SecPod SanerNOW

A project

SecPod SanerNOW
(Endpoint Security and Management Subsystem)
Submitted to

CHHATTISGARH SWAMI VIVEKANAND

TECHNICAL UNIVERSITY, BHILAI
CHHATTISGARH (INDIA)
FOR THE PARTIAL FULFILLMENT OF DEGREE

MASTER OF COMPUTER APPLICATIONS

(MCA 6th SEM)
BY

Ankita Navlani 500102117003

Under the Guidance of

Mrs. Kirti Sirisha Ghatty(Industry Guide)
Dr. Jyothi Pillai

DEPARTMENT OF COMPUTER APPLICATIONS,

BHILAI INSTITUTE OF TECHNOLOGY DURG,
CHHATTISGARH (INDIA)
Session: 2017-2020

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

30 June 2020

Emp Name: Ankita Navlani

Designation: Intern – Web Development

To Whom It May Concern

This is to confirm that Ms. Ankita Navlani, a student in her 6th Semester studying Masters of Computer Applications (MCA) at
Bhilai Institute of Technology, Durg has worked with Scketch Digital Solutions LLP having its corporate office in Bangalore as
an Intern in the software Development team.

She majorly worked with our development teams and has gained insightful experience in the areas of Web Development.

We thank you for your services during the period 06 January 2020 to 30 June2020.

Once again thank you for the co-operation and contribution while at work with Scketch Digital Solutions LLP. We wish
the best in your future endeavors.

Thanking you,

For Scketch Digital Solutions LLP

Samson Ratnakar

Head – Human Resources

SecPod SanerNOW

CERTIFICATE OF SUPERVISOR(S)/GUIDE

This is to certified that the work incorporated in the project “SecPod SanerNOW(Endpoint Security and
Management)” is a record of six month project work assigned by our institution, successfully carried out
by Ankita Navlani bearing Roll no. 500102117003 under my guidance and supervision for the award of
the Degree of Master of Computer of Application (MCA) of Bhilai, C.G., Affiliated to Chhattisgarh
Swami Vivekanand Technical University (CSVTU), Bhilai, C.G., India to the best of my knowledge
and belief the report embodies the work of the candidates and duly been successfully completed.

Signature of Supervisor /Guide

Name: Dr. Sanjeev Karmakar

Designation: Assistant
Professor, B.I.T, Durg
Date: 20-06-2020

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

DECLARATION BY THE CANDIDATE

I Ankita Navlani student of 6th Semester MCA, Bhilai Institute of Technology, Durg(C.G.) India, hereby
declare that the project entitled SecPod SanerNOW(Endpoint Security and Management) has been
carried out by me under the Guidance/Supervision of Guide Dr. Jyothi Pillai, Associate Professor of
Guide Submitted in partial fulfillment of the requirement for the award of the Degree of Master of
Computer Application (MCA) by the Chhattisgarh Swami Vivekananda Technical
University(CSVTU) during the academic year 2017-2020. This report has not been submitted to any other
organization /university for any award of Degree/Diploma.

(Signature of Candidate)

Ankita Navlani

Date: 20-06-2020
Place: Durg

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

CERTIFICATE OF FORWARDING

This is certify that Ankita Navlani, a bonafide Student Of Master of Computer Applications (M.C.A.)
at Bhilai Institute of Technology, Durg C.G., India, has carried out there Project work as mentioned in
this project entitle “SecPod SanerNOW(Endpoint Security and Management)” at B.I.T, Durg
Chhattisgarh Swami Vivekananda Technical University (CSVTU), Bhilai, C.G., India to which the
institute is affiliated.

This certificate is issued by the undersigned does not cover any responsibility regarding the statement made
and carried out by the concerned student.

The current dissertation is hereby forwarded for evaluation for the purpose for which it has been submitted

Signature of Project Coordinator Signature of Head of Department

Name Dr. Sanjeev Karmakar Name: Dr. Jyothi Pillai

Designation: Assistant Professor Designation: Associate Professor
Institution: B.I.T, Durg Institution: B.I.T, Durg
Date: 20-06-2020 Date: 20-06-2020

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

CERTIFICATE OF APPROVAL

This is to Certify that the project the entitled “SecPod SanerNOW(Endpoint Security and
Management)”, carried out by “Ankita Navlani” students of sixth semester, M.C.A. at Bhilai Institute
of technology, Durg, C.G., India, is hereby approved after proper examination and evaluation as a
creditable work for the partial fulfillment of the requirement for awarding the degree Master of Computer
Application(M.C.A.) from Chhattisgarh Swami Vivekananda Technical University(CSVTU), Bhilai
C.G. India.

(Internal Examiner) (External Examiner)

Name: Dr. Sanjeev Karmakar Name:
Designation: Assistant Professor Designation:
Collage Name: B.I.T, Durg College Name:
Date: 20-06-2020 Date:

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

ACKNOWLEGEMENT

I have great pleasure in the submission of this project report entitled “SecPod SanerNOW(Endpoint
Security and Management)” of the Institute in partial fulfillment of the degree of Master of Computer
Application. While submitting this Project report, I like this opportunity to thanks those directly or
indirectly related to project work. I would like to thank my Guide Dr. Jyothi Pillai who has provided the
opportunity and organizing project for me. Without her active co-operation and guidance, it would have
become very difficult to complete task in time.

I would like to express sincere thanks to Dr. Ramesh, Head of Department, (Computer Applications).

While Submission of the project, I also like to thanks again Dr. Sanjeev Karmakar Sir Project Coordinator
and the all Professors of Bhilai Institute of Technology, Durg, C.G., India, for their continuous help and
guidance throughout the course of M.C.A

Acknowledgement is due to our parents, family members, friends and all those persons who have helped
us directly or indirectly in the successfully completion of the project work.

Ankita Navlani - 500102117003

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

Abstract

The subsystem “Endpoint Security and Management” of the system “SecPod SanerNOW” has been
developed with a motive of providing ease to the endpoints or the users to secure their respective system
from external vulnerabilities and threats. The prime goal is to enhance system functionality of number of
users in one go with single account. This feature enhances the security as well as portability of the users’
systems.

The “Endpoint Security and Management” allows companies to create their account upon “SecPod
SanerNOW” within trial or subscription basis based upon which the services and number of users to be
subscribed depends on. The companies are provided with number of services that can be opted based on
the requirements of several departments.

The soul functionality of the subsystem is to deploy agent to each user’s personal system and scan for all
the details of the system and provide it to “SecPod SanerNOW” where all the vulnerabilities and threats
are accounted and displayed in the “Endpoint Security and Management” subsystem. It also provides the
functionality of displaying dashboard with several features of creating and maintaining groups, accounts as
well as users.

The usage and the activities can also be traced using the audit logs feature. The enhancement of this
subsystem is in creation of customized reports that can be downloaded and analyzed based on users’
requirements. An effort has been made to fulfill requirements of endpoints with user-friendly interface and
feasible functionality to enhance platform usage.

Hardware Interface Software Interface

Processor: Intel core i3 1.90 GHz processor. Front End: JSP and Bootstrap.

Memory: 4 GB. Back End: MySql and Xampp.

