Saturday, January 25, 2014

Book Review: Software Engineering Architecture-Driven Software Development

Book Title/Product

Software Engineering
Architecture-Driven
Software Development

Author: Richard F. Schmidt                             
Publisher: O’Reilly Media, Inc. | Elsevier
Reviewer/Blogger: Virginia Benedict

Target Audience

Project Managers, Stakeholders, Technical teams, Security Engineers, Students, and anyone interested in how software products are built.

Prerequisites

Keen desire to properly learn about software development methodologies and best practices.

Structure

The work is comprised of three (3) Sections and 20 Chapters, a short Note from the Author, Contents, a Preface, and a well-defined Index comprising a total of Foot Noted 376 pages. The Foot Notes include references to additional reading.

The author does not include a much-needed dedicated Glossary if the work is to embrace a wide audience of professionals and most importantly the beginner student, even though he does provide an integrated version within the Index.

Illustrations and Figures

The topics and concepts are well illustrated






Companion Content

No readily available companion content

Reviewer | Blogger Comments

Review Title


Engineering for Success… Beating the 30% Odds


This manuscript is comprehensive, detailed, well organized, and easy to follow and is an important contribution to the software manufacturing industry.

The content is organized around three major topics following the SWEBoK Key Process Areas methods as depicted in Table 2 presented in the Preface:

SWEBoK Key Process Areas 
  • Fundamentals
  • Practices
  • Application
Knowledge areas such as:
  • Requirements
  • Design
  • Construction
  • Testing
  • Configuration
  • Management
  • Process
  • Methods
  • Quality
Each Knowledge area is treated within respective Sections in various chapters. e.g., Design is addressed in Section 1, Chapters 3, 6 and Section 2 Chapters 10… 14 etc.

Richard Schmidt addresses the topic of Security thoroughly all throughout the book beginning with SECTION 2 SOFTWARE ENGINEERING PRACTICES but to my surprise, not as a knowledge area given the current insurmountably persistent data breach and violation of privacy events due to poorly written software, among other culprits.  I was expecting Schmidt to stress Security in SECTION 1 SOFTWARE ENGINEERING FUNDAMENTALS.

Schmidt attributes the lack of success in software engineering to the ”almost complete misconception of what a software product design is and how to develop a complete design description. The second symptom involves the lack of a standard set of software engineering principles and practices”

I attribute the primary culprit to be the human condition and its lack of self-discipline then misconceptions and lack of standards. 

An important and complex subject matter such as the concepts, methodologies, and standards of software engineering discipline and requirements needs to be addressed from many perspectives.  Especially in a contemporary scenario where Engineering Teams are comprised of members from all walks of life, academic backgrounds, and gene pools.  This means that their natural linguistics ideology can widely differ and this impacts how the product is engineered.  i.e., look and feel, functions and features, how security is implemented in the product, etc. all are dependent on the innate cultural and social ideologies of the code writers, engineers, designers, and architects in this order or precedence.    

Therefore, the importance of works of this genres are imperative and how this complex discipline is treated when it is presented as a learning tool needs to be presented from many perspectives as does our author.

It is important to note that while the work is well organized and elegantly presented, the Contents guide in the eBook is not hyperlinked to the destination chapters. However, the author does present an introduction to each Section and a Chapter outline and introduction in the beginning of each chapter.  While I very much found useful the fact that he enumerated key concepts in the beginning of each chapter, it was distracting to me not to be able to navigate the eBook expediently through a hyperlinked Contents/Topics guide.  I had to resort to scrolling through and/or perform queries in order to review a chapter or segment within chapters.

Nevertheless, I did find useful that in his Preface he instantiated hyperlinks to tables within the preface.  I recommend the reader to pay close attention to this preface since in it Richard Schmidt presents an architectural synopsis of the work, aligned with the Software Engineering Body of Knowledge (SWEBoK) in the form of tables.  In addition, he presents a summary of the Sections and the corresponding chapters.

About the Author

TBP

Quotes

If you have read this manuscript and have some opinion, comments, or praise about this work, please let me know.  Your quotes will be published with full billing


Comments | Opinions | Corrections | Quotes… Welcome




Wednesday, January 8, 2014

Book Reviews | Software Requirements Third Edition

Software Requirements

                                                            Third Edition

Authors:  Karl Wiegers | Joy Beatty
Publisher: Microsoft Press | O’Reilly Media, Inc. 
Reviewer | Blogger: Virginia Benedict

Target Audience

Business Analyst | Requirements Engineers | Software Architects | 
Developers | Project Managers | Stake Holders | Anyone who is interested in achieving greater business success with the help of automation

Prerequisites 

Anyone with a keen interest in architecting an adaptive and progressive business.

