Hyperion® System™ 9 Supported Platform Matrices · PDF filel Hyperion® System™ 9 BI+™ Web Analysis
9 System Analysis
6
12 CHAPTER 3 SYSTEM ANALYSIS AND DESIGN 3.1 PROBLEM DEFINITION The increased volume of transaction and communication over the World Wide Web in industries like banking, insurance, healthcare, travel and many others has triggered a number of unprecedented security issues. Most web applications today are susceptible to attacks ranging from unauthorized access, movement, alteration or deletion of files, virus attacks, and thefts of data. The use of perimeter defenses like firewalls, anti-viruses and the likes are insufficient. Because of this, industries are seeking for more comprehensive security measures that can be incorporated in their web applications. There are people out there whose only intention is to break into computer systems and networks to damage them, whether it is for fun or profit. These could be novice hackers who are looking for a shortcut to fame by doing so and bragging about it on the internet. These could also be a group of organized criminals who work silently on the wire. They don’t make noise but when their job is done, it reflects into a huge loss for the organization in question – not to mention a huge profit for such criminals.
description
System Analysis
Transcript of 9 System Analysis
12
CHAPTER 3
SYSTEM ANALYSIS AND DESIGN
3.1 PROBLEM DEFINITION
The increased volume of transaction and communication over the World
Wide Web in industries like banking, insurance, healthcare, travel and many others has
triggered a number of unprecedented security issues. Most web applications today are
susceptible to attacks ranging from unauthorized access, movement, alteration or deletion
of files, virus attacks, and thefts of data. The use of perimeter defenses like firewalls, anti-
viruses and the likes are insufficient. Because of this, industries are seeking for more
comprehensive security measures that can be incorporated in their web applications. There
are people out there whose only intention is to break into computer systems and networks
to damage them, whether it is for fun or profit. These could be novice hackers who are
looking for a shortcut to fame by doing so and bragging about it on the internet. These
could also be a group of organized criminals who work silently on the wire. They don’t
make noise but when their job is done, it reflects into a huge loss for the organization in
question – not to mention a huge profit for such criminals.
3.2 EXISTING SYSTEM
With so many techniques and so many approaches to testing the security of
web applications, it can be difficult to understand which techniques to use and when to use
them. Experience shows that there is no right or wrong answer to exactly what techniques
should be used to build a testing framework. The fact remains that all techniques should
probably be used to ensure that all areas that need to be tested are tested. What is clear,
however, is that there is no single technique that effectively covers all security testing that
must be performed to ensure that all issues have been addressed. Many companies adopt
one approach, which has historically been penetration testing. Penetration testing, while
13
useful,cannot effectively address many of the issues that need to be tested, and is simply
“too little too late” in the softwaredevelopment life cycle (SDLC). there are times
andcircumstances where only one technique is possible; for example, a test on a web
application that has already beencreated, and where the testing party does not have access
to the source code.
3.2.1 Disadvantages of Existing System
Testing in initial or end of product development
Does not use all available security features
Inefficient
Does not find all vulnerabilities
Use only known vulnerabilitiesfor testing
3.3 PROPOSED SYSTEM
An inclusion of defense which will evidently reduce vulnerabilities in web
applications is seen to be in the development lifecycle of the application itself. Developers
need to learn and examine the vulnerabilities that could possibly occur in web applications
so that precautionary measures can be adopted in the implementation stage. The proposed
system serves as an elementary guideline for all those involved in the application’s
development process and more importantly designs and formulates a set of secure coding
policies and guidelines as pro-active remediation strategies to strengthen the security of
web applications.
Beside that implement SDLC methodology to design a new production
sample web site and testing the academy website which recently hosted and published. The
balanced approach includes several techniques, from manual interviews to technical
testing. The balanced approach is sure to cover testing in all phases of the SDLC. This
approach leverages the most appropriate techniques available depending on the current
SDLC phase. A balanced approach varies depending on many factors, such as the maturity
14
of the testing process and corporate culture. Fig 3.1 shows the proposed System
Architecture.
3.3.1 Advantages of Proposed System
Testing covers all phases of Software Development
Developers or analysist must aware of web application vulnerabilities
Finds all security weakness while development
Removes all kinds of vulnerabilities by combining the different techniques.
The Testing Generated by different techniques has high secured function.
3.4SYSTEM ARCHITECTURE
Fig.3.1 Proposed System Architecture
15
3.5 SYSTEM REQUIREMENTS
Software Requirements
Software -> JDK 5, JavaEE & HTML
Server -> GlassFish 3.0
IDE -> NetBeans 6.9.1
OS -> Windows XP
Hardware Requirements
RAM ->2GB
Processor -> Pentium Dual Core
Hard Disk -> 160GB
