Document that records data obtained from an experimentof evaluation in an organized manner, describes the environmental or operating conditions, and shows thecomparison of test results with test objectives.
The typical objectives of a test summary report are to:
Summarize all of the testing that was performed since the previous test summary report.
Enable project management andthe customer to know the status of project testing.
The typical benefits of a test summary report include:
Project management and the customer are informed of the current status of project testing.
Project management and the customer are informed of the current status of application quality.
Project management and the customer can take corrective action if necessary.
BUG REPORTS
BUG REPORT
Tester Name: Shivshankar Kumar Shah Module: Login.aspx
Test Date:28/9/2011
Objective : To check the functionality of login button
Description: 1. Run the login.aspx page
2. Type Valid Username
3.Type invalid passwd
Expected Results:- Error Msg
Actual Result :- Redirect to the Homepage
Bug Report
Tester Name: Shivshankar Kumar Shah Module:Search .aspx
Test Date : 28/3/2011
Objective: To check the functionality of Search Button
Description: 1. Run the Search NGO .aspx page
2.Type Valid NGO ID.
3.Type Invalid Id
Expected Result:-Error Msg
Actual Result:-Redirect to the NGO Master page
Bug Report
Tester ID:Shivshankar shah Module:ForgetPasswd.aspx
Test Date : 28/3/2011
Objective: To check the functionality of Send Button
Description: 1. Run the forget passwd .aspx page
2.Type Valid User name
3.Type Invalid email Id
Expected Result:-Error Msg
Actual Result:-Redirect to the Change Password page
Bug Report
Tester ID: shivshankar shah Module:Feedback.aspx
Test Date : 28/3/2011
Objective: To check the functionality of Send Button
Description: 1. Run the feedback.aspx page
2.Type Subject
3. Type Message
4.Type Invalid email Id
Expected Result:-Error Msg
Actual Result:-Redirect to the Home page
Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a computer program or a piece of electronic hardware, thus making it behave as expected. Debugging tends to be harder when various subsystems are tightly coupled, as changes in one may cause bugs to emerge in another. Many books have been written about debugging (see below: Further reading), as it involves numerous aspects, including: interactivedebugging, control flow, integration testing, log files, monitoring (application, system),memory dumps, profiling, Statistical Process Control, and special design tactics to improve detection while simplifying changes.
SCOPE
As software and electronic systems have become generally more complex, the various common debugging techniques have expanded with more methods to detect anomalies, assess impact, and schedule software patches or full updates to a system. The words "anomaly" and "discrepancy" can be used, as being more neutral terms, to avoid the words "error" and "defect" or "bug" where there might be an implication that all so-called errors, defects or bugs must be fixed (at all costs). Instead, an impact assessment can be made to determine if changes to remove an anomaly (or discrepancy) would be cost-effective for the system, or perhaps a scheduled new release might render the change(s) unnecessary.
Tools
Debugging ranges, in complexity, from fixing simple errors to performing lengthy and tiresome tasks of data collection, analysis, and scheduling updates. The debugging skill of the programmer can be a major factor in the ability to debug a problem, but the difficulty of software debugging varies greatly with the complexity of the system, and also depends, to some extent, on the programming language(s) used and the available tools, such as debuggers. Debuggers are software tools which enable the programmer to monitor the execution of a program, stop it, re-start it, set breakpoints, and change values in memory. The term debugger can also refer to the person who is doing the debugging.
Generally, high-level programming languages, such as Java, make debugging easier, because they have features such as exception handlingthat make real sources of erratic behaviour easier to spot. In programming languages such as C or assembly, bugs may cause silent problems such as memory corruption, and it is often difficult to see where the initial problem happened. In those cases, memory debuggertools may be needed.
In certain situations, general purpose software tools that are language specific in nature can be very useful. These take the form of static code analysis tools. These tools look for a very specific set of known problems, some common and some rare, within the source code. All such issues detected by these tools would rarely be picked up by a compiler or interpreter, thus they are not syntax checkers, but more semantic checkers. Some tools claim to be able to detect 300+ unique problems. Both commercial and free tools exist in various languages. These tools can be extremely useful when checking very large source trees, where it is impractical to do code walkthroughs. A typical example of a problem detected would be a variable dereference that occurs before the variable is assigned a value. Another example would be to perform strong type checking when the language does not require such. Thus, they are better at locating likely errors, versus actual errors. As a result, these tools have a reputation of false positives.
Techniques
§ Print (or tracing) debugging is the act of watching (live or recorded) trace statements, or print statements, that indicate the flow of execution of a process.