Disk Space: 1 TB. Operating System: Windows 7(64 bit)

Browser: Internet Explorer, Google Chrome

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

Type of Project

Our project is semi detached type of project.

List of Tables

S.no. Name of Table Page no.

1 Data dictionary containing description of class attributes 8-12

2 Identification of input/output values 19-22

3 Code Description 32-33

4 Black-Box Testing(Unit test) 38-40

5 White-Box Testing(Unit Program Test) 40-41

List of Figures

S.no. Name of figure Page no.

1 Dynamic Modeling

1.1 Event flow diagram 14-15

16-17
1.2 State diagram

2 Functional Model

2.1 Use case diagram 18

2.1 Data flow diagram 23-24

3 Database Design

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

3.1 Schema definition including keys 25

3.2 E-R diagram 26

List of Abbreviation/Symbol

• DFD Data Flow Diagram

• ER Entity Relationship
• COCOMO Constructive Cost Model
• JSP Java Server Pages
• UFS Unadjusted Function Point
• CAF Complexity Adjustment Factor
• DFP Derived Function Point

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

Table Content

No. Content Page No.

1. Introduction 1

1.1. Project Description 1

2. System Study 1-2

2.1. Existing System 1

2.2. Proposed System 1

2.3. Feasibility Study 2

3. Software Requirement Specification 2-8

3.1. Introduction 2

3.1.1 Purpose of SRS 2-3

3.1.2 Scope 3

3.1.3 References 3

3.2. Overall Description 3

3.2.1 Product Perspective 3

3.2.2 Product Function 4

3.2.3 User Characteristics 4

3.2.4 Constraints, Assumption and Dependencies 4

3.3. Non Functional Requirement 4

3.3.1 External Interface Requirement 4

3.3.2 User Interface 5

3.3.3 Hardware Interface 5

3.3.4 Software Interface 5

3.3.5 Communication Interface 5

3.4. Functional Requirements 5-7

3.5. Performance Requirements 7

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

3.5.1 Static Performance 7

3.5.2 Dynamic Performance 7

3.6. Design Constraints 8

3.6.1 Standards Compliance 8

3.6.2 Hardware Limitation 8

3.6.3 Reliability and Fault Tolerance 8

3.6.4 Security 8

4. System Design 8-26

4.1. Object/Class Model 8

4.1.1. Data Dictionary Containing Description of class 8-12

4.1.2. Association between classes 12

4.1.3 Class/object diagram

4.2. Dynamic Model 13

4.2.1. Scenario 13

4.2.2. Event Flow Diagram(EFD) 14-15

4.2.3. State Diagram 16-17

4.3. Functional Model 18

4.3.1. Use Case Diagram 18

4.3.2. Identification of input/output values 19-22

4.3.3. DFD as needed to show functional dependencies 23-24

4.4. Database Design 25

4.4.1. Schema Description including keys 25

4.4.2. E-R Diagram 26

5. Implementations 27-37

5.1. Operating System used 27

5.2. Coding Language Used 27

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

5.3. RDBMS used 27

5.4 Table Relationship Diagram 28

5.5. Database Connectivity Procedure 29-31

5.6. Code Description 32-33

5.7 Input/output Interface(Screen Shots) 34-37

6. Software Testing 38-41

6.1. Software Testing Tools Used(if any) 38

6.2 Black-Box Testing 38

6.2.1. Unit(Program) Testing 38-40

6.3. White-Box Testing

6.3.1. Unit(Program) Testing 40-41

7. Software Costing By Using COCOMO Model 42-45

8. Limitations 45

9. Conclusions 45-46

10 Bibliography 46

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

SecPod SanerNOW

INTRODUCTION

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

1 SecPod SanerNOW

1. Introduction
1.1. Project Description

This Project SecPod SanerNOW is an online application. It has focused on providing multiple
uses through single platform by simplifying the IT security and management efforts to reduce costs.
SanerNow platform Queries and Monitors Endpoints, Analyzes the Security Posture, and Responds
to Bring Endpoints or the host computers to an Approved State.

The subsystem ‘SanerNow’ empowers the system through network, takes proactive actions and
protects the system against threats. It enables the companies to register themselves with the
SanerNow platform and add its respective users along with the management tools opted for the
different users.

This platform provides with a huge amount of subscriptions to provide a cost-effective solutions to
the companies against security threats from external environment.

2. System Study

2.1. Existing System

The systems existed previously faced a number of issues related to defending their endpoints
against the security threats. The companies had to pay huge amount as well as had to engage large
amount of resources like memory and other hardware components only to safeguard their endpoint
systems against security threats.

The other common problem faced by big enterprises was the platform compatibility issue since
each department couldn’t work upon same hardware configurations so providing security solutions
to these endpoints was a bigger challenge.

2.2. Proposed System

The system proposed is the Secpod SanerNow which has been designed to eradicate the issues
being faced by the enterprises due to the existing system. This website enables companies to
register and use the facilities of scanning the vulnerabilities nad threats of the system. The proposed
system also helps manage the endpoints.The system provides proper security and threat recognition
interface.

1. Single platform, multiple use cases.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

2 SecPod SanerNOW

2. Ensure data accuracy.

3. Proper control on the endpoints being managed.

4. Monitors and manages endpoints.

5. Reduce up to 60% of IT product investment.

6. Simplify endpoint security and systems management.

7. Better services.

8. User friendliness and interactive.

9. Deploy in minutes for immediate results.

2.3. Feasibility Study

After doing the project SecPod SanerNOW, study and analyzing all the existing or required
functionalities of the system, the next task is to do the feasibitity study for the project. All projects
are feasible– given an unlimited resources and infinite time.

Feasibility Study includes consideration of all the possible ways to provide a solution to the given
problem. The proposed solution should satisfy all the user requirement and should be flexible
enough so that future changes can be easily done based on the future upcoming requirements. The
various feasibility studies are:

• Technical Feasibility

• Operational Feasibility

• Economic Feasibility

2.3.1. Economical Feasibility

This is very important aspect to be considered by developing a project. We decided the technology
based on minimum possible cost factor.

1. All hardware and software cost has to be borne by the organization.

2. Overall we have estimated that the benefits the organization is going to receive from the proposed
system will surely overcome the initial costs and the later on running cost for system.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

3 SecPod SanerNOW

2.3.2. Technical Feasibility

This includes the study of the function, performance and constraints that may affect the ability to
achieve an acceptable system. For this feasibility study, we studied complete functionality to be
provided in the system, as described in the System Requirement Specification(SRS), and checked
if everything was possible using different type of front end and backend platforms.

2.3.3. Operational Feasibility

No doubt the proposed system is fully GUI based that is very user friendly and all the inputs to be
taken all self-explanatory even to a layman. Besides, a proper training has been conducted to let
known the essence of the system to the users so that they feel comfortable with new system. As far
our study is concerned the clients are comfortable and happy as the system has cut down their loads
and doing.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

4 SecPod SanerNOW

Software Requirement
Specification

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

5 SecPod SanerNOW

3. Software Requirement Specification

3.1 Introduction

3.1.1. Purpose of SRS

The purpose of the document is to collect and analyze all assorted ideas that have come up to define
the system, its requirements with respect to consumers. Also, we shall predict and sort out how we
hope this product will be used in order to gain a better understanding of the project, outline concepts
that may be developed later, and document ideas that are being considered, but may be discarded
as the product develops.
In short, the purpose of this SRS document is to provide a detailed overview of our software
product, its parameters and goals. This document describes the project's target audience and its user
interface, hardware and software requirements. It defines how our client, team and audience see the
product and its functionality. Nonetheless, it helps any designer and developer to assist in software
delivery lifecycle (SDLC) processes.

