Quality Systems in IT - Assignment - Frontsheet

ASSIGNMENT FRONT SHEET
Edexcel
Qualification
Unit
BTEC
Level
HND
Diploma
in
Computing
and
Systems
Development
number
and
title
Unit 32: Quality systems in IT
Assignment due
Assignment submitted
Learners name
Assessor name
Learner declaration:
I certify that the work submitted for this assignment is my own and research sources are fully acknowledged.
Learner signature
Date
Grading grid
P1.
P1.
P1.
P2.
P3.
P3.
M1 M2 M3
D1
D2
D3
Assignment title
Quality in Amazons IT System Software Development
In this assignment, you will have opportunities to provide evidence against the following criteria.
Indicate the page numbers where the evidence can be found.
Assessment criteria
Expected evidence
Task
Assessors Feedback
no.
LO1. Understand the need for quality assurance in IT systems
Written
1.1 discuss appropriate A
standards
for
the which:
document 1
development of an IT 1. Explains
why
a
system
systematic approach to
quality assurance, and
quality
control
is
needed.
2. Discusses various SQA
standards.
A
1.2
assess
associated
the
risks
with
the
development of an IT
system
Written
discusses
system
quality
assurance practices at
stages
lifecycle
of
which
the
an
IT
has
database at its centre.
discuss
systems
risks
with
development
Written
describes
all
the
associated
1.3
document
of
the
development
document
the
development
systems
life-cycle
(SDLC) as it applies to
database
development,
and then go on to explain

how each phase of the
life-cycle
is
quality
assured
LO2. Be able to employ standard quality control documentation
2.1
produce
control
quality
software
test
plan
(STP)
documentation -
software
test
for each stage of the description (STD)

systems
development
lifecycle
- A software test report

(STR)
LO3. Be able to use project management tools

3.1
apply
planning
management
project 1. A Written
explains
and
tools
to
plan specific resources
document 3
the
importance of project
management
to
the
and requirements for an
production
3.2
evaluate
of
high
quality IT systems.
the
suitability of tools used b)

to
manage
the
development of an IT
system.
- a Work Breakdown
Structure
- a GANTT chart
Assessment criteria
Expected Evidence
Feedback
(note on Merit/Distinction if applicable)
5
M1 Identify and apply 1. Effective

strategies
to
find
appropriate solutions
judgements
have been made.

2. An effective approach
to study and research
M2
has been applied

Select/design and 1. Relevant theories and
apply
appropriate
methods/techniques
techniques have been

applied
2. The
design
of
methods/techniques
M3
Present
has been justified

and 1. An
appropriate
communicate
structure and method
appropriate findings
has
been
used
and
technical language has

been accurately used to
present the findings.
2. Communication
has
taken place in familiar

and unfamiliar contexts
6
D1
Use
critical 1. Conclusions have been
reflection to evaluate
arrived
at
through
own work and justify
synthesis of ideas and
valid conclusions
have been justified

2. The validity of results
has
been
evaluated
using defined criteria

D2 Take responsibility 1. Substantial
activities
for
managing
and
organising activities
have
been
managed and organized

2. Activities
D3
planned,
have
managed
Demonstrate 1. Self-evaluation
convergent/lateral/
creative thinking
been
has
taken place
2. Problems
have
been
solved
Summative feedback
Assessors
Date
Signature
IV Grading Check:
Comments if any:
Agree
Disagree
Modify grade to
IV Signature
Date
Amazon.com overview
The invention of the internet has changed the way we live our lives. Everything
people do in their day to day lives is in some form related to the internet. Days start
out by checking emails, posting on Facebook and Twitter, surfing the web, and then
shopping online. People use computer for just about everything in their lives and
over the past few years we have seen the growth of online sales increase
dramatically.
In 1994 Jeffrey Bezos began Amazon.com from his home is Seattle Washington. He
pioneered the idea of online sales and in 1995 officially launched the website and
made it available in English, Chinese, German and Japanese. It began selling strictly
books as a online book store. His ability to sell books online allowed his to carry
more books and titles in his inventory than an average book and mortar store. By
1997 he had gained 615 million visitors and sparked the interest of investors. After
he gained investors Benzos began to sell other item such as DVDs, VHS tapes,
software, videos and toys. He learned that people wanted to have the ability to buy
anything over the internet so he catered to their needs. By 1999 Bezon was named
man of the year by Time magazine and now Amazon expanded to food, jewelry,
baby products, beauty, sports goods, electronics and much, much more.
When Amazon was launched its intended market was readers and music lovers.
They offered varieties of books and music from every possible author and artist. Now
the websites audience is more than reader it expands to every person in the world.
Today, it is the world largest online retailer.
LO1. Understand the need for quality assurance in IT systems
1.1
discuss appropriate standards for the development of an IT system
Quality Assurance (QA):

9
Quality assurance is a process based approach whose prime objective is to prevent

defects in deliverables in the planning stage to avoid rework, which costs a lot.
Quality assurance is a proactive process and it emphasizes planning, documenting,
and finalizing the guidelines that will be necessary to assure the quality. This process
starts at the very beginning of the project to understand the products requirements
and expectations. Once all requirements and expectations are identified, a plan is
developed to meet these requirements and expectations.
There are basically three tools used in quality management: quality audit, process
analysis, and quality management and control tools.
In quality audit, a team of external experts come and review the process and
procedures. If they find any discrepancies, they will suggest corrective action.
They may also suggest an improvement in the process. Quality audit is a very
good tool to ensure that the best practice and approved procedures are being
followed.
In process analysis you analyze the process to find any improvements,
discover the root cause of any problem that occurred, and identify any nonvalue added activities.
Quality
management
and
control
tools
include
various
diagrammatic
techniques which help you find ideas, help you make decisions, and prioritize
issues.
Amazon has been successful in implementing QA:
Amazon has changed its design time by time in order to get more customers
satisfaction
10
o In 1998, the site had two top-level categories: books and music. As additional
categories were added (such as video and gifts), the horizontal tab system
scaled quite well and created a nice opportunity for differentiating product
categories through color.
o In 1999 and 2000, the site continued to expand- adding more categories and
stretching the tab system to its limit. When Z-shops, Toys & Games,
Electronics, and e-Cards were added, there was no longer any room for the
amazon logo in the header (it was placed in the center of the home page) and
the font size had to be reduced. (The site at this time was still designed to
work well for 800 by 600 screen resolutions.) It was not until the navigation
tabs spread out into two rows that the logo again had a place on top. Clearly
the tab system was being stretched to its limit and was poised to grow out of
control.
11
o In 2007 Amazon began testing a design that brought back a prominent listing
of their most popular categories. However, access to these links was now in
the form of a left-side navigation menu instead of tabs at the top of the page.
The new header featured a prominently displayed search box and access to
your shopping cart and lists. While I dont know the full context behind the
redesign, Im assuming the company needed a better way to expose the
breadth of their inventory as the dynamic all product categories tab
(described above) required an explicit action to activate. It also feels like
Amazon is hoping to capitalize on their investments in search (namely A9) by
emphasizing searching as a primary navigation mode. No doubt, people are
searching more on the site now than they were a few years ago. Yet when
people are motivated to shop, prompts like product categories and current
deals are almost equally important. This may be why Googles single search
box shopping experience (formerly known as Froogle) never registered with
consumers: they werent ever told what they could/should shop for.
12
EXTRA SHOPPING CART OPTIONS

As shown above, a few options are included on the shopping cart page that make
the user feel comfortable. First, if a user changes their mind about a particular
purchase, they have the option of deleting it from their cart.
But deleting is a rather final act, so they have the alternative of saving it for later,
too. You could call this a soft delete: it removes the item from the shopping cart
but keeps it on the users shopping cart page under a list of saved items, where the
user can easily add it back to their cart at any time.
13
CHANGE OR DELETE ITEMS ON SHIPPING PAGE

The users control continues in subsequent steps of the purchase. Take a look at the
next image.
The user sees this when selecting a shipping option, which likely means they are
already committedor nearly committedto buying the product.
14
When choosing a shipping method, the user is given the option, with a fairly
prominent button, to Change quantities or delete. Upon seeing the shipping
methods, the user could very well need these options, so having the button
available now is helpful and reassuring.
REMINDER THAT CONTINUE DOES NOT MEAN FINAL DECISION
15
After the user has added a product to their cart and selected a shipping method,
they review a summary of their order and click a button to Continue with their
purchase. That button takes them not to a confirmation of their order but rather to
one final page where they actually make their purchase.
To ensure that the user knows this is not the final step, a helpful reminder is put
directly below the Continue button, informing them that the final order will be
confirmed after one last summary.
E-commerce developers could learn from the example set by Amazons empathetic
user experience by understanding the various concerns and apprehensions that a
user might have at each stage of the shopping experience.
16
Developers should add enhancements to the shopping experience that make

the user feel comfortable and in control.
Quality Control (QC):

