Questions and Topics We Can Help You To Answer: Paper Instructions:
I want you to write about how we can substitute the SCADA system instead of the PLC, or how a combination of both SCADA and PLC could be used to create an web-based access into systems from laboratories. This would allow access to real-life instruments in real-life infrastructures or labs through the internet for both learning and working purposes. Also, you could include how this can be developed using some type of web technology or visual studios. Try to focus it on both its uses Oil and Gas Industries and also for students learning and interning in this field as well which includes me. This last point is really important.
Would be great if in the Project Report:
1. You include a short executive summary paragraph in the beginning.
2. Do not include tables, figures, or diagrams. I will be doing that myself. I just need you to write the wording.
Run is a miniseries comedy thriller with captivating compulsive and clever jokes. The HBO programs runs for about 30 minutes and has creative ways of engaging its audience. Vicky Jones created the program and Phoebe Waller produced. The television series tells the story of two former college lovers. The two lovers end up abandoning their duties and going on an adventure without fearing any consequences that would follow (Home Box Office, 2020). As one watches this particular television program, the plot thickens and the audience is eager to find out what happens to the two love birds who board a train with intentions of running away from their past. Each episode is filled with unpredictability and irreverent.
3 Channel, day, time of the television program
The program runs on Home Box Office (HBO) and it is rated mature audience only. The television program airs regularly each Tuesday morning on Home Box Office streaming sites. The ability to entertain at a personal level and also inform is the sole reason it is placed in the morning hours (Home Box Office, 2020). This program airs at 10:30 eastern time. Since it was launched on July 11th.
4 Listing of each commercial announcement or advertisement
HBO advertisement on related programs such as Game of thrones for at least six seconds
Nivea lotion products which last for five seconds
HBO max $15 premium announcement for about 15 seconds
Amazon discounted deals which ran for 15 seconds
Ixitigo television commercial which was aired for a minute because it is a product placement announcement type marketing
AT & T advertisement on credit card and discounted internet rates took a minute
HBO advertising its own programs took consumed a total of three minutes
Close up advertisement 15 seconds
The west world television series trailer commercial ran for 15 seconds
Veep television show advertisement which last for 15 seconds.
5 The total time spent on all advertisements was 6 minutes. The HBO streaming site used user’s information to tailor in advertisement based on items purchased in the past (Home Box Office, 2020).
6 Total duration of the program in the absence of the advertisements and announcement was 25 minutes.
Questions
1
The program targets a mature audience because of its storyline which deals with sexual adventures and makes uses swearwords (Home Box Office, 2020). Hence use of swearwords and sex scenes makes the program suitable for mature audience.
2 type of production
Run is a comedy thriller and runs for about an hour before (Home Box Office, 2020).
3 frequency of the commercials the commercials
The commercials were aired every ten minutes and there was no specified pattern for each block.
4 Type of commercial aired
All the commercials aired during the running of the television series were local advertisements. The products are American and are only found within American borders.
1 Name of the program
Mind field
2 type of television program
Educational science series (Vsauce, 2017)
3 channel, day, and time the program airs
The television show was first aired on YouTube premium every Tuesday.
4 commercial listings
Glovo shippable advert stayed for 5 seconds, international
Blue band advert was 15 seconds long, international
Netflix commercials 5 minutes, international
Wix commercial 5 seconds, international
Amazon deals 5 seconds, international
Coca cola 5 seconds, international
Pepsi 5 seconds, international
YouTube related commercials 5 seconds, international
Music related commercials 10 seconds, international
LinkedIn commercial took 5 second, international
5 total amount of time taken by all commercial was 6 minutes hence the show took 26 minutes.
Questions
1
The producers of the series targeted audiences aged 18 years and above. This is because the television series deals with psychological experiments which anyone below 18 year old may find disturbing or hard to understand (Vsauce, 2017). Exploring the mind is an intricate concept and children may be disturbed or find it boring. Thus, the show is suitable for people aged 18 year and above.
2
The television program is an educational or science production. The television series tries to bring in a new exciting concept in each episode (Vsauce, 2017). The viewer is able to watch the before and after experiment results hence an effective way of studying.
3
The commercials were aired every six to eight minutes. The types of advertisement varied due to the international nature of the YouTube platform hence the commercials varied in terms of patterns, for the sake of placement time and capturing different consumer expressions.
4
All the advertisement which ran through the streaming of the show were international.it is vital to note that YouTube is an international company hence accessible to all the people all over the world. Therefore, they tend to focus on either local or international commercials which are not necessarily tailored according to the information of the clients (Vsauce, 2017). This way, the company is able to capture a wider audience and take note of advertisements audience find relevant. Also, the commercials were simple and promoted basic services or items which anyone could buy in the near future for example sodas, delivery services among the rest.
Managing the digital Firm provides the most comprehensive overview of information systems used by business firms today, while drawing connections between MIS and business performance. Internet of things (IoT) for quite some time has been a key topic where researchers have spent time on it trying to connect physical objects as a result of convergence of several technologies. Considering the fact IoT is developing at a higher growth rate, IoT is very vulnerable to risks related to security and privacy which makes it difficult for tangible growth. IoT has four major key levels which include; Perception layer, network layer, middle-ware layer and application layer. Perception layer involves different types of data sensors like BFID and barcodes. Basically, this level deals objects that are unique and uses data collected from the real world. Second, Network layer has a function to convey the information gathered from the perception layer to a specific information processing system through the internet, mobile networks and the likes.
The major IoT security goals include provide appropriate identity authentication mechanisms and high level data confidentiality (Bocij, et al., 2014) In IoT, there is a security triad known as CIA triad where a special feature for the development of mechanisms related to privacy implement the security by enforcing confidentiality integrity and availability. In case one of the three is breached, it can cause a serious issue to the system and therefore they must be highly considered. Data confidentiality provides the sense of freedom of privacy where by users sensitive information is protected from disclosure by the unauthorized parties and hence can only be accessed by permitted users only. Second, data integrity is the protection of helpful information from the cybercriminals or the external interferences during transmission and reception with some common tracking methods so that the data cannot be tampered without the system catching the threat. Third, data availability ensures there is fast and easy getting in by the appropriate persons to the information even in difficult times. Basically, it’s to ensure that information is always available to the users whenever required.
Security issues and challenges are also key factors to consider whenever it comes to online projects. Threats in each layer needs to be given more attention when it comes to security challenges and the discussion as follows (Maurer, 2015). Perception layer consists of a range of technologies that are left to dangerous threats such as unauthorized access to the tags. As a result of poor authentication mechanisms in most numbers of inline gaming, tags can be easily accessed by someone without necessarily the need of authorization. The harm in this is that not only will a crooked person read the information but he/ she can as well as delete or even modify the data which is a great harm. Second, spoofing is a threat when an attacker introduces fake information to the gaming system which in return makes it to assume its originality falsely which makes it appearing from the original source. Third, eavesdropping is another threat where the wireless attribute of online gaming becomes very vulnerable to attackers.
At the network layer level, challenges include Sybil attack, sleep deprivation attack, sinkhole attack and denial of service (DoS) attack. Sybil attack is a kind of danger where by the attacker corrupts the node to present multiple identities for a single node (Kaaniche, et al., 2007). Second, there is also another attack known as denial of service, in this attack the system is filled with a lot unnecessary traffic by an attacker hence causing exhaustion of resources of the targeted system. Lastly, an attack known as sinkhole is a type of attack in which the attacker makes the corrupted network more accommodative compared to the other stable networks resulting into the corrupted nodes attracting data more than the stable nodes. This results in to dropping of packets.
