i-manager Publications

i-manager's Journal on Software Engineering (JSE)

Current Issue Vol. 18 Issue 2

Most Cited

Volume 13 Issue 3 January - March 2019

Research Paper

Requirement Formalization for Model Checking using Extended Backus Naur Form

E. O. Aliyu* , O. S. Adewale, A. O. Adetunmbi*, B. A. Ojokoh****

* Lecturer, Department of Computer Science, Adekunle Ajasin University, Akungba Akoko, Nigeria.

Dean and Professor, Department of Computer Science, Federal University of Technology Akure, Nigeria.

* Professor, Department of Computer Science, Federal University of Technology Akure, Nigeria.

**** Associate Professor, Department of Computer Science, Federal University of Technology Akure, Nigeria.

Aliyu, E. O., Adewale, O. S., Adetunmbi, A. O., Ojokoh, B. A. (2019). Requirement Formalization for Model Checking using Extended Backus Naur Form, i-manager's Journal on Software Engineering, 13(3), 1-6. https://doi.org/10.26634/jse.13.3.15687

Abstract

Describing the structure of a language using rewriting rules in verifying requirements and design is still a vivid area of research. The authors describe the grammar formalism Extended Backus Naur Form (EBNF) to specify the 'if' single block construct with respect to assignment and relational operators as well as Switch, For loop, Do-while, and While loop statement to ensure program free flow. This aim to ensure correctness in the grammar rule for selective and iterative construct to parse C++ programs. The grammar describes the actions a parser must take to parse a string of tokens correctly.

References

[1]. Adetunmbi, A. O. (2012). Theory of computation (Lecture notes), Federal University of Technology Akure, Ondo State, Nigeria.

[2]. Adewale, O. S. (2010). Compiler construction, (Lecture notes), Federal University of Technology Akure, Ondo State, Nigeria.

[3]. Aggarwal, K. K., & Yogesh S. (2008). Software Engineering (Third Edition), Delhi: New Age.

[4]. Baudin, P., Filliatre, J. C., Marche, C., Monate, B., Moy, Y., & Prevosto, V. (2008). ACSL : ANSI / ISO C specification language, CAT RNTL Project, INRIA.

[5]. Berard, B. M., Bidoit, M., Finkel, A., Laroussinie, F., Petit, A., Petnicci, L., & Schnoebelen, P. (2001). System and software verification. Model checking techniques and tools. Springer- Verlag Berlin Heidelberg, Retrieved from https://www.springer.com/in/book/9783540415237

[6]. Biere, A. (2008). Tutorial on model checking: Modelling and verification in computer science. In International Conference on Algebraic Biology (pp. 16-21). Springer, Berlin, Heidelberg.

[7]. Emani, C., Silva, C. F. D., Fiès, B., Zarli, A., & Ghodous, P. (2016, October). An Approach for Automatic Formalization of Business Rules. In Proc. of the 33^rd CIB W78 Conference 2016.

[8]. Espada, M. A. V. (2005). Modal abstraction and replication of processes with data (Doctoral dissertation), University of Amsterdam.

[9]. Forsberg, M., & Ranta, A. (2005). The labelled BNF grammar formalism. Department of Computing Science, Chalmers University of Technology and the University of Gothenburg, Sweden.

[10]. Gabbrielli, M., & Martini, S. (2010). Programming languages: principles and paradigms, London: Springer.

[11]. Kammer, D., Wojdziak, J., Keck, M., Groh, R., & Taranko, S. (2010, November). Towards a formalization of multi-touch gestures. In ACM International Conference on Interactive Tabletops and Surfaces (pp. 49-58). ACM.

[12]. Laros, J. F., Blavier, A., Dunnen, J. T. D., & Taschner, P. E. (2011). A formalized description of the standard human variant nomenclature in Extended Backus-Naur Form. BMC Bioinformatics, 12(4), S5.

[13]. Louden, K. C., & Adams, P. (1993). Programming Languages: Principles and Practice, Belmont, CA: Wadsworth

[14]. Mann, P. B. (2006). A translational BNF grammar notation (TBNF). ACM SIGPLAN Notices, 41(4), 16-23.

[15]. Overbey, J. L., & Johnson, R. E. (2008, September). Generating rewritable abstract syntax trees. In International Conference on Software Language Engineering (pp. 114- 133). Heidelberg: Springer, Berlin.

[16]. Park, S., Lee, Y. C., & Lee, J. K. (2016). Definition of a domain-specific language for Korean building act sentences as an explicit computable form. Journal of Information Technology in Construction (ITcon), 21(26), 422-433.

