Dheerendra Singh

Analysis for security implementation in SDLC

Software development is not only a single motive process as development but also have to handle number of different issues as like security. For basic software development, we generally use SDLC models for development like web projects, applications, services etc. but in this development process we are not taking care of security issues which are demand of these days. There is no central body who manage all the crucial tasks. The essence of this paper lies in study of security issues as well as importance of security in SDLC models. Moreover, we focused over review in recent development area as we get differentiate in traditional SDLC security issues with SDLC security issues in virtualized scenarios as cloud. Here, we discussed the role of team and their members in feasibility and planning phases for analysis. This study helps in access control, risk assessment and security monitoring. We studied about risk classification for better risk assessment in different phases.

Survey on trust establishment in cloud computing

Cloud computing has recently appear as a promising hosting platform that performs an smart usage of a collection of services, applications, information and infrastructure composed of pools of computer resources for storage with the ability to provide users dynamically scalable, shared resources over the Internet and avoid large forthright fixed costs. However along with these advantages, that is storing of data on the clouds including invaluable information which attracts highly skilled blackhat-hackers thus creating a need for the security to be considered for improving clients trust over the information and services in cloud computing as one of the critical issues. In this survey paper, we have reviewed trust and security relation and proposed an Distributed Trust Model as per actors and their role which help us for managing trust over the services provided by any cloud. In our study, we found that as in distributed approach is implemented in our mechanism; it brings better quality of service and client response.

Penetration Testing as a Test Phase in Web Service Testing a Black Box Pen Testing Approach

The study involves the implementation of the black box penetration testing approach; it deals with the step by step idea to conduct a penetration testing on web services as a user not as a developer. In this, we study about top vulnerabilities that are found in SOAP web services and how to exploit them to get confidential information which an attacker can regenerate and gain access to and what countermeasures the developer can take to prevent such vulnerabilities. So to prevent such malicious attack we should test them beforehand and fix the vulnerabilities before deploying web services over the network. We discussed about SOA architecture and black box penetration testing as a part of development lifecycle. We used SOAP UI and Burp Suite to test Web Services for security vulnerabilities.

Test Case Optimization and Prioritization of Web Service Using Bacteriologic Algorithm

Regression testing, testing is done on the changes made in existing software to check whether the existing software is working properly or not after the changes has been done. Therefore, retesting is performed to detect the new faults found. This type of testing is performed again and again after the changes have been made in the pre-existing software. Various methods are used for test case reduction and optimization for a web service. Regression testing creates a large number of test suites which consumes a lot of time in testing and many other problems are faced. Therefore, some technique or method should be used so that number of test cases are reduced and also test cases can be prioritized keeping in mind the time and budget constraints. The test case reduction and prioritization need to be achieved depending on various parameters such as branch coverage and also on basis of fault coverage etc. Therefore, this paper discusses about the analysis of the code of a web service and the technique used to analyze a web service based on branch or code coverage and also the fault detection for test case reduction and prioritization is bacteriologic algorithm (BA). The test cases generated and also other requirements are mapped with the branch coverage and fault coverage of the code of the web service.

Analysis of Classical and Quantum Computing Based on Grover and Shor Algorithm

Quantum Computing is the study of evolving computing technology. It works with qubits (quantum bits), unlike classical computing (which works on classical bits). A quantum computer can do multiple tasks at a time and that’s why they are more efficient than traditional computers. In this paper, it has been thoroughly discussed about qubits, Superposition of qubits, gates, Superdense Coding, quantum programming languages and specially algorithms and how they are better than the best known classical algorithms. There is an exponential speedup in many of the operations performed by quantum algorithms as compared to classical algorithms. They are compared on their complexities. Most highly recognized algorithms in the field of quantum computing are: Grover’s algorithm for database search and Shor’s algorithm for factoring large integers into two prime numbers efficiently. In future, if quantum computers are made, it would be easier to encrypt the information that should not be revealed such as government databases in a new and secure way. Here, we will discuss about the commands used in quantum computing language (QCL) and mathematical proofs of few of the algorithms such as Deutsch–Jozsa algorithm, etc.

Comparative Analysis of Metaheuristics Based Load Balancing Optimization in Cloud Environment

Cloud Computing Technology provides computing resources as a utility service. The objective is to achieve maximum resource utilization with minimum service delivery time and cost. The main challenge is to balance the virtual machines (VM) load in cloud environment and it requires distributing the load between many virtual machines while avoiding underflow and overflow conditions, which depend on capacity of VMs. In this paper, load balancing of VMs have been done based on Ant Colony Optimization (ACO) and Bat algorithm for underflow and overflow VM identifications respectively. As cloud applications involve huge computations and are highly dynamic in nature, so Directed Acyclic Graph (DAG) files of various scientific workflows have been used as input data during implementation of the proposed methodology. Workflows used for experiments are Cybershake, Genome, Ligo, Montage, Sipht and VMs vary from 2 to 20 on a single host configuration. Initially, the workflows are parsed through Predict earliest Finish time (PEFT) heuristic which initializes the metaheuristics rather than using random initialization. Thus, metaheuristics are providing optimal initial parameters which further optimize the VM utilization by balancing their load. The performance of metaheuristics on the basis of makespan and cost metrics has been evaluate, analyzed and compared with the Particle Swarm Optimization (PSO) approach used for load balancing.

Security Testing of Web Applications: Issues and Challenges

Due to the increasing complexity of web systems, security testing has become indispensable and critical activity of web application development life cycle. Security testing aims to maintain the confidentiality of the data, to check against any information leakage and to maintain the functionality as intended. It checks whether the security requirements are fulfilled by the web applications when they are subjected to malicious input data. Due to the rising explosion in the security vulnerabilities, there occurs a need to understand its unique challenges and issues which will eventually serve as a useful input for the security testing tool developers and test managers for their relative projects.