At the middle ware layer level there are several challenges which include; unauthorized access, malicious insider and DoS attack (Dehling, et al., 2015). Talking of denied access, a nasty person can often cause danger by making getting into the system difficult to the related functions of IoT or else by doing away with the data in existence (Dehling, et al., 2015). Second, DoS attack at this level turns off the system that in return results to lack of the services. At application layer level, the challenges include; malicious code injection and sniffing attack. Malicious code injection is situation whereby an attacker can introduce the viruses on the system from a user by using various methods of hacking making the hacker to introduce corrupt codes into the gaming system (Dehling, et al., 2015). On the other side, sniffing attack is whereby an attacker introduces an application of sniffer into the system of gaming resulting into accessing network information causing damage to that particular online gaming system.
As a basic concept, every challenge has a solution, the security challenges discussed above have the solutions which am going to discuss to below. Middle ware and application layer have a security categorization which include authentication, intrusion detection, risk assessment and data security (Dehling et al., 2015). Not forgetting the perception layer, several securities are offered, this include; authentication and Data privacy whereas at the network layer security is divided into three types which include authentication, routing security and data privacy.
Talking of risks vulnerable to a new website, here are the risks; security, maintenance and skill level (Laudon, 2011). Weak security increases the chances of making some nasty persons to enter in to your website and corrupt it fully or partially. To avoid this, it is always good and advised for one to use a hosting company for your site, alternatively if one is a having a backup system it easy to access the previous saved version since all you need is to press one button. Second, whenever creating a website one need to be responsible for its maintenance. This means that by creating an online gaming site the owner should be responsible of its maintenance. Basically, when talking about maintenance it’s not about content like text and projects, it is the updating word press and plugins. The owner of the website needs to do this regularly so as to ensure that he/she keep up to date with security patches. It is not hard to do; you just log in to your site and it will tell you what needs to be updated by clicking on dashboard then updates (Laudon, 2011). The key thing is to regularly check the site for those updates. Third, skill level is also a key factor when talking of risks affecting a new website. If the owner of a website is not well equipped with the knowledge to run a website then it is highly recommended for him/her to hire someone to run the account on his behave, that is if the owner does not want to be hosted by someone else owning a website.
Top database threats noticed over the last couple of years are discussed thoroughly in this paragraph. First, excessive privileges, in case the owner of the online gaming gets a default database privileges that exceed the requirements of their job functions, these privileges can be abused (Maurer, 2015). Second, legitimate privilege abuse, user’s abuse legitimate database privileges for unauthorized purposes. Third, database injection attacks, when talking of this there are two major types of database injection attacks which are SQL and NoSQL injections. SQL injections target traditional database systems whereas NoSQL injections target big data platforms. Fourth, malware, it is an annual threat that is used to steal sensitive data through legitimate users using infected devices (Maurer, 2015). Fifth, storage media exposure, this is exposing of the storage sites to outsiders who are not allowed to access the sites. In online gaming the owner should ensure that the gaming history and games are well stored from hackers and the nasty characters in the cyber industry.
Sixth, unmanaged sensitive data, most people find it difficult to maintain accurate inventory of their databases and the crucial data in them and this is not an exceptional to the online gaming database. Lastly is the human factor that according to research has resulted in to more than forty percent of data breach incidents, also known as human negligence (Maurer, 2015). This also caused by lack of skills and knowledge required to enforce security controls and conduct incident response processes. Online gaming database is not an exceptional when it comes to human negligence since either way these databases will be at some point be governed by human, and as the old saying states that human is to error, human negligence will be experienced at some point.
Solutions to risks of new databases include; assessing for any database vulnerabilities and identifying sensitive data, blocking nasty web requests, managing users in getting rights and removing excessive privileges and dormant users, automating auditing with a protection platform, archiving external data and encrypting databases and finally training employees on risk mitigation techniques and how to recognize common cyber threats (Lewis, 2006).
Here are the risks of a CRM; invalid project assumptions, data conversion delay, lack of continuity of business among multiple locations as well as the introduction of sub optimization by some locations and finally project establishment omissions (Gartner, 2009). Other risks of a software as a service CRM include; downtime and SLAs, System integration, information security, software customization and total cost of ownership (TCO). First, incase downtime happens to the online gaming software, the business will ultimately be rendered. Second, when talking about information security, in online gaming security is highly required in maintaining the privacy around information assets. In this case, the information assets are the gaming sites and the score sites. The two should be highly secured to avoid causing nightmares to the clients. For example, a client will be very disappointed when the scores in a game gets corrupted while in the middle of the game. This will lead to loss of several clients. This risk can be mitigated by ensuring that the gaming software has a strong and updated information security plan backed with both security protocols and disaster recovery methods (Gartner, 2009). Third, whenever dealing with CRM, the owner of the gaming project should be very keen when it comes to how all the systems in that software get linked together so as to minimize wastage of time by keeping records manually.
A mitigation strategy to this risk is getting to get help from vendors who hire out tools and equipment needed to conduct standards-based system integration. Another risk related to CRM is software customization. In case there is a failure in the function of a CRM software that either way cannot be corrected using software customization or any other practically accepted method, then a lot of labor and time will be wasted hence reducing productivity and profits expected from the gaming business (Wilson, et al., 2002). To counter this, leading CRM systems which the owner of the gaming project should use have come up with PaaS tools that basically allow customization to take place thus increasing productivity and profits.
Since all risks have a management strategy, the following are the management strategy of the risks of CRM; engage the customer at the beginning of the project with a well written charter that outlines the objectives and success criteria and business problems the project intends to solve, complete training as early as possible in the project, train end users constantly throughout the project (Lemon, et al., 2002). Besides that, always have documented deployment steps and checklists, frequent effective communications with customer.
An information system means software, hardware, procedures, data and computer networks used in institutions for day to day activities. The function online gaming system is to gather, secure and distribute the gaming data to ensure that gaming is effective (Bocij, et al., 2014). Now, in software there is normally a big challenge when it comes to connecting an old information system and a new information system. This is likely to happen due to missing codes and coordinates when trying to fit the two information systems together. This can be avoided if only the owner of the online gaming project asks for help from well skilled personnel in the field of software.
In conclusion, this paper has greatly discussed the critical security analysis which the ABC company should consider when setting up their online job for renting and paying online games. At the introduction of this paper Internet of Things (IoT) has been discussed as it forms very concrete bases when it comes to new and existing software in the technological world. IoT is very vulnerable to risks related to security and privacy which makes it difficult for tangible growth. Besides that, this paper has fully discussed the risks vulnerable to ne websites together with their mitigation strategies. Security, maintenance and skill level are the risks to new website just to mention a few. Risks to new database in relation to the online gaming software has been fully discussed in this paper and also the mitigation plans given. To mention a few Excessive privileges, legitimate privilege abuse, database injection attacks, malware, storage media exposure, unmanaged sensitive data and human factor are the risks connected to new databases. On top of that, CRM risks and ways to counter them have been fully discussed in this paper. Finally, the risks of the link to the existing information systems to the new information system has also been discussed in length.
References.
Bocij, P., Greasley, A., & Hickie, S. (2014). Business information systems: Technology, development and management.
Dehling, T., Gao, F., Schneider, S., & Sunyaev, A. (2015). Exploring the far side of mobile health: information security and privacy of mobile health apps on iOS and Android. JMIR mHealth and uHealth, 3(1), e8.
Gartner, Inc (2009) “Gartner Says Worldwide CRM Market Grew 12.5 Percent in 2008”, Retrieved from; Available from: http://www.gartner.com/it/page.jsp?id=1074615
Kaaniche, M., Deswarte, Y., Alata, E., Dacier, M., & Nicomette, V. (2007). Empirical analysis and statistical modeling of attack processes based on honeypots. arXiv preprint arXiv:0704.0861.
Laudon, K. (2011). Management information systems mymislab with pearson etext access card. Place of publication not identified: Prentice Hall.
