Project Plan and Preliminary Design: Vulnerable Code Identification
VerifiedAdded on  2021/06/14
|12
|2264
|82
Project
AI Summary
This project plan outlines a comprehensive approach to identifying vulnerable code within large source code repositories. The project employs a combination of static and dynamic analysis techniques to detect security flaws. The plan includes a detailed Gantt chart, a project diagram illustrating the workflow, and a project methodology section that describes the application of static analysis (including code review and pattern matching) and dynamic analysis (black box testing). A budget breakdown is also provided, allocating costs for various activities such as choosing suitable approaches, applying analysis, and mitigating identified vulnerabilities. The project aims to identify and address potential security risks in software applications. The project also describes the schedule for working on the project and methodologies used to find out the bugs or vulnerable codes in the software application.
Running head: PROJECT PLAN AND PRELIMINARY DESIGN MARKING
GUIDE
1
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE
[Author]
[Institution]
GUIDE
1
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE
[Author]
[Institution]
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 2
Table of Contents
Title: Studying large repositories of source code and identifying vulnerable code............3
Introduction..........................................................................................................................3
Gantt chart...........................................................................................................................3
Project Diagram...................................................................................................................7
Project Methodology...........................................................................................................8
Static analysis..................................................................................................................8
Dynamic analysis.............................................................................................................9
Budget................................................................................................................................10
References..........................................................................................................................12
List of Tables
Table 1 Activity Table.....................................................................................................................4
Index of Figures
Figure 1: Gantt timeline chart..........................................................................................................6
Figure 2: Network Diagram.............................................................................................................7
Figure 3: Project Diagram...............................................................................................................7
Table of Contents
Title: Studying large repositories of source code and identifying vulnerable code............3
Introduction..........................................................................................................................3
Gantt chart...........................................................................................................................3
Project Diagram...................................................................................................................7
Project Methodology...........................................................................................................8
Static analysis..................................................................................................................8
Dynamic analysis.............................................................................................................9
Budget................................................................................................................................10
References..........................................................................................................................12
List of Tables
Table 1 Activity Table.....................................................................................................................4
Index of Figures
Figure 1: Gantt timeline chart..........................................................................................................6
Figure 2: Network Diagram.............................................................................................................7
Figure 3: Project Diagram...............................................................................................................7
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 4
Title: Studying large repositories of source code and identifying vulnerable code
Introduction
Large repositories are the storage system in computers or it is a database of information
regarding application software which involves data elements, inputs, processes, outputs and
interrelationships. This project is aimed towards the study of large repositories of source code as
well recognizing the vulnerable codes. In this, study has been made to find out the vulnerable
code [1]. Generally, vulnerability in terms of IT is a flaw or error in code which can create
potential point of security compromise for the endpoint or network. Moreover, vulnerabilities
generate attack vectors by which an intruder could easily run a code and can access the memory
of target system.
For finding vulnerabilities, researcher has used testing techniques and learnt regarding the
testing techniques process to find the vulnerabilities [2]. Thus, this report describes the project
which has been run for finding out the vulnerable code by learning large repositories of source
code. Moreover, this report also describes the schedule for working on the project and
methodologies used to find out the bugs or vulnerable codes in the software application. In
methodology section, static analysis as well as dynamic analysis has been used by the researcher.
Gantt chart
Gantt chart is basically a graphical description of a project schedule. It is a type of a bar
chart which presents the start and end of several activities of a project. Gantt chart is prepared for
identifying all the activities of the project [3]. It is a kind of monitoring tool which helps in
monitoring the activity of a project in a stated manner. Furthermore, it helps the researcher to
keep a track over activities so that one of the elements left undone. In this section, activity table,
Title: Studying large repositories of source code and identifying vulnerable code
Introduction
Large repositories are the storage system in computers or it is a database of information
regarding application software which involves data elements, inputs, processes, outputs and
interrelationships. This project is aimed towards the study of large repositories of source code as
well recognizing the vulnerable codes. In this, study has been made to find out the vulnerable
code [1]. Generally, vulnerability in terms of IT is a flaw or error in code which can create
potential point of security compromise for the endpoint or network. Moreover, vulnerabilities
generate attack vectors by which an intruder could easily run a code and can access the memory
of target system.
For finding vulnerabilities, researcher has used testing techniques and learnt regarding the
testing techniques process to find the vulnerabilities [2]. Thus, this report describes the project
which has been run for finding out the vulnerable code by learning large repositories of source
code. Moreover, this report also describes the schedule for working on the project and
methodologies used to find out the bugs or vulnerable codes in the software application. In
methodology section, static analysis as well as dynamic analysis has been used by the researcher.