§ Remote debugging is the process of debugging a program running on a system different than the debugger. To start remote debugging, debugger connects to a remote system over a network. Once connected, debugger can control the execution of the program on the remote system and retrieve information about its state.
§ Post-mortem debugging is debugging of the program after it has already crashed. Related techniques often include various tracing techniques (for example, and/or analysis of memory dump (or core dump) of the crashed process. The dump of the process could be obtained automatically by the system (for example, when process has terminated due to an unhandled exception), or by a programmer-inserted instruction, or manually by the interactive user.
§ Delta Debugging - technique of automating test case simplification.
INDENTATION
Code Indentation:
Variable `wave-block-indent' specifies relative indent for
block statements(begin...end),
variable `wave-continuation-indent' specifies relative indent for
continuation lines.
Continuation lines inside [], (), {} (structures) are indented by
`wave-continuation-indent' chars after opening parenthesis.
Continuation lines in PRO, FUNCTION declarations are indented
just after the procedure/function name followed by comma.
Labels not followed by code are left justified to the beginning
of the line.
Include files introduced by '@' are left justified to the beginning
of the line.
COMMENT INDENTATION
Comment Indentation:
Full line comments starting at the beginning of the line are
are not indented.
Full lin comments starting with white space are indented as
a code.
Code line comment is indented to the value of `comment-column'.
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. The term computer system security means the collective processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively. The strategies and methodologies of computer security often differ from most other computer technologies because of its somewhat elusive objective of preventing unwanted computer behavior instead of enabling wanted computer behavior.
Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. Database security is also a specialty within the broader discipline of computer security.
Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems.
Database security is more critical as networks have become more open.
Databases provide many layers and types of information security, typically specified in the data dictionary, including:
§ Access control
§ Auditing
§ Authentication
§ Encryption
§ Integrity controls
Database security can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.
IT provides a formidable defense against SQL Injection, Script Injection (Cross Site Scripting), Input Tampering, and Brute Force attacks on your ASP.NET web sites.
· FieldSecurityValidator - A validator for visible controls where you can set attack detection rules and error messages on a field-by-field basis
· PageSecurityValidator - A validator for all inputs on the page. Use it to set rules on hidden fields, query string parameters, and cookies.
· Security Analysis Report - An audit of all the page's inputs and their security settings
· Log And Respond Engine - Log and email attacks, exceptions, and errors on your site
· Methods to Help Neutralize Inputs
· TextLengthSecurityValidator - A validator that reports errors when text exceeds a maximum. It looks at text after it is neutralized which causes it to grow.
· Slow Down Manager - Block access to a page after a number of attacks
· SQL and Script Detection Engines - Powerful and customizable algorithms that detect SQL and Script Injection attacks.
TRIGGERS SQL Server 2005 supports DDL Triggers. DDL Triggers are triggers that fire in response to data definition language (DDL) statements such as CREATE TABLE or UPDATE STATISTICS. They're similar to the data manipulation language (DML) triggers that we've been using for years, except that they're tied to a database or server instead of a table or view. With DDL Triggers we can write code that runs in response to changes made to server and database objects. This can be a very powerful tool. (It becomes even more powerful when used with SQL Server's CLR Integration feature, which allows SQL Server objects to be created with our choice of .NET language.) DDL Triggers can be used for many purposes, but most commonly for change tracking and prevention.
This article introduces DDL Triggers and shows how to use them to track and prevent changes to database objects. We'll discuss trigger creation, trigger deletion, and trigger security. We'll also walk through some examples of typical DDL Trigger use. Along the way, we'll see how we can use XQuery to retrieve specific information about the event that caused the trigger to fire. Although a thorough knowledge of XQuery isn't critical, it's definitely beneficial
Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data.
In simple terms, data security is the practice of keeping data protected from corruption and unauthorized access. The focus behind data security is to ensure privacy while protecting personal or corporate data.
ENCRYPTION
Encryption has become a critical security feature for thriving networks and active home users alike. This security mechanism uses mathematical schemes and algorithms to scramble data into unreadable text. It can only by decoded or decrypted by the party that possesses the associated key.
(FDE) Full-disk encryption offers some of the best protection available. This technology enables you to encrypt every piece of data on a disk or hard disk drive. Full disk encryption is even more powerful when hardware solutions are used in conjunction with software components. This combination is often referred to as end-based or end-point full disk encryption.
Authentication
Authentication is another part of data security that we encounter with everyday computer usage. Just think about when you log into your email or blog account. That single sign-on process is a form authentication that allows you to log into applications, files, folders and even an entire computer system. Once logged in, you have various given privileges until logging out. Some systems will cancel a session if your machine has been idle for a certain amount of time, requiring that you prove authentication once again to re-enter.
