certification Process

1/42

A Project Report On

QUALITY CONTROL CERTIFICATION PROCESS

Submitted

in the partial fulfillment of

Award of degree of

MASTER OF COMPUTER APPLICATION

(2005-08) Under the supervision of

Mr. RAJESH RANJANProject Head

TECHPOWER Pvt. Ltd.

Submitted To: Submitted BY:Prof. Sunita Bisht Name Manoj Kumar

Coordinator MCA VIth SemesterMCA (VI Semester) Project Roll No.: 0503814047

Batch ( 2005 2008)

1


2/42

ACKNOWLEDGMENT

First and foremost I thank TECHPOWER Ltd, New Delhi for allowing me to complete my

Project Training successfully. I express my sincere gratitude to all those who initiated and

helped me in the successful completion of this project. Sincere thanks and profound gratitudeto my guide Mr.Rajesh Ranjan for helping me in carrying out the project work and for

many valuable and useful information while bringing out this project.

Completing a task is never one-man effort. It is often result of invaluable

Contribution of number of individuals in a direct or indirect manner that

helps in sharing and making success.

I take this opportunity to express my deep sense of gratitude and whole

Hearted thanks to my guide Mr Rajesh Ranjan(Trainer) TECHPOWER Ltd, New Delhi for

her guidance and keen interested and affectionate encouragement throughout the work.

I also take this opportunity to express my in debtedness to Dr. V.B Dhawan, Head of

Department (M.C.A.), and to my respected teachers of I.T.S Mohan Nagar,Utter Pradesh

Technical University,Lucknow for their kind consent, expert guidance, valuable suggestion and

affectionate encouragement.

Last but not least, I am very thankful to my parents who are my source of inspiration in every

field of life.

- Manoj Kumar

Project

2


3/42

On

Quality Control

Certification Process

Project Leader Project Coordinator

Mr Rajesh Ranjan Mr. Vinesh Jain

Team Members:

Manoj Kumar

Vikas

Anil Kumar

3


4/42

CONTENTS

Objective

Overview

Problem Description

Fact Finding

Platform Used

Analysis and Design

Bibliography

1: INTRODUCTION

4


5/42

What Is Quality Control Certification Process?

Quality Control Certification Process (QCCP) is the International Standards Organization. They

do not create standards but (as with ANSI) provide a means of verifying that a proposed standards

has met certain requirements for due process, consensus and other criteria by those developing the

standards.

The Quality Control Technology Awareness Certification has been developed to test

important concepts, skills and terminology related to Quality Control Technology.

1.1 Company Profile:

TechPower is a leading IT solutions company One of the world's leading information

technology consulting, services and business process outsourcing organisations.

5


6/42

SYSTEM BEHAVIOUR

Generally, the behavior of the system is decided on the basis of how accurately

Answer it provides, time it takes to give the output.

It should work with least number of errors, how user friendly it is, and many

such factors. Thus, when we particularly talk about this system, it gives almost

all positive results for the above analysis. Positive results in the sense of

working of its 3 modules.

This system consists of three modules namely:

Administrator

Auditor

Audi tee

The Administrator module contains three sub modules:

Audit Schedule

Document details

Auditor details

The Auditor module contains three sub modules:

Auditing details

Review

Report

o Auditor

o Audi tee report

Training

Checklist

o Quality control records

o Internal Audit programs

6


7/42

The Audi tee module contains three sub modules:

Employee details

Internal audit details

Internal auditor details

1.1 FEASIBILITY STUDY

This section basically deals with the central idea of what this system provides, which platforms it

works on, and what expenditure it requires to be built up or when it will be actually deployed and

many such factors. All these doubts can be cleared by the following explanation. . It is total user

friendly and compatible with quite data environments. It works over all versions of Windows

Operating Systems viz. Windows 2000, Windows XP and all related versions, from server side.

But when we talk about client side it can be operated on any O.S.

Thus, overall its compatibility is maintained very efficiently, that is Platform Independence is

complete of course from client side since its web-based system. Now, when we talk about cost

estimation, it can be divide into sub parts that its expenditure while developing it and at the time of

deployment. Since it is the R&D project related system, development have to be started from

scrap, thus collecting information, arranging it and developing it till we get desired output takes it

reasonable cost. During deployment phase, it depends on the customer and his needs.

i. Economic feasibility:

It includes an evaluation of development cost weighted against the ultimate income or

benefit derived from the developed system or product.

ii. Technical feasibility:

Technical analysis begins with an assessment of the technical viability of the proposed

system. What technologies are required to accomplish system function and performance? Which

other resources (hardware and software) are available to build the system?

7


8/42

1.1 Operating Environment hardware and software

Quality Control Certification Process (QCCP)requires SQL Server for the database

storage. Further it has been designed in .NET technology along with the code.The connectivity is done in such a manner that it will be compatible to any system and need not to

change the properties all the time. It requires low maintenance and its requirements are also less.

1. Hardware Requirements:

High-speed communication network between client and server.

CPU Pentium IV

Memory 128 MB RAM

Display Options HTML, XML

Input Device Keyboard, MouseNetwork Interface Card Internet (64 kbps) LAN

Adapter

Table 1.1

2. Software Requirements:

Minimum Requirements to use this project are: ASP.NET, Windows

OS, SQL Server.

3. Technology Used:

Language / Tool: .NET 2.0 Framework.