Quality control is concerned with the operational activities and techniques that are
used to fulfill the quality requirements. Quality control functions start once the
project work has begun. Quality control is a reactive approach and helps you find
defects in deliverables.
The objective of the quality control process is to make sure that the deliverables are
defect free and acceptable as per the quality requirements. If the deliverable has a
defect, you will take any suitable corrective action. The quality control process has
two objectives. The first objective is to find any defects in the product and correct
them. The second objective is to validate the deliverable.
Quality assurance and quality control are dependent on each other. The quality
control process receives input from the quality assurance process, and in turn gives
its feedback to the quality assurance process so that the quality assurance can
validate the operational process.
For example, if the project team finds a defect during the project execution, they will
correct it and the feedback will be sent to the quality assurance team. The quality
assurance people will investigate the cause of this defect and they will take
corrective and/or preventive action in the process so this defect will never happen
again in the future. Once the process is updated, the quality control people will
follow the process defined by the quality assurance team so the defect does not
recur.
17
Amazon has been successful in controlling its quality, after each stage, there would
be a test report for every function to make sure it works correctly on the website. For
example:
Search:
Search algorithms are very important for the success of Amazon
Search based on Product name, brand name or something more broadly, the
category. For example Camera, Canon EOS 700D, electronics, etc.
Search Results have to be relevant
Different sort options have to be available- based on Brand, Price, and

Reviews/ratings etc.
For multi-page results, there are options to navigate to them
Also search happens in many places. Please take the search drilling down into
multiple levels into consideration when validating this functionality. For
example: When I search on the home page, I might see something like this:
When navigating to categories and go to a sub-category, maybe movies, this is
what it should be:
Product details Page:

Once a user finds a product either through search or by browsing or by clicking on it
from the homepage, the user will be taken to the product information page:
18
Image or images of the product
Price of the product
Product specifications
Reviews
Check out options
Delivery options
Shipping information
In stock/Out of stock
Multiple color or variations options
Shopping Cart:
19
This is the penultimate stage before the user commits to the purchase.
Add items to the cart and continue shopping
If the user adds the same item to the cart while continuing to shop, the item
count in the shopping cart should get incremented
All items and their totals should be displayed in the cart
Taxes as per location should be applied
A user can add more items to the cart- total should reflect the same
Update the contents added to the cart- total should reflect that too
Remove items from the cart
Proceed to checkout
Calculate Shipping costs with different shipping options
Apply coupons
Dont check out, close the site and come back later. The site should retain the
items in the cart
Payments:
20
Check different payment options
If allowing check out as Guest, simply finish the purchase and provide an
option to register at the end
Returning customers Login to check out
User sign up
If storing customer Credit card or any other financial information, perform

security testing around this to make sure it is secure.(PCI compliance is a
must)
If the user is signed up for a long time, make sure the session is timed out or
not. Every site has a different threshold. For some, it is 10 minutes. For some,
it might be different.
Emails/Text confirmation with the order number generated
21
Why QA and QC is needed?

o Cut Costs & Save Time: In business, time is money. Time invest in setting
up quality control processes and policies at the front end, saves time in the
long run. Every employee will know what to do, when to do it and how to do
it. With a quality management system in place, the system ensures
mistakes are few and far between, which saves both time and money.
o Increases Customer Satisfaction: With a quality management system in
place, customers will receive better services from your business. Your
customers will experience the best your business has to offer from
beginning to end when all members of your company focus their energy on
quality.
o Reduced Risk: By emphasizing standard processes, will limit risk from
internal and external sources. Standardization minimizes errors in all
aspects of business and reduces liability. Management systems also foresee
risks and build in processes to address those problems before they arise.
o Improved Product Quality: The overall quality of products and services
will improve through system management as well. When emphasis on
quality, production quality control becomes the key focus of business from
product development to delivery and on through to customer satisfaction.
o Reduced
Response
Time:
When things do go wrong, a quality
management system will have best practices in place to address problems

immediately as they arise. You won't have to waste time and money
figuring out solutions because a quality system will have defined roles of
responsibility in place ahead of time when problems arise.
22
Quality assurance and quality control are closely related and their objective is
also the same, i.e. to deliver a defect-free product. Both processes are an
integral part of a quality management plan and complement each other.
Failing to apply either of them will result in a failure of quality management on
the project.
Discusses various SQA standards:
Software quality assurance (SQA) consists of a means of monitoring the software
engineering processes and methods used to ensure quality. SQA encompasses the
entire software
requirements
development process,
definition, software
which
includes
design, coding, source
processes
code
such
as
control, code
reviews, software configuration management, testing, release management, and

product integration. SQA is organized into goals, commitments, abilities, activities,
measurements, and verifications
The methods by which this is accomplished are many and varied, and may include
ensuring conformance to one or more standards, such as ISO 9000 or a model such
as CMMI and IEEE-SA.
ISO 9000
The ISO 9000 of quality management systems standards is designed
to help organizations ensure that they meet the needs of customers
and other stakeholders while meeting statutory and regulatory
requirements related to a product. ISO 9000 deals with the
fundamentals of quality management systems, including the eight
management principles upon of standards is based. ISO 9001 deals
with the requirements that organizations wishing to meet the
standard must fulfill.
23
Third-party certification bodies provide independent confirmation that

organizations meet the requirements of ISO 9001. Over one million
organizations worldwide are independently certified, making ISO
9001 one of the most widely used management tools in the world
today.
The ISO 9000 series are based on eight quality management
principles.
- Customer focus
- Leadership
- Involvement of people
- Process approach
- System approach to management
- Continual improvement
- Factual approach to decision making
- Mutually supportive supplier relationships
Capability Maturity Model Integration (CMMI)
Capability Maturity Model Integration (CMMI)
improvement
training
and
appraisal
program
is
process
and
service
administered and marketed by Carnegie Mellon University (CMU) and

required by many DoD and U.S. Government contracts, especially in
software development. CMU claims CMMI can be used to guide
process improvement across a project, division, or an entire
organization.
CMMI
defines
the
following
maturity
levels
for
processes: Initial, Managed and Defined. Currently supported is CMMI

Version 1.3. CMMI is registered in the U.S. Patent and Trademark
Office by CMU.
CMMI currently addresses three areas of interest:
- Product and service development CMMI for Development
-
(CMMI-DEV),
Service establishment, management, CMMI for Services
(CMMI-SVC), and
Product and service acquisition CMMI for Acquisition (CMMIACQ).
24
Organizations can receive CMM ratings by undergoing assessments

by qualified auditors:
- Level 1 characterized by chaos, periodic panics, and heroic
efforts
required
by
individuals
to
successfully
complete
projects. Few if any processes in place; successes may not be

-
repeatable.
Level 2 software project tracking, requirements management,
realistic planning, and configuration management processes
are in place; successful practices can be repeated.

Level 3 standard software development and maintenance
processes
are
integrated
throughout
an
organization;
Software Engineering Process Group is in place to oversee

software processes, and training programs are used to ensure
-
understanding and compliance.

Level 4 metrics are used to track productivity, processes, and
products. Project performance is predictable, and quality is
consistently high.
Level 5 the focus is on continuous process improvement. The
impact of new processes and technologies can be predicted and
Institute
effectively implemented when required.

of Electrical and Electronics Engineers
Standards
Association (IEEE-SA)
The Institute of Electrical and Electronics Engineers Standards
Association (IEEE-SA) is an organization within IEEE that develops
global standards in a broad range of industries, including: power and
energy, biomedical and health care, information technology and
robotics, telecommunication and home automation, transportation,
nanotechnology, information assurance, and many more.

IEEE-SA has developed standards for over a century, through a
program
that
offers
balance,
25
openness,
fair
procedures,
and
consensus. Technical experts from all over the world participate in the
development of IEEE standards.

IEEE-SA is not a body formally authorized by any government, but
rather a community. Formally recognized international standards
organizations (ISO, IEC, ITU, CEN) are federations of national
standards bodies (American ANSI, German DIN, Japanese JISC, etc.).

Maturity levels in CMMI for services:
- Maturity Level 2 - Managed
- Maturity Level 3 - Defined
- Maturity Level 4 - Quantitatively Managed
- Maturity Level 5 Optimizing
The benefits of SQA standards:
SQA has a host of benefits. It ensures that that software built as per SQA
procedures are of specified quality. SQA helps to
o
o
o
o
Eliminate errors when they are still inexpensive to correct

Improves the quality of the software
Improving the process of creating software
Create a mature software process
1.2
assess the risks associated with the development of an IT system which
has a database at its centre.

a) Privilege Abuse
Users may abuse legitimate database privileges for unauthorized purposes. For
example, in Amazon, an accountant can access to customers information such as
credit card, phone number, email and other rellevant information, this employee can
leak these information to campetitors or even use these information for bad
purposes.
26
b) Input Injection (Formerly SQL Injection)

There are two major types of database injection attacks:
1) SQL Injection that targets traditional database systems and
2) NoSQL Injection that targets Big Data platforms.
SQL Injection attacks usually involve inserting (or injecting) unauthorized or
malicious statements into the input fields of web applications. On the other hand,
NoSQL injection attacks involve inserting malicious statements into Big Data
components (e.g., Hive or MapReduce). In both types, a successful Input Injection
attack can give an attacker unrestricted access to an entire database.A crucial point
to realize here, is that although it is technically true that Big Data solutions are
impervious to SQL Injection attacks because they dont actually use any SQL-based
technology they are, in fact, still susceptible to the same fundamental class of
attack (i.e., Input Injection).
However, nowadays Amazon has installed some frameworks which can prevent this
kind of risk effectively.
c) Malware
Cybercriminals, state-sponsored hackers, and spies use advanced attacks that blend
multiple tactics such as spear phishing emails and malware to penetrate
organizations and steal sensitive data. Unaware that malware has infected their
device, legitimate users become a conduit for these groups to access your networks
and sensitive data.
27
d) Storage Media Exposure

