Assignment Code: MSEI-025/TMA/2023

Course Code: MSEI-025

Assignment Name: Application and Business Security Developments

Year: 2023

Verification Status: Verified by Professor

There are two questions in this assignment. Answer all the questions. You may use illustrations and diagrams to enhance your explanations.

Question 1: Explain the characteristics of Well Formed Design. (10 Marks)

Ans) The term "well-formed design" is used to describe designs that work well, are efficient, and look good. There are a few things that a well-formed design should have, such as:

Complete and Sufficient

When it comes to the design class, the word "complete" means that the design is done. The design class should include all the entities (attributes and methods) that are needed in the situation described by the design class. Sufficiency is a relative term that describes how a design is just right (neither more nor less). Hence, a well-formed design class usually possess both the properties i.e. complete and sufficiency respectively.

High Degree of Cohesion

This feature shows that when a design class is made to serve a certain purpose, its attributes and methods should also serve the same purpose. Till this condition is satisfied, we refer that these classes are maintaining high degree of cohesion property.

Low Degree of Coupling

Most of the time, it is true that the design classes in a given model should work together. But this cooperation shouldn't go all the way to the top. This is because a model of design classes with a high degree of 0 collaboration is hard to rest, maintain, etc.; also, in this case, we need to consider the "Law of Diameter," which says that when there are multiple "subsystems," different methods belonging to a single subsystem should talk to each other by sending messages, while restricting the methods of one class from talking to the methods of another class where the two classes belong.

Primitiveness

It suggests that any method belonging to a given design class should be made to handle only single purpose. So, once a method is used to achieve a certain goal, it shouldn't be used again to achieve any other goal.

Question 2: Why do we need Coding Standards? List out the rules for developing Secured Code? (10 Marks)

Ans) Coding standards are a set of guidelines that help developers write code that is easy to read, maintain, and understand. They provide consistency in code style, naming conventions, and formatting, which makes it easier for developers to work together on a project. Standards for coding also help make sure code is safe and reliable.

Here are some reasons why it's important to have coding standards:

1. Consistency: Coding standards help make sure that all of the code in a project is the same. This makes it easier for developers to read and update the code.

2. Maintainability: Coding standards that are always the same make it easier to maintain and update code over time. This makes it less likely that bugs or mistakes will get into the code.

3. Readability: Coding standards help make code easier to read by setting rules for naming, indenting, and formatting.

4. Security: Coding standards help make sure that code is safe by making sure that the best security practises are followed. For example, they make sure that SQL injection and cross-site scripting attacks are not used.

5. Performance: Coding standards can also help improve performance by enforcing best practises for optimising code, such as reducing the number of database queries and minimising network requests.

Here are some rules for developing secure code:

1. Input Validation: Always validate user input to prevent SQL injection and other types of attacks.

2. Access Control: Limit access to sensitive data and functionality to authorized users only.

3. Authentication: Use strong authentication methods to make sure users are who they say they are and stop people from getting in who shouldn't.

4. Error Handling: Handle errors gracefully and avoid exposing sensitive information in error messages.

5. Cryptography: Use strong encryption and hashing algorithms to protect sensitive data.

6. Secure Communications: Use secure protocols like HTTPS to protect data in transit.

7. Code Review: Perform code reviews to identify and fix security vulnerabilities before they can be exploited.

8. Regular Updates: Keep your software up to date with the latest security patches and updates.