Lemon, K. N., White, T. B., & Winer, R. S. (2002). Dynamic customer relationship management: Incorporating future considerations into the service retention decision. Journal of marketing, 66(1), 1-14.
Lewis, J. A. (2006). Cybersecurity and critical infrastructure protection. Center for Strategic and International Studies (Washington, DC).
Wilson, H., Daniel, E., and McDonald, M., 2002. “Factors for Success in Customer Relationship Management Systems, “Journal of Marketing Management, (18), pp.193-219
The purpose of these two website entails informing its esteemed customers how their new IRL technology (Intelligent Retail La) will shape the future of the business. Despite that, the website that conveys the purpose of this website is website A. The reason for that is because it informs its potential customers that they can have the opportunity of testing such a new information ideas in an interactive way.
LOCATION
According to the two websites, the IRL will be located at their respective shops. The targeted audiences for the two websites are its existing retailing shops. Ideally, with the presence of the artificial intelligence cameras, massive information centers and interactive displays, it is possible to explore its future possibilities of the business. Comparing the two websites, the one that appears to be more appealing to its audience is website B. The reason for that is because it keeps on reminding its customers that with the presence of this technology, it is possible to establish a powerful experience that has the ability of improving the lives of the customers and that of the business.
ONLINE SHOPPING
Both websites extensively utilized colorful pictures aimed at ensuring that the targeted audience has been motivated to learn more about the significance of this technology. Basically this technology is ultimately developed for the purpose of improving the jobs of the company’s associates, make their work to be more and more interesting, and alleviate some mundane tasks. The website that effectively uses colors, pictures and other visual aid is website A. The reason for that, in order to understand all that transpires in the stores, cameras, sensors, and processors will be installed in them.
CUSTOMER SERVICE
Both websites make us of imager and symbolism as a means of enticing customers to understand the importance of installing this technology in the company’s stores. Despite that, the website that makes use of these descriptive languages effectively is website A. By analyzing it, it is clear that existing information regarding it are clearly displayed in the video slides.
Due to the rapid technology growth, globalization and digitalization web application have become prevalent as it is used across most sectors such as e-commerce, money transfer, social networking and so on. According to Kindy & Pathan (2011) web application works based on its ability to interact with a database where vital information is stored. Web applications are highly inclined to diverse new security risks that are generated daily from different sources since the applications are hosted within the internet which holds a complex information infrastructure. Due to its cost efficiency, accessibility and confidentiality aspects the internet has become a critical information source for hackers. Despite existing measures to protect unauthorized access to data major attacks are rampant due to technology development. Based on Junjin (2009), SQL injections refer to one of the leading web attack approaches that are utilized by hackers to acquire confidential data from organizations in an unauthorized many. It is a form of attack, where hackers initiate spiteful SQL statements that assert control on the databases within the affected web application. In other words, SQL injection is an approach that explores an existing security vulnerability taking place in the database within the application. The attack normally takes advantage with regard to poor validation of input within the web administration. The attacks lead to the loss of integrity, confidentiality, data availability and security thus affecting the operations of the businesses. SQL injections allow hackers to gain access to the backend side of the database. Once they have this access, they can modify the SQL queries that are generated by the SQL database.
Irrespective of the type and size of business data is one of the most vital asset in the business landscape today which needs to be protected by applying the most suitable information security measures. Even though developers use a broad range of techniques to avoid SQL injections, it is still a common risk for many web applications. This calls for the need for the implementation of the best preventive techniques that can reduce the incidents of attack. Thus, the ability to identify and prevent databases related attacks is important in promoting business efficiency as well as guarding the privacy and confidentiality of information related to the business and client base.
This paper provides a comparative analysis of the various forms of SQL injection attacks. The paper also offers additional insights concerning the techniques that can be used by web application administrators to detect and prevent these attacks. The comparative analysis is based on the functionality, performance as well as practicality of each method. The comparison is done using the analytic approach. This means that the comparison of the techniques used to deploy the techniques is also carried out. The outcomes of the study will increase awareness about the importance of assessing the security levels of the applications using the suggested tools. Based on the approach of each tool the application administrators can choose the most effective technique to detect the vulnerabilities and to protect the systems against the SQL injection attacks.
Research Objective
The objective of the research is to carry out a comparative analysis of the detection and preventive strategies for SQL injection attacks.
Research Aims
This study aims to:
Analyze the detection techniques used to identify the vulnerabilities in applications
Analyze the preventive methods used to protect systems against SQ injection attacks
Carry out a comparative analysis of the detection and preventive techniques.
Research Background
Today, web applications are commonly being used within the online platform for various purposes such as social networking and e-commerce businesses. Most companies today, have an established web application the objective is to effectively tap the online market as online services have become an important source of revenue and business growth (Kindy & Pathan, 2012). Most of these applications rely on the use of data-driven processes. Information and data are the most valuable asset that is owned by any given company in the business landscape today that helps in achieving a notable level of information security. Based on the structure of the web applications, they are exposed to some security threats one of them being SQL injection.
The attack allows hackers to get information illegitimately and the data usually contain sensitive and personal information such as financial information, credit card numbers, location and security codes (Halfond, Viegas & Orso, 2006). In such, the entire system is adversely affected and the attacks might lead to criminal activities such as identity theft, financial losses and loss of privacy and confidentiality. In addition, the activities might create fear among the customer base with respect to the affected firm for example for online banking leading to the loss of business. With the sudden increase of web applications and their functions like shopping online and making payments through the internet the security, efficiency and the reliability of the systems has to be adequate to reduce the cases of hacking and other malicious attacks. To do this effectively, the administrators have to take different security measure that can protect the databases from injection attacks (Shan, Xiaorui, & Hong 2010).
With respect to the web application reports on security, it has been established that SQL is one of the leading web security threat based on its complex infrastructure that is changing rapidly due to technology development thus affecting measures to develop solutions (Shehu & Xhuvani, 2014). SQL injection is among the common form of layer attacks and this database attack is used by mean and unauthorized people to steal data and confidential information. The attackers launch successful attacks on the databases by taking advantage of their security vulnerabilities. Most times, these vulnerabilities target the database layer of the web application (Shan, Xiaorui, & Hong 2010). The hackers also take advantage of the poor execution of input authentication in the source code and the database.
Unpermitted access to this type of data usually threatens the integrity and confidentiality of the information system. In so doing, the information system bears intense losses in the attempt to offer quality services to the web users and in most cases, the attack leads to complete destruction (Kumar & Pateriya, 2012). The attack is most used by database attackers in stealing sensitive information regarding the systems of different organizations as the means of destroying their competitive advantage or for personal gains such as financial theft. In the recent cases, protecting information has become a critical priority for most companies even within the healthcare sector because the leaking of confidential information due to hacking has been prevalent in destroying reputations leading to business depreciation.
The attacks are developed not only to destroy the security system and steal vital information but to make apparent modifications to the database system and contents. Thus, SQL injection remains to be a very intimidating attack in most cases which depends on the platform where the attack is placed and it successfully injects unauthorized users to the existing systems (Pooja, 2015). The attacks usually take place due to the fact that some vulnerabilities within the system are dominant and they, therefore, provide opportunities for hacking. The structure of the web application system is a challenging one and identifying the relationship between data can serve effectively in enhancing security within the entire system as a whole. The injected attacks are in most cases coded to eliminate any cases of detection by the existing defense mechanisms due to the integration with other attack approaches thus illustrating the significance of addressing the issue.
Research Methodology
The current research takes the form of a quantitative research study that will use secondary research which entails the use of data and information which already exists in scholarly sources. In other words, it involves reviewing existing literature to develop feasible solutions to SQL injection web application attacks. The data gathered from previous publications on the same topic will be summarized and collated to enhance the overall effectiveness of the results. The sources include published research reports and manuscripts. These sources can be found in online journal databases and public libraries. Quantitative research was selected over a qualitative one because the results are quantifiable meaning that it eliminates chances of misinterpretations derived from assumptions. Sources will be selected based on their relevance to the study. In that, only the sources that addresses the detection and prevention criteria of SQL will be selected due to the need to produce reliable and credible results. Literature review following thematic approach is the data analysis approach that is used in summarizing and analyzing data into relevant themes.