3.2. Overall Description

3.2.1. Product Perspective

The project SecPod SanerNOW stores the following information:

• The main objective of the endpoint security and management is to scan the company and its users’
details from their respective systems and check for the vulnerabilities and threats,if any.
• It also concentrates upon providing hign performance with searching results in less than a second
• The agents being provided by the platform supports multi compatability.
• This platform also tracks the records of company along with its users and their status.It shows the
alerts regarding different aspects.

3.2.2. Product Function

The main functionality of the Project on SecPod SanerNOW is to query the system, monitor the
changes, analyze the system for risks and threats and respond to fix the issues.

Functionalities provided by SecPod SanerNOW are as follows:

1. It continuously monitors the system for which the users have been registered.
2. The system accounts for the subscriptions being done by company.
3. It deploys the system immediately to the user’s system.
4. It provides the audit logs containing record of each activity of all users.
5. It facilitates the provision of adding accounts within the company details.
6. The system also shows alerts on various notifications.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

6 SecPod SanerNOW

7. SecPod also maintains control panel for updating system details.

8. The important function provided by the project is to email the users containing information.

3.2.3. User Characteristics

The system after careful analysis has been identified to be presented with the following sub-systems
and roles. The sub-systems involved are:

1. User

The user is the company that would request for scanning their system against the threats and
vulnerabilities. The user can either be a for demo purpose or with subscription plans.

3.2.4. Constraints, Assumptions and Dependencies

1. User is allowed to SignIn & SignUp.

2. The internet connection is the major. Since the application fetches the data from the
database over the internet.

3.2.5. Assumptions
1. The code should be free with compilation errors/syntax error
2. The product must have an interface which is simple enough to understand

3.2.6. Dependencies
1. All necessary hardware and software are available for the implementing and use of the tool.

2. The proposed system would be designed, development and implemented based on the SRS
documents.

3. End users should have basic knowledge of computer and we also assure that the users will be
given software training documentation and reference material.

4. The system in not required to save the generated reports.

3.3. Non Functional Requirement

• External Interface Requirement
• Client End – JAVA SERVER PAGE AND JDBC INTERFACE
• Server End – MYSQL (ORACLE 10g)
• Server Installation – APACHE TOMCAT

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

7 SecPod SanerNOW

Front End:
• Cascading Style Sheet: - Cascading style sheets are used to format the layout of Web pages. Now
these days it is also used to format the mobile application. They can be used to define text styles,
table sizes, and other aspects of Smart Phone that previously could only be defined in a page's
HTML. CSS describes how HTML elements are to be displayed on screen, paper, or in other media
External style is stored in SCSS files in Ionic project folder.
• Hyper Text Mark-up Language 5: - HTML5 is the latest version of Hypertext Mark up Language,
the code that describes web pages. It's actually three kinds of code: HTML, which provides the
structure; Cascading Style Sheets (CSS), which take care of presentation; and JavaScript, which
makes things, happen. HTML is a mark up language used for structuring and presenting content
on the World Wide Web. It is the fifth and current major version of the HTML standard. HTML5
is the latest and most enhanced version of HTML. Technically, HTML is not a programming
language, but rather a mark up language. HTML5 introduces a number of new elements and
attributes that can help you in building modern websites or Smart phone. Here is a set of some of
the most prominent features introduced in HTML5.
▪ New semantic element-header footer, section
▪ Forms 2.0
▪ Persistent local storage
▪ Micro data
▪ Drag and Drop

• BOOTSTRAP: - Bootstrap is a free and open-source front-end framework (library) for

designing websites and web applications. It contains HTML and CSS-based design templates
for typography, forms, buttons, navigation and other interface components, as well as
optional JavaScript extensions. Unlike many web frameworks, it concerns itself with front-end
development only.
▪ JavaScript: - JavaScript is a programming language commonly used in web development. It was
originally developed by Netscape as a means to add dynamic and interactive elements to websites.
While JavaScript is influenced by Java, the syntax is more similar to C and is based on ECMA
Script, a scripting language developed by Sun Microsystems.
JavaScript is a client-side scripting language, which means the source code is processed by the
client's web browser rather than on the web server. This means JavaScript functions can run after a
webpage has loaded without communicating with the server

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

8 SecPod SanerNOW

• jQuery: - jQuery is a fast and concise JavaScript Library that simplifies HTML document traversing,
event handling, animating, and Ajax interactions for rapid web development. jQuery is designed to
change the way that you write JavaScript.

BACK END:
• Java Server Pages:
Java Server Pages (JSP) is a server-side programming technology that enables the creation of
dynamic, platform-independent method for building Web-based applications. JSP have access to
the entire family of Java APIs, including the JDBC API to access enterprise databases. JSP are
always compiled before they are processed by the server unlike CGI/Perl which requires the server
to load an interpreter and the target script each time the page is requested.
• Apache Tomcat:
Apache Tomcat, also known as Tomcat Server, proves to be a popular choice for web developers
building and maintaining dynamic websites and applications based on the Java software platform.
It’s reportedly called Tomcat because the founder saw it as an animal that could take care of and
fend for itself. Similarly, Apache Tomcat is contributed to by developers all over the world, so it
takes care of itself in that way.

User Interface

The new system shall provide a very intuitive and simple interface to the user and the
administrator, so that the user can easily navigate through pages and the administrator can easily
manage accountants and revoke user permissions.

3.3.1. Hardware Interface

3.3.1.1. Server Side
The web application will be hosted on a web server which is listening on the web standard
port, port 80.

3.3.1.2. Client Side

• Monitor screen – the software shall display information to the user via the monitor screen.
• Mouse – the software shall interact with the movement of the mouse and the mouse buttons.
The mouse shall activate areas for data input, command buttons and select options from
menus.
• Keyboard – the software shall interact with the keystrokes of the keyboard. The keyboard
will input data into the active area of the database.

3.3.2. Software Interface

• Operating System – Windows 7, 8, XP or higher

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

9 SecPod SanerNOW

• MYSQL 10g for database

• Eclipse Neon 3(JAVA)
3.3.3. Communication Interface
• Apache Tomcat Server (Version 9.0), Web Browser

3.4. Functional Requirement

3.4.1. Sign up Sub-system
This sub system enables the user to register into the system by providing basic login details with
the password and company details.

3.4.2. Sign in Sub-system

This sub system enables the user to login into the platform by the entering appropriate credentials.

3.4.3. Overview Sub-system

This sub system is displayed when the user logs into the system and provides dashboard of overall
activities like activated account, number of subscriptions taken, invoice, the services being used,
etc.

3.4.4. Provision Saner Deployment Sub-system

This sub-system is provided to get the link for getting agent software being deployed with different
operating systems.