4. Back End:

MS SQL Server

5. Sever:

IIS

8


9/42

1.5 Detail Description of Technology Used:

a. Read the explicit data sent by the client:

The end user normally enters this data in an HTML form on a Web page. Read the implicit HTTP

request data sent by the browser. There are really two varieties of data: the explicit data that the end

user enters in a form and the behind-the-scenes HTTP information. Both varieties are critical. The

HTTP information includes cookies, information about media types and compression schemes the

browser understands, and so forth.

b. Generate the results:

Your real data may be in a relational database. This is fine, but the database probably doesn't speak

HTTP or return results in HTML, so the Web browser can't talk directly to the database. Even if it

could, for security reasons, we probably would not want it to. The same argument applies to most

other applications. We need the Web middle layer to extract the incoming data from the HTTP

stream, talk to the application, and embed the results inside a document.

c. Send the explicit data (i.e., the document) to the client:

This document can be sent in a variety of formats, including text (HTML or XML), binary (GIF

images), or even a compressed format like zip that is layered on top of some other underlying

format.

d. Send the implicit HTTP response data:

There are really two varieties of data sent: the document itself and the behind-the-scenes HTTP

information. Again, both varieties are critical to effective development. Sending HTTP response

data involves telling the browser or other client what type of document is being returned (e.g.,

HTML), setting cookies and caching parameters, and other such tasks.

Features of ASP.Net:

ASP.Net provides the easy way of developing the web form. There are various versions of

ASP.Net as 1.0, 1.1, 2.0, and 3.0 and latest are 3.5. Here we used ASP.Net 2.0 for developing thewebsite. It has various features on previous version,

9


10/42

Increase productivity by removing 70% of the code

Use the same controls for all types of devices

Provide a faster and better web server platform

Simplify compilation and installation

Simplify the administration of web applications

Security in ASP.Net:

Input/Data Validation:

Do not rely on ASP.NET request validation

Validate input for length, range, format, and type

Validate input from all sources like QueryString, cookies, and HTML controls

Do not rely on client-side validation

Avoid user-supplied file name and path input

Do not echo untrusted input

If you need to write out untrusted data, encode the output

Authentication:

Forms Authentication:

Use membership providers instead of custom authentication

Use SSL to protect credentials and authentication cookies

If you cannot use SSL, consider reducing session lifetime

Validate user login information Do not store passwords directly in the user store

Enforce strong passwords

Protect access to your credential store

Do not persist authentication cookies

Restrict authentication tickets to HTTPS connections

Consider partitioning your site to restricted areas and public areas

Use unique cookie names and paths

Windows Authentication

Choose Windows authentication when you can

Enforce strong password policies

Authorization:

Use URL authorization for page and directory access control

10
http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_inputdatavalidationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrelyonaspnetrequestvalidationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateinputforlengthrangeformatandtypehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateinputfromallsourceslikequerystrihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrelyonclientsidevalidationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidusersuppliedfilenameandpathinputhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidusersuppliedfilenameandpathinputhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotechountrustedinputhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouneedtowriteoutuntrusteddataencodethhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_authenticationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_formsauthenticationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usemembershipprovidersinsteadofcustomauthttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usessltoprotectcredentialsandauthenticathttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyoucannotusesslconsiderreducingsessionhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyoucannotusesslconsiderreducingsessionhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateuserlogininformationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotstorepasswordsdirectlyintheuserstorhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotstorepasswordsdirectlyintheuserstorhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_enforcestrongpasswordshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectaccesstoyourcredentailstorehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotpersistauthenticationcookieshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_restrictauthenticationticketstohttpsconnhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_considerpartitioningyoursitetorestrictedhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useuniquecookienamesandpathshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_windowsauthenticationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_choosewindowsauthenticationwhenyoucanhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_enforcestrongpasswordpolicieshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_authorizationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useurlauthorizationforpageanddirectoryachttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_inputdatavalidationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrelyonaspnetrequestvalidationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateinputforlengthrangeformatandtypehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateinputfromallsourceslikequerystrihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrelyonclientsidevalidationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidusersuppliedfilenameandpathinputhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotechountrustedinputhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouneedtowriteoutuntrusteddataencodethhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_authenticationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_formsauthenticationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usemembershipprovidersinsteadofcustomauthttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usessltoprotectcredentialsandauthenticathttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyoucannotusesslconsiderreducingsessionhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateuserlogininformationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotstorepasswordsdirectlyintheuserstorhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_enforcestrongpasswordshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectaccesstoyourcredentailstorehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotpersistauthenticationcookieshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_restrictauthenticationticketstohttpsconnhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_considerpartitioningyoursitetorestrictedhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useuniquecookienamesandpathshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_windowsauthenticationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_choosewindowsauthenticationwhenyoucanhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_enforcestrongpasswordpolicieshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_authorizationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useurlauthorizationforpageanddirectoryac