Program Management Approach
The figure below outlines the program management approach . The researcher will use the saline approach of project management .In this approach, the project milestones are outlined beforehand and a sequential implementation of the steps entailed in the project plan is done. The steps are outlined in the figure below
Project Steps
Grant Chart: Task Breakdown Structure and Weekly Plan
Stages of Research
Week 1
Week 2
Week 3
Week 4
Week 5
Week
6
Week 7
Week 8
Week
9
Week 10
Week 11
Week 12
Week 13
Selection of topic
Meeting with supervisor
Identifying secondary sources
Literature Review
Research Plan
Selecting research method
Data Analysis
Reporting Findings
Feedback and suggestions
Communication Plan
Communication is an important aspect for conducting a research effectively. In the course of the project, the researcher will hold meetings with the supervisor to provide timely assessments of the progress. The communication plan below outlines the schedule of the meetings.
Communicaiton
Frequency
Goal
Project Status Report
Weekly
Update supervisor on the status of the project
Task Progress Update
Weekly
Porvdie updates of each milestone
Project Review
Weekly
Discuss the entire project for review and feedback
Project Completion
Weekly
Update the supervisor of the new chnages included in the final draft.
Project Risks and Risk Mitigation Strategies
The project risks and the mitigation strategies are highlighted below
Project Impact
High
Moderate
Low
Mitigation
Cost
High budgetary research requirements
Failure to compensate participants
Inability to find free secondary sources
Monitoring cost and budget
Schedule
Time constraints
Incomplete data collection
Late project submission
Completing project milestones
Results
The nature of SQL injection attacks
There are various cardinal types of Structured Query Language attackers. Even though some hackers usually execute each type separately, it is also possible to have a different kind of attacks done at the same time. Basically, the objective of the attack usually determines the nature of the attack, and what to be used. For example, more than often successful attacks use injection attacks that happen through the initial SQL query.
Different Types of SQL Injection Attacks
Tautologies: This attack happen when the hacker injects code using the conditional OR function. This, in turn, ensures that all qualifiers in the server are recorded as true statements.
Incorrect Queries: This takes places when the hacker attempts to collect data and information that is revealed in the error message. The error message can disclose details such as the structure and the nature of the database in the program (Shan, Xiaorui, & Hong 2010). The sensitive information can, in turn, be used to facilitate and launch a successful attack of the database.
Union Query: This involves the insertion of the UNION query into some of the parameters which have been identified as vulnerable. The insertion results in the return of a combination of the outcome of the initial consultation and those of the injected query (Shan, Xiaorui, & Hong 2010).The attack makes it difficult for the server to differentiate between legitimate and illegitimate insertions.
Stored Procedure: A large number of databases use defined standards for the procedures . The primary purposed of the standards is to improve the overall functionality and the responsiveness of the database. In turn, this makes the various interactions between the database and the operating system possible (Gupta, 2019). For instance, the hacker may attempt to run the stored procedures through a fake injection code.
Piggy-Backed Queries: this attack entails the attempts of the attacker to make extra fake queries into the initial and valid question. This results in the reception of numerous queries at the same time all of which need to be executed (Gupta, 2019). This vulnerability is considerably different because it is not dependent on the database.
Inference attacks: This SQL injection attack involves the modification of the behavior of the entire database. By making unauthorized changes, the hacker can gain access to the database change the objects contained in the database. The SWL attack is prevalent for the unsecured databases (Gupta, 2019).
Timing attacks: In this attack, the unauthorized person creates a code which runs on false and true statements (Gupta, 2019). The conditional statements produced by the hacker are injected through the vulnerable parameters that were yet to be secured. The hacker takes advantage of the time delays and the slowed responsiveness of the database.
Alternate Encodings: This involves changing the injected code to avoid detection. The approach takes advantage of the various limitations of the defensive practices of coding. In other instances, it automates the techniques used to prevent SQL injections (Wei, Muthuprasanna, & Kothari, 2006). This type of attack is typically used alongside the other types of attacks.
Causes of Injection Attacks
Invalidated inputs: Invalidated inputs are among the leading causes of the attacks. This is based on the fact that essentially the SQL query is made of various parameters including the insert, update, quotation marks and alters (Shan, Xiaorui, & Hong 2010). If the administrator fails to check the correct input methods, unauthorized people can take advantage of this vulnerability to modify the database.
Variable Size: Applications whose variables are uncontrollable and take up significant amounts of data storage are the other common cause of the SQL injection attacks. Malicious users exploit this vulnerability by entering fake values as input.
Error Message: These messages are revealed when the administrator or the user inputs wrong or fake details into to database application (Gupta, 2019). Hackers take advantage of this vulnerability by getting the structures of the scripts. The other common way of exploitation is of accessing sensitive information that has been stored in the database. This information and access can be used by the hacker to create a successful database attack.
Exclusive client-side control: If the application accepts the validation of the input from the scripts on the client side only the hacker can override the security function of the party and proceed to invalidate the information and to gain access to the database (Gupta, 2019). This is attributable to the fact that most systems are not secured on the client side.
Subselect: This cause of the injection attacks results from the direct insertion of the SQL query into the location query. The outcome of the introduction of vulnerabilities in the database. Hackers can attain this through the by insertion of an into out file clause in the form (Hartley, 2012).
Stored Procedure: The stored procedure describes a program which is comprised of several functions all of which can be called to execution different times. When the hacker tries to change the procedures into calls, the stored procedures becomes the call instead of the original services (Hartley, 2012). Doing this allows the hacker to execute, modify and damage the database.
Generous Privileges: the privileges describes the rights and the permissions that e access to the database and its respective objects. Some common examples of privileges include select, insert and delete. If the system has generous privileges, the attacker can get access by bypassing the authentication procedure to gain these and more opportunities.
Detection Techniques of SQL Injections
Administrators can use two main detective techniques to safeguard their applications from SQL attacks. The first involves the design of a technique which can be used reliably to detect and identify the precise form of SQL attack. The second approach entails gaining advanced capability and capacity and being able to execute a program that can easily identify a potential attack (Gupta, 2019). The subsequent sections describe the various methods used to detect the weaknesses of the SQL injections.
Unit Gen Tool
This detection tool entails the application of a Unit Gen tool (Roy, 2011). This tool works similarly with the Find Bug tools used for static analysis (Gupta, 2019). The Unit Gen tool carries out automated tests that are needed to detect and attempts to manipulate the input vulnerabilities. The efficiency of this detection technique is demonstrated by the ability of the tool to accept false positives (Roy, 2011). The tool ensures that unauthorized people cannot use fake codes to get access to the database.
Static Analysis Framework
Under this model, it can determine the different vulnerabilities of the database, most especially during the compiling process. For example, according to Gupta (2019), the static framework can carry out a special nature of analysis of the white box, together with the hybrid constraint solver. The byte code technique which is comprised of different strings is most suitable for the proposed approach. The administrator also has the alternative of carrying out a string analysis, which augurs well with Integer, as well as Boolean variables.
Roichman and Gaudet's Scheme
In this detective approach the scheme monitors the access to the database. The administrator can supervise it supervised by the various integrating types of access controls in the applications. The approach creates robust solutions to the vulnerability which stems from the traceability of the SQL session (Clarke, 2009). The other benefit of this detection system is that it is widely applicable to most types of database applications.