3.4.5. Devices Sub-system

Devices: This component displays the device details which has been recorded into the system.

Create group: It creates the groups of the users along with their host or IP addresses.

3.4.6. Reports Sub-system

This sub system enables the user to generate custom reports with their specific requirements. It also
provides an important feature of downloading the report in pdf format.
3.4.7. Alerts Sub-system
This sub system is provided by the platform to show the alerts of particular user along with its
accounts.
3.4.8. Audit logs Sub-system
This sub system is designed to provide the information or the logs of all the accounts of particular
organization to keep an eye upon all the activities.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

10 SecPod SanerNOW

3.4.9. Control Panel Sub-system

Accounts: This component enables the company to add new accounts with its images and
subscriptions.
User: This component enables the company to add new users with different roles and services.
Mail settings: This component enables the company to add smtp details of account and user to get
updated through mail.
Two factor authentication : This component enables the company to select either enforce or revoke
options.
Logo : This component enables the company to select account logo image.
3.5. Performance Requirement
3.5.1. Static Performance
• Number of terminal to be supported: NA
• Number of user to be supported: Only those users that are registered.

3.5.2. Dynamic Performance

• Server site: Insertion, Deletion, Update, Searching.
• Client site: Accessibility.

3.6. Design Constraints

3.6.1. Standard Compliance
• The system shall be built using a standard web page development tool that conforms to
Microsoft’s GUI standard like HTML, XML etc.
• The output must be compatible with W3C XHTML 1.0.
• System administrators must have access to comprehensive documentation.

3.6.2. Hardware Limitation

• Types of machines configuration to be used.
• Operating system available.
• Languages supported.
• Limits on primary and secondary storage.
• Bandwidth limitation of the dedicated server.

3.6.3. Reliability and Fault Tolerance

The reliability of the overall program depends on the reliability of the separate components.

• Recovery requirements.
• Data backup capabilities of a server.
• Enhanced Validation at the inputs.
• Customer Support Contacts.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

11 SecPod SanerNOW

3.6.4. Security
• Security to the user from threats and vulnerabilities.
• Control access to the scanned logs from endpoints.
• Maintain sign-in and sign-out.
• Provides threat recognition and solutions to ensure security.
• Custom reports on regular basis to update the logs and system scan.

3.7. Other Requirements

1. Correctness – Extend to which program satisfies specifications, fulfills user’s mission

objectives.
2. Efficiency - amount of computing resources and code required to perform function.
3. Flexibility - effort needed to modify operational program.
4. Interoperability - effort needed to couple one system with another.
5. Reliability - extent to which program performs with required precision.
6. Testability - effort needed to test to ensure performs as intended.
7. Usability - effort required to learn, operate, prepare input, and interpret output.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

12 SecPod SanerNOW

System Design

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

13 SecPod SanerNOW

4. System Design
4.1. Object Class Model

Object modeling develops the static structure of the software system in terms of objects. It identifies the
objects, the classes into which the objects can be grouped into and the relationships between the objects.
It also identifies the main attributes and operations that characterize each class.

• The process of object modeling can be visualized in the following steps:

• Identify objects and group into classes
• Identify the relationships among classes
• Create user object model diagram
• Define user object attributes
• Define the operations that should be performed on the classes

4.1.1. Data Dictionary Containing Description of Class

Table: user
Fields Data Type Description Range

u_id for the unique user -2,147,483,648 to

u_id int(11)
identification. 2,147,483,647.

Correct type of user to

u_type varchar(100) 0 to 255
provide access.

Enter Password for

u_email varchar(100) 0 to 255
successful login.

Enter firstname of the

u_firstname varchar(100) 0 to 255
user.

Enter firstname of the

u_lastname varchar(100) 0 to 255
user.

Enter a strong
u_pass varchar(100) 0 to 255
password.

u_confirmPass varchar(100) Re-enter the password. 0 to 255

Enter the company

u_company varchar(100) 0 to 255
name associated with.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

14 SecPod SanerNOW

Table: company_details

Fields Data Type Description Range

Enter unique company -2,147,483,648 to

comp_id int(11)
id 2,147,483,647.

Enter the user id of the -2,147,483,648 to

u_id int(11)
user 2,147,483,647.

Enter valid name of

comp_name varchar(100) 0 to 255
company

Enter company
comp_dept varchar(100) 0 to 255
department

Enter company
comp_designation varchar(100) 0 to 255
designation

Enter company mobile -2,147,483,648 to

comp_mobile int(11)
no. 2,147,483,647.

Table: company_address

Fields Data Type Description Range

Enter unique -2,147,483,648 to

comp_id int(11)
company id 2,147,483,647.

Enter company
comp_building varchar(100) 0 to 255
building number

comp_area varchar(100) Enter company area 0 to 255

comp_city varchar(100) Enter company city 0 to 255

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

15 SecPod SanerNOW

Enter company
comp_state varchar(100) 0 to 255
state

Table: company_finance

Fields Data Type Description Range

Enter unique -2,147,483,648 to

comp_id int(11)
company id 2,147,483,647.

Enter the company

comp_currencyCode varchar(100) 0 to 255
currency code

Enter if GST
comp_gstAvail varchar(100) 0 to 255
available

comp_gstin varchar(100) Enter GST No. 0 to 255

Table: provision_tool

Fields Data Type Description Range

Enter unique -2,147,483,648 to

prov_tool_id int(11)
provision tool id 2,147,483,647.

Enter provision tool

prov_tool_type varchar(100) 0 to 255
type

Table: user_account

Fields Data Type Description Range

Enter unique -2,147,483,648 to

comp_id int(11)
company id 2,147,483,647.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

16 SecPod SanerNOW

Enter unique -2,147,483,648 to

prov_tool_id int(11)
company id 2,147,483,647.

Enter unique -2,147,483,648 to

account_id int(11)
company id 2,147,483,647.

account_name varchar(100) Enter account name 0 to 255

Enter valid
org_name varchar(100) 0 to 255
organization name

email_id varchar(100) Enter email id 0 to 255

Enter total
subscription varchar(100) 0 to 255
subscriptions

Enter proper user

user_role varchar(100) 0 to 255
roles.

Input the account

acc_image varchar(100) 0 to 255
image

Validate the
agent_autoupdate varchar(100) 0 to 255
autoupdate feature

Table: invoice

Fields Data Type Description Range

Get unique -2,147,483,648 to

invoice_no int(11)
invoice_no. 2,147,483,647.

-2,147,483,648 to
u_id int(11) Get unique user id
2,147,483,647.

date varchar(100) Get proper date 0 to 255

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

17 SecPod SanerNOW

total_cost varchar(100) Get the total cost 0 to 255

Get the status of the

status varchar(100) 0 to 255
particular account

view varchar(100) Get a view 0 to 255

Table: audit_logs

Fields Data Type Description Range

Get unique job -2,147,483,648 to

job_code int(11)
code. 2,147,483,647.

-2,147,483,648 to
u_id int(11) Get the user id
2,147,483,647.

