GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 14:54:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
344ddf85c8
quartz/content/notes/20-SE-in-IA.md
Jet Hughes 344ddf85c8 vault backup: 2022-11-15 11:52:28
2022-11-15 11:52:29 +13:00

2.8 KiB
Raw Blame History

title aliases tags sr-due sr-interval sr-ease
20-SE-in-IA
comp210
lecture
2023-01-08 54 250

why

  • apps for IoT devices contain security flaws
    • smart home security breaches
    • kindles
    • vulnerable libraries lead to vulnerable devices
  • software helps us to use hardware
    • need to make the software secure

overview

combines computer science, engineering, and maths to make software

  • software engineering coined in 1968-1969 when discussing 'software cirsis'
    • security breaches
    • bugs etc

different from individual programming because of the Audience

  • types
    • generic software
      • stand alone systems e.e.g, word etc
    • customized software
      • designed specifically for a customer
    • generic can transistion to customised

dev process

  • tried to mirror engineering process
  • software is different
    • needs to be flexible

timeline

  • waterfall
  • spiral
  • agile

stages

design

  • feasability
    • slide
    • financial, legal, time, etc
  • requirements specification
    • stakeholders
      • anyone affected by the system
      • slide
    • features, requirements
      • slide
      • use vs system reqs
      • functional vs non functional
  • system design
    • slide
    • databse design
      • er model etc
    • architectural design
      • structure of application
      • mvc
        • view model controller
    • security
      • during development not after

develop

  • slide
  • version control
    • version control
    • centralised
  • issue tracking
    • keep track of tasks, bugs, feature requests etc
  • unit testing
  • code reviewing

validation

  • checking if system conforms to specs
    • unit testing
    • component testing
    • system testing
    • user acceptance testing (UAT)
      • UAT
      • finds issues that devs dont see
  • hehaviour driven development
  • code reviews
    • better than one single person
    • different perspectives

evolution

  • new requirements derived through software use
  • change in business processes occur as a result of new business opportunities
  • errors in software surface later
  • upgrade to new hardware,
  • need for improved system performance

for Information assurance

  • security should be central
  • think of security every step of the way
  • code resure and (SDKs) should be critically evaluated
    • often flaws are inherited from reused llibraries or copied online code
  • where are the security knowledge gaps
    • use tools to detect vulnerabilities