[17]. Scowen, R. S. (1998). Extended BNF-a generic base standard. (Draft Papers). Retrieved from http://www.cl.cam.ac.uk/mgk25/iso-14977.Pdf

[18]. Shehitoglu, O. T. (2009). Programming languages: syntax description and parsing. [Power point presentation] Retrieved from http://ocw.metu.edu.tr/pluginfile.php/ 2987/mod_resource/content/0/lectures/15-syntax-parsing. pdf

[19]. Xah, L. (2014). What's the difference between BNF, EBNF, ABNF. Retrieved from http://xahlee.info/ parser/bnf_ebnf_abnf.html

Full Article (HTML)

Pdf

Research Paper

Development of a Secured E-Voting System With OTP as Second Order Authentication

Habu J. Salami* , O. S. Adebayo, A. O. Isah, K. H. Lawal, John K. Alhassan

Information Technology Services, Federal University of Technology, Minna, Nigeria.

,,* Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

Department of Computer Science, Federal University of Technology, Minna, Nigeria.

Salami, H. J., Adebayo, O. S., Isah, A. O., Lawal, K. H., Alhassan, J. K. (2019). Development of a Secured E-Voting System With OTP as Second Order Authentication, i-manager's Journal on Software Engineering, 13(3), 7-14. https://doi.org/10.26634/jse.13.3.15686

Abstract

Electronic voting has become the most preferred and generally acceptable voting method in the 21^st century. Advanced and developed countries are constantly reviewing their e-voting systems. However, the cyber security problem associated with the e-voting system has been giving concerns to cyber security experts and researchers. The authentication methods employed in existing e-voting system is for a voter to input a unique identification number that has been assigned after accreditation. This is to confirm of the voter's details in the voter registration data base. This paper seeks to develop a secured e-voting system that integrates a second order authentication in the form of One-Time Password to again confirm the voters' details in the registration data base before voting is allowed. Java programming language was employed in coding the OTP algorithm into the existing e-voting system algorithm. The e-voting system is more secure with this work.

References

[1]. Abdulhamid, S. Í. M., Adebayo, O. S., Ugiomoh, D. O., & AbdulMalik, M. D. (2013). The Design and Development of Real-Time E-Voting System in Nigeria with Emphasis on Security and Result Veracity. International Journal of Computer Network & Information Security, 5(5), 9-18.

[2]. Aggarwal, K. (2016). Issues in implementing of Online Voting System in India. International Journal of Engineering Science and Computing, 6(5), 5285-5288.

[3]. Al-Ameen, A., & Talab, S. A. (2013). E-Voting Systems Security Issues. International Journal of Networked Computing and Advanced Information Management (IJNCM). 3(1), 25-34.

[4]. Brownback, T. (2018). The problems with a paper based voting system, Retrieved from http://www.dcag.com/images/WhitePaper_The_problems _with_a_paper_based_voting_system.pdf

[5]. Falkner S., Kieseberg P., Simos D.E., Traxler C., & Weippl E. (2014). E-voting authentication with QR-codes. In Tryfonas T., Askoxylakis I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, Vol 8533. (pp. 149-159). Springer, Cham.

[6]. Hamid, I. R. A., Radzi, S. N. M., Rahman, N. H. A., Wen, C. C., & Abdullah, N. A. (2017). Preserving anonymity in evoting system using voter non-repudiation oriented scheme. In AIP Conference Proceedings (Vol. 1891, No. 1, p. 020017). AIP Publishing.

[7]. Mutelo, R. (2014). Understanding biometrics: Benefits of electronic voting. Retrieved from https://neweralive.na/posts/understanding-biometricsbenefits- electronic-voting

[8]. Rexha, B., Neziri, V., & Dervishi, R. (2012). Improving authentication and transparency of e-Voting system–Kosovo case. International Journal of Computers and Communications, 6(1), 84-91.

[9]. Sridharan, S. (2013). Implementation of authenticated and secure online voting system. In Computing, Communications and Networking Technologies (ICCCNT), 2013 Fourth International Conference on (pp. 1-7). IEEE.

[10]. Stephan, A. (2012). Voting with the Ancient Greeks, Retrieved from http://blogs.getty.edu/iris/voting-with-theancient- greeks/

[11]. Wasiu, S. 1. A. D., & Luisa, O. A. (2017). Electronic Voting: Challenges and Prospects in Nigeria's Democracy. The International Journal of Engineering and Science (IJES), 6(5), 67-76.