11/42

Configure ACLs on your Web site files

Use ASP.NET role manager for roles authorization

If your role lookup is expensive, consider role caching

Protect your authorization cookie

Code Access Security

Consider code access security for partial trust applications

Choose a trust level that does not exceed your application's requirements

Create a custom trust policy if your application needs additional permissions

Use Medium trust in shared hosting environments

Data Access

Encrypt your connection strings

Use least-privileged accounts for database access

Use Windows authentication where possible

If you use Windows authentication, use a trusted service account

If you cannot use a domain account, consider mirrored accounts

When using SQL authentication, use strong passwords

When using SQL authentication, protect credentials over the network

When using SQL authentication, protect credentials in configuration files

Validate untrusted input passed to your data access methods

When constructing SQL queries, use type safe SQL parameters

Avoid dynamic queries that accept user input

Exception Management Use structured exception handling

Do not reveal exception details to the client

Use a global error handler to catch unhandled exceptions

11
http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_configureaclsonyourwebsitefileshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_configureaclsonyourwebsitefileshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useaspnetrolemanagerforrolesauthorizatiohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyourrolelookupisexpensiveconsiderrolechttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectyourauthorizationcookiehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectyourauthorizationcookiehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_codeaccesssecurityhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_considercodeaccesssecurityforpartialtrushttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_chooseatrustlevelthatdoesnotexceedyouraphttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_createacustomtrustpolicyifyourapplicatiohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usemediumtrustinsharedhostingenvironmenthttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_dataaccesshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_encryptyourconnectionstringshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useleastprivilegedaccountsfordatabaseacchttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useleastprivilegedaccountsfordatabaseacchttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usewindowsauthenticationwherepossiblehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usewindowsauthenticationwherepossiblehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouusewindowsauthenticationuseatrustedhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouusewindowsauthenticationuseatrustedhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyoucannotuseadomainaccountconsidermirrhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyoucannotuseadomainaccountconsidermirrhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenusingsqlauthenticationuseastrongpasshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenusingsqlauthenticationuseastrongpasshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenusingsqlauthenticationprotectcredntihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenusingsqlauthprotectcredentialsinconfhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenusingsqlauthprotectcredentialsinconfhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateuntrustedinputpassedtoyourdataachttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenconstructingsqlqueriesusetypesafesqlhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoiddynamicqueriesthatacceptuserinputhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoiddynamicqueriesthatacceptuserinputhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_exceptionmanagementhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usestructuredexceptionhandlinghttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usestructuredexceptionhandlinghttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrevealexceptiondetailstotheclienthttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useaglobalerrorhandlertocatchunhandlesexhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useaglobalerrorhandlertocatchunhandlesexhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_configureaclsonyourwebsitefileshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useaspnetrolemanagerforrolesauthorizatiohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyourrolelookupisexpensiveconsiderrolechttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectyourauthorizationcookiehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_codeaccesssecurityhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_considercodeaccesssecurityforpartialtrushttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_chooseatrustlevelthatdoesnotexceedyouraphttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_createacustomtrustpolicyifyourapplicatiohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usemediumtrustinsharedhostingenvironmenthttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_dataaccesshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_encryptyourconnectionstringshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useleastprivilegedaccountsfordatabaseacchttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usewindowsauthenticationwherepossiblehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouusewindowsauthenticationuseatrustedhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyoucannotuseadomainaccountconsidermirrhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenusingsqlauthenticationuseastrongpasshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenusingsqlauthenticationprotectcredntihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenusingsqlauthprotectcredentialsinconfhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateuntrustedinputpassedtoyourdataachttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_whenconstructingsqlqueriesusetypesafesqlhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoiddynamicqueriesthatacceptuserinputhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_exceptionmanagementhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usestructuredexceptionhandlinghttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrevealexceptiondetailstotheclienthttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useaglobalerrorhandlertocatchunhandlesex


12/42

Impersonation/Delegation

Know your tradeoffs with impersonation

Avoid Calling LogonUser

Avoid programmatic impersonation where possible

If you need to impersonate, consider threading issues

If you need to impersonate, clean up appropriately

Avoid losing impersonation tokens

Parameter Manipulation

Do not make security decisions based on parameters accessible on the client-side

Validate all input parameters

Avoid storing sensitive data in ViewState

Encrypt ViewState if it must contain sensitive data

Sensitive Data

Avoid plaintext passwords in configuration files

Use platform features to manage keys where possible

Do not pass sensitive data from page to page

Protect sensitive data over the wire

Do not cache sensitive data

Session Management

Do not rely on client-side state management options

Protect your out-of-process state service

Protect SQL Server session state

Auditing and Logging

Use health monitoring to log and audit events

Instrument for user management events

12
http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_impersonationdelegationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_knowyourtradeoffswithimpersonationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidcallinglogonuserhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidcallinglogonuserhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidprogrammaticimpersonationwherepossihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouneedtoimpersonateconsiderthreadingihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouneedtoimpersonateconsiderthreadingihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouneedtoimpersonatecleanupappropriatehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidlosingimpersonationtokenshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidlosingimpersonationtokenshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_parametermanipulationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotmakesecuritydecisionsbasedonparamethttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateallinputparametershttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidstoringsensitivedatainviewstatehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_encryptviewstateifitmustcontainsensitivehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_sensitivedatahttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidplaintextpasswordsinconfigurationfihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useplatformfeaturestomanagekeyswherepohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useplatformfeaturestomanagekeyswherepohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotpasssensitivedatafrompagetopagehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_securesensitivedataoverthewirehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_securesensitivedataoverthewirehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotcachesensitivedatahttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotcachesensitivedatahttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_sessionmanagementhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrelyonclientsidestatemanagementoptihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrelyonclientsidestatemanagementoptihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectyouroutofprocessstateservicehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectyouroutofprocessstateservicehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectsqlserversessionstatehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_auditingandlogginghttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usehealthmonitoringtologandauditeventshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_instrumentforusermanagementeventshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_impersonationdelegationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_knowyourtradeoffswithimpersonationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidcallinglogonuserhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidprogrammaticimpersonationwherepossihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouneedtoimpersonateconsiderthreadingihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_ifyouneedtoimpersonatecleanupappropriatehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidlosingimpersonationtokenshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_parametermanipulationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotmakesecuritydecisionsbasedonparamethttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_validateallinputparametershttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidstoringsensitivedatainviewstatehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_encryptviewstateifitmustcontainsensitivehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_sensitivedatahttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_avoidplaintextpasswordsinconfigurationfihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_useplatformfeaturestomanagekeyswherepohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotpasssensitivedatafrompagetopagehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_securesensitivedataoverthewirehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotcachesensitivedatahttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_sessionmanagementhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_donotrelyonclientsidestatemanagementoptihttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectyouroutofprocessstateservicehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectsqlserversessionstatehttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_auditingandlogginghttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usehealthmonitoringtologandauditeventshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_instrumentforusermanagementevents


