3. What is Quality Assurance
What is quality?
Who we are?
Why we are doing
IEE Glossary:
Degree to which a system,
component or process meets
specific requirements and
customer or user needs or
expectations
ISO Definition:
The totality of features and
characteristics of a product or service
that beat on it’s ability to satisfy
specified or implied needs
“Set of systematic activities providing evidence to the ability of software
process to produce a software product that is fit to use” by G.Schulmeyer and
J.McManus, Software Quality Handbook, Prentice Hall, 1998
4. Quality Assurance
• Quality assurance activities are work process oriented.
• They measure the process, identify deficiencies, and suggest improvements.
• The direct results of these activities are changes to the process.
• These changes can range from better compliance with the process to entirely
new processes.
• The output of quality control activities is often the input to quality assurance
activities.
• Audits are an example of a QA activity which looks at whether and how the
process is being followed. The end result may be suggested improvements or
better compliance with the process.
5. Quality Control
• Quality control activities are work product oriented.
• They measure the product, identify deficiencies, and suggest improvements.
• The direct results of these activities are changes to the product.
• These can range from single-line code changes to completely reworking a
product from design.
• They evaluate the product, identify weaknesses and suggest improvements.
• Testing and reviews are examples of QC activities since they usually result in
changes to the product, not the process.
• QC activities are often the starting point for quality assurance (QA) activities.
12. A Formal SQA Process Development
Phase
Pre-QA Phase
(Sanity Test)
QA Phase
(Smoke Test)
Bug Submission
Re-Test Phase
Integration Test
Regression Test
Alpha Test
Beta Test
Release
43. Malwares and their types
Malware is software written specifically to harm and infect the host system.
Malware includes viruses along with other types of software such as trojan horses,
worms, spyware, and adware. Advanced malware such as ransomware are used
to commit financial fraud and extort money from computer users.
44. Virus
Virus is a specific type of malware by itself. It is a contagious piece of code that
infects the other software on the host system and spreads itself once it is run. It is
mostly known to spread when software is shared between computers. This acts
more like a parasite.
45. Adware
Adware is also known as advertising-supported software. It is software which
renders advertisements for the purpose of generating revenue for its author. The
advertisements are published on the screen presented to the user at the time of
installation. Adware is programmed to examine which Internet sites, the user visits
frequently and to present and feature related advertisements. Not all adware has
malicious intent, but it becomes a problem anyway because it harms computer
performance and can be annoying.
46. Spyware
This type of malicious software, spies on you, tracks your internet activities. It
helps the hacker in gathering information about the victim’s system, without the
consent of the victim. This spyware’s presence is typically hidden from the host
and it is very difficult to detect. Some spyware like keyloggers may be installed
intentionally in an organization to monitor activities of employees.
47. Worms
This type of malware will replicate itself and destroys information and files saved
on the host PC. It works to eat up all the system operating files and data files on a
drive.
48. Trojan
Trojans are a type of virus that are designed to make a user think they are a safe
program and run them. They may be programmed to steal personal and financial
information, and later take over the resources of the host computer’s system files.
In large systems, it may attempt to make a host system or network resource
unavailable to those attempting to reach it. Example: you business network
becoming unavailable.
49. Ransomware
Ransomware is an advanced type of malware that restricts access to the
computer system until the user pays a fee. Your screen might show a pop-up
warning that your have been locked out of your computer and that you can access
only after paying the cybercriminal. The cybercriminal demands a ransom to be
paid in order for the restriction to be removed. The infamous Cryptolocker is one
type of ransomware.
53. A Breach – Attack View (Example)
1. Attacker scans and attempts exploitation, but fails
2. Attacker utilizes social engineering against a selected population
3. Victim(s) fall for the ruse allowing attacker to enter the
environment
4. Attacker leverages user/system access to spread to other systems
5. Attacker consolidates loot (data, passwords, bank access, etc.)
6. Attacker sends data back out of environment
56. OWASP Top 10 Checklists for web development
A1:2017-Injection
A2:2017-Broken Authentication
A3:2017-Sensitive Data Exposure
A4:2017-XML External Entities (XXE)
A5:2017-Broken Access Control
A6:2017-Security Misconfiguration
A7:2017-Cross-Site Scripting (XSS)
A8:2017-Insecure Deserialization
A9:2017-Using Components with Known Vulnerabilities
A10:2017-Insufficient Logging & Monitoring