Thursday, 20 April 2017

XP – Extreme Programming

software development practice

Extreme Programming - XP is an agile technique of software development dedicated on providing the high customer value in the fastest possible way.

The traditional software development procedure is linear, with each stage of the development lifecycle requiring conclusion of the previous or the earlier stage. For instance, designing of the software starts only on completion of the entire program analysis, and coding starts only after end of the design. This concept of development works fine when customer requirements remain static throughout, but in practice, requirements change often and cause numerous editing of programs leading to mistakes and software ‘rot.’

Extreme Programming - XP shots the traditional software development procedure sideways. Rather than planning, analyzing, and designing in a linear manner, XP programmers carry out actions at a time throughout the software development Phase. The method stands resemblance to a puzzle with the development of many small iterations that make no sense independently, but making for a comprehensive package when combined. The biggest benefit of this methodology is the resilience it provides, permitting for easy integration of changes.

The Extreme Programming software development practice begins with planning, and all iterations consist of four basic stages in its lifecycle: Designing, Coding, Testing, and Listening.

The prevailing values that drives the Extreme Programming life cycle are frequent communication with the customer and among the team members, simplicity by simple understandable solution, everyday feedback through unit and acceptance testing, and the audacity to take on complications proactively and integrate testing and changes in the software development phase.

Planning

The first stage of Extreme Programming life cycle is Planning, where customers, clients or users meet with the software development team to build ‘user stories’ or requirements. The development team translates user stories into iterations that cover a minor part of the functionality or features required. A combination of iterations delivers the customer with the final completely functional product.
Programming team formulates the Plan, Time, and Costs to carry out the iterations, and individual software developer’s sign up for iterations.
One of the Planning method is the critical path method, grouping iterations essential for project progress in a lined fashion, and arranging for accomplishment of other iterations parallel to the critical path.

Designing

An iteration of Extreme Programming starts with Designing. The controlling principles of this phase are:
Emphasis on simplicity and not adding functionality in anticipation. Using systems symbol or standards on names, class names and methods, and approving on uniform styles and formats to safeguard compatibility amongst the different team member’s work.
Using Software Class Responsibilities and Collaboration Cards that permit for a parting from the traditional procedural approach and make probable object oriented technology. Such cards let all members of the project team to add ideas, and assemble the best ideas into the software design.
Building spike solutions or modest programs that explore probable solutions for a specific problem, discounting all other concerns, to mitigate risk.
Coding
Coding constitutes the most important phase in the Extreme Programming life cycle. XP programming gives priority to the actual coding over all other tasks such as documentation to ensure that the customer receives something substantial in value at the end of the day.
Standards linked to coding include:
Developing the code built on the agreed metaphors and standards, and adopting a policy of shared code ownership. Pair programming or mounting code by two programmers working together on a single device, aimed at creating higher quality code at the same or less cost.
Regular integration of the code to the dedicated repository, with only one pair assimilating at a time to prevent conflicts, and optimization at the end.
Testing
Extreme program incorporates testing with the development phase rather than at the end of the software development phase. All codes have unit tests to remove bugs, and the code passes all such unit tests before release.
Additional key test is customer acceptance tests, based on the customer conditions. Acceptance test run at the achievement of the coding, and the developers provide the customer with the consequences of the acceptance tests along with demonstrations.
Listening
The basis of extreme programming XP is a continuous scheme of customer involvement through continuous feedback during the development phase. Apart from the clients, the developer also obtains feedback from the project manager.
The basis of continuous feedback is the client acceptance tests. Each and every feedback of the client that specifies reviewed requirement becomes the base of a new design, and the lifecycle repeats itself. If the client remains satisfied with the test consequences the iteration ends there, and the design for the new iteration starts, which again trails the design-coding-testing-listening cycle.

References :


Friday, 10 March 2017

Reasons behind Merger and Acquisition

software development companies

Introduction

Mergers and Acquisitions have always kept the attention of economists alive. Mergers and Acquisitions may well prove to be favorable depending on the strategies and approaches adopted, but it would not be factual to say that all mergers and acquisitions have been successful.

Motivations for Mergers and Acquisitions

Companies go for mergers and acquisitions for many reasons. Some of these reasons are good, in that the motivation for carrying out the merger and acquisition is to maximize the shareholder’s value. Unfortunately, other motives are bad, or at least questionable.

Theoretically, software development companies should pursue an acquisition only if it creates value—that is, if the significance of the acquirer and the target is superior if they operate as a single body rather than as separate ones.
If the expertise of both are amalgamated, it produces synergy.  A merger or acquisition is justified if synergies are linked with the transaction. Synergies can take three forms: operating, financial, or managerial. By applying the rules of synergy effectively, a merger can be made a success.