Full Article (HTML)

Pdf

Research Paper

An Intelligent Crypto-Locker Ransomware Detection Technique using Support Vector Machine Classification and Grey Wolf Optimization Algorithms

Abdullahi Mohammed Maigida* , Shafi’i Muhammad Abdulhamid, Morufu Olalere*, Idris Ismaila****

---****Lecturer, Department of Cyber Security Science, Federal University of Technology Minna, Nigeria.

Maigida, A. M., Abdulhamid, S. M., Olalere, M., Ismaila, I. (2019). An Intelligent Crypto-Locker Ransomware Detection Technique using Support Vector Machine Classification and Grey Wolf Optimization Algorithms, i-manager's Journal on Software Engineering, 13(3), 15-23. https://doi.org/10.26634/jse.13.3.15685

Abstract

Ransomware is advanced malicious software which comes in different forms, with the intention to attack and take control of basic infrastructures and computer systems. The majority of these threats are meant to extort money from their victims by asking for a ransom in exchange for decryption keys. Most of the techniques deployed to detect this could not completely prevent ransomware attacks because of its obfuscation techniques. In this research work, an intelligent crypto-locker ransomware detection technique using Support Vector Machine (SVM) and Grey Wolf Optimization (GWO) algorithm is proposed to overcome the malware obfuscation technique because of its ability to learn, train and fit dataset based on the observed features. The proposed technique has shown remarkable prospects in detecting cryptolocker ransomware attacks with high true positive and low false positive rate.

References

[1]. Ahmadian, M. M., & Shahriari, H. R. (2016, September). 2entFOX: A framework for high survivable ransomwares detection. In Information Security and Cryptology (ISCISC), 2016 13^th International Iranian Society of Cryptology Conference on (pp. 79-84). IEEE.

[2]. Al-rimy, B. A. S., & Maarof, M. A. (2018). Recent Trends in Information and Communication Technology, 5.

[3]. Bhardwaj, A., Avasthi, V., Sastry, H., & Subrahmanyam, G. V. B. (2016). Ransomware digital extortion: a rising new age threat. Indian Journal of Science and Technology, 9(14), 1-5.

[4]. Boswell, D. (2002). Introduction to support vector machines. Department of Computer Science and Engineering, University of California San Diego. Retrieved from http://www.work.caltech.edu/~boswell/IntroTo SVM.pdf

[5]. Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), 5-9.

[6]. Cabaj, K., Gregorczyk, M., & Mazurczyk, W. (2018). Software-defined networking-based crypto ransomware detection using HTTP traffic characteristics. Computers & Electrical Engineering, 66, 353-368.

[7]. Continella, A., Guagnelli, A., Zingaro, G., De Pasquale, G., Barenghi, A., Zanero, S., & Maggi, F. (2016, December). ShieldFS: a self-healing, ransomware-aware nd filesystem. In Proceedings of the 32^ndAnnual Conference on Computer Security Applications (pp. 336-347). ACM.

[8]. Ferrante A., Malek M., Martinelli F., Mercaldo F., Milosevic J. (2018). [Extinguishing Ransomware - A Hybrid Approach to Android Ransomware Detection. In Imine A., Fernandez J., Marion JY., Logrippo L., Garcia-Alfaro J. (Eds) Foundations and Practice of Security. FPS 2017. Lecture Notes in Computer Science, Vol 10723. Springer, Cham

[9]. Hong, S., Liu, C., Ren, B., & Chen, J. (2017, June). Poster: Sdguard: An Android Application Implementing Privacy Protection and Ransomware Detection. In Proceedings of the 15^th Annual International Conference on Mobile Systems, Applications, and Services (pp. 149- 149). ACM.

[10]. Kharraz, A., & Kirda, E. (2017, September). Redemption: real-time protection against ransomware at end-hosts. In International Symposium on Research in Attacks, Intrusions, and Defenses (pp. 98-119). Springer, Cham.

[11]. Kharraz, A., Arshad, S., Mulliner, C., Robertson, W. K., & Kirda, E. (2016, August). UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware. In USENIX Security Symposium (pp. 757-772).

[12]. Kiraz, M. S., Genç, Z. A., & Öztürk, E. (2017). Detecting Large Integer Arithmetic for Defense Against Crypto Ransomware. Cr yptology ePrint Archive, Report 2017/558.(2017).

[13]. Kolodenker, E., Koch, W., Stringhini, G., & Egele, M. (2017, April). PayBreak: defense against cryptographic ransomware. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (pp. 599-611). ACM.

[14]. Mirjalili, S., Mirjalili, S. M., & Lewis, A. (2014). Grey wolf optimizer. Advances in Engineering Software, 69, 46-61.