SQL-IDS Approach
Under this kind of approach, the technique is focused on the security of the system specifications. The detection approach enables the discovery of the system vulnerabilities that would be susceptible to the SQL injections (Clarke, 2009). The advantage of the technique is that this is executed without the production of false positives or false negatives (Gupta, 2019). The approach is even faster during the operation, although it needs a detailed analysis and comparison of other approaches.
Statement Generational Algorithm
Under this approach, the system has been designed to remove or reduce vulnerabilities of injection attacks. This happens through the automatically generated algorithm, and some of them include; web goat, net trust, roller, and trust.
Database Design Testing
This technique detects which is based on the tests carried out on the database, and it can detect weaknesses through scrutinizing the input points. More so, the approach is also able to detect vulnerabilities of injection attacks beforehand, hence reducing incidences of attacks. The detection tool can carry out all these by incorporating simulation attacks, and it is also important to note that the system becomes even much effective by detecting the attacks beforehand.
Test Case Generation
Thanks to the ability to automatically carry out test cases, this technique is constantly able to note any nature of vulnerabilities. The system is based on the integration of a particular prototype which deals with the queries axiomatically (Gupta, 2019). This technique can also be used to identify the various dependencies in the smaller questions. The efficiency of the approach is relatively high as it can detect the vulnerabilities 85% of the time (Cherry, 2013).
Preventive Techniques of SQL Injection Attacks
When it comes to the prevention measures laid down to avert the attacks above, the database administrators can make use of any solid techniques to remove and reduce vulnerabilities present within a system. These preventive measures can protect the database against the hackers and intruders who rely on the weaknesses and the vulnerabilities that were not detected by the detection techniques discussed in the previous section.
In the section below, the paper has focused on 12 preventive techniques that can be carried out before and after running the system to prevent it from any sort of attacks. Nevertheless, it is important to note that besides detecting injection attacks, these techniques can be used to stop or alleviate the exploitation of hackers.
SQL and Scheme
This technique involves the randomization the query language of the application (Cherry, 2013). The application developers ensure that a typical target application is targeted during the implementation of the security protocols. The resultant scheme is a preventive framework that allows the administrator to make quires through random instructions rather than the typical SQL keywords (Pandurang, & Karia, 2015).
The proxy filters included in the design ensures that the queries made to the database are prevented while at the same time de-randomizing the keywords (Cherry, 2013). This implies that if an attacked puts the SQL code into the program, it would be blocked by the instruction set of the randomized keywords (Cherry, 2013). The injected code would produce an incorrect query which would result in a syntax error. The proposed approach has a high performance of 90% of the overheads which are placed on each question (Pandurang, & Karia, 2015).
SQL DOM Scheme
Under this prevention method, it involves the use of class sets which are incorporated into the databases scheme (Cherry, 2013). The preventive technique detects the current vulnerabilities of the application while at the same time ensuring that rightful users have access to the database. The scheme can detect the barriers of the interactions between the user and the database and prevent them. This is attained using the call level interfaces. The approach is suitable for applications which require a safe communication environment (Cherry, 2013).
Parse Tree Validation
This preventive technique terminates all the executable false statements unless they have consent from the administrator (Cherry, 2013). The preventive approach is mostly used for the SQL Guard applications. The limitations of the technique include the overhead computation and the back lists that sometimes deny authorized users access to the database (Cherry, 2013).
SQLCHECK Approach
This preventive approach is executed in the real time. The process of preventing the attacks starts which ascertaining that the inputs align with the data that were defined by the developer (Cherry, 2013). The technique also makes use of a confidential key to delimit the inputs of the user. The approach does not show false outputs. Instead, the developer runs it overhead, and its execution is direct (Cherry, 2013).
DIWeDa Approach
This approach detects malicious attacks and prevents SQL injection attacks on the program. The developers include intrusion during the development phase. The model acts as a session-level more than a transaction phase (Cherry, 2013). Researchers assert that the preventive technique is both efficient and effective in identifying the injections and the violations of the system (Carter, 2018).
Hash Value Scheme
This preventive technique involves the use of the hash values which define the user name and the passwords. When using this approach, the hash values are formed and calculated as the system continues running (Carter, 2018). The scheme has a high overhead as the result of its ability to secure most web applications against SQL injection attacks (Cherry, 2013).
Manual Approach
This is another significant technique that can be employed to help the system avert or not experience SQL attacks. According to Cherry (2013), manual approach can be used to handle manipulation vulnerabilities that are present in a system. But when developers are using the kind of a technique, they review the code and then execute programming that is on a defensive mode. During the review of the code, the administrator can apply an affordable technique for bug detection (Cherry, 2013). The approach needs the developers to have advanced knowledge about the SQLIAs (Carter, 2018). Defensive programming entails the incorporation of an input filter which would prevent the users from entering suspicious keywords.
Automated Approach
This model or framework entails the use of two important models, namely; FindBugs and Static analysis. These two special models can be used to check if a system has vulnerabilities. Also, they can detect the different types of viruses present in a system, and consequently send out a message or a notice. The beauty of this approach is that these two systems can poke, as well as scan the applications. Each framework also can examine how the system responds to potential attacks.
Removing SQL query attribute values
The last, but not the least approach of preventing system injection attacks is to find a way on how attribute values of the SQL can be removed. The approach is preferred because of its ability to carry out both static and dynamic investigation (Cherry, 2013). The preventive technique also gets rid of the attribute values during runtime by comparing these values with those which were implemented to detect any cases of injection.
DISCUSSION
The comparative analysis and discourse of the different techniques of detecting and stopping SQL injections is pegged on the performance and the efficiency of each technique. The analyses details how each of the methods works against well know types of injection attacks. The best detection and prevention technique is that which can successfully identify all kinds of attacks and prevent them. The worst techniques are those who do not have the guarantee of detecting some types of attacks (Cherry, 2013). Although other researchers for detection and prevention have suggested several approaches, only a few methods can be used practically.
Injection techniques should have the ability to detect the two fundamental types of attacks. When weaknesses or vulnerabilities are detected in the stored procedures, the codes which are employed to come up with query generation should be stored and executed on the database (Cherry, 2013). Most of the detection techniques only target the queries which are generated by the application rather than its database. This is attributable to the view that including detection techniques which would work at the database level is not only costly but strenuous as well. This means that the attacks which target the stored procedure are mostly undetected by most of the techniques.
It is important to note that unlike the stored procedures attacks, the attacks which are directed on alternate encoding are more likely to be difficult to manage. Out of the detection types highlighted in this research, only the SQL Check, and the SQL Guard techniques can effectively deal with the attacks which target alternate encoding (Cherry, & Larock 2011). The feature which allows the two methods to deal with the alternate encoding attacks effectively is that they have an integrated database parse that clarifies the string of the query. This is the same process used by the database (Cherry, & Larock 2011).
Aside from SQL Check and SQL Guard, the other detection techniques that have high performance are the developer-oriented approaches. These define the mechanism which deals with the attacks using the standard API which in most cases is the SQLDOM. In addition to this, the preventive approaches can detect the susceptibilities present within a system, to avert SQL attacks. The best methods are those who use a different approach in choosing the criteria and the attributes that qualify to generate queries (Cherry, & Larock 2011).
The defensive techniques also differentiate between those who can add checks and securities in the application from those who do not. The former ensures the enforcement of the most useful coding practices, the latter focus on preventing the attacks by stopping the quires in the course of run time (Cherry, 2013). The preventive techniques which can handle most types of vulnerabilities are those who have integrated the premise of defensive coding in its mechanism of preventing attacks.
Conclusion
In summary, SQL is an information security threat that is connected to the internet connected database. It is the ability to detect and implement preventative measures that help in safeguarding information security. Due to the changing technology and the rising number of skilled attackers they are able to identify weaknesses within the system thus taking advantage of such systems. SQL is one of the most threatening and prevalent information system attacks but it is preventable and this should be a consideration of any given project prior to implementing the network. The paper offers a discussion of some of the most feasible detection as well as prevention approaches while dealing with such attacks. With the rapid technology growth, the need to enhance efficiency and expand businesses within the online platform information security is needed.