The single sign-on scheme is also implemented into strong user authentication systems. However, it requires individuals to login using multiple factors of authentication. This may include a password, a one-time password, a smart card or even a fingerprint.
Backup Solutions Data security wouldn't be complete without a solution to backup your critical information. Though it may appear secure while confined away in a machine, there is always a chance that your data can be compromised. You could suddenly be hit with a malware infection where a virus destroys all of your files. Someone could enter your computer and thieve data by sliding through a security hole in the operating system. Perhaps it was an inside job that caused your business to lose those sensitive reports. If all else fails, a reliable backup solution will allow you to restore your data instead of starting completely from scratch.
VALIDATION CONTROLS
Set of server controls bundled with ASP.NET which verifies user input. After coming from HTML server controls and Web server controls, input is checked against requirements defined by the developer. Validation controls check input check on the server side. Also, validation controls can validate using client-side scripting if the user's browser supports DHTML.
User Input Validation
While any application can be designed with sound logic and good technology and can deliver high performance with accuracy, some errors could still creep into it. This could be due to wrong inputs by users. While the programmer may have taken care of all the exceptions it could cause a loss of business goodwill if a customer is confronted with an error message after he has input data into a number of fields. All of us are familiar with warnings like “Please enter a valid ZIP” or “Please Enter Your First Name!” and so on!
Thus some client side validations ensure that correct data is sent to the application. We can ensure such validations using validation controls. .NET Framework provides several controls for different types of validations.
The validation Controls that are available in .Net Framework are given below:
Control
Description
RequiredFieldValidator
Ensures that the user enters data in the associated data-entry control
CompareValidator
Uses comparison operators to compare user-entered data to a constant value or the value in another data-entry control
RangeValidator
Ensures that the user-entered data is in a range between given lower and upper bounds
RegularExpressionValidator
Ensures that the user entered data matches a regular expression pattern
CustomValidator
Ensures that the user-entered data passes validation criteria that you set yourself
Required Field Validators This is one of the simplest controls to use. This validating control makes sure that the users have entered data into a data-entry control. For example, you may want to make sure that users enter their mail id or their credit card number before they proceed to submit the form. The RequireFieldValidator control will ensure that the user will not be able to complete the form submission with null value for the field associated with this control.
The InitialValue property of this control has an initial value set to an empty String (“”) by default. The control raises an error message if this value does not change when validation occurs.
The other controls do not perform validation if the data entry field is empty and make it appear that the validation succeeded when no validation check has been performed. Therefore, it is imperative that a validation check be performed before other checks are activated.
Comparison Validators This control is used to validate the value entered in to one data entry control by comparing it with the data entered in to another control. The ControlToValidate property sets the field to be validated. The ControlToCompare property specifies the control to compare with. You can also validate the data from constant value by setting the property ValueToCompare. When you set both the ControlToCompare and ValueToCompare then ControlToCompare takes precedence.
The Operator property sets the type of comparison that will be performed.
Table showing the values for Operator property:
Value
Description
Equal
Checks if the comared values are equal
NotEqual
Checks if the compared values are not equal
GreaterThan
Checks for greater than relationship
GreaterThanEqual
Checks for greater than or equal relationship
LessThan
Checks for Less than relationship
LessThanEqual
Checks for less than or equal relationship
DataTypeCheck
Compares the data types between the value entered into the data-entry control that is validated and the data type specified
The type property can have any of the following values:
1. String
2. Integer
3. Double
4. Date
5. Currency
Range Validators
A range validator test is used to check if the value entered in the data-entry control is within a specified range of values. The property ControlToValidate is set to the control that contains the data which is to be validated. The property MinimumValue sets the minimum value of the range. The property MaximumValue sets the maximum value of the range. The property Type sets the date type of the values to be compared. All the types of comparisons discussed above are still valid for this also.
Regular Expression Validator
RegularExpressionValidator control is used to check if the value in a data-entry control matches a pattern defined by a regular expression. You can check even the format of the text entered. Regular expressions are generally made up of test with embedded codes that start with a backslash (). For instance a simple expression for checking for either a uppercase or lower case alphabet is given by the expression “ b[A-ZA-z]+b.
Custom Validators
This control allows the developer freedom to define his own validations. The property ClientValidationFunction property sets the name of function or script that will do the validation. This function takes two parameters. The first argument source identifies the source control to validate. The second argument arguments hold the data to validate.