Backup storage media is often completely unprotected from attack. As a result,
numerous security breaches have involved the theft of database backup disks and
tapes. Furthermore, failure to audit and monitor the activities of administrators who
have low-level access to sensitive information can put your data at risk. Taking the
appropriate measures to protect backup copies of sensitive data and monitor your
most highly privileged users is not only a data security best practice, but also
mandated by many regulations.
e) Exploitation of Vulnerable, Misconfigured Databases
It is common to find vulnerable and un-patched databases, or discover databases
that still have default accounts and configuration parameters. Attackers know how
to exploit these vulnerabilities to launch attacks against your organization.
Unfortunately, organizations often struggle to stay on top of maintaining database
configurations even when patches are available. Typical issues include high
workloads and mounting backlogs for the associated database administrators,
complex and time-consuming requirements for testing patches, and the challenge of
finding a maintenance window to take down and work on what is often classified as
a business-critical system. The net result is that it generally takes organizations
months to patch databases, during which time they remain vulnerable.
f) Unmanged Sensitive Data
Many companies struggle to maintain an accurate inventory of their databases and
the critical data objects contained within them. Forgotten databases may contain
sensitive information, and new databases can emerge e.g., in application testing
environments without visibility to the security team. Sensitive data in these
databases will be exposed to threats if the required controls and permissions are not
implemented.
28
g) Denial of ServiceDenial of Service

(DoS) is a general attack category in which access to network applications or data is
denied to intended users. DoS conditions can be created via many techniques. The
most common technique used in database environments is to overload server
resources such as memory and CPU either by flooding them with an excessive
number of queries, or with a smaller volume of well-crafted queries that consume a
disproportionate amount of system resources (e.g., because they lead to recursive
look-ups or table operations). The result in either case is the same; the resourcestarved servers become unresponsive and, in some instances, even crash. The
motivations behind DoS attacks are often linked to extortion scams in which a
remote attacker will repeatedly crash servers until the victim meets their demands.
Whatever the source, DoS represents a serious threat for many organizations.
h) Limited Security Expertise and Education
Internal security controls are not keeping pace with data growth and many
organizations are ill-equipped to deal with a security breach. Often this is due to the
lack of expertise required to implement security controls, enforce policies, or
conduct incident response processes.
Database Risks Solutions Defined

There are many different categories of solutions:
Discovery and Assessment locate where database vulnerabilities and critical data
reside.
User Rights Management identifies excessive rights over sensitive data.
29
Monitoring and Blocking protect databases from attacks, unauthorized access, and
theft of data.
Auditing helps demonstrate compliance with industry regulations.Data Protection
ensures data integrity and confidentiality.
Non-Technical Security instills and reinforces a culture of security awareness and
preparedness.
a) Discovery and Assessment
Scan for Vulnerabilities: Understanding vulnerabilities that expose databases to
input injection is essential. Malware may be looking to exploit known database
vulnerabilities, making un-patched databases an easy target. Weak authentication
rules can enable an application-layer DoS attack by granting access to a database
without needing a password. Use vulnerability assessment tools to detect security
vulnerabilities, misconfigurations, and missing vendor patches. Risk scores help
prioritize risk, manage, and research vulnerabilities. In this case, higher risk scores
would relate to input injection.
Mitigate Vulnerabilities: If vulnerability is discovered and the database vendor
hasnt released a patch, a virtual patching solution should be used. Applying virtual
patches will block attempts to exploit vulnerabilities without requiring actual patches
or changes to the current configuration of the server. Virtual patching will protect
the database from exploit attempts until the patch is deployed. Again, focus on
patching high-risk vulnerabilities that can facilitate a DoS or input injection attack.
Analyze Risk and Prioritize Remediation Efforts: Use reports and analytical tools to
understand risks and help prioritize remediation efforts.
30
Discover Database Servers: In order to build and maintain an inventory of

databases and isolate sensitive data contained within them, organizations should
first catalog all databases in their data centers. Leverage discovery tools that scan
enterprise networks and identify active database services. Look for solutions that
can reduce scan duration by filtering on IP addresses and ranges and by specific
database services (e.g. Oracle, Microsoft SQL, IBM DB2, etc.). Periodically re-run
discovery scans to identify new or changed databases.
Analyze Discovery Results: Review database discovery and classification results
to
determine
which
databases
that
store
sensitive
data
need
to
be
monitored.Identify and Classify Sensitive Data:

Once you have constructed a catalog of databases, it is critical to understand which
databases contain sensitive data. Scan the objects, rows, and columns of databases
to pinpoint sensitive data. Use data classification solutions that are aware of data
types such as credit cards, email addresses, and national identity numbers, and
which enable users to add custom data types as well. Classification results should
include the IP address and host name of the asset, and indicate the existence of
sensitive data on that server. Automatically identifying sensitive data and personally
identifiable information helps narrow the scope of security and compliance efforts.
b) User Rights Management
Aggregate Access Rights: Scan databases for both granted and privileged user
rights and extract details such as the actual access right (e.g. SELECT, DELETE,
CONNECT, etc), who granted them, who received those rights, and objects to which
rights have been granted. Aggregating user rights into a single repository helps
streamline the reporting and analysis of user access to sensitive data. Enrich Access
Rights Information with User Details and Data Sensitivity: Adding information related
to user roles and their database behavior adds considerable value to user rights
31
analysis and helps zero-in on the abuse of privileges. Collect and append contextual
details to user rights information including the user name, department, database
object sensitivity, and last time accessed. This allows you to focus your analysis on
the access rights that represent the highest business risk.
Review and Approve/Reject Individual User Rights: Perform an organized
review of user rights to determine if they are appropriate. Reviewers should approve
or reject rights, or assign them to another for review, and administrators can report
on the review process. Conducting organized user rights reviews meets regulatory
requirements and reduces risk by ensuring that user privileges are granted on a
need-to-know basis.
c) Monitoring and Blocking

Real-Time Alerting and Blocking: Monitor all database access activity and usage
patterns in real time to detect data leakage, unauthorized SQL and Big Data
transactions,
and
protocol
and
system
attacks.
When attempts
to
access
unauthorized data occur, generate alerts or terminate the user session. Use a
solution that leverages policies both pre-defined and custom that inspect
database traffic to identify patterns that correspond to known attacks, such as DoS
attacks, and unauthorized activities.
Security policies are useful for not only
detecting excessive privilege abuse by malicious, compromised, or dormant users,

but also for preventing most of the other top ten database threats.
Detect Unusual Access Activity: Establish a comprehensive profile of each
database users normal activity. Monitoring for deviations from these baselines
enables detection of DoS, malware, input injection, and anomalous activities.If any
user initiates an action that does not fit their profile, log the event, generate an alert
32
or block the user. Creating activity-based user profiles increases the likelihood of
detecting inappropriate access to sensitive data.
Block Malicious Web Requests: Because web applications are the most common
vector for initiating an input injection attack, another important line of defense will
be your Web Application Firewall (WAF). A WAF will recognize and block input
injection attack patterns that originate from web applications.To protect against
Input Injection attacks, a WAF should:
Inspect HTTP parameter values for special characters like apostrophes and
brackets and know whether these characters are expected or indicative of an attack.
Use application signatures and policies of known input injection patterns to alert
and block.
Monitor Local Database Activity: DAP solutions can audit and monitor the
activities of your most highly privileged users database and system administrators.
These users have been granted the highest levels of access to your databases and,
therefore, require close attention. Should they abuse their privileges or become
compromised by malware, the risk of data theft and damage to your organization
increases.
Validate Database Protocols: Leverage database activity monitoring solutions
that can analyze the protocol and isolate anomalous communications. When atypical
communication events are detected, the solution should trigger an alert or block the
transaction.
Response Timing: Database DoS attacks designed to overload server resources lead
to delayed database responses. This includes delays in both individual query
responses and the overall system. Use solutions that monitor response timing and
generate alerts when response delays or system sluggishness is observed.
33
d) Auditing
Automate Auditing with a DAP Platform: Implement a DAP solution that delivers
the performance, scalability, and flexibility to meet the needs of the most
demanding environments. A DAP solution can address most of the weaknesses
associated with native audit tools:
Separation
of
Duties: DAP
solutions
operate
independently
of
database
administrators, making it possible to separate audit duties from routine system

administration. In addition, they operate independently of the database server and
are invulnerable to privilege elevation attacks carried out by non-administrators.
Cross-Platform Auditing: DAP solutions support database platforms from multiple
vendors enabling uniform standards and centralized audit operations across large
and distributed heterogeneous database environments.
Performance: Leading DAP solutions can leverage high performance appliances
that have zero impact on database performance. In fact, by offloading audit
processes to network appliances rather than using native auditing, organizations can
expect to improve database performance.
Capture Detailed Transactions: To support regulatory compliance requirements,
advanced fraud detection, and forensic analysis, DAP solutions can capture audit
logs that include details such as source application name, complete query text,
query response attributes, source OS, source host name, and more.
Generate Reports for Compliance and Forensics: Summarize and format
database activity details into reports that help meet compliance requirements,
conduct forensic investigations, communicate vital database activity statistics, and
monitor system performance. Leverage DAP solutions that include reports for
34
industry and government regulations which can be customized to meet business