References
Carter, P. A. (2018). SQL Injection. Securing SQL Server, 221-245. Doi: 10.1007/978-1-4842-4161-5_10
Halfond, W. G., Viegas, J., & Orso, A. (2006, March). A classification of SQL-injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering (Vol. 1, pp. 13-15). IEEE.
Hartley, D. (2012). What Is SQL Injection? SQL Injection Attacks and Defense, 1-25. doi:10.1016/b978-1-59-749963-7.00001-3
Junjin, M. (2009, April). An approach for SQL injection vulnerability detection. In 2009 Sixth International Conference on Information Technology: New Generations (pp. 1411-1414). IEEE.
Kindy, D. A., & Pathan, A. S. K. (2011, June). A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques. In 2011 IEEE 15th international symposium on consumer electronics (ISCE) (pp. 468-471). IEEE.
Kindy, D. A., & Pathan, A. S. K. (2012). A detailed survey on various aspects of sql injection in web applications: Vulnerabilities, innovative attacks, and remedies. arXiv preprint arXiv:1203.3324.
Kumar, P., & Pateriya, R. K. (2012, July). A survey on SQL injection attacks, detection and prevention techniques. In 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12) (pp. 1-5). IEEE.
Pandurang, R. M., & Karia, D. C. (2015). Impact analysis of preventing cross site scripting and SQL injection attacks on web application. 2015 IEEE Bombay Section Symposium (IBSS). doi:10.1109/ibss.2015.7456668
Pooja Saini, S. (2015). Survey and Comparative Analysis of SQL Injection Attacks, Detection and Prevention Techniques for Web Applications Security. International Journal on Recent and Innovation Trends in Computing and Communication, 3(6), 4148-4153.
Roy, S. (2011). Detecting and Defeating SQL Injection Attacks. International Journal of Information and Electronics Engineering. doi:10.7763/ijiee.2011.v1.6
Shan, L., Xiaorui, D., & Hong, R. (2010). An adaptive method preventing database from SQL injection attacks. 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE). doi:10.1109/icacte.2010.5579002
Shehu, B., & Xhuvani, A. (2014). A Literature Review and Comparative Analyses on SQL Injection: Vulnerabilities, Attacks and their Prevention and Detection Techniques. International Journal of Computer Science Issues (IJCSI), 11(4), 28.
Wei, K., Muthuprasanna, M., & Kothari, S. (2006). Preventing SQL injection attacks in stored procedures. Australian Software Engineering Conference (ASWEC06). doi:10.1109/aswec.2006.40.
Data management platform (DMP) basically refers to a platform which is extensively used for the purpose of housing campaigning and audience information which is obtained from any kind of information sources. For example, digital programming incorporates apps and websites which enable advertisers to be in the position of advertising their advertising platforms (Bertholf et al., 2007). This in return implies that the DMP has the potential of offering a centralized location form multiple marketers who desire to access as well as manage their information, for example, cookie IDS and mobile identifiers. The objective behind them is to assist in creating DMP segments which have the capacity of improving their digital advertising campaigns (Susanne, 2011).
On the other hand, marketing publishers have the potential of using DMP s platforms with the objective information regarding their users. In that case, it impels that such individuals have the potential of using that data for packaging their audiences’ segments. In return for this, they have the potential of making multiple they serve to have the adverting of their platforms (Tarun, 2015).
The Electronic Data Capture (EDC) System and Clinical Database
With regard to the above information, it should be noted there are various reasons which compels buyers to increase their purchasing powers. For instance, with buying and programming, advertisers are given the potential of extending their campaigns across a large percentage of apps and sites through advertisement exchanges, DPSPs (demand program side platforms), and other networks campaigns (Susanne, 2011).
. In other words, it implies that data management strategy which is currently used have the capacity making clinical marketers unify their performance and audience information regardless of the sources being used by them campaigns (Susanne, 2011).
Accordingly, another point of consideration is that the DMP that the advertisers establishes them to have the potential of purchasing information, device, demographics, device, purchasing household information, location, and so on (Gupta, 2012). In the same process, it is easier to analyze the manner in which each of the above segments had performed. Considering that, it implies that the marketers can have the potential of optimizing their selling base which allows them to realize the segment which performs best (Bertholf et al., 2007) This is also contained in the electronic signature features, audit trail, disastermitigation, identifying applicable software packages which are linked with it and so on.
Nevertheless, this is to say that the management of such information ought to critically segmented, analyzed, as well being stored. This then means that the data management program entails pulling its performances of such segments (Gupta, 2012). On the same note, this enables the platform to make concrete analysis of the audiences which are either performing poorly or well (Bertholf et al., 2007). The objective behind this is to assist in feeding such information back to the EDC (electronic data capture) platform. As noted, this implies that the data management platform makes the use of such a strategy in the process of optimizing the ongoing marketing campaigns (Tarun, 2015).
Advertising event/ Medical History Coding
Considering other areas of advertisements, it should be acknowledged that there have been other platforms providers such as Oracle and Adobe, and so on (Hunter et al, n.d.).
Medication Coding
When it comes to medication coding, it is essential to ensure that have concrete medical plans. This is because it has the capacity of ensuring high quality information. Such information is essential because it enables clinicians to document the manner in which they will be reviewed, rarified, or finalized. This is what governs the general use of DMPs as well as its modifications (Tarun, 2015).
References
Bertholf, R. L., Winecker, R. E., & Wiley InterScience (Online service). (2007). Chromatographic methods in clinical chemistry and toxicology. Chichester, England: John Wiley & Sons.
Gupta, S, K. (2012). Drug Discovery and Clinical Research. Jaypee Brothers Publishers
Hunter, C. M., Hunter, C. L., & Kessler, R. (n.d.). Handbook of Clinical Psychology in Medical Settings [recurso electrónico]: Evidence-Based Assessment and Intervention.
Susanne, P. (2011). Practical Guide to Clinical Data Management, Third Edition. Pharmaceutical technology. CRC Press
Tarun, J. (2015). Ectronic Data Capture System for Heart Failure Disease Management Program in Skilled Nursing Facility. Case Western Reserve University
My recent visit and stay at Ritz Carlton Aspen hotel were just amazing. I enjoyed the hourly wine drinks at the lounge and the delicious meals offered at the hotel. The hotel has a spa which is so relaxing and tranquil and this made it so enjoyable to have massage services. The hotel usually offered a late night bite and the dessert was just scrumptious. Though I had a reservation, I realized that the place is often full of people and thus the demand for the hotel is high hence one needs to make a prior reservation. Once in the restaurant, one did not have to wait for long to be served and it was always a great experience with the servers or rather the waiters in service. Outdoor activities in this hotel were just of another level, it was really fun to go to the pool. All rooms in this hotel were charming and quaint but above all, they were very comfortable. The rooms were so clean and nicely decorated which fitted to my preferences during my stay at the hotel. However, one thing that I did not like about the hotel is that the housekeeping services are not on par with the quality of these rooms. I stayed for a whole week in that hotel but during my stay, I only received a housekeeping service once. This was not in line with my expectation of the hotel and thus I had to enquire from the housekeepers why they were not making the room on a daily basis as it is supposed to be. Apparently, according to the housekeepers, they were supposed to make the rooms once per week as this was the hotel's culture.