[15]. Moore, C. (2016, August). Detecting ransomware with honey pot techniques. In Cybersecurity and Cyberforensics Conference (CCC), 2016 (pp. 77-81). IEEE.

[16]. Patyal, M., Sampalli, S., Ye, Q., & Rahman, M. (2017). Multi-layered defense architecture against ransomware. International Journal of Business and Cyber Security,1(2), 52–64.

[17]. Richardson, R., & North, M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10-21.

[18]. Savage, K., Coogan, P., & Lau, H. (2015). The Evolution of Ransomware, Symantec. Retrieved from http://www.symantec.com/content/en/us/enterprise/medi a/security_response/whitepapers/the-evolution-ofransomware. pdf

[19]. Scaife, N., Carter, H., Traynor, P., & Butler, K. R. (2016, June). Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems th (ICDCS), 2016 IEEE 36 International Conference on (pp. 303-312). IEEE.

[20]. Sgandurra, D., Muñoz-González, L., Mohsen, R., & Lupu, E. C. (2016). Automated dynamic analysis of ransomware: Benefits, limitations and use for detection. arXiv preprint arXiv:1609.03020.

[21]. Shaukat, S. K., & Ribeiro, V. J. (2018, January). RansomWall: A layered defense system against cryptographic ransomware attacks using machine learning. In Communication Systems & Networks th (COMSNETS), 2018 10 International Conference on (pp. 356-363). IEEE.

[22]. The Business Times. (2017). How Ransomware Works. New York City, Retrieved from https://www.businesstimes. com.sg/infographics/how-ransomware-works

[23]. Weckstén, M., Frick, J., Sjöström, A., & Järpe, E. (2016, October). A novel method for recovery from Crypto Ransomware infections. In Computer and Communications (ICCC), 2016 2^nd IEEE International Conference on (pp. 1354-1358). IEEE.

[24]. Yang, T., Yang, Y., Qian, K., Lo, D. C. T., Qian, Y., & Tao, L. (2015, August). Automated detection and analysis for android ransomware. In High Performance Computing and Communications (HPCC), 2015 IEEE 7^th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12^th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17^th International Conference on (pp. 1338-1343). IEEE.

Full Article (HTML)

Pdf

Research Paper

Development of Pre-Admission Examination Learning and Practicing Software for Prospective Students of Federal University of Technology, Minna

O. A. Abisoye* , A. Thomas, B. O. Abisoye*

* Department of Computer Science, SICT Federal University of Technology Minna, Niger State, Nigeria.

PG Student, Department of Computer Engineering, Federal University of Technology Minna, Niger State, Nigeria.

*Department of Computer Engineering, SEET Federal University of Technology Minna, Niger State, Nigeria.

Abisoye, O. A., Thomas, B. A., Abisoye, B. O. (2019). Development of Pre-Admission Examination Learning and Practicing Software for Prospective Students of Federal University of Technology, Minna, i-manager's Journal on Software Engineering, 13(3), 24-31. https://doi.org/10.26634/jse.13.3.15684

Abstract

The undue anxiety of students towards examination being conducted using Computer Base Testing System (CBTS) has led to the introduction of computer base mock examination; a way of familiarizing students with CBT platform before attempting the main examination. The current system is plagued with applicants traveling from various location to a Computer Base Testing Center to take part in a short-lived mock examination in order to familiarize them with the CBT platform; most of the applicants do not have access to the CBT software which is not available online; it has been argued that a thirty-minute brief mock test is not adequate enough to familiarize the use of CBT for some of the candidates. This paper is proposing the development of Online Pre-admission Examination Learning and Practicing Software (ELPS) for the prospective students of Federal University of Technology, Minna. The proposed system will be implemented using Microsoft Visual Studio. Net, Integrated Development Environment. The proposed web based application will be highly user-friend and self-intuitive to help applicants in learning and practicing the computer based test questions from anywhere, any time.

References

[1]. Ajinaja, M. (2017). The Design and Implementation of a Computer Based Testing System Using Component-Base Software Engineering, IJCST, 8(1), 58-65.

[2]. Bodmann, S. M., & Robinson, D. H. (2004). Speed and performance differences among computer-based and paper-pencil tests. Journal of Educational Computing Research, 31(1), 51-60.

[3]. Bolboac, S., & Jäntschi, L. (2007). Computer-based testing on physical chemistry topic: A case study. International Journal of Education and Development using Information and Communication Technology (IJEDICT), 3(1), 94-104.