13/42

Instrument for unusual activity

Instrument for significant business operations

Consider using an application-specific event source

Protect audit and log files

Deployment Considerations

Use a least-privileged account for running ASP.NET applications

Encrypt configuration sections that store sensitive data

Consider your key storage location

Block Protected File Retrieval by Using HttpForbiddenHandler

Configure the MachineKey to use the same keys on all servers in a Web farm

Lock configuration settings to enforce policy settings

Communication Security

Consider SSL vs. IPSec

Optimize pages that use SSL

The Need for ASP.Net: Why ASP.NET?

Writing dynamic, high-performance Web applications has never been easier

ASP.NET combines unprecedented developer productivity with performance, reliability and

deployment.

Developer Productivity:

ASP.NET helps you deliver real world Web applications in record time.

Easy Programming Model. ASP.NET makes building real world Web applications

dramatically easier. ASP.NET server controls enable an HTML-like style of declarative

programming that let you build great pages with far less code than with clDisplaying data,validating user input and uploading files are all amazingly easy

13
http://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_instrumentforunusualactivityhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_instrumentforunusualactivityhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_instrumentforsignificantbusinessoperatiohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_instrumentforsignificantbusinessoperatiohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_considerusinganapplicationspecificeventshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectauditandlogfileshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectauditandlogfileshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_deploymentconsiderationshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usealeastprivilegedaccountforrunningaspnhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_encryptconfigurationsectionsthatstoresenhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_consideryourkeystoragelocationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_blockprotectedfileretrievalbyusinghttpforbiddenhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_configurethemachinekeytousethesamekeysonhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_lockconfigurationsettingstoenforcepolicyhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_communicationsecurityhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_considersslvsipsechttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_optimizepagesthatusesslhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_instrumentforunusualactivityhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_instrumentforsignificantbusinessoperatiohttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_considerusinganapplicationspecificeventshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_protectauditandlogfileshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_deploymentconsiderationshttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_usealeastprivilegedaccountforrunningaspnhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_encryptconfigurationsectionsthatstoresenhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_consideryourkeystoragelocationhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_blockprotectedfileretrievalbyusinghttpforbiddenhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_configurethemachinekeytousethesamekeysonhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_lockconfigurationsettingstoenforcepolicyhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_communicationsecurityhttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_considersslvsipsechttp://msdn.microsoft.com/en-us/library/ms998258.aspx#pagguidelines0001_optimizepagesthatusessl


14/42

Flexible Language Options. ASP.NET lets you leverage your current programming

language skills. Unlike classic ASP, which supports only interpreted VBScript and JScript,

ASP.NET now supports more than 25 .NET languages (including built-in support for VB.NET, C#and JScript.NET -- no tool required), giving you unprecendented flexibility in your choice

of language.

Great Tool Support. You can harness the full power of ASP.NET using any text editor

-- even Notepad! But Visual Studio .NET adds the productivity of Visual Basic-style development

to the Web.

The Enterprise versions of Visual Studio .NET deliver life-cycle features to help organizationsplan, analyze, design, build, test and coordinate teams that develop ASP.NET Web applications.

Rich Class Framework. Application features that used to be hard to implement, or required a 3

rd-party component, can now be added in just a few lines of code using the .NET Framework.The .NET Framework offers over 4500 classes that encapsulate rich functionality like XML, data

access, file upload, regular expressions, image generation, performance monitoring and logging,

transactions, message queuing, SMTP mail and much more!

Improved Performance and Scalability:

ASP.NET lets you use serve more users with the same hardware.

Compiled execution. ASP.NET is much faster than classic ASP, while preserving the "just

hit save" update model of ASP. However, no explicit compile step is required!

Rich output caching. ASP.NET output caching can dramatically improve the performance

and scalability of your application. When output caching is enabled on a page, ASP.NET executes

the page just once and saves the result in memory in addition to sending it to the user. Whenanother user requests the same page, ASP.NET serves the cached result from memory without re-

executing the page.

Web-Farm Session State. ASP.NET session state lets you share session data user-specific

state values across all machines in your Web farm.

Enhanced Reliability:ASP.NET ensures that your application is always available to your users.

Memory Leak, DeadLock and Crash Protection. ASP.NET automatically detects andrecovers from errors like deadlocks and memory leaks to ensure your application is always

available to your users.

14


15/42

Easy Deployment

ASP.NET takes the pain out of deploying server applications.

"No touch" application deployment. ASP.NET dramatically simplifies installation of your

application. With ASP.NET, you can deploy an entire application as easily as an HTML page: justcopy it to the server.

Dynamic update of running application. ASP.NET now lets you update compiled

components without restarting the web server. In the past with classic COM components, the

developer would have to restart the web server each time he deployed an update.