Gantt chart
Gantt chart is basically a graphical description of a project schedule. It is a type of a bar
chart which presents the start and end of several activities of a project. Gantt chart is prepared for
identifying all the activities of the project [3]. It is a kind of monitoring tool which helps in
monitoring the activity of a project in a stated manner. Furthermore, it helps the researcher to
keep a track over activities so that one of the elements left undone. In this section, activity table,
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 5
Gantt chart and network diagram has been mentioned. This will help to accomplish the rest of
the project in an efficient manner.
Table 1 Activity Table
Name of the
Task
Period Begins
on
Ends on Predecessor
s
Names of the Resource
Vulnerable
code project
64 days Fri
5/4/18
Wed
8/1/18
Choosing
suitable
approach to
identify
vulnerable code
5 days Friday
5-4-18
Thursday
5-10-18
Project manager, Software
engineer
Defining
characteristics
of vulnerable
code
10 days Friday
5-11-18
Thursday
5-24-18
2 Information Technology
manager
Application of
static analysis
12 days Friday
5-25-18
Monday 6-
11-18
3 Software engineer
Application of
dynamic
analysis
15 days Tuesday
6-12-18
Monday 7-
2-18
3,4 Software engineer
Conforming 10 days Tuesday Monday 6- 4 Project manager
Gantt chart and network diagram has been mentioned. This will help to accomplish the rest of
the project in an efficient manner.
Table 1 Activity Table
Name of the
Task
Period Begins
on
Ends on Predecessor
s
Names of the Resource
Vulnerable
code project
64 days Fri
5/4/18
Wed
8/1/18
Choosing
suitable
approach to
identify
vulnerable code
5 days Friday
5-4-18
Thursday
5-10-18
Project manager, Software
engineer
Defining
characteristics
of vulnerable
code
10 days Friday
5-11-18
Thursday
5-24-18
2 Information Technology
manager
Application of
static analysis
12 days Friday
5-25-18
Monday 6-
11-18
3 Software engineer
Application of
dynamic
analysis
15 days Tuesday
6-12-18
Monday 7-
2-18
3,4 Software engineer
Conforming 10 days Tuesday Monday 6- 4 Project manager
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 6
the
requirements of
the project
6-12-18 25-18
Running the
programme to
identify
vulnerability
10 days Tuesday
6-26-18
Monday 7-
9-18
6 Automated vulnerability
scanners[1],IT manager
Finding of
vulnerable code
12 days Tuesday
7-3-18
Wednesday
7-18-18
5,6 Project manager, Software
engineer
Working to
mitigate the
vulnerable code
10 days Tuesday
7-10-18
Monday 7-
23-18
7 Software engineer
Review and
feedback
7 days Tuesday
7-24-18
Wednesday
8-1-18
8,9 Project manager
the
requirements of
the project
6-12-18 25-18
Running the
programme to
identify
vulnerability
10 days Tuesday
6-26-18
Monday 7-
9-18
6 Automated vulnerability
scanners[1],IT manager
Finding of
vulnerable code
12 days Tuesday
7-3-18
Wednesday
7-18-18
5,6 Project manager, Software
engineer
Working to
mitigate the
vulnerable code
10 days Tuesday
7-10-18
Monday 7-
23-18
7 Software engineer
Review and
feedback
7 days Tuesday
7-24-18
Wednesday
8-1-18
8,9 Project manager
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 7
Figure 1: Gantt timeline chart
Figure 1: Gantt timeline chart
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 8
Figure 2: Network Diagram
Project Diagram
The project diagram method is a tool which is utilised for the purpose of scheduling the
events in a project plan [4]. It is regarded as one of the methods to construct a project schedule
network diagram which make use of boxes that is known as nodes for representing events and
connecting them with arrows showcasing dependencies. The project diagram for the current
project is for identifying the vulnerable codes in repositories of 127 GB hard disk are as follows:
Choosing suitable approach to
identify vulnerable code
Defining characteristics of
vulnerable code
Application of
static analysis
Application of
dynamic analysis
Conforming the requirements
of the project
Running the program to
identify vulnerability
Finding of vulnerable codeWorking to mitigate the
vulnerable codeReview and feedback
Figure 3: Project
Diagram
Figure 2: Network Diagram
Project Diagram
The project diagram method is a tool which is utilised for the purpose of scheduling the
events in a project plan [4]. It is regarded as one of the methods to construct a project schedule
network diagram which make use of boxes that is known as nodes for representing events and
connecting them with arrows showcasing dependencies. The project diagram for the current
project is for identifying the vulnerable codes in repositories of 127 GB hard disk are as follows:
Choosing suitable approach to
identify vulnerable code
Defining characteristics of
vulnerable code
Application of
static analysis
Application of
dynamic analysis
Conforming the requirements
of the project
Running the program to
identify vulnerability
Finding of vulnerable codeWorking to mitigate the
vulnerable codeReview and feedback
Figure 3: Project
Diagram
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 9
Project Methodology
Project methodology is defined as the mixture of rationally linked methods, practices, and
processes. It determines how it can be planned, developed, put a control and send the task
throughout the continuous execution process until the project is successfully completed or
terminated [5]. It is an orderly as well as well-organized approach for project designing,
executing and completion.