[4]. Clariana, R., & Wallace, P. (2002). Paper–based versus computer–based assessment: key factors associated with the test mode effect. British Journal of Educational Technology, 33(5), 593-602.

[5]. Jimoh, R. G., Shittu, A. J. K., & Kawu, Y. K. (2012). Students' perception of computer based test (CBT) for examining undergraduate chemistry courses. Journal of Emerging Trends in Computing and Information Sciences, 3(2), 125-134.

[6]. Karadeniz, Ş. (2009). The impacts of paper, web and mobile based assessment on students achievement and perceptions. Scientific Research and Essays, 4(10), 984- 991.

[7]. Lim, E. C., Ong, B. K., Wilder-Smith, E. P., & Seet, R. C. (2006). Computer-based versus pen-and-paper testing: Students' perception. Annals-Academy of Medicine Singapore, 35(9), 599.

[8]. Zhenming, Y., Liang, Z., & Guohua, Z. (2003, November). A novel web-based online examination system for computer science education. In 33^rd ASEE/IEEE Frontiers in Education Conference (pp. 5-8).

Full Article (HTML)

Pdf

Review Paper

A Review on Software Testing and its Methodology

Jannat Ahmad* , Abu ul Hassan, Tahreem Naqvi*, Tayyaba Mubeen****

,- BS, Department of Computer Science, Superior College, Lahore, Pakistan.

Faculty Member, Department of Computer Science, Superior College, Lahore, Pakistan.

Ahmad, J., Hassan, A. U., Naqvi, T., Mubeen, T. (2019). A Review on Software Testing and its Methodology, i-manager's Journal on Software Engineering, 13(3), 32-38. https://doi.org/10.26634/jse.13.3.15515

Abstract

Software Testing is very important and time intense portion of the software development life cycle as its persistence is to perceive failures in software, so that flaws may be improved and adjusted at the initial stage. Software Testing is a practice for approving that the product/software/program, that has been developed by programmers/coder, is an excellent or quality creation and to guarantee that the synthetic product is functioning and agreeing to the requirement, satisfying the consumer/client needs. There are many approaches to software testing. Testing is a procedure of training a program with precise intent of discovering errors before preceding its delivery to end user. Software Testing is the method of performing a program to locate an error. This paper defines generally used software testing techniques for identifying error and they are white box testing, black box testing and grey box testing. Software testing, in cooperation in terms of quality excellence and consistency, is very essential. In this article, authors describe the testing software and its objectives and testing altered software, debugging software. After a full explanation of software testing, test methods include Black Box and White Box and Gray Box delivered and the variances and advantages and disadvantages of the three methods calculated. And well methods have acknowledged three methods of software testing.

References

[1]. Alaqail, H., & Ahmed, S. (2018). Overview of Software Testing Standard ISO/IEC/IEEE 29119. International Journal of Computer Science and Network Security (IJCSNS), 18(2), 112-116.

[2]. Alsayed, A. O., Bilgrami, A. L., & Foster, W. A. (2017). Improving Software Quality Management: Testing, Review, Inspection and Walkthrough. International Journal of Latest Research in Science and Technology, 6(1), 7-12.

[3]. Babbar, H. (2017). Software Testing: Techniques and Test Cases. International Journal of research In Computer applications and Robotics, 5(3), 44-53.

[4]. Barus, A. C., Hutasoit, D. I. P., Siringoringo, J. H., & Siahaan, Y. A. (2015, August). White box testing tool prototype development. In 2015 International Conference on Electrical Engineering and Informatics (ICEEI) (pp. 417-422). IEEE.

[5]. Bhasin, A., & Kumar, M. (2015). Study of white box, black box and grey box testing techniques. International Journal of Research in Engineering & Advanced Technology, 3(3), 23-27.

[6]. Babaeian, M., Ghasemiyan, V., & Nourmandi-Pour, R. (2015). Comparison of software testing review Black Box and White Box and Gray Box. International Journal of Mathematics and Computer Science, 43, 1442-1447.

[7]. Henard, C., Papadakis, M., Harman, M., Jia, Y., & Traon, Y, L. (2016, May). Comparing white-box and black-box test prioritization. In 2016 IEEE/ACM 38^th International Conference on Software Engineering (ICSE) (pp. 523-534). IEEE.

[8]. Hooda, I., & Chhillar, R. S. (2015). Software test process, testing types and techniques. International Journal of Computer Applications, 111(13), 10-14.

[9]. Hussain, T., & Singh, S. (2015). A Comparative Study of Software Testing Techniques Viz. White Box Testing Black Box Testing and Grey Box Testing. International Journal of Allied Practice, Research and Review, 2(5), 1-8.