The Causes Validation Property
CausesValidation is one of the public instance properties of the control class, which specifies whether all controls which require validation gets it when the control gets focus. It returns true if the control causes validation to be performed on any controls requiring validation when it receives focus and false otherwise.
Exception Handling
Exception handling is an in built mechanism in .NET framework to detect and handle run time errors. Exceptions are defined as anomalies that occur during the execution of a program. The .NET framework provides a rich set of standard exceptions that are used during exceptions handling. Exception handling is one of the major feature provide by .NET. There might be various reason to handle exception, this can be caused due to improper user inputs, improper design logic or system errors. In this scenario if application do not provide a mechanism to handle these anomalies then there might be cases the application may crash. .NET run time environment provide a default mechanism, which terminates the program execution.
This article provides insight about exception handling on the basis of ASP.NET and C# as code behind.
ASP.NET Exception Handling
In ASP.NET exception handling is achieved using the
· Try
· Catch
· Finally block.
All the three are ASP.NET keywords and are used do exception handling. The try block encloses the statements that might throw an exception whereas catch block handles any exception if one exists. The finally block can be used for doing any clean up process. Any general ASP.NET exception forces the application to terminate without allowing the code to continue executing, resulting in an error page.
try
{
// Statements that are can cause exception
}
catch(Type x)
{
// Statements to handle exception
}
finally
{
// Statement to clean up
}
try-catch-finally block in ASP.NET
<Script runat=server>
Public Page_Load(sender As Object, e As EventArgs)
{
try
{
// Statements that are can cause exception
}
catch(Type x)
{
// Statements to handle exception
}
finally
{
// Statement to clean up
}
}
</Script>
· User should be login with a password.
· User cannot access the private details or information .
· User have rights to register or recover password to authorized the system.
Network security is a serious matter. A network allows you to share information and resources, but it also lets computer viruses, human intruders, or even disgruntled employees do far more damage than they could on a single machine. Think about what would happen if every bit of data on your local area network (LAN) vanished, and you'll understand why security is so important.
Here is a brief list of security measures:
· Virtual data still requires physical security. This could mean keeping your server in a locked room, removing disk drives from workstations that don't need them, and installing an alarm system in your office. All the security software in the world won't stop someone from breaking into your office and carting off your computers.
· Beware of bugs. Most computer viruses are just a nuisance, but it takes only one malevolent virus to bring your network to its knees. Install reliable antivirus software, keep it updated, and train your employees to use it. Think about other protective measures, such as installing only shrink-wrapped commercial software on your computers.
· Network security is a daily job. Stay on top of changes that could affect the security of your LAN. Keep your operating system updated with the latest security patches and bug fixes. Assign access to directories and other network resources on a need-to-have basis, and remove a user's account immediately when they leave your company. Use network logging and security tests to check your network for security holes and possible break-ins.
· Pay attention to passwords. One bad password can compromise your entire network. Avoid passwords that contain dictionary words or personal information, and require users to change their passwords regularly. When an employee leaves the company, disable their password immediately as part of the termination process.
· Don't let trouble come calling. Take special precautions if you connect your LAN to the outside world through a wireless hotspot at your local cafĂ© or library. Protect against wireless attacks by using encrypted passwords or firewall, which can be in the form of portable hardware, such as a USB dongle.
· Install a software firewall. If you connect your LAN directly to the Internet, configure a firewall to screen both incoming and outgoing traffic. A software firewall like Zone Labs ZoneAlarm will also protect your network against malicious applications known as Trojan horses that let intruders enter and take over your computer system.
· Restrict access to the admin log pruning and viewing to the administrator only, and do not allow anybody else to have access to do that (including other admins)
· Keep the amount of admins and super mods very very low. I.e. only have yourself as an administrator if possible and if someone else needs admin control panel access, they can be set to the super mod usergroup.
· Turn off HTML in signatures, private messages and posting - this way old & new exploits can not be abused.
Turn off the way to link images dynamic with [ img ] tags.
· Keep an eye on your crew and if someone gets mad, track his steps more carefully and you can prevent someone to mass destruct your site.
· You can set the main administrator as 'invisible' and post on your site with a different username/pass - this way they can't 'guess' the username of the main admin that easy.
· You should frequently cycle through your passwords and make new ones, this way if one of your passes get out in the open, good chance that when they try it, it doesn't work. - Suggest your members and staff to do the SAME.
· Use hard to guess passwords to avoid brute force attacks - in case someone has the hashed (encrypted) password. Use upper and lower case letter, numbers and extra characters like @$% etc. (and at least 6 characters)
moo is easy to brute force and guess
!M0_o! is a bit harder
· Do not provide too much information about the server.