needs.
e) Data Protection
Archive External Data: Automate the long-term data archival processes.Use
solutions that can be configured to periodically archive data to external mass
storage systems. Data should be optionally compressed, encrypted, and signed prior
to archival.
Encrypt Databases: Encrypt sensitive data across heterogeneous database
environments. This allows you to secure both production and backup copies of
databases, then audit the activity of and control access to sensitive data from users
who access databases at the operating system and storage tiers. By leveraging
database auditing along with encryption, organizations can monitor and control
users both inside and outside of the database.
f) Non-Technical Security
Cultivate Experienced Security Professionals: To defend against a growing array of
internal and external threats, hire information security personnel that are well
versed in IT Security and have experience implementing, administering, and
monitoring security solutions. Ongoing education and training are also important for
growing deeper security knowledge and skills. Consider outside IT security and
specialists to help with implementation, conduct security assessments and
penetration tests, and provide training and support for your administrators.
1.3
discuss quality assurance practices at all stages of the systems
development lifecycle
35
SDLC is a process followed for a software project, within a software organization. It

consists of a detailed plan describing how to develop, maintain, replace and alter or
enhance specific software. The life cycle defines a methodology for improving the
quality of software and the overall development process.
The following figure is a graphical representation of the various stages of a typical
SDLC.
A typical Software Development life cycle consists of the following stages:

Stage 1: Planning and Requirement Analysis
Requirement analysis is the most important and fundamental stage in SDLC. It is
performed by the senior members of the team with inputs from the customer, the
sales department, market surveys and domain experts in the industry. This
information is then used to plan the basic project approach and to conduct product
feasibility study in the economical, operational, and technical areas.
36
Planning for the quality assurance requirements and identification of the risks
associated with the project is also done in the planning stage. The outcome of the
technical feasibility study is to define the various technical approaches that can be
followed to implement the project successfully with minimum risks.
Stage 2: Defining Requirements
Once the requirement analysis is done the next step is to clearly define and
document the product requirements and get them approved from the customer or
the market analysts. This is done through .SRS. . Software Requirement
Specification document which consists of all the product requirements to be
designed and developed during the project life cycle.
Stage 3: Designing the product architecture
SRS is the reference for product architects to come out with the best architecture
for the product to be developed. Based on the requirements specified in SRS,
usually more than one design approach for the product architecture is proposed and
documented in a DDS - Design Document Specification.
This DDS is reviewed by all the important stakeholders and based on various
parameters as risk assessment, product robustness, design modularity , budget and
time constraints , the best design approach is selected for the product.
A design approach clearly defines all the architectural modules of the product along
with its communication and data flow representation with the external and third
party modules (if any). The internal design of all the modules of the proposed
architecture should be clearly defined with the minutest of the details in DDS.
37
Stage 4: Building or Developing the Product

In this stage of SDLC the actual development starts and the product is built. The
programming code is generated as per DDS during this stage. If the design is
performed in a detailed and organized manner, code generation can be
accomplished without much hassle.
Developers have to follow the coding guidelines defined by their organization and
programming tools like compilers, interpreters, debuggers etc are used to generate
the code. Different high level programming languages such as C, C++, Pascal, Java,
and PHP are used for coding. The programming language is chosen with respect to
the type of software being developed.
Stage 5: Testing the Product
This stage is usually a subset of all the stages as in the modern SDLC models, the
testing activities are mostly involved in all the stages of SDLC. However this stage
refers to the testing only stage of the product where products defects are reported,
tracked, fixed and retested, until the product reaches the quality standards defined
in the SRS.
Stage 6: Deployment in the Market and Maintenance
Once the product is tested and ready to be deployed it is released formally in the
appropriate market. Sometime product deployment happens in stages as per the
organizations. business strategy. The product may first be released in a limited
segment and tested in the real business environment (UAT- User acceptance
testing).
38
Then based on the feedback, the product may be released as it is or with suggested
enhancements in the targeting market segment. After the product is released in the
market, its maintenance is done for the existing customer base.
SDLC Models
There are various software development life cycle models defined and designed
which are followed during software development process. These models are also
referred as "Software Development Process Models". Each process model follows a
Series of steps unique to its type, in order to ensure success in process of software
development.
Following are the most important and popular SDLC models followed in the industry:
Waterfall Model
Iterative Model
Spiral Model
V-Model
Big Bang Model
The other related methodologies are Agile Model, RAD Model, Rapid Application
Development and Prototyping Models.
DATABASE SDLC
A database is usually a fundamental component of the information system,
especially in business oriented systems. Thus database design is part of system
development. The following picture shows how database design is involved in the
system development lifecycle.
39
The
phases
in
the
middle
of
the
picture
(Database
Design,
Database
Implementation) are the phases that you concentrate on in the Database Design
course. The other phases are briefly described. They are part of the contents of the
Systems Analysis and Design courses, for example. There are various methods of
how the different phases of information system design, analysis and implementation
can be done. Here the main tasks or goals are described but no method is
introduced.
a) Database Planning
40
The database planning includes the activities that allow the stages of the database
system development lifecycle to be realized as efficiently and effectively as possible.
This phase must be integrated with the overall Information System strategy of the
organization. The very first step in database planning is to define the mission
statement and objectives for the database system. That is the definition of:
o
o
o
o
b)
The major aims of the database system

The purpose of the database system
The supported tasks of the database system
The resources of the database system
Systems Definition
In the systems definition phase, the scope and boundaries of the database
application are described. This description includes:
o Links with the other information systems of the organization
o What the planned system is going to do now and in the future
o Who the users are now and in the future.
The major user views are also described. i.e. What is required of a database system
from the perspectives of particular job roles or enterprise application areas.
c) Requirements Collection and Analysis
During the requirements collection and analysis phase, the collection and analysis of
the information about the part of the enterprise to be served by the database are
completed. The results may include eg:
o
o
o
d)
The description of the data used or generated

The details how the data is to be used or generated
Any additional requirements for the new database system
Database Design
The database design phase is divided into three steps:

o Conceptual database design
o Logical database design
41
o Physical database design

In the conceptual database design phase, the model of the data to be used
independent of all physical considerations is to be constructed. The model is based
on
the
requirements
specification
of
the
system.
In the logical database design phase, the model of the data to be used is based on a
specific data model, but independent of a particular database management system
is constructed. This is based on the target data model for the database e.g.
relational data model.
In the physical database design phase, the description of the implementation of the
database on secondary storage is created. The base relations, indexes, integrity
constraints, security, etc. are defined using the SQL language.
e) Database Management System Selection
This in an optional phase. When there is a need for a new database management
system (DBMS), this phase is done. DBMS means a database system like Access,
SQL
Server,
MySQL,
Oracle,
MongoDB,
NoSQL
In this phase the criteria for the new DBMS are defined. Then several products are
evaluated according to the criteria. Finally the recommendation for the selection is
decided.
f) Application Design
In the application design phase, the design of the user interface and the application
programs that use and process the database are defined and designed.
g) Protyping
The purpose of a prototype is to allow the users to use the prototype to identify the
features of the system using the computer. There are horizontal and vertical
42
prototypes. A horizontal prototype has many features (e.g. user interfaces) but they
are not working. A vertical prototype has very few features but they are working.
See the following picture.
h) Implementation
During the implementation phase, the physical realization of the database and
application designs are to be done. This is the programming phase of the systems
development.
i) Data Conversion and Loading
This phase is needed when a new database is replacing an old system. During this
phase the existing data will be transferred into the new database.
j) Testing
Before the new system is going to live, it should be thoroughly tested. The goal of
testing is to find errors! The goal is not to prove the software is working well.
k) Operational Maintenance
The operational maintenance is the process of monitoring and maintaining the
database system. Monitoring means that the performance of the system is
43
observed. If the performance of the system falls below an acceptable level, tuning or
reorganization of the database may be required. Maintaining and upgrading the
database system means that, when new requirements arise, the new development
lifecycle will be done.
Nowadays, Amazon has applied competitive database including big data and
cloud-based e-commerce applications which are web-browser accessible and
database-centred.
Big Data Basics
The te rm big da ta re fe rs not only to la rge da ta s ets , but a ls o to the

fra m e wo rks ,
te chniq ues ,
and
tools
us e d
to
a na lyze
it.
It
ca n
be
c o lle c te d through a ny da ta -ge ne ra ting proce ss such a s s ocia l me dia ,

pub lic util ity infra s tructu re , a nd s ea rch e ngines . Bi g da ta ma y be
e ithe r se mi- struct ure d, s tructure d , or uns tructure d.
Ty pic a lly big da ta is a na lyze d and co lle cte d at s pe cifi c inte rv a ls , but
re a l- tim e big da ta a na lytic s col le ct and a na lyze da ta cons ta ntly. The
pur pos e o f this con tinuo us p roce ss ing loop is to o ff e r ins ta nt ins igh ts
to use rs .
Pros of Real-Time Big Data