-2,147,483,648 to
account_id int(11) Get the account id
2,147,483,647.

audit_date varchar(100) Get the audit date 0 to 255

Get the audit

audit_account varchar(100) 0 to 255
account

audit_user varchar(100) Get the audit user 0 to 255

Get the audit

audit_message varchar(100) 0 to 255
message

Table: alerts

Fields Data Type Description Range

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

18 SecPod SanerNOW

Provide provision -2,147,483,648 to

prov_tool_id int(11)
tool id 2,147,483,647.

Provide unique -2,147,483,648 to

condition_id int(11)
condition id 2,147,483,647.

Provide valid email

email varchar(100) 0 to 255.
id.

Get the
subscription_status varchar(100) 0 to 255
subscription status

Table: alert-condition

Fields Data Type Description Range

Enter unique -2,147,483,648 to

condition_id int(11)
condition id 2,147,483,647.

Enter condition
condition_name varchar(100) 0 to 255
name

Table: deployment

Fields Data Type Description Range

Enter deployment
deploy_action varchar(100) 0 to 255
action

Enter deployment
deploy_method varchar(100) 0 to 255
method

Enter unique -2,147,483,648 to

download_id int(11)
download id 2,147,483,647.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

19 SecPod SanerNOW

Table: device_account

Fields Data Type Description Range

Enter unique -2,147,483,648 to

group_id int(11)
condition id 2,147,483,647.

Enter condition -2,147,483,648 to

download_id int(11)
name 2,147,483,647.

Enter appropriate
host_name varchar(100) 0 to 255
host name

ip_address varchar(100) Enter IP address 0 to 255

mac_address varchar(100) Enter MAC address 0 to 255

Enter appropriate
operating _system varchar(100) 0 to 255
operating system

Activate saner
saner_enable varchar(100) 0 to 255
enable

Enter appropriate
group_name varchar(100) 0 to 255
group name

Enter last seen

last_seen varchar(100) 0 to 255
name

Table: group

Fields Data Type Description Range

Enter unique group -2,147,483,648 to

group_id int(11)
id 2,147,483,647.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

20 SecPod SanerNOW

Enter unique user -2,147,483,648 to

u_id int(11)
id 2,147,483,647.

group_name varchar(100) Enter group name 0 to 255

Enter group
group_desc varchar(100) 0 to 255
description

group_criteria varchar(100) Enter group criteria 0 to 255

Table: agent_download

Fields Data Type Description Range

Enter unique -2,147,483,648 to

download_id int(11)
download id 2,147,483,647.

Enter operating
operating_system varchar(100) 0 to 255
system

Enter operating
bit varchar(100) 0 to 255
system bit

Table: mail_setting

Fields Data Type Description Range

Enter unique -2,147,483,648 to

account_id int(11)
account id 2,147,483,647.

-2,147,483,648 to
u_id int(11) Enter unique user id
2,147,483,647.

smtp_port varchar(100) Enter valid SMTP port 0 to 255

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

21 SecPod SanerNOW

smtp_host varchar(100) Enter valid SMTP host 0 to 255

ssl_trust varchar(100) Enter valid SSL trust 0 to 255

4.1.2. Association between Classes

An object/class relationship is an association that exists between one or more objects/classes. It is defined
by business rules and /or common practices. There are four types of relationships among classes:
Association, generalization, dependency and realization.
-
Association- Main type of relationship describing the possible set of associations among objects of the
associated classes.

l
Secpod SanerNOW

Sign-In

User

Account Group
Deploy agent in
endpoints

Provision Tools Create Manage

Collect logs for

Manage Provide
scanning
Subscription

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

22 SecPod SanerNOW

4.1.3. Class/Object Diagram

User signin/signout Account Details Device Details Invoice

-Add Account: String -HostName : String -User_Details

-Username: String
-EditAccount: String -Provision_Details
-Password: String -IP Address: String
-Add Subscriptions: -Group_Details
String -MAC Address: String
+GetName: UserName -
-SetDate: Date
+AddAccount: Add - email:String +GetTotalDays():Activ
+ GetPass: Password
+Scan() : threats ate
+ EditAccount: Edit
+ Verification()
+Collect_logs(): agent + GetUserSubscription
+ AccountDetails()
+ Logout()
+ DeviceDetails() + Invoice_No.
+ AddSubscriptions()
+ Logout()

Control_panel User

-Login/Logout
-AddAccountDetail
-DeployAgent
- AddUserDetail

-ManageAccounts -AddAccount

-ManageUsers -RegisterUser

-TwoWayAuthentication -Overview

-AuditLogs -CustomReports

-Alerts

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

23 SecPod SanerNOW

4.2. Dynamic Model

Dynamic Modeling After the static behavior of the system is analyzed, its behavior with respect to
time and external changes needs to be examined. This is the purpose of dynamic modeling.
Dynamic Modeling can be defined as “a way of describing how an individual object responds to
events, either internal events triggered by other objects, or external events triggered by the outside
world”.

• The process of dynamic modeling can be visualized in the following steps:

• Identify states of each object
• Identify events and analyze the applicability of actions
• Construct dynamic model diagram, comprising of state transition diagrams
• Express each state in terms of object attributes
• Validate the state–transition diagrams drawn
4.2.1. Event Flow Diagram

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

24 SecPod SanerNOW

User
4.2.2. State Diagram

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

25 SecPod SanerNOW

4.3. Functional Model

Functional Modeling is the final component of object-oriented analysis. The functional model shows
the processes that are performed within an object and how the data changes

As it moves between methods. It specifies the meaning of the operations of object modeling and the
actions of dynamic modeling. The functional model corresponds to the data flow diagram of
traditional structured analysis.

The process of functional modeling can be visualized in the following steps:

• Identify all the inputs and outputs .

• Construct data flow diagrams showing functional dependencies.
• State the purpose of each function.
• Identify constraints.
• Specify optimization criteria.

4.3.1. Use Case Diagram

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

26 SecPod SanerNOW

4.3.2. DFD as needed to show functional dependencies

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

27 SecPod SanerNOW

4.4. Database Design

4.4.1. Schema Description including Keys

The database used in our application namely

Database name: secpod_database
Table names are:
i. user
ii. company_details
iii. company_address
iv. company_finance
v. provision_tool
vi. user_account

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

28 SecPod SanerNOW

vii. invoice
viii. audit_logs
ix. alerts
x. alert_condition
xi. deployment
xii. device_account
xiii. group
xiv. agent_download
xv. mail_setting

Description:

i. The user table stores the details of the users being registering themselves with the secpod.
Fields: u_id, u_type, u_email, u_firstname, u_lastname, u_pass, u_confirmPass,
u_company.
Primary key: u_id.

ii. The company_details table stores the details of the company for which the endpoins needs
to get scanned against vulnerabilities and threats.
Fields: comp_id, u_id, comp_name, comp_dept, comp_designation,comp_mob.
Primary key: comp_id

iii. The company_address table stores all the details of the company address.
Fields : comp_id, comp_building, comp_area, comp_city, comp_state, comp_country,
comp_zip, comp_fax
Foreign key: comp_id

iv. The company_finance stores the details of the company related finance.
Fields: comp_id, comp_currencyCode, comp_gstAvail, comp_gstin
Foreign key: comp_id

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

29 SecPod SanerNOW

v. The provision_tool table stores the services upon which the security would be provided
by the platform.
Fields: prov_tool_id, prov_tool_type
Primary key: prov_tool_id.