Easy Migration Path. You don't have to migrate your existing applications to start using

ASP.NET. ASP.NET runs on IIS side-by-side with classic ASP on Windows 2000 and WindowsXP platforms. Your existing ASP applications continue to be processed by ASP.DLL, while new

ASP.NET pages are processed by the new ASP.NET engine. you continue to use your existing

classic COM business components.

New Application Models:

ASP.NET extend your application's reach to new customers and partners.

XML Web Services. XML Web services allow applications to communicate and share data

over the Internet, regardless of operating system or programming language. ASP.NET makes

exposing and calling XML Web Services simple.

Mobile Web Device Support. ASP.NET Mobile Controls let you easily target cell phones,PDAs -- over 80 mobile Web devices -- using ASP.NET. What is the .NET Framework?

The .NET Framework is a development and execution environment that allows different

programming languages & libraries to work together seamlessly to create Windows-basedapplications that are easier to build, manage, deploy and integrate with other networked systems.

The .NET Framework consists of:

The Common Language Runtime (CLR)

A language-neutral development & execution environment that provides services to help "manage"

application execution

The Framework Class Libraries (FCL)

A consistent, object-oriented library of prepackaged functionality

15


16/42

The .NET Framework provides the basic infrastructure that Windows-based applications need to

make Microsoft's .NET vision of connecting information, people, systems and devices a reality:

Support for standard networking protocols & specifications

The .NET Framework uses standard Internet protocols and specifications like TCP/IP, SOAP,XML, & HTTP to allow a broad range of information, people, systems and devices to be connected

Support for different programming languages

The .NET Framework supports a variety of different programming languages so developers can

pick the language of their choice

Support for programming libraries developed in different languages

The .NET Framework provides a consistent programming model for using prepackaged units offunctionality (libraries) which makes application development faster, easier & cheaper

Support for different platforms

The .NET Framework is available for a variety of Windows platforms.

MS SQL Server 2005:

MS SQL is an SQL based relational database management system (RDBMS) that runs under a

broad array of operating systems.

One great thing about MS SQL is that it can be scaled down to support embedded database

applications. Perhaps it is because of this reputation that many people believe that MS SQL can

only handle small to medium-sized and also large systems.

Modern day web sites seem to be relying more and more on complex database systems. These

systems store all of their critical data, and allow for easy maintenance in some cases.

The Structured Query Language (SQL) is a very popular database language, and its standardization

makes it quite easy to store, update and access data.

Some of the features of MS SQL Server 2005 Include:

Features for database administration

Database Mirroring

Online Restore

Online Indexing Operations

16


17/42

Fast Recovery

Features for Development

Native XML Support

ADO.NET version 2. Security Enhancements

Transact-SQL Enhancements

Features for Business Intelligence

Analysis Services

Integration Services (SSIS

Data Mining

Reporting Services

The MS SQL database package consists of the following:

Microsoft SQL Server 2005 Express Edition Toolkit (SQL Server Express Toolkit) provides

additional tools and resources for SQL Server 2005 Express Edition and SQL Server 2005 ExpressEdition with Advanced Services. The SQL Server Express Toolkit contains SQL Server 2005

Management Studio Express, a graphical management tool, and Business Intelligence

Development Studio, a creation and editing environment for reports using SQL Server ReportingServices.

The SQL Server Express Toolkit contains these two components:

SQL Server 2005 Management Studio Express Edition Easily manage SQL Server 2005Express Edition and SQL Server 2005 Express Edition with Advanced Services database instances

with this free, easy-to-use graphical management tool.

Business Intelligence Development Studio (BIDS) Create and edit reports for SQL Server

2005 Reporting Services (SSRS). BIDS provides the ability to create and edit Reporting Services

projects that are reporting on local relational data in local SQL Server Express databases.

IIS (Internet Information Server of Microsoft):

Internet Information Services (IIS) 6.0 is a powerful Web server that provides a highly reliable,

manageable, and scalable Web application infrastructure for all versions of Windows Server 2003.IIS helps organizations increase Web site and application availability while lowering system

administration costs. IIS 6.0 supports the Microsoft Dynamic Systems Initiative (DSI)with

17
http://www.microsoft.com/windowsserversystem/dsi/default.mspxhttp://www.microsoft.com/windowsserversystem/dsi/default.mspxhttp://www.microsoft.com/windowsserversystem/dsi/default.mspx


18/42

automated health monitoring, process isolation, and improved management capabilities. Thinking

of upgrading? Read this: Should I Upgrade to IIS 6.0?

For information about other Windows Server technologies and services, see the complete list of

Windows Server 2003 Technology Centers.

Technical Overview of Internet Information Services (IIS) 6.0:

Administrators and Web application developers demand a reliable, easily managed, high

performance, and secure Web server. IIS 6.0 and Microsoft Windows Server 2003 introduce many

new features for Web application server reliability and availability, management, scalability, andsecurity. The benefits of deploying IIS 6.0 include less planned and unplanned system downtime,

increased Web site and application availability, lower system administration costs, server

consolidation (reduced staffing, hardware, and site management costs), and a significant increase in

Web infrastructure security. This document provides a technical overview of IIS 6.0, the nextgeneration of Web infrastructure capabilities that are available in the Windows Server 2003 family

of products.