Book Structure

Introduction | 32 Chapters | A well-defined Glossary | 3 Appendices | References | 637 Pages

This structure is highly comprehensive and enticing for beginners and experienced professionals alike.  I can see that both Karl Wieggers and Joy Beatty have an in depth command of the subject matter thus could presented from top to bottom, edge to center and vice verse.  

Illustrations and Figures

In addition, to outstanding illustrations, the authors provide supporting use cases and case studies




 Companion Content

 Templates | Check Lists | Spreadsheets | Other Job Aids

Reviewer | Blogger Comments

As technological advances continue to evolve, so does the need for software development methodologies.  Likewise, as re-architected socio-economic strategies emerge, the need for adaptive business models and analytic methodologies must follow suit.

If you have read the prior two editions of "Software Requirements" and have found them to expand your subject matter knowledge base, you will want to incorporate this expanded third edition into your reference library.  I recommend reading this work individually then reviewing and discussing each chapter as a team prior to commencing any software development project.  I personally recommend centering all team discussions from a security and compliance stance.

The third edition is informative and because they build powerful illustrated instructional arguments, the authors make it easy to understand and retain the concepts and methodologies presented.  Additionally, I like their conversational literary style.  I feel as is the authors are addressing me personally.

The text is well indexed and I particularly like how the authors reference associated concepts and definitions between chapters.

About the Authors

Karl Wiegers - @karlwiegers
Karl Wiegers is a software consultant, trainer, and an award-winning author of eight books and a repertoire of articles.  He has provided training and consulting services worldwide on many aspects of software development, management, and process improvement.

Joy Beatty - @joybeatty
Joy Beatty has co-authored important works that address the realm of business analysis and agile software requirements.  As a subject matter expert Beatty has guided major organizations in the building of business analysis centers of excellence. 

Beatty has worked with numerous Fortune 500 companies spanning the semi-conductor, computer manufacturing, defense, and retail industries. She is responsible for developing new service offerings that change the way their customers create requirements. She has also adapted ideas from using games in training to create courses on topics including requirements best practices, elicitation and visual models and delivered training to over 700 individuals in industry.    





Sunday, June 23, 2013

Book Reviews: METASPLOIT The Penetration Tester’s Guide

Metasploit

          The Penetration Tester’s Guide                                  

Authors: David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni        
Publisher: O’Reilly Media, Inc.
Reviewer/Blogger: Virginia Benedict

Target Audience:  This Guide offers a wealth of information to both the novice as Tutorial and the experienced as Reference.  For starters, the Novice will learn relevant steps on how to get started; and the Experienced with benefit from the discussions on Methodology. Program Managers and Stake Holders will benefit from a managers perspective
Pre-requisites:  Desire to lean, Integrity, Methodical, Analytical, Programming & Scripting languages recommended but not required
Overview: This Metasploit guide will help the Pen Tester get started; or take him/her to the next level 
Related Standards:  Pen Testing Standards are loosely followed due to the nature of the investigative process and intelligent garthering. 
Related Commercial Products:  Metasploit Express Edition || Metasploit Pro Edition
Related Basic Products:  Metasploit Framework Edition || Metasploit Community Edition
Chapters:  Seventeen Chapters extensively indexed and a Cheat Sheet referencing important commands with syntax commonly used within Metasploit’s various interfaces and utilities. 
  
A guide such as this is best produced by an extensive collaborative effort of experienced professionals.  It is especially valuable when the related community of information security experienced professionals has had direct or indirect input into the final product, as with this outstanding effort.
Once the authors have taken the reader through the absolute basics of Penetration Testing, then they introduce the basics of Metasploit, arming the novice with the necessary knowledgebase to move into the intelligence gathering processes while teaching you the various commands and tools.
I found their discussion on the risks and responsibilities of the Tester very poignant. 
I recommend that since the Metasploit Framework is large and complex requiring an array of innate and learned skill sets that the novice reader first study the organizational framework of this guide.  In other words, become familiar with the flow of the work by creating an inventory of the various learning points. 