Fi rs t,
it
a llows
s igni fi c a ntly
Ama zon
mit iga tes
to
de te ct
a ga ins t
e rrors
loss e s .
a nd
Se cond,
fra ud
it
quick ly.
prov ide s
This
ma j or
a dva nta ge s from a compe tit ive s ta ndpo int. Re a l- time a na lys is a llows
Am a z on to de ve lop mo re e ff e ctive stra te gie s towa rds compe t itors in
le ss tim e , o ff e ring dee p ins ight into cons ume r tre nds a nd s a les . In
44
a dditi on, da ta col le cte d is va lua ble a nd o ff e rs Ama zon a cha nc e to

im p rov e profi ts a nd cus tome r se rvice .
Pe rha ps the gre a tes t a rgume nt in fa vor of re a l-time ana lys is of big
da ta
is
tha t
it
ma y
be
use d
to
p rovi de
cutting -e dge
he a lthc a re .
Prop one nts of big da ta poin t out tha t hea lthca re o rga niza tio ns ca n us e
e le c t ronic me dica l re c ords and da ta from wea ra ble s to pre ve nt de a dly
hos pita l infe cti ons , fo r exa mple . To thes e propone nts , priva cy c a nnot
trum p the live s bi g da ta might s ave .
Cons of Real-Time Big Data

As v a lua ble as this k ind of bi g da ta ca n be , it a ls o p res e nts s e rious
c ha lle nge s . Firs t is the lo gis tica l iss ue . C ompa nies hop ing to us e big
da ta will ne e d to modi fy the ir e ntire app roa ch a s da ta fl o wing into the
c om pa ny be comes cons ta nt ra the r tha n pe riod ic: this ma nda tes ma jo r
s tra te gic
cha nge s
for
ma ny
bus ine ss e s .
N ext,
re a l- time
bi g
da ta
de m a nds the abi lity to con duct s ophis tica te d ana lys e s ; compa nie s who
fa il to do this co rre ctly ope n the ms e lve s up to imp le me nting e nti re ly
inc orre c t stra te gie s o rga n iza tion- wide . Fur the rmore , ma ny c urre nt ly
us e d da ta to ols a re not a ble to ha ndle re a l- time a na lys is .
One of the big ges t conce rns ma ny la ype ople a nd pol iticia ns ha v e
a bout re a l- time ana lys is of bi g da ta is pr iva cy. C ivil libe rt ies a dv oc a tes
ha v e atta cke d the us e of big da ta f rom lice ns e pla te sca nne rs and
d rone s , for exa mple . The idea is tha t a uthorit ie s s hould not be a ble to
c i rc um v e nt cons tit utiona l prote ctio ns aga ins t unre a s ona ble s ea rc he s .
45
LO2. Be able to employ standard quality control documentation

2.1
Produce quality control documentation for each stage of the systems
development lifecycle
A- SOFTWARE TEST PLAN (STP)
A test plan documents the strategy that will be used to verify and ensure that a
product or system meets its design specifications and other requirements. A test
plan is usually prepared by or with significant input from test engineers.
Depending on the product and the responsibility of the organization to which the
test plan applies, a test plan may include a strategy for one or more of the following:
Design Verification or Compliance test - to be performed during the

development or approval stages of the product, typically on a small sample of
units.
Manufacturing or Production test - to be performed during preparation or

assembly of the product in an ongoing manner for purposes of performance
verification and quality control.
Acceptance or Commissioning test - to be performed at the time of delivery or

installation of the product.
Service and Repair test - to be performed as required over the service life of
the product.
Regression test - to be performed on an existing operational product, to verify

that existing functionality didn't get broken when other aspects of the
environment are changed (e.g., upgrading the platform on which an existing
application runs).
46
1. Scope of The Tests

1.1 The web site develops by Amazon version 1.0
1.2 The documents: Requirement Document, Analysis Document, Coding Document,
Design Document, Database Document.
1.3 Testing time: from April 1st 2017 to July 1st 2017
2. Testing Environment:
2.1 Testing sites: All the site develop by Amazon
2.2 Software
Documentation tool
Scheduling tool
IDE
Microsoft word 2013

Microsoft project 2013
Eclipse Mars
Web Server
Design tool
JDK
DBMS
Operating System
Netbean 8.1
Glassfish Server 4.1
Photoshop CS6
JDK 1.8
Microsoft SQL Server 2012
Windows 8.1, 10, Linux
2.3 Hardware
Client
Server
8 laptops, 5 desktops
Reuse one 24/7 available desktop to
simulate the server for testing and
deployment
2.4 Resources
Worker
Test Manager
Specific Responsibilities/Comments
Provide management oversight
Responsibilities: provide technical
direction, accuquire appropriate
resources
Management reporting
47
Test Designer
Identifies, priorities and implements

test cases
Responsibilites: generate test plan,
System Tester
evaluate effectiveness of test effort

Executes the test
Responsibilites: executes tests, log
results, recover from errors,
Test System Administrator
document defects
Ensures test environment and assets
are managed and maintained
Responsibilites: administer test
management system, manage
Designer
worker access to test system

Identifies and defines the operations,
attributes
Responsibilites: identifies and defines
the test class, identifies and defines
Implementer
the test packages

Implements and unit tests the test
classes and test packages
Responsibilites: create the test
classes and packages implemented
in the test suite
2.5 Participating organizations: Amazon

2.6 Manpower requirements: Requirement Document, Analysis Document, Coding
Team, Analysis Team, Testing Team
2.7 Preparation and training required of the test team: Senior System Analyst
3. Test Detail (For Each Test):
3.1 Test identification: Test web site, test UI, test server
48
3.2 Test objective: All of the requirement function

3.3 Cross- reference to relevant design document and the requirement document:
Requirement Document, Analysis Document, Coding Document, Design Document,
Database Document
3.4 Test class: admin class, user class, search class, order class, payment class,
insert class, delete class, update class, login class, register class.
3.5 Test level (unit, integration or system tests)
a) Unit: States, transaction, data flow, functionally, UI
b) Integration: APIs, error handling, functionally, performance
c) System: States, Transaction, data flow coverage, functionally, UI, error
handling, operation, reliability,date/time, localization, installation and
configuration options
3.6 Test case
A. User Test case
a) Test case of Log in and Log out Use case
b) Fail to login the system when providing invalid username
c) Fail to login the system when providing valid username and invalid
password
d) Fail to login the system when providing empty username
e) User logs in the system using an account is being blocked
f) Recover password
g) User Register New Account With Valid Information
h) User Register New Account with one or some or all fields are empty
B. Admin Test Case
d)
e)
f)
g)
h)
i)
password
Fail to login the system when providing empty username
Recover password
Admin add product with valid information
Fail to add product with name that already exists in the system
Fail to add product when one or some or all fields are empty
Fail to add product when inputting special character(s) to one or some or all
fields
j) Update a product with valid information
49
k) Fail to update a product with name that already exists in the system
l) Fail to update product when one or some or all fields are empty
m) Fail to update product when inputting special character(s) to one or some
or all fields
n) Update cancel
o) Delete product
p) Delete cancel
C. Search Product Test Case
a) Seacrh Product by Product Name : Good search
b) Seacrh Product by Product Name: Empty search
c) Search Product by Product Name : Wrong Search
D. Shopping Cart Test Case
a) Add Product to Shopping Cart
b) Remove Product from Shopping Cart
c) Change Quantity
d) Select Delivery Option
e) Payment System
f) Pay Now Process
g) Cancel Order
E. Browsers Test Case
a) Internet explorer 11
b) Microsoft edge
c) Google Chrome (lastest version)
3.7 Special requirements: Measurements of response times, Security requirements:
Fast response time and good performance, all the requirement met the standard of
security
3.8 Data to be recorded: Yes
4. Test Schedule (For Each Test or Test Group) including time estimates for
the following:
4.1 Preparation: 1 week
4.2 Testing: 3 weeks
4.3 Error correction: 6 weeks
4.4 Regression test: 1 week
50
B - SOFTWARE TEST DESCRIPTION (STD)

The test design is carried out on the basis of the software test plan as documented
by STP. The test procedures and the test case database/file may be documented in a
software test procedure document and test case file document or in a single
document called the software test description (STD)
1. Scope of The Tests
1.1 The web site develops by Amazon version 1.0
Design Document, Database Document.
1.3 Testing time: from April 1st 2017 to July 1st 2017
2. Test Environment (For Each Test)
2.1 Test identification: Software Test Plan (STP)
2.2 Software
Documentation tool
Scheduling tool
IDE
Microsoft word 2013

Eclipse Mars
Web Server
Design tool
JDK
DBMS
Operating System
Netbean 8.1
Photoshop CS6
JDK 1.8
2.3 Hardware
51
Client
Server
deployment
2.4 Resources
Worker
Test Manager
resources
Test Designer
test cases
System Tester

Executes the test
document defects
Designer

attributes
Implementer
the test packages

52

in the test suite
3. Test cases (For Each Case)

3.1 User Test case
Name
Test case: user logs in successfully with valid username
Requirement
and password
The user is logged in correctly after providing correct
Preconditions
Steps
username and password