Internet Information Services 6.0 Features:

Fault-tolerant process architecture

Application pools

Health monitoring

Rapid-fail protection

Automatic process recycling

Process orphaning

Uninterrupted TCP/IP connection

CPU and process throttling

2. PROPOSED SYSTEM

2.1 PROPOSED SYSTEM:

18
http://www.microsoft.com/windowsserver2003/technologies/default.mspxhttp://www.microsoft.com/windowsserver2003/technologies/default.mspxhttp://www.microsoft.com/windowsserver2003/technologies/default.mspx


19/42

Quality Control Certification Process (QCCP) is the International Standards Organization. They

do not create standards but(as with ANSI) provide a means of verifying that a proposed standards

has met certain requirements for due process, consensus and other criteria by those developing the

standards.

The Quality Control Technology Awareness Certification has been developed to testimportant concepts, skills and terminology related to Quality Control Technology.

2.2 User requirements:

O SCOPE

The scope of the system is to develop an interface between the developers, testers & project

manager. With this system all the above stakeholders can interact and retrieve information about

the ongoing projects in the organization as per their security access.

.

To provide a user-friendly environment: GUI plays a very vital role in any website based

system. Till the time the interface with user is not convenient, system has no use. Thus, user should

be very comfortable while using any system and it is the case with this system. The path what the

user follows is very simple and he/she can return to the previous page very easily. Thus, even a

non-technical person can use the system efficiently and have their desired results very soon.

CONSTRAINTS AND LIMITATION:

User environment:

Number of people involved in completing the task? Is this changing?

How long is a task cycle? Amount of time spent in each activity? Is this changing?

Any unique environmental constraints?

Which systems platforms are in use today? Future platforms?

- Windows XP

19


20/42

(Future Systems)

- Unix Systems

What other applications are in use? Does your application need to integrate with them?

Info about all companies total resources,campus, architecture etc User Needs -:

1. There is no centralized repository of

- A centralized database is made available which contains all information about Standards, so

that quality can be tested on the basis of standards.

-To find total info about the company and keep them during complete process.

2. There is no way to get reports while traveling or without an Internet connection.

- The system contains PDA support, which enables to view reports while they are traveling or

are isolated without a computer.

- The s requirement of a mobile reporting mechanism.

3. ANALYSIS & DESIGN

20


21/42

Analysis:

The requirements gathering process is intensified and focused specifically on software.

Requirements for both the system and the software are documented and reviewed with the

customer.

System design:

Design is a meaningful engineering representation of something that is to be built. To solve actual

problems, a software engineer must incorporate a development strategy that encompasses the

process, methods and tools. This strategy is often called as a process model or software engineering

paradigm. Project model is based on nature of the project and its applications.

It can be traced to a customers requirements and at the same time assessed for quality against a set

of pre-defined criteria for good design.

Design focuses on four major areas of concern:

Data Structures

Software Architecture

Interface Representation

Procedural Details [1]

In context to our project, this phase is necessary to get an insight into the proposed work. Each of

the above mentioned four major areas of concern need to be given proper time during this phase so

as to be clear of the requirements which could probably arise later during the implementation

phase.

3.1 Selection Of Life Cycle Model

History has indicated that the conventional models (such as Waterfall, Incremental, RAD and

Spiral) have brought a certain amount of useful structure to software teams. This project can be

enhanced in increments, so the Incremental process model is chosen.

The incremental model combines elements of waterfall model (communication, planning,

modeling, construction, deployment) applied in an iterative fashion. Each iteration produces

deliverable increments of the software. When an incremental model is used, the first increment is

often a core product. As a result of use and/or evaluation, a plan is developed for next increment.

The plan addresses the modification of the core product to better meet the needs of the customer

21


22/42


23/42

The design process translates requirements into a representation of the software that can be

assessed for quality before coding begins. Design is a multi-step process that focuses on: data

structure, software architecture, interface representations, and procedural detail.

Coding:Coding Phase translates the design into machine-readable form. If design is performed in

detailed manner, code generation can be accomplished mechanistically.

Testing:

Testing process focuses on the logical internals of the software, ensuring that all statements have

been tested, and on functional externals; that is, conducting tests to uncover errors and ensure that

defined input will produce actual results that agree with the required results.

Maintenance And Support:

Software will undoubtedly undergo change after it is delivered to the customer. Software

support/maintenance reapplies each of the preceding phases to an existing program rather than anew one

3.2 Project Plan Using M-S Project

PROJECT DELIVERABLES:

The final outcome of the project is a modular application, called Defect Tracking System. It

provides functionality for fast & efficient project management.

TASKS AND MILESTONES:

The total duration for the completion of this project is about 6 months. All modules and testing will

be done in this period.

COST AND EFFORT ESTIMATION:

The Constructive Cost Model (COCOMO) is generally used for estimation measures of cost,

project duration, manpower, etc.

Like all estimation models, the COCOMO models require sizing information. This information can

be specified in the form of

Object points

23


24/42

Function points (FP)

Lines of source code (KLOC)

For our project, we use the sizing information in the form of Lines of source code (KLOC).

Total lines of Code for our Project, KLOC

Cost of each person per month, Cp (Cost per person-month)

Equations -:

Equation for calculation of Efforts in person-months for the COCOMO model is:

E = a * (KLOC) b

Where,

a = 2.4

b = 1.05, for an organic project

E = Efforts in person-months.

Equation for calculation of Duration of project in months for the COCOMO model is:

D = a * (E) b

Where,

a = 2.5

b = 0.38, for an organic project

D = Duration of project in months

Organic project:

Equation for calculation of Number of people required for completion of the project,

using the COCOMO model is:

N = E / D

Where,

N = Number of people requiredE = Efforts in person-months

D = Duration of project in months.

Equation for calculation of Cost of project, using the COCOMO model is:

24


25/42

C = D * Cp

Where, C = Cost of project

D = Duration of project in months

Cp = Cost incurred per person-month.