There are several reasons why companies pursue merger and acquisition. Few of them as explained as follows:  

Increasing capabilities

Increased capabilities might arise from expanded research and development opportunities or more robust IT services and operations. Similarly, many software development companies may want to combine to leverage costly IT services and operations.

Capability might not be a particular area or segment; the capability might come from acquiring a unique and innovative technology platform rather than willing to build it.  Mostly Biopharmaceutical companies are a hothouse for M&A due to the high investment necessary for successful Research & Development in the market.

Gaining a competitive advantage or larger market share

Many firms or companies decide to merge in order to gain a better distribution or to build enlarge the network. A company might want to expand into different market segments or the markets where alike company is already operating rather than starting from the scratch, and so the company decide to merge with the other company.

This business network gives both companies a broader customer base overnight.

Synergy

The commonly used word in Merger and Acquisition is synergy, which is the idea that by combining business activities, performance will increase and costs will decrease. Essentially, a business will attempt to merge with another business that has complementary strengths and weaknesses.

Diversifying products or services

Another reason for merging and acquiring companies is to complement an existing product or service. A company that merges to diversify may acquire some other company in order to reduce the influence of a specific business's performance on its profitability. Two companies may be able to combine their products or services to gain a competitive edge over others in the market. Companies willing to sharpen focus often merge with other companies with deeper market penetration.

Cutting cost

When two companies have similar kind of products or services, merging them can create larger opportunity to reduce or cut down cost. When companies merge, often they have an opportunity to reduce operating costs by integrating and restructuring support functions.
When the total production cost of services or products is lowered as there is increase in the volume, the company thus maximizes total profits.

Growth

Mergers and Acquisitions can give the acquiring company a chance to raise market share without having to do work by themselves - instead, they can purchase a competitor's business for a value or a price. Usually, these are known as horizontal mergers.

Eliminate Competition

Many Merger and Acquisitions permits the acquirer to eliminate upcoming competition and gain a larger market share. The problem with this is that a large premium or effort is usually needed to convince the aimed company's shareholders to agree to take the offer.

References :

Wednesday, 8 February 2017

Counter Measures of Popular Network Attacks

software companies in India

For the first few decades of their presence, computer networks were mainly used by university researchers for distribution of e-mail and by corporate employees for allotment of printers and other properties in all organizations including software companies in India. Under these situations, security did not get a lot of consideration. But now, as millions of people are using networks for their everyday use such as banking, shopping, and filing their tax returns, network security is approaching on the horizon as a potentially huge problem. Because all their regular activities are data sensitive means data should not be changed.

ATTACKS AND THEIR COUNTERMEASURES:

A. Mac flooding: 
MAC flooding is a technique employed to conciliation the security of network switches. Switches maintain a MAC Table that maps distinct MAC addresses on the network to the physical ports on the switch. 
Counter measures: To stop MAC flooding one of the subsequent features should be construct in switch for asp.net software companies India. 
Port security: Post security should be arranged which bounds number of MAC addresses that can be learned on ports linked to end stations. 
Implementations of IEEE 802.1X suites: It often permit packet filtering rules to be installed explicitly by an AAA server built on dynamically learned info about clients with the MAC address.
B. Session hijacking:
session hijacking, also known as cookie hijacking is the use of a valid computer session sometimes also called a session key to get unauthorized access to information or services in a computer system.  
Counter measures: There are numerous types of countermeasures which are listed underneath: 
Encryption: Banks and e-commerce services should use this method because it stops sniffing style attacks for c#.net software companies in india. Some user services make extra checks against uniqueness of the user. 
String as Session key: This stops attacker to guess valid session key over Brute Force attack. 
Reinforcing of Session ID after a Successful Login: This method stops session addiction, because attacker does not recognize the Session ID of the user after she has logged in. 
C. IP Spoofing  
IP spoofing, also known as IP address forgery or a host file hijack, is a hijacking method in which a cracker masquerades as a reliable host to conceal his identity, spoof a Web site, hijack browsers, or get access to a network. 
Counter measures: The countermeasures are given as under  
Encryption and Authentication: This technique is implemented in IP V6 that eliminates current spoofing threats for c#.net software companies India. There should be proper authentication process in place. 
Router filtering: Spoofing can be stop at router level by implementing ingress and egress filtering. Access Control List should be maintaining to allow only trusted IP to interact with your network.
D. Denial of Service Attack  
Denial-of-service (DoS) attack is an attempt to make a machine or network resource unavailable to its planned users, such as to temporarily or indefinitely interrupt or suspend services of a host associated to the Internet.
Counter measures: The DOS [3] attack has subsequent counter measures, 
Smurf Attack: This form of an attack includes sending Internet Control Message Protocol (ICMP) or ping requirements to numerous Internet Protocol (IP) broadcast addresses. All of these messages have a spoofed source address of the envisioned victim. The hosts getting the ICMP echo request with accepting it reply with an echo to the source address, which in this case is the objective of the attack. The weight of this attack is thus effectively increased by the number of replying hosts. If the attack took place on a multi-broadcast network there could possibly be hundreds of machineries to reply to every packet sent. 
UDP Flood: A UDP flood, also known as a fragile, is a partner to the Smurf attack. This is founded on UDP echo and character generator. It practices a forged UDP packet to join the echo service on one machine to the chargen on alternative. These two machineries then practices all accessible bandwidth, sending characters back and forth among themselves. 
SYN Flood: A SYN flood uses the TCP standard 3-way handshake protocol. The attacker starts a connect request to the server and then overlooks the acknowledgement (ACK). This forces the server to delay for the ACK from the attacker, worsening time and resources of asp dot net software companies in India. A server can process a fixed number of requests at any given time and so this form of attack can efficiently block all legitimate traffic. 
With the overview of computer network attacks and their particular countermeasures can help us in safeguarding our data and system from hackers.