The user is at the homepage or the log in page
Provide valid username in the username textbox
Provide valid password in the password textbox
Expected results
Click on log in button

The user is redirected to the specific hompage after that
user

Name
Test case: Fail to login the system when providing invalid
Requirement
Preconditions
Steps
username
The user is at the homepage or the login page
Provide invalid username in the username textbox
Provide valid password in the password textbox or let
password field empty
Expected results

The user is redirected to the error page with a warning
We can not find an account with that username
53
password
Name
Test case: Fail to login the system when providing valid
Requirement
username and invalid password

The user is not logged in when providing valid username
Preconditions
Steps
and invalid password

Provide invalid password in the password textbox
Expected results

You have provided invalid username or password

Name
Test case: Fail to login the system when providing empty
Requirement
Preconditions
Steps
username
The user is not logged in when providing empty username
Provide empty username in the username textbox
Provide invalid password in the password textbox or let
Expected results

You must provide username and password
e) User logs in the system using an account is being blocked

Name
Test case: User logs in the system using an account is
Requirement
being blocked
User can not log in the system using account is being
Preconditions
Steps
blocked
A given account is being blocked by logging in fail 3 times
Provide username of given account being blocked
Provide password of given account being blocked
54
Expected results

User is redirected to the error page with a warning This
account is being blocked. Please wait for 30 minutes or
contact the administrator
f) Recover password
Name
Requirement
Preconditions
Test case: Recover password

The user lost or forget password
User clicks on Forget password
Steps
The system warns the user about recovering password

Choose the security question from the drop down list
Specify the answer of the security question in the text box
Expected results
Click on Recovery password button

The system issues the message indicates the password
has been reset to default password abcd1234 and warns
the user to change their password for the next log in
The password is reset to the default password abcd1234
The system redirects user to the log in page
g) User Register New Account With Valid Information

Name
Requirement
Preconditions
Test case: Register New Account

The user wants to register new account
User clicks on Register
Steps
The system redirect user to register page

Provide valid user name
Provide valid password
Provide valid phone number
Provide valid email address
Provide valid home address
Expected results
Click on Register button

The user is registed to the system successfully.
The system redirects user to the log in page
55
h) User Register New Account with one or some or all fields are empty
Name
Test case: User Register New Account with one or some or
Requirement
Preconditions
all fields are empty

The user wants to register new account
User clicks on Register
Steps
The system redirect user to register page

Provide empty user name or/and
Provide empty password or/and
Provide empty phone number or/and
Provide empty email address or/and
Provide empty home address and
Expected results
Click on Register button

The system redirects user to the error page
The user is not registed to the system successfully. A
warning message should be shown Your account is not
registed, please fill all fields
3.2 Admin Test Case

Name
Test case: admin logs in successfully with valid username
Requirement
and password
The admin is logged in correctly after providing correct
Preconditions
Steps
username and password

The admin is at the admin login page
Provide valid password in the password textbox
Expected results

The user is redirected to admin control panel page
56

Name
Test case: Fail to login the system when providing invalid
Requirement
Preconditions
Steps
username
Provide invalid username in the username textbox
Provide valid password in the password textbox or let
Expected results

The admin is redirected to the error page with a warning
We can not find an account with that username
password
Name
Test case: Fail to login the system when providing valid
Requirement
username and invalid password

The admin is not logged in when providing valid username
Preconditions
Steps

The admin is at the admin log in page
Provide invalid password in the password textbox
Expected results

You have provided invalid username or password

Name
Test case: Fail to login the system when providing empty
Requirement
username
The admin is not logged in when providing empty
Preconditions
Steps
username
Provide empty username in the username textbox
Provide invalid password in the password textbox or let
57

Expected results

You must provide username and password
e) Recover password
Name
Requirement
Preconditions
Test case: Recover password

The admin lost or forget password
User clicks on Forget password
Steps
The system warns the admin about recovering password

Choose the security question from the drop down list
Specify the answer of the security question in the text box
Expected results
Click on Recovery password button

The system issues the message indicates the password
has been reset to default password abcd1234 and warns
the admin to change their password for the next log in
The password is reset to the default password abcd1234
The system redirects admin to the admin log in page
f) Admin add product with valid information

Name
Requirement
Preconditions
Test case: Add new product with valid information

All fields are filled with valid data
The webpage that allows admin to input information of
Steps
product is displayed
Provide products name in the textbox
Provide products price in the textbox
Provide products category in the selection box
Provide products image in the picture box
Provide products description in the textbox
Expected results
Click on add button

The new product is added to the system
58
g) Fail to add product with name that already exists in the system
Name
Test case: Fail to add product with name already exists in
Requirement
Preconditions
the system
Steps
Provide products name in the textbox (which already exist
in the system)
Provide products price in the textbox
Provide products image in the picture box
Provide products description in the textbox
Expected results
Click on add button

The new product is not added to the system
Fail to add product to the system. The product name that
you have provided already exists in the system
h) Fail to add product when one or some or all fields are empty
Name
Test case: Fail to add product when one or some or all
Requirement
Preconditions
fields are empty

Not all fields are filled with valid data
Steps
Provide empty products name in the textbox or/and
Provide empty products price in the textbox or/and
Provide empty products category in the selection box
or/and
Provide empty products image in the picture box or/and
Provide empty products description in the textbox and
59
Expected results
Click on add button

Fail to add product to the system. You must provide all
information
i) Fail to add product when inputting special character(s) to one or some or all
fields
Name
Test case: Fail to add product when inputting special
Requirement
Preconditions
character(s) to one or some or all fields

All fields are filled with data
Steps
Provide products name containing special character(s) in
the textbox or/and
Provide products price containing special character(s) in
the textbox or/and
Provide products image in the picture
Provide products description containing special
character(s) in the textbox and
Expected results
Click on add button

Fail to add product to the system. Some fields contain
special character(s)
j) Update a product with valid information

Name
Test
case:
Update
Requirement
successfully
60
product
with
valid
information
Preconditions
The webpage that allows admin to update information of
Steps
Provide products name in the textbox or/and
Provide products price in the textbox or/and
Provide products category in the selection box or/and
Provide products image in the picture box or/and
Provide products description in the textbox and
Expected results
Click on update button

The product is updated to the system
k) Fail to update a product with name that already exists in the system
Name
Test case: Fail to update product with name already exists
Requirement
Preconditions
in the system
Steps
Provide products name in the textbox (which already exist
in the system) or/and
Provide products price in the textbox or/and
Provide products category in the selection box or/and
Provide products image in the picture box or/and
Provide products description in the textbox and
Expected results

The product is not updated to the system
Fail to update product to the system. The product name
that you have provided already exists in the system
l) Fail to update product when one or some or all fields are empty
Name
Test case: Fail to update product when one or some or all

fields are empty
61
Requirement
Preconditions
Not all fields are filled with valid data

Steps
Provide empty in the textbox or/and
Provide empty products price in the textbox or/and
Provide empty products category in the selection box
or/and
Provide empty products image in the picture box or/and
Provide empty products description in the textbox and
Expected results

Fail to update product to the system. You must provide all
information
m) Fail to update product when inputting special character(s) to one or some

or all fields
Name
Test case: Fail to update product when inputting special
Requirement
Preconditions

Steps
Provide products name containing special character(s) in
the textbox or/and
Provide products price containing special character(s) in
the textbox or/and
Provide products image in the picture
Provide products description containing special
character(s) in the textbox and
62
Expected results

Fail to update product to the system. Some fields contain
special character(s)
n) Update cancel
Name
Requirement
Test case: Update cancel

When admin decides to cancel updating, the system must
Preconditions
allow him/her to stop operation

Steps
Expected results
The admin is redirected to him/her main page
o) Delete product
Name
Requirement
Test case: Delete a product

When admin decides to delete the selected product, the
Preconditions
system remove that from the system

The webpage that allows admin to delete information of
Steps
Admin choose a product to delete
Veriry that the system retrieves and display the product
information for admin and prompts message to confirm the
deletion of the product
Admin confirm to delete the selected product by clicking
Expected results
on delete button
The system deletes the selected product from the system
p) Delete cancel
Name
Requirement
Test case: Delete cancel

63
Preconditions
When admin decides to cancel deletion, the system allows
Steps
admin to cancel the operation

Admin choose a product to delete
Veriry that the system retrieves and display the product
information for admin and prompts message to confirm the
deletion of the product
Expected results
Admin click on cancel button

The selected product is not deleted from the system
User is redirected to his/her main page
3.3 Search Product Test Case

a) Seacrh Product by Product Name : Good search
Name
Requirement
Preconditions
Test case: Search Product

Search textbox is filled with product name
When user decides to search a product, the system allows
Steps
him/her to search
Users navigate to Search textbox
Users enter product name
Expected results
Click on search button

The system show user the result page with 10 matching
products along with their information
b) Seacrh Product by Product Name: Empty search

Name
Requirement
Preconditions
Test case: Empty Search

Search textbox is not filled with product name
Steps
him/her to search
User does not enter product name
Expected results

The user is redirected to the error page, a warning
64
message is show No search term was entered. Please

enter product name
c) Search Product by Product Name : Wrong Search
Name
Requirement
Preconditions
Test case: Wrong Search