The hotel has a spacious parking garage which made it easier for me to stay without having to worry about a parking space for my vehicle and this made my arrival and departure so much easier. The internet connection in this hotel is quite strong and one hardly needs to use their phone’s hotspot (Expedia n.p). The geographical location of the hotel harbors some of the green features which make it more enjoyable to stay in this hotel. The hotel is in a serene environment, nice atmosphere and parks (Expedia, n.p). It is environmentally friendly and thus allows guests to reuse linens and towels or not. We went skiing and there was a mountain next to the hotel and also a bus that took to other maintains if you wanted. One could just enjoy the aesthetic beauty of this area. The hotel is just lovely with beautiful architecture and detail. All staff in this hotel was so professional and quite pleasant. There are magnificent staffs who work tirelessly to making you feel welcome. Ordered room service, it was great. The staff knew our name and they ensured that we had all that we wanted.
I will definitely want to go back again to the hotel so as to have a superb experience more than I had in the last time. I highly recommend Ritz Carlton Aspen hotel for all kind of people whether for pleasure with friends or for business as the place is friendly and enjoyable. This is a must stop hotel if you are within the area.
Work cited
Expedia, Inc. Ritz-Carlton Club, Aspen Highlands by Frias. 2017. Retrieved from: https://www.expedia.com/Aspen-Hotels-Ritz-Carlton-Club.h913011.Hotel-Information
The article highlights the need for incorporating computer science lessons in American classrooms in order to fill the large gap between the required market skills and education offered in schools. The logic behind the introduction of compulsory computer lessons relating to programming is significant, considering the role of computer in business operations and daily activities. The push by tech companies to have computer programming lessons being part of school curriculum has a sound basis even though there some vested interest behind it.
Amidst the efforts by the government to limit the immigration, there is a need to have American experts on computer science to avert the impact of such limitation on firms that have been relying on foreign engineers (Singer, 1). In addition, it would give an opportunity for students to develop important skills that would help them in succeeding in a market with constantly changing technology. However in legislations in every state should be enacted to limit the amount of influence companies can have on public schools, and raising public awareness on the same. This is important in ensuring that the demands of the industry are not give the priority over the interests of the students.
A) Start the PRAAT program. After opening the program, there window will appear. The first window consists of the title which disappears right away. The second is the main window in which most of the work is to be done. The third is the picture window which is to be used for drawing fancy printable diagrams.
b) Connect a microphone to the computer. Using the main window, select “New” then record the mono sound.
c) A “SoundRecourder” window will then be opened.
d) Then click the “Record” button after staring speaking. In the process of speaking, you should see waves bouncing up and down vertically.
e) Speak the number of word (your name). Ensure to use natural speech style and rate, that is do not be too slow or too faster.
f) Repeat the same procedure so as to correct any errors made during measurements.
g) Once you are through, click the “stop” button.
h) Then click the “Play” button and the listen to the outcome so as to ensure what you have recorded is correct.
h) After verifying, click the “Save to list” button located just below the program. This will automatically send the new voice you have recorded to the list of the in the PRAAT main window. In the list you will see “Sound sound).
Saving the recorded sound file
g) Chose the “Write” menu to save the sound file then “Write to WAV file….) and in this case “jiyao337.wav” and then save it in CD or diskette.
Coding can best be described as the process of unifying and categorization data. Coding acts as a manner of labeling, compiling and unifying data. In addition, this also permits the researcher to summarize as well as synthesize the happening in the occurring data (Laureate Education, 2011). When the acquired data is linked with the interpreted information and analysis center is developed. In qualitative analysis, coding is the process of developing a phrase that figuratively points for visual analysis. Coding is important in order to develop a central direction for the results as well as the analysis section which should be in support of the developed hypothesis (Miles, Huberman & Saldaña, 2013).
The Differences among Open, Axial, and Selective Coding
Open coding refers to the process of generally reading the acquired data for a number of times and then creating cautious labels to summarize the findings (Miles, Huberman & Saldaña, 2013). The coding is not mainly grounded on the present model rather it is derived from the connotation which is acquired from the acquired data (Miles, Huberman & Saldaña, 2013). On the other hand, Axis coding involves the identification of associations among the acquired open codes (Miles, Huberman & Saldaña, 2013). Selective coding involves the process of figuring out the central variables that are incorporated in the acquired data (Miles, Huberman & Saldaña, 2013). After the establishment then the selected coded are revisited to identify the relationship.
Examples
Open Coding – an example would involve the general recording of the participant’s common terms in order to establish features in every code.
Axial Coding – an example would involve for instance trying to establish the relationship between sentencing disparity and socio-economic status from the responses.
Selective Coding- an example would be that of having the desire to transform of bringing a different to improve individual’s lives.
References
Laureate Education, Inc. (2011). Coding practice tool. Baltimore, MD: Executive Producer.
Miles, M. B., Huberman, A. M., & Saldaña, J. (2013). Qualitative data analysis: A methods sourcebook.
Providing software protection has its own benefits and shortcomings since every decision on software design is bound to elicit risks of infringing in a patent and thus, affect the software project. Development of complex and big programs involve combination of many ideas and in countries where software protection is allowed, there is a high possibility that significant part of ideas in a new program will have been patented by some firms. Where the software is quite novel and not obvious, it is important to provide patent protection to avert any effort by others to use, sell or import this patented invention. The patent will be important in preventing others from using an inventive aspect of the novel software or adopting the distinguishing features in case of a new website (Bird & Jain, 2008). In fact, software offers more protection to the developers of the software that would the copyright law. A concern will arise where the protection impedes innovation and development of new softwares or destroy the software project altogether. This includes cases where the software patent becomes harmful so that it unjustly or unreasonably restrict a person from using their computer and more so those patents that come from mistakes. These mistakes results from a situation where rules of patent systems were not done properly. This means that software patent should be allowed if they are legally valid in accordance with the criteria of the patent system(Bird & Jain, 2008).
Software patents should have its limitation so as to reduce the short-comings that comes with it. This includes limiting the protection if the idea behind the invention dose not adds anything significant to the basic abstract idea. This is because the idea may have been longstanding and just programmed to be used by the computer. This means that for a software to continue being patent-eligible, it has to make a significant improvement on the operations of a computer (Stallman, 2014). Such limitations will ensure that software protection does not act as an impediment to innovation and using the computer system. If the Amazon.com software had been patented without being non-obvious and novel, it means that the company would have unjustly controlled e-commerce alone and thereby hindering inventions and innovation in this sector and other areas related to online trading and marketing.
Previously, the issue of software patent has been thorny to practitioners especially in relation to eligibility of the subject matter which has varied greatly between Europe and U.S. The assumption has been that many inventions related to software will be patented in U.S if this fails in Europe. In United States, the courts have place limitations on software patents but have not eliminate the protection altogether. Since the Alice Corp v.CLS Bank ruling by the US Supreme Court, where justices clarified that addition of some fancy-sounding computer software language to some normal aspects of technology and business does not guarantee patent safety, judges in district courts have made invalid many patents (Knights & Redinger, n.d). The invalidation has been done on the basis that such were just fancy ideas that did not merit patent. In Europte, courts in different countries have followed different approaches do validate or invalidate software patents with some offering the protection. Achieving a balance which enhances progress in useful science and arts can be done by establishing merits on how patent protection should be upheld without hindering innovation.
References
Bird, R., & Jain, S. C. (2008). The global challenge of intellectual property rights. Cheltenham, UK: Edward Elgar.29-31
The aim of the offline application is to ensure efficient and effective achievement of the research objectives to be carried out by the team. This application serves the users’ desires to share and mainstream information related to the project so as to sustain collaboration throughout the various phases of the project. Decomposition is an important portion of user requirement. Decomposition involves a process whereby project items are communicated with the relevant team in a collaborative way (Kroenke, Bunker & Wilson, 2013). This allows for various aspects of the project which include building of collaboration culture needed by the team so as the project team is brought into the stage of requirements so as to refine the backlog of the research. The other aspect includes timing delays and some projects can experience gaps during definition of requirements and the initiation of the project. This happens on a regular basis in the project and the larger the time gap between requirement definition and actual project, the more the risks that may arise while carrying out the research project.