As with any learning process, I always recommend that the “student” begin by fully understanding their learning style(s).  Be aware that you, as many of us do, may have different learning styles and combinations thereof for different learning requirements.  As a reader in this case, you might have a couple of learning styles, which you might apply in perspective. By studying the method(s) used by the authors hereby to present the information and processes, you will gain the ability to understand and retain the knowledge presented. 

About the Authors

Mati AharoniMati (muts) is a network security professional, currently working with various Military and Government agencies. His day-to-day work involves vulnerability research, exploit development and whitebox / blackbox Penetration Testing. In addition, he is the lead trainer in the “Offensive Security” courses, which focuses on attacker tools and methodologies. Mati has been training security and hacking courses for over 14 years and is actively involved in the security arena, and is the core developer of Kali Linux.

Devon kearns (dookie2000ca) is a former Communications Technician and IS Security Analyst with over 15 years of formal IT experience but his true passion lies in the field of information security, most notably in the realm of software exploitation and bug hunting. This fascination with vulnerabilities has led Devon to being the lead administrator of the Exploit Database, a co-author of the free online Metasploit Unleashed training course, and a Kali Linux developer.

Jim O'GormanJim (Elwood) is a professional penetration tester, an instructor at Offensive Security, and manages Offensive Security’s consulting services. Jim has lived online from the times of BBS’s, to FidoNet, to when SLIP connections were the new hotness. Jim spends time on both network intrusion simulation as well as digital investigations and malware analysis. When not working on various security issues, Jim spends his time assisting his children in their attempts to fight Zombie hordes.


David Kennedy
 is Chief Information Security Officer at Diebold Incorporatedand creator of the Social-Engineer Toolkit (SET), Fast-Track, and other open source tools. He is on the Back|Track and Exploit Database development team and is a core member of the Social-Engineer podcast and framework.Kennedy has presented at a number of security conferences including Black Hat, Defcon, ShmooCon, Security B-Sides, and more.


oreilly.com - Your tech ebook super store

Friday, February 22, 2013

Forensic Science Processes & Technologies

Please Note that this is Work-in-Progress

Open for Comments and Questions





%%%%%%%%%%%%%%%






%%%%%%%%%%%%%%%



%%%%%%%%%%%%%%%%




%%%%%%%%%%%%%%%%%%%




%%%%%%%%%%%%%%




%%%%%%%%%%%%%%%%%%%




%%%%%%%%%%%%%%%%%





%%%%%%%%%%%%%%




%%%%%%%%%%%%%%%%%%%




To Join this G+ Community send me a request.
Please make sure that your profile is professionally
fully developed and that you are who you say you are.

Tuesday, December 11, 2012

Seamless Unified Collaboration

Seamless Unified Collaboration with Office 365/SharePoint


Whether you wish to implement intranets, extranets, or public collaborative platforms Office 365/SharePoint is undoubtedly the suite of tools of choice.  It is elegantly engineer for ease of use, intuitive learning curve for both IT and users alike; especially since all of the familiar features and functionalities of Windows and MS Office are brought forward with enhancements.

It is a comprehensive highly secured unified communications tool for online, offline, internal, federated team management, and/or customers’ social outreach.  Microsoft Office 365/SharePoint is essentially a turnkey highly customizable platform for Audio/Video/Web Conferencing, VoIP (Voice-over-IP) and VoI (Voice-over-Internet) using Lync 2010 or 2013.

On the back end, it offers Data Center Network Capacity, File Storage, Full Server Support, Award Winning Service Help Desk and World Class Training and Demos Microsoft’s standard of quality.
 
The most important concern of all is fully addressed by Microsoft’s State-of-the-Art Security, Back-up, and Recovery Technology ensuring privacy and data reliability, integrity, and  high availability.  With Single-Sign-On (SSO) the user has seamless authentication and ready access with the appropriate rights management.
 
Integrated with Microsoft SharePoint, you can sync your teams for easy collaboration using Office Outlook to manage schedules, contacts, and mail.   You seamlessly customize a dedicated intranet Team Site to publish/archive documents, calendar of events, create exchange through collaborative comradely and much more.

The Team sites as well as the public website can be designed/customized with SharePoint Designer. This outstanding tool is installed locally on the desktop or mobile workstation for taking advantage of powerful features.   


ADMIN DASHBOARD





Fig. 1 -  This is the Dash Board (Control Panel) of the Account Owner/Administrator (AO/A).  To familiarize yourself with the powerful tools integrated into the Office 365 with SharePoint I recommend that the AO/Admin open a VISIO stencil and begin to create the first layer of your project using the features and functionalities that you are planning to deploy.  I would include start and completion projected dates.