The present report is based upon the identification of vulnerable code in large repositories
of source. For that aspect, researcher has applied static analysis as well dynamic analysis as a
part of project methodologies and they have been described below.
Static analysis
Static testing is considered as a testing technique for software where testing of software
by not executing the code. There are 2 parts of this testing technique and that are
1. Review - It is generally used for finding and eliminating flaws in the docs like design,
requirements, test cases, and many more. For this, review about the vulnerable codes in
127 GB hard disk will be given by inspection and continuous observation [6].
2. Static analysis - The encryption which is generated by the developer are assessed using
equipment for identifying defects in the structures that may take to destruction [9]. For
analysing the code of vulnerability, researcher will use a variable with an undefined
value, unreachable or dead code. Moreover, it used the techniques like PSCAN because
this method is utilised for identifying the uncertain patterns in source cryptographs
through the techniques of pattern matching [7].
Project Methodology
Project methodology is defined as the mixture of rationally linked methods, practices, and
processes. It determines how it can be planned, developed, put a control and send the task
throughout the continuous execution process until the project is successfully completed or
terminated [5]. It is an orderly as well as well-organized approach for project designing,
executing and completion.
The present report is based upon the identification of vulnerable code in large repositories
of source. For that aspect, researcher has applied static analysis as well dynamic analysis as a
part of project methodologies and they have been described below.
Static analysis
Static testing is considered as a testing technique for software where testing of software
by not executing the code. There are 2 parts of this testing technique and that are
1. Review - It is generally used for finding and eliminating flaws in the docs like design,
requirements, test cases, and many more. For this, review about the vulnerable codes in
127 GB hard disk will be given by inspection and continuous observation [6].
2. Static analysis - The encryption which is generated by the developer are assessed using
equipment for identifying defects in the structures that may take to destruction [9]. For
analysing the code of vulnerability, researcher will use a variable with an undefined
value, unreachable or dead code. Moreover, it used the techniques like PSCAN because
this method is utilised for identifying the uncertain patterns in source cryptographs
through the techniques of pattern matching [7].
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 10
Furthermore, lexical assessment will be used under static analysis in order to find out the
complicated errors of security in 127 GB hard disk. Moreover, there are certain vulnerabilities
which are not straight forward and it can be identified using semantic techniques. Moreover, to
identify the vulnerable codes in the present software, Abstract Syntax Tree will be used under the
static analysis. In order to detect the vulnerability using static analysis methodology, two forms
are used. One is security code inspection and the other is static analysis automation.
Moreover, this analysis is more beneficial than security code inspection. The reason is
that it includes scanning sources code that is easiest as well as rapid method and that works on
source encryption for testing to find out flaws or inspection of its absence instead of running the
programme [8]. During the development stage of process, programmer can use static analysis in
an effective manner on a daily basis. Incurrent of cost will be lesser at that time because static
analysis will help in identifying the bugs at early stage. However, it also has certain disadvantage
like BOON (Buffer Overrun Detection) which is a static analysis tool that could run
automatically and scan the data for detecting vulnerable code ad this can lead to buffer overflow
[11]. Thus, programmer should be aware about such issues while using static analysis for
identifying vulnerability.
Dynamic analysis
Dynamic testing is a type of software testing technique and by using this technique,
programmer analyses the dynamic behaviour of the code [2]. It is that type of testing which
works with the system with the intention of finding errors. The major aim of this testing is to
ensure that software is working properly during and after the installation is done. This also
Furthermore, lexical assessment will be used under static analysis in order to find out the
complicated errors of security in 127 GB hard disk. Moreover, there are certain vulnerabilities
which are not straight forward and it can be identified using semantic techniques. Moreover, to
identify the vulnerable codes in the present software, Abstract Syntax Tree will be used under the
static analysis. In order to detect the vulnerability using static analysis methodology, two forms
are used. One is security code inspection and the other is static analysis automation.