The offline application developed through agile methodology is in line with issuer requirements since it ensures there is continuous improvement and quick delivering of value to the users. Such value is driven largely by clarity and quality of user requirements that feed the process of software development. An agile and lean approach to the various requirements of the users as the first step ensures that there is optimization of the process. For this development, the major requirement for the users include ability to share information in an offline platform and to ensure uploading of project results so that it can accessed by all team members. The aim is to ensure that there is continuous collaboration among the team members and ensuring that all members are able to view the progress of the project. The offline application should also ensure that tasks that have been divided among team members are shared on time to avoid delaying any phase of the research.
Work Breakdown structure
The Work Breakdown structure describes the functional division of how research work is going to be carried out by the various students in a team. A Work Breakdown Structure normally involves a analysis phase, design, development, test and release and such phases produces provisional deliverables and are carried out by a specialist role (Kroenke, Bunker & Wilson, 2013). To achieve maximum project results, the attention paid to functionality delivered for production is done in a collaborative manner instead of interim deliverables associated with functional responsibilities. The various tasks are to be done by specified members in the team and accepting that tasks planning process should be refined with time instead of planning all tasks at the start of the project. The Agile WBS is fresh even when used in offline project management website as compared to online application in places where internet access is not guaranteed.
Starting phase
Definition requirements for information gathering
Analyze the requirements
Creation of requirement documents
Definition of project objectives, research objectives, research deliverables and exclusion to research scope
Approval of initiation phase
Planning phase
Team organization
Development of project plan
Communication plan
Management of resources
Execution phase
Preparation for actual research tasks
A session for brainstorming
Selection of information sources
Solicitation of required information
Closeout phase
Closing out of the research
Reviewing the lessons learnt
Establishment of process for documentation of data
Documentation of the information
The offline application risks
The appropriate definition of an offline platform is seen when a platform is not powered on or when there is no remote connection of any form. Failure to understand such a difference between real offline platforms or application can lead to underrating of the some unrecognized risks that, in case they are noted by some actors, they may lead to interruption of the project. This means that malicious access to the information may lead to complete loss of all the information contained in the data base. Even if the application is offline, it is important to consider whether it is possible for a person to attempt to gain access to it. If it is possible for a person to have access to the application, it means that it can be online suddenly. Mitigating the risks involves a consideration into whether it is possible for restore any data by use of a remote connection without a person having to do something physically. If it is possible to restore such data remotely, it means the back for such data is online or potentially online. An application that is potentially online is the same as an online platform and it means that external intrusion is possible and hence it is possible to lose important data on the project being carried out.
There is also a potential danger that application that are developed for offline internal use and hosted on a website are not usually developed using the same security standard as those websites developed to be exposed outwardly. This means that even if the application is developed with offline capability and hence, no online exposure it may lacks some security measures such as appropriate encryption to ensure the safety of information. However, since this application is designed to be used internally and using an offline platform, it is not likely to face major security risks that online platforms are expose to. A major threat is the likelihood of the framework used for the application may expire quickly. This calls for measuring the risks and take into account the fact that the offline application will require maintenance, monitoring and even functional modification to ensure that the appropriate resources are put beforehand. Virtual patching by the use of a web application firewall may be necessary in offering protection while changes are being made to security changes. The hypothesis for this testing involves the level of efficiency of the application and how it can affect the outcome of the project for the users using it.
Application usability testing
Usability testing aims at ensuring that there is an understanding of how the actual users will experience the application. The user test will ensure the measuring of the actual performance of the application on the various tasks that are considered critical for the project. Since the target audience for this application is the students, there will be one or more teams that are to use the device. The usability testing will also aim at finding out the strengths of the application and the areas where it can be improved for the sake of the user. In carrying out the usability test, the tasks involve performing specific number of tasks within a given session. These tasks should ensure that there is a representation of the most common goals of the users such storage of the information, sharing of information and recovering any information that may be lost in the process. It is important to establish success criteria that are clear for every task and have the users by-in on these specific criteria and include a specification of how the participants will start the task (Barnum, 2010). This also involves how the starting points and the completion of the tasks can affect the ability of the researcher.
Advantages of the application
An offline Kanban application is a good way to go when priority is not given to utilization of a hosting that is not cloud and at the same time retaining all the benefits associated with co-working in a digital application. By being installed in environment that isolated so that even the offline capability is enabled, the application enhances collaboration of team members. The application has various advantages the major one being improved focus on team and process throughout which can be attributed to Work in Progress limits and the benefit of having tasks and process visualized clearly. Another advantage relate to a space that is secure for tasks organization, sharing and storage of data. The software is not exposed to DDos attack since it is not on online platform which improves the capacity to secure the data stored for the whole project. The security of the application is also improved by the fact that it is totally hosted on offline Web and it also runs on a Web browser. In addition, if the there is a restoration of internet connection the application has an emergency backup for information and data which ensures that the project is carried out with no hitches (Information Resources Management Association. 2016).
References
Barnum, C. M. (2010). Usability testing essentials: ready, set... test!. Elsevier. 10-21
Kroenke, D., Bunker, D., & Wilson, D. (2013). Experiencing Mis. Pearson Higher Education AU. 572-575
Information Resources Management Association. (2016). Project management: Concepts, methodologies, tools, and applications. Hershey: Business Science Reference.
I take this opportunity to ardently write my application in response to the web design advertisement posted by Al-Baramej. Being an active and creative minded, I would like to express my readiness to leverage my potential capabilities in carrying forward the course taken by Al-Baramej. I have been actively functional in web and designing for the last 5 years which I believe is considerable experience for the coming job. Additionally, web designing has been one of my best passions in designing games and simple websites at personal level. In my past experience, my bosses have commended greatly on my work since it solution oriented.
My ability to come up with precise and straightforward web designs and application tools has earned me my livelihood since I graduated from my post graduate course in information technology. My websites have been known to be user-friendly, easy to operate and simple. This guarantees ease for the new users of the website as well as ease in improving and updating the website. My experience as a computer technician has also amounted to my capability in maintaining revising and expanding of the website depending on the evolving needs and recommendations from the web users. All this lies as unutilized potential in the field of web design.
I’m also pleased to let you know how I take pride in my skills of implementation of effective optimization strategies of the search engine. All the web designs that I have made have been so effective in merging the different design needs. Spiced with hard and commitment in the field, you can be assured that greater results shall be achieved in designing the unique website for the disabled. I have been recently working nowadays on contracts and all my clients exclaim at how my work would surpass their expectations in designing different websites. Working with the Al-Baramej company will therefore offer a platform on which all my energies, capabilities and passion would be tabled for a promising output.
Over the last two years, I have been working on mega projects together with other experts. Often, I have been working as an assistant coordinator after which great success was reached. My resume confirms my experience over the last five years in regard to web designing experience. Support for my co-workers has been one of my most appreciated abilities whenever need arises. In this regard, I have learnt to work with other staff and therefore skills in communication and coordinators are among my top treasures. I usually strive to create a productive and positive growth atmosphere from which creativity and web design excellence are cherished.
I look forward to meeting you soon so that we can detail this opportunity that has come in the right time. I hope my attached resume will enlighten you on not only my past experience and achievements but also the potential that is within my capabilities to work and design desirable websites for the disabled. I have also purposed to call you in three weeks time in order to make a follow-up of this application. On the same note, I would like to let you feel free to contact me through the number I have attached to my resume for confirmations.
Thank you in advance as you look forward to give me a positive feedback.
This website is owned and operated by PFS Limited.
Company Registration office is at:
2875 NE 194st St 404, Miami, FL 33180
Edudorm.com provides writing and research services for limited use only. All the materials from our website should be used with proper references and in accordance with Terms & Conditions