SETUP OVERVIEW




Fig. 2 -  It is important that you use layers so that each Specialist and/or team responsible for integrating the chosen services can easily follow the desired design and configuration standards.







Figs. 3 - 4 -   Using the items on the Setup Overview, the AO/A can begin to create a custom plan for the roll out.  Using the Custom Plan Pilot guide you can track it using MS Project integrated with VISIO interactive visuals

CUSTOM PLAN TRACKER







Figs. 5-6 - Each Task can be represented in VISIO as a layer detailing the steps to be taken and linking them to MS Project.





INTEGRATED DATABASES

 

 

 

Fig. 7 -  As you can see, you have everything readily available including outstanding self-help support with dynamic context specific streaming demos, award winning community assistance and/or options to hire a Microsoft Certified Specialist.

HOME

 

Users' Dashboard





Fig. 8 -  This is your licensed users’ dashboard.  If you notice, on the right the user will find all of the readily available Self-Help Resources as well as Community Resources and Blogs.

TEAM SITES


Each department can deploy Departmental level Team Sites, and each Project/Program Manager can customize their own projects team sites.   





Fig. 9 -  This is using the default layout that is readily customizable



Fig. 10 -  …and with a couple of clicks and drag-and-drops, I turned it into this.


Your Team Sites can be edited with SharePoint Designer which helps you to seamlessly to create or edit lists, pages, workflows, and adjust settings.

You may also edit Team Site on the fly using WYSIWYG and drag/drop
Full integration with Office Project, Visio, Access, and the complete Office 2010 suite of applications and tools.   This is ultimately important because this makes managing your teams a seamless affair through live and passive interactive collaboration.

VANITY DOMAINS

 

This is the optional vanity domain public site.  The integration of a public domain is seamless and painless whether you have an existing domain or you need to purchase a new domain Office 365/SharePoint carries you through the steps using easy to follow wizards or with phone support.

 

 


Fig.  11 -  Sample Enterprise Domain simply using the WYSIWYG available web parts.  Not one single line of code was written.

Please Note:  This is a high-level overview just to present a quick and dirty sampling of what Office 365/SharePoint Online Services has to offer to any size business; from Enterprise to Medium Businesses or SOHO Entrepreneurs.

Click the images to view them in the LightBox


If you have any questions or constructive feedback, feel free to contact me.


~ Virginia Benedict
Technologies Analyst (cir 1989)
IT Systems & Network Security/Computer Forensics (cir 2000)
Professional Social Media Managing Curator (cir 1992)
Market Engineering Strategist (cir 1984)

914-923-2103 (by Appt)

@System_Prompt

Thursday, November 22, 2012

Indispensible IT Pro Tools



The Value of a TechNet Subscription...

Author: Virginia Benedict, Techanalyst

If you consider yourself a serious IT Professional, a TechNet subscription is simply indispensable.  I know that I cannot do without it for more reasons that I can think off.  When I think of Continuing Education & Training, to prepare for critical issues and plan for future deployments, when I am in the middle of an IT project, double checking knowledgebase for specific how-to or tips & tricks, when I need to get updated on security trends, on and on…

Because a TechNet subscription allows me to download full versions of pre-release tools and software for testing and evaluation purposes, I can hone in and polish the skills I need to readily provide best of class technical support services, implementations, and prepare for seamless migrations.

The subscription level I recommend is the TechNet Professional with Media.  TechNet provides the subscriber with an on-line Portal. However, having the media will travel; especially when you are on-site and might not have ready access to broadband. 

The following are just some of the benefits included in the Professional with Media version:

1.       Exclusive Secure Portal Access from which you can Manage your Subscription and efficiently access your benefits in one place
2.       Usage Scenarios Supports the trial scenarios most utilized by IT Pros during the software evaluation process
3.       Microsoft E-Learning Provides collections (a set of courses with practice labs), typically 20 hours per calendar year.

TechNet also offers Volume Subscriptions. Microsoft Volume Licensing programs that are designed to meet the needs of a business and offer customized packages to suit the size and purchasing preference of a company.

For more detailed information go to:

Overview:
http://technet.microsoft.com/subscriptions/bb521230.aspx

Volume subscriptions:

Feature & Pricing comparison Matrix:
http://technet.microsoft.com/en-us/subscriptions/hh442910