Monday, 5 December 2016

Impact of wearables on BYOD

software development companies

It’s a known fact that many IT departments struggled with the growth in BYOD policies adopted by software development companies all over the globe. In an effort of protecting critical business data and making sure that all devices worked properly as employees used their own devices for work, IT had to handle more complex challenges. But that complex problem has now moved on to the next level, as employees have started bringing wearable devices for work.

With the latest announcement of the Apple Watch, alongside other wearable gadgets like Samsung’s Galaxy Gear and Google Glass, the wearable device market is on the verge of exploding. (Burrus, 2014) estimated sale of 10 lakhs wearable devices in 2014, and the same number is predicted to increase to 3000 lakhs by 2018. IT workers need to get prepared now, because wearable devices are making their place in the office premises sooner rather than later.

Wearable devices have the benefit of creating unique opportunities for a software development company though these devices also bring along the threats in a globally connected world.
Assimilating wearable devices into the work environment can arise a situation where company information is even more suitably accessed and utilized. For example, software installation can be done using smart glasses by following step by step instructions in case the installation procedure is complex.

The advantages might tempt business leaders to use wearable devices, but the same technology also brings with it, some drawbacks, the most concerning being increased security risks. IT workers have spent lot of their efforts in testing and approving apps using MDM software. As wearable devices become more prevalent, new apps will be developed, forcing IT department to go through that whole process once again.

IT departments will also have to build security controls for these new devices. Most organizations have controls in place that include a remote lock or wipe feature, where devices that are misplaced or stolen can be locked or wiped to ensure the data which resides inside the device is protected from unauthorized visitors. These controls will have to be created for wearable technology too.

There are also concerns over how wearable devices might be used to steal information by employees within the company (like an employee secretly recording a confidential meeting using smart glasses). So as this new technology comes alive, the search to answer these questions begins.
Even if the security concern is properly addressed, other significant obstacles will keep the businesses away from using wearable devices widely in the immediate future. Currently, most of these devices are expensive with prices out of the range of the average customer. Strategic level employees such as CXOs may use them, but making them available for operational level employees will be difficult until prices decline.

The other concern is the cost of data that comes with using more mobile devices in the work environment. As more innovative gadgets make their way to the workplace, increasing the amount of consumption of data, which can reduce the bandwidth of a business’s network. Pair that with the security risks mentioned above, and prevalent adoption of wearable devices under a BYOD policy might take a year or more to happen.

It took years for software development companies to finally get a handle on BYOD when it came to mobile devices and tablets. That epoch of BYOD created a radical shift in the business world which increased efficiency but introduced new security risks.

Conclusion: 
Wearable devices will likely outgrowth the next revolution in the workplace. If businesses don’t want to be caught unprepared, now is the time to create the policies and procedures to deal with the influx of new technology. With the right strategies in place, every software development company adapting WYOD will be able to gain maximally from the benefits while minimizing the drawbacks.

Bibliography
Burrus, D. (2014). How Wearables will Transform Business. Burrus Research.

