Tag Archives: Requirement analysis

What to Learn on Day One of Application Development

Day One

Well, I would surely not recommend you to go over the application code and look for things like classes, interfaces, data model, design patterns etc. It definitely has to be everything else than the application code. If you have just landed on to a new application development project and shall be going to start working on the application soon, you may want to understand some of the following on day one rather than nitty-gritties of the application itself: Business overview: The idea is to understand key business functions which is served by the application. The output of business overview can be functional decomposition which can be later related to one …

Continue reading

Posted in Software Engg. Tagged with .

Top 7 Security Attack Questions While Analyzing Every Requirement

security attacks

Following are top 5 security attack related questions that you could ask while analyzing the each requirement in hand, the answers to which could help you put better design in relation with security: Security threats analysis related with data entering into/coming out of the system: How could an attacker inject SQL commands? (OWASP SQL Injection). Solution: Use parameterized SQL queries rather than building SQL statements dynamically using string concatenation How could an attacker perform a cross-site scripting attack? (OWASP Cross-Site Scripting – XSS). Solution: Use OWASP ESAPI to sanitize user input against scripts such as Javascript that could lead to XSS attacks.  This is more about doing input data validation as soon as …

Continue reading

Posted in Application Security. Tagged with , .