vi. The user_account table stores the account details added by the user or the company.
Field: account_id , comp_id, prov_tool_id, account_name, org_name, email,
subscription, user_role, acc_image, agent_autoupdate
Primary key: account_id

vii. The invoice table generates a unique invoice no. for the user to extract the billing details.
Field: invoice_no, u_id, date, total_cost, status, view
Primary key: invoice_no

viii. The audit_logs table displays all the log details of the activities being happened by all the
accounts of the user.
Field: job_code, u_id, account_id, audit_date, audit_account, audit_user, audit_message
Foreign keys: u_id, account_id

ix. The alerts table displays the alert warnings for the user regarding the notifications.
Field: prov_tool_id, subscription_status, email, condition_id
Foreign keys: prov_tool_id, condition_id

x. The alert_condition table stores all the conditions regarding the alerts being displayed to
the user.
Field: condition_id,condition_name
Primary key: condition_id

xi. The deployment table stores the ways and actions to be opted by the user for getting secpod
agent within the endpoints.
Field: deploy_action, deploy_method, download_id

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

30 SecPod SanerNOW

Foreign key: download_id

xii. The device_account table displays the overview of the device added to the platform being
scanned.
Field: group_id, host_name, ip_address, mac_address, operating_system, saner_enable,
group_name, last_seen, download_id
Foreign keys: group_name, download_id

xiii. The group table stores the basic information of the groups being created in particular
account.
Field: group_id, u_id, group_name, group_desc, group_criteria
Primary key: group_id

xiv. The agent_download table stores the information of the operating system and bit related
links for deployment of the agent into the endpoints.
Field: download_id, operating_system, bit
Primary key: download_id

xv. The mail_setting table stores the details related to email being done to the user regarding
updates.
Field: account_id, u_id, smtp_port, smtp_host, ssl_trust
Foreign key: account_id, u_id

Database Tables:-

i. user
Name Type

u_id int

u_type varchar

u_email varchar

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

31 SecPod SanerNOW

u_firstname varchar

u_lastname varchar

u_pass varchar

u_confirmPass varchar

u_company varchar

ii. company_details
Name Type

comp_id int

u_id int

comp_name varchar

comp_dept varchar

comp_designation varchar

comp_mobile int

iii. company_address
Name Type

comp_id int

comp_building varchar

comp_area varchar

comp_city varchar

comp_state varchar

iv. company_finance
Name Type

comp_id int

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

32 SecPod SanerNOW

comp_currencyCode varchar

comp_gstAvail varchar

comp_gstin varchar

v. provision_tool

Name Type
prov_tool_id int

prov_tool_type varchar

vi. user_account

Name Type
comp_id int

prov_tool_id int

account_id int

account_name varchar

org_name varchar

email_id varchar

subscription varchar

user_role varchar

acc_image varchar

agent_autoupdate varchar

vii. invoice

Name Type
invoice_no int

u_id int

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

33 SecPod SanerNOW

date varchar

total_cost varchar

status varchar

view varchar

viii. audit_logs

Name Type
job_code int

u_id int

account_id int

audit_date varchar

audit_account varchar

audit_user varchar

audit_message varchar

ix. alerts

Name Type
prov_tool_id int

condition_id int

email varchar

subscription_status boolean

x. alert-condition

Name Type
condition_id int

condition_name varchar

xi. deployment
Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020
34 SecPod SanerNOW

Name Type
deploy_action varchar

deploy_method varchar

download_id int

xii. device_account

Name Type
group_id int

download_id int

host_name varchar

ip_address varchar

mac_address varchar

operating _system varchar

saner_enable boolean

group_name varchar

last_seen varchar

xiii. group

Name Type
group_id int

u_id int

group_name varchar

group_desc varchar

group_criteria varchar

xiv. agent_download

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

35 SecPod SanerNOW

Name Type
download_id int

operating_system varchar

bit varchar

xv. mail_setting

Name Type
account_id int

u_id int

smtp_port varchar

smtp_host varchar

ssl_trust varchar

4.4.2. E-R Diagram

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

36 SecPod SanerNOW

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

37 SecPod SanerNOW

IMPLEMENTATION

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

38 SecPod SanerNOW

5. Implementations

5.1. Operating System Used

• Windows, which is an operating system for computers. It is more reliable, compatible and fast. It
is user friendly too.

• There's absolutely nothing to do with operating system. I have worked in Windows; Mac and
Linux .It was all same.

• You get different tools to run your pages in local host. And that can be the difference.

• But in window easy to install the XAMPP in windows and start the apache service is easy
compared to Linux.

• Windows for developing - simply because it's my main OS and most popular OS.

• Hardware: - Processor Intel dual core and above .

• Internet Connection:- Existing telephone lines, Data card.

• Browser: - Google Chrome, Firefox, Internet Explorer 10 all in latest version.

5.2. Coding Language Used

Client Side: HTML , JavaScript , Bootstrap , AJAX

1. HTML : HTML (HyperText Markup Language) is the most basic building block of the Web.
It defines the meaning and structure of web content. Other technologies besides HTML are
generally used to describe a web page's appearance/presentation (CSS) or
functionality/behavior (JavaScript).

2. JavaScript : JavaScript (JS) is a lightweight, interpreted, or just-in-time compiled

programming language with first-class functions. While it is most well-known as the scripting
language for Web pages, many non-brower environments also use it, such as Node.js, Apache
CouchDB and Adobe Acrobat. JavaScript is a prototype-based, multi-paradigm, single-
threaded, dynamic language, supporting object-oriented, imperative, and declarative (e.g.
functional programming) styles.

3. Bootstrap : Bootstrap is the most popular HTML, CSS, and JavaScript framework for
developing responsive, mobile-first websites. Bootstrap is a free and open-source CSS
framework directed at responsive,mobile-first front-end web development. It contains CSS

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

39 SecPod SanerNOW

and (optionally) Javascript-based design templates for typography, forms, buttons,

navigation and other interface components.

4. AJAX: AJAX tutorial covers concepts and examples of AJAX technology for beginners and
professionals.AJAX is an acronym for Asynchronous JavaScript and XML. It is a group
of inter-related technologies like JavaScript, DOM, XML, HTML/XHTML, CSS,
XMLHttpRequest, etc.AJAX allows us to send and receive data asynchronously without
reloading the web page. So it is fast.AJAX allows us to send only important information to
the server not the entire page. So only valuable data from the client side is routed to the server
side. It makes your application interactive and faster.

Server Side: MySQL , Apache Tomcat , JSP

1. JSP: Java Server Pages (JSP) is a Java standard technology that enables you to write dynamic, data-
driven pages for your Java web applications. JSP is built on top of the Java Servlet specification.
The two technologies typically work together, especially in older Java web applications. From a
coding perspective, the most obvious difference between them is that with servlets you write Java
code and then embed client-side markup (like HTML) into that code, whereas with JSP you start
with the client-side script or markup, then embed JSP tags to connect your page to the Java
backend.