Thursday, 3 November 2016

Data Mining

custom software development companies

Introduction:
      Data mining, the extraction of hidden predictive information from large databases, is a powerful new technology with great potential to help companies focus on the most important information in their data warehouses. Data mining tools predict future trends and behaviors, allowing businesses to make proactive, knowledge-driven decisions. The automated, prospective analyses offered by data mining move beyond the analyses of past events provided by retrospective tools typical of decision support systems. Data mining tools can answer business questions that traditionally were too much time consuming to resolve. They drill down databases for hidden patterns, finding predictive information that experts may miss because it lies outside their expectations. Data mining also helps for content management systems that manage the process of gathering data, transforming it into useful, actionable information, and delivering it to business users.

Benefits:
Marketing / Retail:

  • Data mining helps marketing companies build models based on historical data to predict who will respond to the new marketing campaigns such as direct mail, online marketing campaign etc. 
  • Through the results, marketers will have an appropriate approach to selling profitable products to targeted customers.

Finance / Banking:
  • Data mining gives financial institutions information about loan information and credit reporting. 
  • By building a model from historical customer’s data, the bank, and financial institution can determine good and bad loans. 
  • In addition, data mining helps banks detect fraudulent credit card transactions to protect credit card’s owner.

Manufacturing:
  • By applying data mining in operational engineering data, manufacturers can detect faulty equipment and determine optimal control parameters.
  • Data mining has been applying to determine the ranges of control parameters that lead to the production of the golden wafer. 
  • Then those optimal control parameters are used to manufacture wafers with desired quality.

Government:
  • Data mining helps government agency by digging and analyzing records of the financial transaction to build patterns that can detect money laundering or criminal activities.

Challenges:
There are so many challenges faced by software development companies regarding data mining as follow:

Privacy Issues:
  • The concerns about the personal privacy have been increasing enormously recently especially when the internet is booming with social networks, e-commerce, forums, blogs etc.
  • Because of privacy issues, people are afraid of their personal information is collected and used in an unethical way that potentially causing them a lot of troubles. 
  • Businesses collect information about their customers in many ways for understanding their purchasing behaviors trends. 
  • However, businesses don’t last forever, some days they may be acquired by other or gone.
  • At this time, the personal information they own probably is sold to other or leak.

Security Issues:
  • Security is a big issue. Businesses own information about their employees and customers including social security number, birthday, payroll and etc. 
  • However how properly this information is taken care is still in questions. 
  • There have been a lot of cases that hackers accessed and stole big data of customers from the big corporation such as Ford Motor Credit Company, Sony etc. with so much personal and financial information available, the credit card stolen and identity theft become a big problem.

Misuse of information:
  • Information is collected through data mining intended for the ethical purposes can be misused.
  • This information may be exploited by unethical people or businesses to take benefits of vulnerable people or discriminate against a group of people.


Conclusion:
Data mining is an important part of knowledge discovery process that we can analyze an enormous set of data and get hidden and useful knowledge.  This concept is very useful to all software development companies in India.

Tuesday, 4 October 2016

Analysis in Risk Assessment

Software development company in india

Most important step in measuring level of risk is to determine the adverse impact subsequent from a successful threat exercise of a vulnerability. Before initiating the impact analysis, it is compulsory to obtain the following necessary information.
  • System mission (e.g., the procedures performed by the IT system)
  • System and data criticality (e.g., the system’s value or significance to an organization)
  • System and data sensitivity.

This information can be attained from existing organizational documentation, for example the mission impact analysis report or asset criticality assessment report. A mission impact analysis(also recognized as business impact analysis [BIA] for some software companies in India) prioritizes the impactlevels related with the compromise of an organization’s information assets based on aqualitative or quantitative valuation of the sensitivity and criticality of those assets. An assetcriticality assessment recognizes and prioritizes the sensitive and crucial organization information assets (e.g., hardware, software, systems, services, and related technology assets) that pillar the organization’s critical missions.

Few tangible impacts can be measured quantitatively in lost revenue, the price of repairing thesystem, or the level of effort needed to correct problems caused by a fruitful threat action.Additional impacts (e.g., loss of public confidence, loss of credibility, damage to an organization’sinterest) cannot be calculated in specific units but can be qualified or labelled in terms of high,medium, and low impacts. Because of the generic nature of this discussion, this guide entitlesand describes only the qualitative classifications—high, medium, and low impact

Magnitude of Impact : Impact Definition

High Exercise of the vulnerability
  1. may result in the exceedingly costly loss ofmajor tangible assets or resources; 
  2. may significantly disturb, harm, orimpede an organization’s mission, reputation, or interest;
  3. may resultin human death or severe injury.

Medium Exercise of the vulnerability 
  1. may result in the pricy loss of tangibleassets or resources; 
  2. may violate, harm, or obstruct an organization’smission, reputation, or interest; or 
  3. may result in human harm.