Search textbox is filled with unexisted product name
Steps
him/her to search
Users enter unexisted product name
Expected results

The user is redirected to the error page, a warning
message is show No matches found. Please try again
3.4 Shopping Cart Test Case

a) Add Product to Shopping Cart
Name
Requirement
Preconditions
Test case: User Add Product to Shopping Cart

Users choose product to add to cart
When user decides to add a product, the system allows
Steps
him/her to add product to cart

User navigate to product
Expected results
Click on Add to Cart button

The system add product to users shopping cart
A message should be shown Your product is added to
cart
b) Remove Product from Shopping Cart

Name
Requirement
Preconditions
Steps
Test case: User Remove Product from Shopping Cart

Users choose product to remove from cart
There is at least one product in the shopping cart
Users navigate to their shopping cart
65
Users choose a product they want to remove from cart

Expected results
Click on Remove from Cart button

The system remove product from users shopping cart
A message should be shown Product is removed
c) Change Quantity
Name
Test case: User Change Quantity of Product in Shopping
Requirement
Preconditions
Steps
Cart
Users change quantity of product in cart
Users choose a product they want to change quantity in
cart
Expected results
Click on + or - button
The system should change quantity of product in cart.
d) Select Delivery Option

Name
Requirement
Preconditions
Steps
Test case: Select Delivery Option

Users want to choose a delivery option
Users choose a delivery option from dropdown list
Expected results
Click on Choose button

The system add delivery option to shopping cart
e) Payment System
Name
Requirement
Test case: Payment System

Users want to choose a payment method for their
Preconditions
Steps
shopping
Users choose a payment method from dropdown list
Click on Choose button
66
Expected results
The system add payment method to shopping cart
f) Pay Now Process

Name
Requirement
Preconditions
Steps
Test case: Pay Now Process

Users want to choose pay now process
Users choose a pay now
Expected results
Click on Checkout button

The system add the order to the delivery system and
remove all products from shopping cart. A message should
be shown Your product(s) is on the way. Thank you
Users are redirected to the home page
g) Cancel Order
Name
Requirement
Preconditions
Steps
Test case: Cancel Order

Users want to cancel order
Expected results
Click on Cancel button

The system should remove all information in users
shopping cart
Users should be navigated to the homepage
3.5 Browsers Test Case

a) Internet explorer 11
Name
Requirement
Preconditions
Steps
Test case: Internet explorer 11

Users want to load page in internet explorer 11
Internet explorer 11 browser is already installed
Open internet explorer 11 browser
Navigate to address bar and input the address
67
Amazon.com
Expected results
Press Enter button

The browser should load page successfully such as:
Links
o
o
o
o
Internal Links
External Links
Mail Links
Broken Links
Forms
o Field validation
o Error message for wrong input
o Optional and Mandatory fields
Database
o Testing will be done on the database integrity.
Cookies
o Testing will be done on the client system side, on the
temporary Internet files.
o Users should be navigated to the homepage
b) Microsoft edge
Name
Requirement
Preconditions
Steps
Test case: Microsoft edge

Users want to load page in Microsoft edge
Microsoft edge browser is already installed
Open Microsoft edge
Amazon.com
Expected results
Press Enter button

68
Links
o
o
o
o
Internal Links
External Links
Mail Links
Broken Links
Forms
o Field validation
Database
Cookies
c) Google Chrome (lastest version)
Name
Requirement
Preconditions
Steps
Test case: Google Chrome

Users want to load page in Google Chrome
Google Chrome browser is already installed
Open Google Chrome
Amazon.com
Expected results
Press Enter button

Links
69
o
o
o
o
Internal Links
External Links
Mail Links
Broken Links
Forms
o Field validation
Database
Cookies
4.Testing Process - How the test is run - step by step
Instructions for input, detailing every step of the input process
Data to be recorded during the tests
5. Action to Be Taken in Case of Program Failure / Cessation
6. Procedures to Be Applied According to The Test Result Summary
C - SOFTWARE TEST REPORT (STR)

Document that records data obtained from an experiment of evaluation in an
organized manner, describes the environmental or operating conditions, and shows
the comparison of test results with test objectives.
70
1. Test Identification Site Schedule and Participation

1.1 The web site develops by Amazon
Design Document, Database Document, Implement and Maintain Document
1.3 Test site: All of the requirement function
1.5 Test team members:
Worker
Test Manager
resources
Test Designer
test cases
System Tester

Executes the test
document defects
Designer

attributes
the test packages
71
Implementer

in the test suite
1.6 Other participants: None

1.7 Time invested in performing the tests: April 1st 2017 to July 1st 2017
2. Test Environment
2.1 Software
Documentation tool
Scheduling tool
IDE
Microsoft word 2013

Eclipse Mars
Web Server
Design tool
JDK
DBMS
Operating System
Netbean 8.1
Photoshop CS6
JDK 1.8
2.2 Hardware
Client
Server
deployment
2.3 Preparations and training prior to testing: Senior System Analyst

3. Test Results
3.1 Rationale for decision
After executing a test, the decision is defined according to the following rules:
72
OK: The test sheet is set to "OK" state when all steps are in "OK" state. The
real result is compliant to the expected result.
NOK: The test sheet is set to "NOK" state when all steps of the test are set to
"NOK" state or when the result of a step differs from the expected result.
NOT RUN: Default state of a test sheet not yet executed.
NOT COMPLETED: The test sheet is set to "Not Completed" state when at
least one step of the test is set "Not Run" state.
3.2 Test case result (for each test case individually)

A. User Test case
TASK
Test case of Log in and Log out Use case
Fail to login the system when providing invalid
DECISION
P
P
username
Fail to login the system when providing valid username

Fail to login the system when providing empty
username
User logs in the system using an account is being
blocked
Recover password
User Register New Account With Valid Information
User Register New Account with one or some or all
P
F
F
fields are empty

B. Admin Test Case
TASK
Test case of Log in and Log out Use case
Fail to login the system when providing invalid
DECISION
P
P
username
Fail to login the system when providing valid username

Fail to login the system when providing empty
73
username
Recover password
Admin add product with valid information
Fail to add product with name that already exists in the
P
P
P
system
Fail to add product when one or some or all fields are
empty
Fail to add product when inputting special character(s)
to one or some or all fields

Update a product with valid information
Fail to update a product with name that already exists
F
P
in the system
Fail to update product when one or some or all fields are
empty
Fail to
update
product
when
inputting

Update cancel
Delete product
Delete cancel
special
F
P
F
C. Search Product Test Case

TASK
Seacrh Product by Product Name : Good search
Seacrh Product by Product Name: Empty search
Search Product by Product Name : Wrong Search
DECISION
P
F
F
D. Shopping Cart Test Case

TASK
Add Product to Shopping Cart
Remove Product from Shopping Cart
Change Quantity
Select Delivery Option
Payment System
Pay Now Process
Cancel Order
E. Browsers Test Case
74
DECISION
P
F
F
F
P
F
P
TASK
Internet explorer 11
Microsoft edge
Google Chrome (lastest version)
DECISION
P
P
P
4. Summary Tables for Total Number of Error Their Distribution and Types
TYPES
INPUT
OPERATION
DATABASE
HUMAN
STATUS
OK
16
6
0
0
NOK
11
4
0
0
5. Special Events and Testers proposals

5.1 Special events and unpredicted responses of the software during testing: none
5.2 Problems encountered during testing: none
5.3 Proposals for changes in the test environment, including test preparations: none
5.4 Proposals for changes or corrections in the test procedures and test case files:
yes
LO3. Be able to use project management tools

3.1 apply project planning and management tools to plan specific resources and
requirements for an IT system development
75
a) Explain the importance of project management to the production of high quality

IT systems.
Projects are completed by teams of people who are specially chosen for their skills,
knowledge and potential to contribute to the final result. The team is led by a project
manager. He or she is responsible for keeping the project tasks on schedule,
communicating with all stakeholders and managing resources the people, money,
tools and time needed to achieve the goal. The project manager is the centre of the
project and the driving force behind the team.
The discipline of project management is extremely versatile and can be adapted to
any business or industry. Its strength is focused teams of experts who can quickly
adapt, organise and troubleshoot, meaning that most problems can be resolved
efficiently.
Here are three reasons why project management is important to modern businesses.
Human focused
Today's employees are no longer satisfied with comfortable, rote work for which they
need not take any responsibility. In fact, many people are looking for more creative,
empowered and hands-on positions where they can make a real impact. Projectbased organisations provide this since they focus on goals and outcomes rather than
working according to the clock. This makes it a more logical and stimulating
structure for skilled people.
In addition, since project management relies so much on good communication, the
discipline emphasises the need to focus on the realities of working with people
mistakes and successes, good and bad days, conflicts and so on. Research has
proven that the more understanding and flexible an employer is, the more devoted,
productive and happy the staff are.
76
Flexible but structured