3.3 Data Flow Diagram:

A Data Flow Diagram is graphical technique that depicts informational flow and transforms that

are applied as data move from input to output. DFD provides additional information that is used

during the analysis of the information domain and serves as the basis for modeling of the function.

DFD serves 2 purposes:

To provide an indication of how data are transformed as they move through the system.

To depict the functions and sub-functions that transforms the data flow.

LEVEL 0 DFD:

25


26/42

Fig: DFD LEVEL 0

LEVEL 1 DFD

Fig : DFD LEVEL 1

3.4 Class Diagram

CLASS DIAGRAM:

A class diagram is a diagram that shows a set of classes, interfaces and collaborations and

their relationships. Generally, a class diagram is a collection of vertices and arcs. Classes are the

most important building block of any object-oriented system.

Class diagrams are usually used in one of the 3 ways:

1. To model vocabulary of the system.

2. To model simple collaboration.

3. To model a logical database scheme.

User

Identification

Send

notification

About theperson

user

Is user authenticated for

Information gathering.

26


27/42

Fig : CLASS DIAGRAM 1

user login

u_id : integer

u_pwd : string

log_res : bool

log_res()

load_page()

Assign groups

mem_ids :

string

proj_ids :

string create new_useru_id : string

u_pwd : string

adduser()

assignprofile()

construct queries

query_id : integer

query_description

: string

send_request

request_type : integer

send_request()

send device_type()

class diagra

m for project

27


28/42

Fig :CLASS DIAGRAM 2.

28


29/42

Fig : CLASS DIAGRAM 3.

29


30/42

userlogin

u_id : Lstring

u_pwd : string

log_res : bool

log_res()

load_page()import_issues

issue_id : integer

file_name : string

download_file()

report_bugs

issue_ id : s tring

issue_ status_s tring

noti fication_status : s tring

create_bug_report()

change_issue_status()

upload_bug_report()

send_request

request_type : integer

send_request()

send_device_type()

class diagra

m for tester

Fig : CLASS DIAGRAM 4.

3.5 Use Case Diagram

USECASE DIAGRAMS:

A use case diagram is a diagram that shows a set of use cases and actors and their relationships. A

use case specifies the behavior of a system or a part of a system and is a description of a set of

sequences of actions, including variants that a system performs to yield an observable result of

value to an actor. As mentioned below the use case diagrams are usually specified along with the

requirements analysis or can be used as an aid in the designing also at ten preliminary levels.

30


31/42

Fig : USE CASE DIAGRAM 1

31


32/42

Fig : USE CASE DIAGRAM 2

3.6 Sequence Diagram:

A sequence diagram is an Interaction Diagram that emphasizes the time ordering of the messages.

Thus it is a type of Interaction Diagram, which is used to model the dynamic aspects of the system.

Sequence diagram have two special features:

1. The objects lifetime can be shown clearly in them and

2. The focus of control can also be shown.

32


33/42

Fig :SEQUENCE DIAGRAM 1.

GroupManager Databaseserver

1.Enetrloginnameandpassword

2.Checkvalidity

3.Ifvalid,executemoduleelse

4.Viewproject status

5.Displaystatusviacrystal report

6.SendE-mail notification


33


34/42

Developer Databaseserver

1.Enterloginnameandpassword

2.Checkvalidity

3.Ifvalid,executemoduleelse

4.Checkforbugs

5.Displaybuglist

6.Resolvebugandchangeit's

7.Updatedatabase


Tester Databaseserver

1.Enterloginnameandpassword

2.Checkvalidity

3.If vaid,executemoduleelse

4.Checkfornewmoduletotest

5.Displaynewmodulelist if

6.Test moduleandcreatenewbug

7.Makenewentery

Fig : SEQUENCE DIAGRAM 4.

34


35/42

3.7 Entity Relationship Diagram:

The Entity Relationship Data model was developed to facilitate database design by allowing

specification of an enterprise schema that represents the overall logical structure of a database, the

ER-Data model is one of the several semantic data models; the semantic aspect of the model lies in

its representation of the meaning of the data.

The ER-model is very useful in mapping the meanings and interactions of real-world

enterprises onto a conceptual schema.

35

Employe

Passwo

rd

Grp_id

user_id NameDept

Design

ation

Isa

Proj.Manag

Group

Mana er

Developer Tester

Cre

ate Vie

w

Report

Cre

ate

Fix

Project

Category

Name

Platform

Prj_id

Issue

Tester

Status

Locati

onIssue_id


36/42

3.8 Deployment Diagram:

ServerMachine

Client

Machine

Client

Machine Client

machine

Client

Machine

Fig : DEPLOYMENT DIAGRAM

36


37/42

3.11 Test Procedures and Implementation:

Testing focuses primarily on the evaluation or assessment of product quality realized through a

number of core practices.

Finding and documenting defects in software quality.

Generally advising about perceived software quality.

Proving the validity of the assumption made in design and requirement

specifications through concrete demonstration.

Validating the software product functions as designed.

Validating that the requirements have been implemented appropriately.

Any engineered product can be tested in one of two ways:

1. Knowing the specified function that a product has been designed to perform, test can be

conducted that demonstrates each function is fully operational while at the same time searching for

errors in same function;

2. Knowing the internal workings of a product, test can be conducted to ensure that internal

operations are performed according to specifications and all internal components have been

adequately exercised. The first test approach is Black Box testing and second is White-Box testing.