2. MySQL: MySql is a database, widely used for accessing querying, updating, and managing data in
databases.

3. Apache Tomcat: Apache Tomcat, also known as Tomcat Server, proves to be a popular
choice for web developers building and maintaining dynamic websites and applications
based on the Java software platform. It’s reportedly called Tomcat because the founder saw
it as an animal that could take care of an d fend for itself. Similarly, Apache Tomcat is
contributed to by developers all over the world, so it takes care of itself in that way.

5.3. RDBMS Used

This is an RDBMS based project which is currently using MySQL for all the transaction
statements. MySQL is an open source RDBMS System.

• RDBMS is a database management system that is based on the relational model.

• Many popular databases currently in use are based on the relational database model.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

40 SecPod SanerNOW

• RDBMS have become a predominant choice for the storage of information in new databases
used for financial records, manufacturing and logistics information, personnel data, and much
more.
• Relational database have often replaced legacy hierarchical databases and network databases
because they are easier t understand and use.
• However, relational databases have been challenged by object databases, which were
introduced in an attempt t address the object-relational impedance mismatch in relational
database, and XML databases.

5.4. Table Relationship Diagram

5.5. Database Connectivity Procedure

Class.forName("com.mysql.jdbc.Driver");

Connection conn =
DriverManager.getConnection("jdbc:mysql://localhost:3306/feemanagement", "root", "");

Statement st=conn.createStatement();

Create Database: secpod

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

41 SecPod SanerNOW

Tables: user

• company_details

• company_address

• company_finance

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

42 SecPod SanerNOW

• provision_tool

• user_account

• invoice

• audit_logs

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

43 SecPod SanerNOW

• alerts

• alert_condition

• deployment

• device_account

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

44 SecPod SanerNOW

• group

• agent_download

• mail_setting

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

45 SecPod SanerNOW

5.6. Code Description

Subsystem 1 : User

File No. Source file name Description LOC

1. tryforfree.jsp User can register itself by

entering username and
password. 386

2. index.jsp Check credential for user.

546

3 overview.jsp Displays the status and

subscriptions of particular user.
1850

4 sanernow.jsp Main dashboard displaying

threats scanned.
1954

5 control.jsp Page displayingthe account’s

threat details. 458

6. CRcontrol.jsp Displaying the customized

reports
684

7 auditlog.jsp Showing overall activities

performed by users. 420

8 manage.jsp Manages the particular device.

955

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

46 SecPod SanerNOW

5.7. Input/output Interface(Screen Shots)

• Try for free

• Sign in

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

47 SecPod SanerNOW

• Overview

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

48 SecPod SanerNOW

• SanerNOW

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

49 SecPod SanerNOW

• Control

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

50 SecPod SanerNOW

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

51 SecPod SanerNOW

• Audit Logs

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

52 SecPod SanerNOW

• Reports

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

53 SecPod SanerNOW

SOFTWARE
TESTING

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

54 SecPod SanerNOW

6. Software Testing
6.1. Software Testing Tools Used(If any)
6.2. Black Box Testing
This method enables the software engineer to device set of input techniques that fully exercise all
functional requirements for a program . Black Box tests the input, the output and the external data. It
checks whether the input data is correct and whether we are getting the desired output.

6.3. Unit(Program) Testing

Unit testing tests the minimal software component, or module. Each unit (basic component) of the
software is tested to verify that the detailed design for the unit has been correctly implemented. In an
object-oriented environment, this is usually at the class level, and the minimal unit tests include the
constructors and destructors.

TEST CASES:

i) Purpose:
The main purpose of test cases is that the system should flow as it has been made, even if capture incorrect
data from the invoice it will indicate us with yellow or red colour. If we get data in field with yellow colour
indicate that the data which is captured by the system may be incorrect.
And data in field with red colour indicate that the data which is captured by the system is incorrect. The
flow of the system should go as it is defined by the developer.

ii) Required Input:

As an input the user only placed an invoice which is in the form of pdf or tif, in a particular location. If the
user placed an invalid format of invoice then only an empty batch will be created. But the expected
validations are kept so user will able to identify if any field capturing wrong data or not.

iii) Expected Result:

The result would be expected as per the system is made by the developer. The system is robust so even if
user tries to put value other than expected value, validations are kept at each & every point so the output
will be positive in each & every case.

2.3.1. Unit(Program) testing :-

Each module is considered independently. It focuses on each unit of software as implemented in
the source code. It is white box testing.]

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

55 SecPod SanerNOW

S. Test Test Steps Test Data Expected Actual Status

No. Scenario Result Result (Pass/
Fail)
01. Login as try Provide valid Name=xyz, New user
for free user details with account in
email id. Email=xyz@g SanerNOW with As Expected Pass
mail.com free 30 days
Password=*** service.

02. Login as paid Provide Name=xyz, New user

user details Account with
including Email=xyz@g unlimited As Expected Pass
company mail.com subscriptions
name Password=*** and additional
services.

03. Login with Enter sign in Empty data Please provide

empty data or login valid username
details and password As Expected Pass

04. Download Take No data Downloaded

SanerNow application required SanerNOW
application in from site setup in local As Expected Pass
local system based on OS PC.
of system

05. Install Complete Drive and Successful

SanerNOW installing location where Installation of
application in SanerNOW in SanerNOW SanerNOW in our As Expected Pass
local system local system could be local System.
installed.

06. Not installing SanerNOW No data Unsuccessful

SanerNOW in application not required. working of
local system installed in SanerNOW web As Expected Pass
local system. application.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

56 SecPod SanerNOW

07. Specify the Check the No data Those services

services various required. will be started.
required for the services to be As Expected Pass
security provided
management

6.4. White Box testing

White box testing, by contrast to black box testing, is when the tester has access to the internal data
structures and algorithms (and the code that implement these).This type of testing is trying to enforce
the quality of the software system however “white box testing” is a cost effective method and is
compared very closely to “Black box testing”. The main jobs of these two functions have the same
purpose however it is majorly debated which one is more efficient and effective.

6.4.1. Unit(Program) Testing

Each module is considered independently. It focuses on each unit of software as implemented in the source
code. It is white box testing.

S.No. Name of the Page Loops Statement If else Statement Used

Used

01 tryforfree.jsp No Yes

02 index.jsp Yes No

03 overview.jsp Yes Yes

04 sanernow.jsp No No

05 control.jsp Yes Yes

06 CRcontrol.jsp Yes Yes

07 auditlog.jsp Yes No

08 manage.jsp No Yes

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

57 SecPod SanerNOW

Software Costing By Using

COCOMO Model

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

58 SecPod SanerNOW

7. Software Costing By Using COCOMO Model

COCOMO consists of a hierarchy of three increasingly detailed and accurate forms. Any of
the three forms can be adopted according to our requirements. These types of COCOMO
model:

1. Basic COCOMO Model

2. Intermediate COCOMO Model

Estimation of Effort:

Calculations –

1. BASIC MODEL :-

E=a*(KLOC)b

The above formula is used for the cost estimation for the basic COCOMO model, and
also is used in the subsequent models. The constant values a and b for the Basic Model
for the different categories of system:

Software Projects a b
Organic 2.4 1.05
Semi Detached 3.0 1.12
Embedded 3.6 1.20

The effort is measured in Person-Months and as evident from the formula is dependent
on Kilo-Lines of code. These formulas are used as such in the Basic Model calculations,
as not much consideration of different factors such as reliability, expertise is taken into
account, henceforth the estimate is rough.