Project management perfectly combines the two needs of organisations first, to be
adaptable to changing circumstances, and second, to be structured, predictable and
organised. Good project managers spend a lot of time ensuring that everybody
knows what their responsibilities are and when requirements are due. They are also
masters at adapting these schedules if something goes wrong, or things proceed
better than expected.
Project-based organisations can be adapted much more easily than other business
structures since whole teams can shift together to accommodate changes.
Efficient
A core project team with an excellent manager can be much more efficient than a
whole stable of workers because, as a cohesive and dedicated unit, they can focus
all of their energy on the task at hand. Fewer people can accomplish a single project,
meaning that human resources are freed up for other work.
One of the essential concepts of project management is balancing the three
requirements of cost, time and quality a project needs to be under budget,
delivered by the deadline, and of sufficiently high quality. Often, however, these
three factors are in conflict and not all of them can be achieved at once; a project
may be running late due to some unavoidable delays, or the quality desired may
require more money than was initially budgeted for. A good project manager
balances these three factors and produces the most efficient result possible.
On top of that, good planning and organisation can save a lot of mistakes, confusion,
backtracking and delays all of which decrease the efficiency of an organisation.
Planning for risks is inextricably linked to project management; the sooner these can
77
be avoided, mitigated or prepared for, the better for the team, project and
organisation as a whole.
b) Produce:
Task Name
Duration
Start
Finish
Project Initation
(1).
Hardware
(2).
Software
(3).
Database Server
(4).
Web Server
(5).
Wait Frame
20 days
3 days
7 days
3 days
10 days
7 days
Tue 1/3/17
Tue 1/3/17
Thu 1/5/17
Fri 1/13/17
Mon 1/16/17
Fri 1/20/17
Mon 1/30/17
Thu 1/5/17
Fri 1/13/17
Tue 1/17/17
Fri 1/27/17
Mon 1/30/17
Designing
(1).
(2).
(3).
(4).
Back End
Front End
Debug
Review
30 days
27 days
28 days
20 days
25 days
Thu 2/2/17
Thu 2/2/17
Fri 2/3/17
Mon 2/13/17
Thu 2/9/17
Wed 3/15/17
Fri 3/10/17
Tue 3/14/17
Fri 3/10/17
Wed 3/15/17
Developing
(1).
Home Page
(2).
Log in - Register Page
(3).
Product Page
(4).
Search Page
(5).
Shopping Cart Page
(6).
Payment Page
(7).
Help Page
45 days
26 days
27 days
26 days
28 days
28 days
30 days
12 days
Wed 2/15/17
Wed 2/15/17
Wed 2/15/17
Wed 2/15/17
Wed 2/15/17
Wed 2/22/17
Wed 3/1/17
Mon 4/3/17
Tue 4/18/17
Wed 3/22/17
Thu 3/23/17
Wed 3/22/17
Fri 3/24/17
Fri 3/31/17
Tue 4/11/17
Tue 4/18/17
Testing
(1).
(2).
(3).
45 days
25 days
30 days
28 days
Wed 3/15/17
Wed 3/15/17
Tue 3/21/17
Wed 3/22/17
Tue 5/16/17
Tue 4/18/17
Mon 5/1/17
Fri 4/28/17
45 days
7 days
7 days
30 days
Wed 3/29/17
Wed 3/29/17
Mon 4/3/17
Mon 4/3/17
Tue 5/30/17
Thu 4/6/17
Tue 4/11/17
Fri 5/12/17
Software Test Plan

Software Test Description
Software Test Report
System Deployment and Maintaine

(1).
Hosting
(2).
Configuration
(3).
Training
78
(4).
Support and Maintaine
32 days
1) a Work Breakdown Structure
79
Mon 4/17/17
Tue 5/30/17
2) a GANTT chart
3) a Critical Path Method
80
Database Server
Web Server
Wait Frame
6
7
Debug
Review
12
13
Product Page
Search Page
Shopping Cart Page
Payment Page
Help Page
18
19
20
21
22
Finish
3
Training
Support and Maintaine 32 daysMon 4/17

T/1
ue
75/30/17
33
30 daysMon 4/3/1
Fri
75/ 12/17
7 days Mon 4/3/1

Tue
7 4/11/17
Configuration
32
7 days Wed 3/29

T/1
hu
74/6/17
Hosting
31
SystemDeployment andMa
45in
da
ta
yin
sW
eed3/2T
9u
/1
e
75/30/17
30
29
28 daysWed 3/ 22
Fri
/14
7/28/17

30 daysTue 3/21Mon
/17 5/1/17
27
25 daysWed 3/15
T/1
ue
74/18/17
26
45daysWed3/1T
5u
/1
e
75/16/17
12 daysMon 4/3/1
Tue
7 4/18/ 17
30 daysWed 3/ 1/1
Tue
7 4/11/17
28 daysWed 2/22
Fri
/13
7/ 31/ 17
28 daysWed 2/15
Fri
/13
7/24/ 17
26 daysWed 2/ 15
Wed
/17 3/ 22/17
27 daysWed 2/ 15
T/1
hu
73/23/17
26 daysWed 2/15
Wed
/ 17 3/22/ 17
45daysWed2/1T
5u
/1
e
74/18/17
25 daysThu 2/9/1
W
7ed 3/15/17
20 daysMon 2/13
Fri
/ 17
3/10/17
28 daysFri 2/3/ 17
Tue 3/14/17
27 daysThu 2/2/1
Fri
7 3/ 10/17
30daysThu2/2/1
W
7ed3/15/17
7 days Fri 1/20/1

Mon
7
1/ 30/17
10 daysMon 1/16
Fri
/ 17
1/27/17
3 days Fri 1/13/1

T7
ue 1/17/17
7 days Thu 1/5/1

Fri
7 1/ 13/17
3 days Tue 1/3/1

T7
hu 1/5/17
Software Test Plan
28
11 19 27 4
12 20 28 8
16 24 1
17 25 3
11 19 27 4
Jan 1, '17 Jan 22, '17

Feb 12, '17
Mar 5, '17Mar 26, '17
Apr 16, '17
May 7, '17May 2
20daysTue 1/3/1
M
7on1/30/17
Duration
Start
25
24
Testing
17
23
Home Page
16
15
Developing
Front End
11
14
Back End
9
10
Designing
Software
Hardware
Project Initation
Mode
Task Task Name
ID
Critical Path: Start (1) (2) (4) (5) Finish
(1):
(2):
(3):
(4):
(5):
Project Initation
Designing
Developing
Testing
System Deployment and Maintaine
81
(1): Project Initation
Critical Path: Start (1) (2) (3) (4) (5) (6) Finish
(1).
(2).
(3).
(4).
(5).
Hardware
Software
Database Server
Web Server
Wait Frame
(2): Designing
Critical Path: Start (2) (3) (4) Finish
(1).
Back End
(2).
(3).
(4).
Front End
Debug
Review
(3): Developing

(1).
(2).
(3).
(4).
(5).
(6).
(7).
Home Page
Product Page
Search Page
Shopping Cart Page
Payment Page
Help Page
(4): Testing
Critical Path: Start (1) (2) (3) Finish
(1).
(2).
(3).
Software Test Plan

(5): System Deployment and Maintaine
(1).
(2).
(3).
(4).
Hosting
Configuration
Training
Support and Maintaine

Quality Systems in IT - Assignment - Frontsheet

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Quality Systems in IT - Assignment - Frontsheet

Transféré par

Droits d'auteur :

Formats disponibles

ASSIGNMENT FRONT SHEET

Unit 32: Quality systems in IT

Quality in Amazons IT System Software Development

database at its centre.

and then go on to explain

for each stage of the description (STD)

- A software test report

LO3. Be able to use project management tools

plan specific resources

and requirements for an

suitability of tools used b)

M1 Identify and apply 1. Effective

have been made.

has been applied

techniques have been

has been justified

structure and method

technical language has

taken place in familiar

critical 1. Conclusions have been

own work and justify

synthesis of ideas and

have been justified

using defined criteria

managed and organized

discuss appropriate standards for the development of an IT system

Quality Assurance (QA):

Quality assurance is a process based approach whose prime objective is to prevent

EXTRA SHOPPING CART OPTIONS

CHANGE OR DELETE ITEMS ON SHIPPING PAGE

REMINDER THAT CONTINUE DOES NOT MEAN FINAL DECISION

Developers should add enhancements to the shopping experience that make

Quality Control (QC):

Search Results have to be relevant

Different sort options have to be available- based on Brand, Price, and

For multi-page results, there are options to navigate to them

When navigating to categories and go to a sub-category, maybe movies, this is

what it should be:

Product details Page:

Image or images of the product

Price of the product

Check out options

Multiple color or variations options

Add items to the cart and continue shopping

All items and their totals should be displayed in the cart

Taxes as per location should be applied

Remove items from the cart

Calculate Shipping costs with different shipping options

Check different payment options

Returning customers Login to check out

If storing customer Credit card or any other financial information, perform

Emails/Text confirmation with the order number generated

Why QA and QC is needed?

When things do go wrong, a quality

management system will have best practices in place to address problems

design, coding, source

reviews, software configuration management, testing, release management, and

Third-party certification bodies provide independent confirmation that

administered and marketed by Carnegie Mellon University (CMU) and

processes: Initial, Managed and Defined. Currently supported is CMMI

Organizations can receive CMM ratings by undergoing assessments

projects. Few if any processes in place; successes may not be

are in place; successful practices can be repeated.