Low Exercise of the vulnerability 
  1. may result in the loss of some tangible assets or resources or 
  2. may strikingly affect an organization’s mission, reputation, or interest.


Quantitative versus Qualitative Assessment


In steering the impact analysis, consideration should be given to the benefits and shortcomings of quantitative versus qualitative assessments. The foremost advantage of the qualitative impact analysis is that it priorities the risks and classifies areas for instant improvement in addressing the vulnerabilities. The shortcoming of the qualitative analysis is that it does not deliver specific quantifiable measurements of the magnitude of the impacts,consequently making a cost-benefit analysis of any commended controls difficult.The major advantage of a quantitative impact analysis is that it delivers a dimension of the impacts’ magnitude, which can be used in the cost-benefit analysis of recommended controls.The shortcoming is that, depending on the numerical ranges used to express the measurement,the connotation of the quantitative impact analysis may be unclear, wanting the result to be interpreted in a qualitative manner. Supplementary factors often must be considered to determine the magnitude of impact. These may include, but are not limited to—
  • An approximation of the occurrence of the threat-source’s exercise of the vulnerability over a quantified time period (e.g., 1 year)
  • An approximate cost for each incidence of the threat-source’s exercise of the vulnerability
  • A numerical factor based on a subjective analysis of the comparative impact of a specificthreat’s exercising a specific vulnerability.

Business impact analysis (BIA) is a methodical process to determine and evaluate the prospective effects of an interruption to critical business operations as a result of a catastrophe, accident or emergency. A BIA is an indispensable component of business continuance plan of almost any software company in India; it comprises an exploratory component to disclose any vulnerabilities and a planning component to cultivate strategies for minimising risk.

Monday, 26 September 2016

Password Hacking Techniques

Web development companies

There are number of methods used by hackers to hack your account or get your personal information like password. Password hacking is very common nowadays. So Web development companies should implement countermeasures of password hacking. The most common password hacking tricks and their countermeasures are as follow:

Brute force attack: 
  • Brute-force attack is used to crack any password. 
  • Brute-force attacks try every possible combination of digits, alphabets and special characters until the correct password is match.
  • Brute-force attacks can take very long time depending upon the complexity of the password. 
  • Countermeasures:
    •  Use long and complex passwords.
    •  Try to use combination of upper and lowercase letters along with numbers.

Social Engineering:
  • It is process of manipulating someone to trust you and get information from him/her. 
  • Let’s take an example. If the hacker was trying to get the password of his co-workers’ computer, he might call them pretending to be from the IT department and simply ask for their login details. 
  • It can be used to hack password, bank credentials or any personal information.
  • Countermeasures:
    • Never ever give your credit card details on phone.
    • If someone tries to get your personal or bank details ask them few questions.

Rats and Key loggers:
  • Key logger is sent to the victim’s computer to crack a password.
  • Now hacker keeps monitoring everything victim does on his computer including password by key loggers.
  • So it is major concern for software development companies.
  • Countermeasures:
    • Never login to your personal user account from someone else or cyber cafe computer.
    • Use latest anti-virus software and keep them updated.

Phishing:
  • This attack is used by hackers to get someone account details like username and password.
  • In this attack, hacker sends fake page of real website like Facebook, Gmail to victim. When someone login through that fake page, his details is sent to the hacker. 
  • Countermeasures:
    • Always make sure that websites URL is correct.
    • For example, you should check whether it is gmail.com or phishing page gmmail.com.

Rainbow Table:
  • Rainbow table is a big pre-computed list of hashes for every possible combination of characters.
  • A password hash is a list of passwords that have gone through a mathematical algorithm and are transformed into something which is not recognizable. 
  • A hash is a nothing but an encryption so when a password is hashed it cannot get back to the original string from the hashed string.
  • Countermeasures:
    • Make sure the password chosen is long and complex. 
    • Creating tables for long and complex password takes a very long time and a lot of resources.

Guessing:
  • This can easily help attacker to get someone’s password within seconds.
  • If hacker knows you, he can use your personal information he knows about you to guess your password. 
  • Countermeasures:
    • Don't use your first name, nickname, mobile number or birthdate as your password. 
    • Create complex and long password with combination of letters and numbers.

Dictionary Attack:
  • A file of words is run against user accounts, and if the password is a simple word, it can be found pretty quickly.
  • Countermeasures:
    • Use long and complex passwords. 
    • Try to use combination of upper and lowercase letters along with numbers.

Conclusion:
This article is for everyone including web development companies in India to protect their personal information like username, password. Countermeasures suggested above should be implemented.