Software maintenance in software engineering is the modification of a software product after delivery to correct faults, to improve performance or other attributes.
This section describes the six software maintenance processes as:
1. The implementation processes contains software preparation and transition activities, such as the conception and creation of the maintenance plan, the preparation for handling problems identified during development, and the follow-up on product configuration management.
2. The problem and modification analysis process, which is executed once the application has become the responsibility of the maintenance group. The maintenance programmer must analyze each request, confirm it (by reproducing the situation) and check its validity, investigate it and propose a solution, document the request and the solution proposal, and, finally, obtain all the required authorizations to apply the modifications.
3. The process considering the implementation of the modification itself.
4. The process acceptance of the modification, by confirming the modified work with the individual who submitted the request in order to make sure the modification provided a solution.
5. The migration process (platform migration, for example) is exceptional, and is not part of daily maintenance tasks. If the software must be ported to another platform without any change in functionality, this process will be used and a maintenance project team is likely to be assigned to this task.
6. Finally, the last maintenance process, also an event which does not occur on a daily basis, is the retirement of a piece of software.
There are a number of processes, activities and practices that are unique to maintainers, for example:
§ Transition: a controlled and coordinated sequence of activities during which a system is transferred progressively from the developer to the maintainer;
§ Service Level Agreements (SLAs) and specialized (domain-specific) maintenance contracts negotiated by maintainers;
§ Modification Request and Problem Report Help Desk: a problem-handling process used by maintainers to prioritize, documents and route the requests they receive;
§ Modification Request acceptance/rejection: modification request work over a certain size/effort/complexity may be rejected by maintainers and rerouted to a developer.
A common perception of maintenance is that it is merely fixing bugs. However, studies and surveys over the years have indicated that the majority, over 80%, of the maintenance effort is used for non-corrective actions (Pigosky 1997). This perception is perpetuated by users submitting problem reports that in reality are functionality enhancements to the system.
Software maintenance and evolution of systems was first addressed by Meir M. Lehman in 1969. Over a period of twenty years, his research led to the formulation of eight Laws of Evolution (Lehman 1997). Key findings of his research include that maintenance is really evolutionary developments and that maintenance decisions are aided by understanding what happens to systems (and software) over time. Lehman demonstrated that systems continue to evolve over time. As they evolve, they grow more complex unless some action such as code refactoring is taken to reduce the complexity.
The key software maintenance issues are both managerial and technical. Key management issues are: alignment with customer priorities, staffing, which organization does maintenance, estimating costs. Key technical issues are: limited understanding, impact analysis, testing, maintainability measurement. Corrective
Corrective software maintenance involves developing and deploying solutions to problems ("bugs") that arise during use of a software program. Computer users will notice performance problems with software, such as error messages coming on the screen or the program freezing or crashing, meaning corrective software maintenance is needed. Often these fixes permanently solve the problem, but not always. Some fixes act as a temporary solution while computer programmers work on a more permanent solution. Perfective
No software program contains zero flaws or areas for improvement. Perfective software maintenance involves computer programmers working to improve the way a software program functions or how quickly it processes requests. Programmers may also engage in perfective software maintenance to improve the software's menu layouts and command interfaces. Sometimes programmers need to conduct perfective maintenance on software because of outside influences, such as new government regulations that affect how a business operates.
Adaptive 
The field of technology constantly changes through both hardware and software developments. Adaptive software maintenance addresses these changes. A change in a processor's speed, for example, will affect how the software performs on a single computer. Software interacts with other software programs on a computer or network, meaning changes in one program can require changes in other programs. A user will eventually introduce new software to the computer or network, which can also affect how other software already present operates. Preventative
When computer programmers engage in preventative software maintenance they try to prevent problems with software programs before they occur. Programmers seek to prevent corrective maintenance as much as possible, while also anticipating adaptive maintenance needs before users experience problems. Computer programmers also test the software with other programs users likely will use on their computers making sure compatibility issues do not arise.
1. In future, we will try to make availability of variousschemes for NGOs/VOs in the automated way using a online platform so that it will be done in in time.
2. This is a windows based application; hence it has a limited access. We will try to make it online so that its access gets widened & users from all over the India can access these services.
3. In future this website will be used and highly demand for user of NGO to apply and get the information reated to NGOs, Schemes, and Project.
4. If this software will be online, then it will facilitates many online services like:-
v Online application for schemes/projects.
v Online tracking application.
v Special announcement.
v Credit/Debit card payments.
No comments:
Post a Comment