[10]. Jacob, P. M., & Prasanna, M. (2016). A Comparative analysis on Black box testing strategies. In 2016 International Conference on Information Science (ICIS) (pp. 1-6). IEEE.

[11]. Jamil, M. A., Arif, M., Abubakar, N. S. A., & Ahmad, A. (2016). Software Testing Techniques: A Literature Review. In 2016 6^th International Conference on Information and Communication Technology for The Muslim World (ICT4M) (pp. 177-182). IEEE.

[12]. Jampani, R., Talasu, N., & Manjula, R. (2016). Survey of Software Testing Techniques. International Journal for Research in Applied Science & Engineering Technology (IJRASET), 4(4), 924-929.

[13]. Jan, S. R., Shah, S. T. U., Johar, Z. U., Shah, Y., & Khan, F. (2016). An innovative approach to investigate various software testing techniques and strategies. International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), 2(2), 682-689.

[14]. Jat, S., & Sharma, P. (2017). Analysis of Different Software Testing Techniques. International Journal of Scientific Research, 5(2), 77-80.

[15]. Kaur, P. (2018). A Research Paper on White Box Testing. World Wide Journal of Multidisciplinary Research and Development, 4(2), 384-387.

[16]. Khalili, A., Narizzano, M., Tacchella, A., & Giunchiglia, E. (2015). Automatic test-pattern generation for grey-box programs. In Proceedings of the 10^th International Workshop on Automation of Software Test (pp. 33-37). IEEE Press.

[17]. Khannur, A. (2011). Software Testing: Techniques and Applications. Pearson Education India.

[18]. Komargodski, I., Naor, M., & Yogev, E. (2017). Whitebox vs. black-box complexity of search problems: Ramsey and graph property testing. In 2017 IEEE 58^th Annual Symposium on Foundations of Computer Science (FOCS) (pp. 622-632). IEEE.

[19]. Lee, J., Kang, S., & Keum, C. (2018). Architecture- Based Software Testing. International Journal of Software Engineering and Knowledge Engineering, 28(1), 57-77.

[20]. Madhavi, D. (2016). A White Box Testing Technique in Software Testing: Basis Path Testing. Journal for Research, 2(4), 12-17.

[21]. Mahajan, P. (2016). Different types of testing in software testing. International Research Journal of Engineering and Technology (IRJET), 3(4), 1661-1664.

[22]. Meenu & Navita. (2015). Study and Analysis of Software Testing. International Journal on Recent and Innovation Trends in Computing and Communication, 3(12), 6674-6678,

[23]. Notes, C. S., & Bieman, J. M. (2016). Focus: Evaluating Software Quality V & V Techniques V & V Terminology V & V Terminology, pp. 1-15.

[24]. Nouman, M., Pervez, U., Hasan, O., & Saghar, K. (2016). Software testing: A survey and tutorial on white and black-box testing of C/C++ programs. In 2016 IEEE Region 10 Symposium (TENSYMP) (pp. 225-230). IEEE.

[25]. Pahwa, P., & Miglani, R. (2015). Test Case Design using Black Box Testing Techniques for Data Mart. International Journal of Computer Applications, 109(3),18-22.

[26]. Rana, A., Rawat, A. S., & Bijalwan, A. (2017). Process of finding defects in software testing. Annals of Computer Science and Information Systems, 10, 297-300.

[27]. Sharma, M. K. (2018). Ph. D Course Work (Computer Science & Engineering).

[28]. Shikha, K. B. (2015). Software Testing Tools & Techniques for Web Applications. International Journal of Engineering and Technical Research (IJETR), 3(5), 315-318.

[29]. Sivakumar, B., & Srilatha, K. (2016). A Novel Method to Segment Blood Vessels and Optic Disc in the Fundus Retinal Images. Research Journal of Pharmaceutical Biological and Chemical Sciences, 7(3), 365-373.

[30]. Software Testing Fundamentals (2018). Black box testing. Retrieved from http://software testing fundamentals.com/black-box-testing/

[31]. Syaikhuddin, M. M., Anam, C., Rinaldi, A. R., & Conoras, M. E. B. (2018). Conventional Software Testing Using White Box Method. Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, 3(1), 65-72.

[32]. Terés-Zubiaga, J., Escudero, C., García-Gafaro, C., & Sala, J. M. (2015). Methodology for evaluating the energy renovation effects on the thermal performance of social housing buildings: Monitoring study and grey box model development. Energy and Buildings, 102, 390-405.