UNIT TESTING - WITH TEST CASES AND RESULTS:

Unit Testing focuses on verification effort on the smallest unit of software design the

software component or module. Using the component level design description as a guide, important

control paths are tested to uncover errors within the boundary of the module.

WHITE BOX:

White box testing sometimes called as glass box testing.

Using white-box testing methods, the software designer can derive test cases that:

1. Guarantee that all independent paths within a module have been exercised at least once

2. Exercise all the logical decisions on their true or false sides,

3. Exercise all loops at the boundaries and within their operational bounds, and

37


38/42

4. Exercise internal structure to ensure their validity.

BLACK BOX:

Black box test also called as behavioral testing, focuses on the functional requirement of the

software. Black box testing attempts to find errors in the following categories:1. Incorrect or missing functions,

2. Interface errors,

3. Errors in data structures or external database accesses,

4. Behavior or performance errors, and

5. Initialization and termination errors

By applying black-box testing we derive a set of test cases that satisfy the following criteria:

1. Test cases that reduce by a count that is greater than 1, the number of additional test cases

that must be designed to achieve reasonable testing.

2. test cases that tell us something about the presence or absence of classes of errors, rather than

an error associated only with the specific test at hand.

LOOP TESTING:

Loop testing is a white-box testing technique that focuses exclusively on the validity of loop

constructs. Four different classes of loop can be defined: Simple loops, concatenated loops, nested

loops and unstructured loops.

MANUAL TESTING:

Manual Testing involves a Testers efforts. In it test cases are written which involves Test Case ID,

Test Case Name, Pre-Conditions, Post-Conditions, Design Steps etc. Then Tester follows the

DESIGN STEPS written in test case and accordingly notes down whether each step is PASSED or

FAILED.

INTEGRATION TESTING:

Integration testing is the systematic technique for constructing the program structure while at the

same time conducting tests to uncover errors associated with interfacing. The objective is to take

unit tested components and build a program structure that has been dictated by design.

38


39/42

TOP-DOWN OR BOTTOM-UP TESTING:

Top-down testing is an incremental approach to construction of program structure. Modules are

integrated by moving downward through the control hierarchy, beginning with the main control

moduleBottom-Up testing involves testing the modules at the lower levels in the hierarchy and the

working up the hierarchy of modules until the final module is tested. Because components are

integrated from the bottom-up, processing required for components sub-ordinate to a given level is

always available and the need for stubs is eliminated.

REGRESSION TESTING:

Regression testing is the re-execution of some subset of tests that have already been conducted to

ensure that changes have not propagated unintended side effects. Regression testing may be

conducted manually, by re-executing a subset of all test cases or using automated capture/playback

tools.

VALIDATION:

Validation refers to a different set of activities that ensures, the software that has been built is

traceable to customer requirements. It is performed after coding by dynamic testing and also

confirms whether the software meets user requirement. Unit testing, integration testing, system

testing and acceptance testing are its examples.

ALPHA TESTING:

Acceptance testing is sometimes called alpha testing. The alpha testing process continues until the

system developed and the client agrees that the delivered system is an acceptable implementation

of the system requirements.

BETA TESTING:

When a system is to be marked as a software product, a testing process called beta testing is often

used. Beta testing involves delivering a system to a number of potential customers who agree to use

that system. They report problems to the system developers.

39


40/42

SYSTEM TESTING:

System testing is a series of tests whose primary purpose is to fully exercise the computer based

system. Although each test has a different purpose, all work to verify that system elements have

been properly integrated and perform allocated functions.

SECURITY TESTING:Security testing attempts to verify that protection mechanisms built into a system will, in fact,

protect it from improper penetration.

It is process of attempting to demonstrate that a program or system does meet its original

requirement and objectives. It verifies operation from perspective of end user with the different

configuration. Following are the goals of security testing:

1. Usability testing

2. Performance testing

3. Load testing

4. Stress testing

5. Security testing

6. Configuration testing

7. Compatibility testing

8. Install ability testing

9. Recovery testing

PERFORMANCE TESTING

Performance testing is designed to test runtime performance of software within the context of an

integrated system. Performance testing occurs through all steps in testing process. Even at the unit

level, performance of the individual module may be accessed as white box tests are conducted. The

true performance can not be ascertained until all system elements are fully integrated.

40


41/42

5. DRAWBACKS AND LIMITATIONS

The system is tried up to the best to provide simplicity, capability and reliability to the user. As we

know nothing is perfect in world, and therefore my project also have some demerits in it.

Those demerits are as follows

Application support new version of software.

This project provides the group level accessing rights not the user level.

There is no version tracking for documents.

6. PROPOSED ENHANCEMENTS

Quality control certification System provides fast & convenient way of quality

control.

It provides user a facility to track variety of project-related issues.

This system has separate access to different user of system.

This system replaces manual processes with workflow automation

This will be a very efficient Project Management Tool.

Have good interfaces for user.

7. CONCLUSION

Quality control certification process provides user a facility to track variety of project-related

issues. This system replaces manual processes with workflow automation so that bugs areautomatically managed through their life cycle.

Development teams are not necessarily centralized so you need to support remote team

members. Quality control certification process using LAN setup also fulfills this requirement.

Quality control certification process provides LAN e-mail facility which gives user

quick way of communication with other members.

41


42/42

BIBLIOGRAPHY

ASP.Net 2.0 : Black book, Apress

Software Engineering : Roger S. Pressman

Analysis and design of Information system : James A. Senn

MS SQL Server 2005 : Wrox

C# .NET : Black Book

Qc Certification Process

Documents

Transcript of Qc Certification Process