Moreover, this analysis is more beneficial than security code inspection. The reason is
that it includes scanning sources code that is easiest as well as rapid method and that works on
source encryption for testing to find out flaws or inspection of its absence instead of running the
programme [8]. During the development stage of process, programmer can use static analysis in
an effective manner on a daily basis. Incurrent of cost will be lesser at that time because static
analysis will help in identifying the bugs at early stage. However, it also has certain disadvantage
like BOON (Buffer Overrun Detection) which is a static analysis tool that could run
automatically and scan the data for detecting vulnerable code ad this can lead to buffer overflow
[11]. Thus, programmer should be aware about such issues while using static analysis for
identifying vulnerability.
Dynamic analysis
Dynamic testing is a type of software testing technique and by using this technique,
programmer analyses the dynamic behaviour of the code [2]. It is that type of testing which
works with the system with the intention of finding errors. The major aim of this testing is to
ensure that software is working properly during and after the installation is done. This also
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 11
ensures a stable application without any major errors. Moreover, this test is also done for
assuring consistency to the software [9].
Further, there are generally two categories of dynamic analysis and that are black box
testing as well as white box testing. In latter, software is examined in which the internal
structure/design is very well known to the programmer. It is applied to check that system is
performing on the basis of code. Further, it is mainly performed by Developers who possess the
knowledge of programming. On the other hand, former is a technique of examining where inner
arrangement or code is unknown to the tester [10]. The major ain is to verify the functionality of
the system within test and it requires the execution of the complete test suite and it is performed
by the programmer. However, the programming knowledge is not required to run this test.
For the present study, programmer will run black box testing because the code is
unknown to the researcher and for identifying vulnerable code of 127 GB hard disk, the
programmer has to run the black box testing under dynamic analysis [5].
Budget
Budget is a chart which is prepared to estimate the income and expenditure for a set
period of time [3]. Budgeting is an activity which is done by every researcher to estimate the
total cost of the project and it also helps in completing the project without unnecessary
expenditure. Furthermore, it is important to prepare because ensures the author that enough
money is there for the things which is required [11]. Following the budget will keep the
researcher out of debt and it will help him to work out the way out of debt if the researcher is
currently under debt. The budget with allocation of cost for specific activity for the current
project of vulnerability cost is as follows:
ensures a stable application without any major errors. Moreover, this test is also done for
assuring consistency to the software [9].
Further, there are generally two categories of dynamic analysis and that are black box
testing as well as white box testing. In latter, software is examined in which the internal
structure/design is very well known to the programmer. It is applied to check that system is
performing on the basis of code. Further, it is mainly performed by Developers who possess the
knowledge of programming. On the other hand, former is a technique of examining where inner
arrangement or code is unknown to the tester [10]. The major ain is to verify the functionality of
the system within test and it requires the execution of the complete test suite and it is performed
by the programmer. However, the programming knowledge is not required to run this test.
For the present study, programmer will run black box testing because the code is
unknown to the researcher and for identifying vulnerable code of 127 GB hard disk, the
programmer has to run the black box testing under dynamic analysis [5].
Budget
Budget is a chart which is prepared to estimate the income and expenditure for a set
period of time [3]. Budgeting is an activity which is done by every researcher to estimate the
total cost of the project and it also helps in completing the project without unnecessary
expenditure. Furthermore, it is important to prepare because ensures the author that enough
money is there for the things which is required [11]. Following the budget will keep the
researcher out of debt and it will help him to work out the way out of debt if the researcher is
currently under debt. The budget with allocation of cost for specific activity for the current
project of vulnerability cost is as follows:
PROJECT PLAN AND PRELIMINARY DESIGN MARKING GUIDE 12
Activities Cost
Choosing suitable approach to identify
vulnerable code
$1,600.00
Defining characteristics of vulnerable code $1,600.00
Application of static analysis $1,920.00
Application of dynamic analysis $2,400.00
Conforming the requirements of the project $1,600.00
Running the programme to identify
vulnerability
$6,600.00
Finding of vulnerable code $3,840.00
Working to mitigate the vulnerable code $1,600.00
Review and feedback $1,120.00
Total $22,280.00
Activities Cost
Choosing suitable approach to identify
vulnerable code
$1,600.00
Defining characteristics of vulnerable code $1,600.00
Application of static analysis $1,920.00
Application of dynamic analysis $2,400.00
Conforming the requirements of the project $1,600.00
Running the programme to identify
vulnerability
$6,600.00
Finding of vulnerable code $3,840.00
Working to mitigate the vulnerable code $1,600.00
Review and feedback $1,120.00
Total $22,280.00
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2026 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.