So for our project “ SecPod SanerNOW ” the value of KLOC is 7.4040 and Project
type is Semi Detached so the value of a and b is 3.0 and 1.12 respectively.

Model Used: Semi Detached

Formula Used:
Effort=3.0(KLOC)1.12
Time= 2.5(Effort) .35

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

59 SecPod SanerNOW

Calculating Total Lines Of Code(LOC) :-

Web Page Name Number of Lines Of Code(LOC)

tryforfree.jsp 386

index.jsp 546

overview.jsp 1850

sanernow.jsp 1954

control.jsp 458

CRcontrol.jsp 684

auditlog.jsp 420

manage.jsp 955

Total LOC= 7273

KLOC= 7.273

Estimating Effort :

Effort = 3.0(7.273)1.12 Person-Month

Effort = 27.684 Person-Month

Estimating Time :

Time = 2.5(27.689).38

Time = 8.83 Months

So the cost estimation for the basic COCOMO model is 8.83 Person-Month.

Function Point Calculation :-

(1) Selection criteria:-

Parameters Quantity (Average)

External Input 15

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

60 SecPod SanerNOW

External Output 10

Logical Internal File 8

External Interface File 8

External Enquiry 2

(2) Calculating Unadjusted Function Point(UFP):-

For this require function point contribution of a parameter.

Function Type Simple Average Complex

External Input 3 4 6

External Output 4 5 7

Logical Internal File 7 10 15

External Interface File 5 7 10

External Enquiry 3 4 6

UFP=∑i-1 1.5∑j-1j-3 wij Cij,

UFP=15*4 + 10*5 + 8*10 + 8*7 + 2*4

UFP= 254

(3) Adjusted for the environment complexity (n) :-

S.No. Characteristics of system Influence factor Degree of influence

1 Data Communication Strong influence 5

2 Distributed processing No present 0

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

61 SecPod SanerNOW

3 Performance Objective Strong influence 5

4 Operation Configuration load Average influence 3

5 Transaction rate Strong influence 5

6 On-line data Entry Average influence 3

7 End-user efficiency Strong influence 5

8 On-line update Average influence 3

9 Complex Processing Logic Average influence 3

10 Re-usability Moderate influence 2

11 Installation case Moderate influence 2

12 Operational case Average influence 3

13 Desire to facilitate change Significant influence 4

14 Multiple sites Not present 0

n= 5+0+5+3+5+3+5+3+3+2+2+3+4+0

n=43

(4) Complexity Adjustment Factor (CAF)

CAF = 0.65 + 0.01 * 43

CAF=1.08

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

62 SecPod SanerNOW

(5) Delivered Function Point (DFP)

DFP=CAF * UFP

DFP= 254 * 1.08

DFP= 274.32

(6) Effort Estimation

• LOC oriented estimation models proposed in the literature :

• By Walston-Felix model:-
Effort = 5.2*(KLOC)0.91
Effort= 5.2*(7.273)0.91
=31.634 Person Month
• By Bailey-Basili model:-
Effort=5.5+0.73*(KLOC)1.16
Effort = 5.5+0.73*(7.273)1.16
= 12.793 Person Month
• By Boehm simple method :-
Effort = 3.2*( KLOC)1.05
Effort = 3.2*(7.273)1.05
= 25.700 Person Month
• By Doty model :-
Effort = 5.288 * (KLOC)1.047
Effort = 5.288 * (7.273)1.047
=41.99 Person Month
• FP oriented estimation models proposed in the literature:
• By Albrecht and Gaffney model:-
Effort = 13.39 + 0.0545 FP
Effort = 13.39 + 0.0545*(274.32)
= 28.34 Person Month
• By Kermerer model:-
Effort = 60.62 * 7.728 * 10-8 FP3
Effort = 60.62 * 7.728 * 10-8 (274.32)3
=96.70 Person Month
• By Matson, Barnett and mellichamp model:-
Effort = 585.7 + 15.12 FP
Effort = 585.7 + 15.12 (274.32)
=4733.4184 Person Month

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

63 SecPod SanerNOW

8. Limitations
Although we have put our best efforts to make the software flexible, easy to operate but
limitations cannot be ruled out even by us. Though the software presents a broad range of options
to its users some intricate options could not be covered into it; partly because of logistic and partly
due to lack of sophistication. Lack of time was also major constraint, thus it was not possible to
make the software fulproof and dynamic. Lack of time also compelled us to ignore some parts.
Considerable efforts have made the software easy to operate even for the people
not related to field of computers but it is acknowledged that a layman may find it a bit problematic
at the first instance. The user is provided help at each step for his convenience in working with
the software.

Future Enhancement:
The admin requirements always change according to the time. So, the system needs some
enhancement according to the requirements.There are the Future Enhancements we are going to
do in our system. And may be some other kind future changes will be possible in our system also:
1. We think that not a single project is ever considered as complete forever because our mind
is always thinking something new and our necessities also are growing day by day.
2. We always want something more than what we have.We can give more advance software
for SecPod SanerNOW including more facilities.
3. We always want something more than what we have.
4. Integrated multiple load balancers to distribute the loads of the system.

The above mentioned points are the enhancements which can be done to increase applicability and
usage of this project. Here we can maintain the records of SanerNOW application of a particular
system.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

64 SecPod SanerNOW

Conclusions

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

65 SecPod SanerNOW

9. Conclusions

Development of the project on the topic “Secpod SanerNOW” has been aimed to provide a feasible
and user-friendly environment to the enterprises with the purpose of scanning vulnerabilities
and threats. It enables the company to add all the endpoints to a single platform i.e Secpod SanerNOW to
protect them from the threats and external risks in cost-effective manner.

An eye has been kept on making the platform as one of architectured and the fastest scanning as well as
monitoring interface.The mission of this platform is to provide security assurance to every connected
endpoint in the world. The focus is upon building an ecosystem where devices are connected without
worrying about security concerns.

Secpod SanerNOW is a platform of tools, rather than many point products, would more
effectively handle tasks. With such a platform, all use cases around managing and securing endpoints
can be addressed with a single solution.

Saner Platform is an interface for managing and securing

endpoints.

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020

66 SecPod SanerNOW

10. Bibliography

During the Development of our System, We have taken the Reference from Books and Journals, Which
we would like to mention in this section.

These books acted as our tutors during the system development.

1. Learning PHP, MySQL by Robin Nixon

2. Visual QuickPro Guide (4th Edition) by Larry Ullman

3. A Beginner's Guide to Programming Interactive Web Applications with PHP by Alan Forbes

4. Solutions & Examples for PHP Programmers by David Sklar

5. New Features and Good Practices of PHP by Josh Lockhart

6. Servlet & JSP: A Beginner's Tutorial.
7. Murach’s Java Servlets and JSP, 3rd Edition.

Websites Referred:

i. www.w3schools.com

ii. www.wikipedia.com

iii. www.javatpoint.com

iv. www.studentstutorials.com

v. www.stackoverflow.com

Bhilai Institute of Technology, Durg Department of Computer Applications 2017-2020