[33]. Thakur, M., & Sanjay. (2017). Review on Structural Software Testing Coverage Approaches. International Journal of Advance research, Ideas and Innovations in Technology, 3(3), 281-286.

[34]. Vilkomir, S., Baptista, J., & Das, G. (2017). Using MC/DC as a black-box testing technique. 2017 IEEE 28^th Annual Software Technology Conference (STC), pp. 1-7.

[35]. Villalón, J. C. M., Agustin, G. C., Gilabert, T. S. F., & Puello, J. D. J. J. (2016). A review of software project testing. Journal of Information Systems Engineering & Management, 1(2), 141-148.

[36]. Yadav, P., & Kumari, P. (2015). Review paper on software testing. International Journal of Innovative Research in Technology, 1(12), 588-592.

Full Article (HTML)

Pdf

Case Study

A Case Study: Risk Rating Methodology for E-Governance Application Security Risks

B. S. Kumar* , V. Sridhar, K. R. Sudhindra*

* Scientist `F', Electronics Test and Development Centre (ETDC), Bangalore, India.

Department of Electronics and Communication Engineering, Nitte Meenakshi Institute of Technology, Bangalore, India.

* Department of Electronics and Communication Engineering, B M S College of Engineering, Bangalore, Karnadaka, India.

Kumar, B. S., Sridhar, Sudhindra, K. R. (2019). A Case Study: Risk Rating Methodology for E-Governance Application Security Risks, i-manager's Journal on Software Engineering, 13(3), 39-44. https://doi.org/10.26634/jse.13.3.15546

Abstract

Over the last few years, e governance in India has made rapid progress and adopted global best practices in terms of citizen-centricity, reach, connectivity, efficiency, transparency, accountability and availability. Multiple modes and ease of access, seamless connectivity and availability, user friendliness and efficiency of e-governance services have opened up avenues making e-governance services most prone to serious security risks. International trends and domestic experiences show that the e-governance services are constant targets of organized crime by hackers and prominent government sites are being probed daily. The security threat landscape for e-governance applications constantly changes and new type of vulnerabilities keeps manifesting. In today's race to build cutting-edge e-governance business solutions, web applications are being developed and deployed with lesser attention to critical and widespread security threats. The government can no longer afford to tolerate security issues with high risk values, which could hinder delivery of services and impact the confidentiality, integrity and availability of information. To mitigate with appropriate countermeasures and security controls, it is required to evaluate and estimate risks associated with e-governance applications security issues that can be exploited. In this context, this paper outlines the risk rating methodology from e-governance perspective to estimate risk associated with security issues at application layer that are critical and widespread.

References

[1]. CVSS. (n.d). Common Vulnerability Scoring System v3.0: Specification Document. Retrieved from https://www.first.org/cvss/specification-document/

[2]. HKCERT. (2018). CWE/SANS The ten most critical web application security risks (OWASP Top 10) – 2017, Hong Kong Computer Emergency Response Team Coordination Centre. Retrieved from https://www.hkcert.org/my_url/ en/guideline/18061501

[3]. HKSAR. (2008). Web application security by the Government of the HongKong Special Administrative.

[4]. Martin, B., Brown, M., Paller, A., & Kirby, D. (2011). Top 25 most dangerous software errors, The MITRE Corporation. Retrieved from https://cwe.mitre.org/top25/

[5]. Meier, J. D., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., & Murukan, A. (2003). Improving web application security: threats and countermeasures. Washington, DC: Microsoft Corporation.

[6]. Pandya, C. D., & Patel, J. N. (2017). Study and analysis of E-Governance Information Security (InfoSec) in Indian Context. IOSR Journal of Computer Engineering (IOSRJCE), 19(1), 4-7.

[7]. Ramadlan, F. M. (n.d) Introduction and implementation OWASP Risk Rating Management. Retrieved from https://www.owasp.org/images/9/9c/ Riskratingmanagement-170615172835.pdf

[8]. Teodoro, N., & Serrao, C. (2011, June). Web application security: Improving critical web-based applications quality through in-depth security analysis. In International Conference on Information Society (i-Society 27-29,June2011), (pp. 457-462), IEEE.

[9]. WASC. (2010). WASC Threat Classification, version 2.00. Retrieved from http://projects.webappsec.org/f/ WASC-TC-v2_0.pdf

[10]. Zhou, Z., & Hu, C. (2008). Study on the e-government security risk management. International Journal of Computer Science and Network Security, 8(5), 208-213.

i-manager's Journal on Software Engineering (JSE)

Current Issue Vol. 18 Issue 2

Most Read

Most Cited

Volume 13 Issue 3 January - March 2019

Requirement Formalization for Model Checking using Extended Backus Naur Form

E. O. Aliyu* , O. S. Adewale**, A. O. Adetunmbi***, B. A. Ojokoh****

Aliyu, E. O., Adewale, O. S., Adetunmbi, A. O., Ojokoh, B. A. (2019). Requirement Formalization for Model Checking using Extended Backus Naur Form, i-manager's Journal on Software Engineering, 13(3), 1-6. https://doi.org/10.26634/jse.13.3.15687

Abstract

References

Full Article (HTML)

Pdf

Development of a Secured E-Voting System With OTP as Second Order Authentication

Habu J. Salami* , O. S. Adebayo**, A. O. Isah***, K. H. Lawal****, John K. Alhassan*****

*Information Technology Services, Federal University of Technology, Minna, Nigeria. **,***,***** Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria. **** Department of Computer Science, Federal University of Technology, Minna, Nigeria.

Salami, H. J., Adebayo, O. S., Isah, A. O., Lawal, K. H., Alhassan, J. K. (2019). Development of a Secured E-Voting System With OTP as Second Order Authentication, i-manager's Journal on Software Engineering, 13(3), 7-14. https://doi.org/10.26634/jse.13.3.15686

Abstract

References

Full Article (HTML)

Pdf

An Intelligent Crypto-Locker Ransomware Detection Technique using Support Vector Machine Classification and Grey Wolf Optimization Algorithms

Abdullahi Mohammed Maigida* , Shafi’i Muhammad Abdulhamid**, Morufu Olalere***, Idris Ismaila****

*-**-***-****Lecturer, Department of Cyber Security Science, Federal University of Technology Minna, Nigeria.

Abstract

References

Full Article (HTML)

Pdf

Development of Pre-Admission Examination Learning and Practicing Software for Prospective Students of Federal University of Technology, Minna

O. A. Abisoye* , A. Thomas**, B. O. Abisoye***

Abisoye, O. A., Thomas, B. A., Abisoye, B. O. (2019). Development of Pre-Admission Examination Learning and Practicing Software for Prospective Students of Federal University of Technology, Minna, i-manager's Journal on Software Engineering, 13(3), 24-31. https://doi.org/10.26634/jse.13.3.15684

Abstract

References

Full Article (HTML)

Pdf

A Review on Software Testing and its Methodology

Jannat Ahmad* , Abu ul Hassan**, Tahreem Naqvi***, Tayyaba Mubeen****

*,***-**** BS, Department of Computer Science, Superior College, Lahore, Pakistan. ** Faculty Member, Department of Computer Science, Superior College, Lahore, Pakistan.

Ahmad, J., Hassan, A. U., Naqvi, T., Mubeen, T. (2019). A Review on Software Testing and its Methodology, i-manager's Journal on Software Engineering, 13(3), 32-38. https://doi.org/10.26634/jse.13.3.15515

Abstract

References

Full Article (HTML)

Pdf

A Case Study: Risk Rating Methodology for E-Governance Application Security Risks

B. S. Kumar* , V. Sridhar**, K. R. Sudhindra***

Kumar, B. S., Sridhar, Sudhindra, K. R. (2019). A Case Study: Risk Rating Methodology for E-Governance Application Security Risks, i-manager's Journal on Software Engineering, 13(3), 39-44. https://doi.org/10.26634/jse.13.3.15546

Abstract

References

Full Article (HTML)

Pdf

E. O. Aliyu* , O. S. Adewale, A. O. Adetunmbi*, B. A. Ojokoh****

Habu J. Salami* , O. S. Adebayo, A. O. Isah, K. H. Lawal, John K. Alhassan

Information Technology Services, Federal University of Technology, Minna, Nigeria.

,,* Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

Department of Computer Science, Federal University of Technology, Minna, Nigeria.

Abdullahi Mohammed Maigida* , Shafi’i Muhammad Abdulhamid, Morufu Olalere*, Idris Ismaila****

---****Lecturer, Department of Cyber Security Science, Federal University of Technology Minna, Nigeria.

O. A. Abisoye* , A. Thomas, B. O. Abisoye*

Jannat Ahmad* , Abu ul Hassan, Tahreem Naqvi*, Tayyaba Mubeen****

,- BS, Department of Computer Science, Superior College, Lahore, Pakistan.

Faculty Member, Department of Computer Science, Superior College, Lahore, Pakistan.

B. S. Kumar* , V. Sridhar, K. R. Sudhindra*