ASSIGNMENT FRONT SHEET

Edexcel

Qualification
Unit

BTEC

Level

HND

Diploma

in

Computing

and

Systems

Development

number

and

title

Unit 32: Quality systems in IT

Assignment due

Assignment submitted

Learners name

Assessor name

Learner declaration:
I certify that the work submitted for this assignment is my own and research sources are fully acknowledged.
Learner signature

Date

Grading grid
P1.

P1.

P1.

P2.

P3.

P3.

M1 M2 M3

D1

D2

D3

Assignment title

Quality in Amazons IT System Software Development

In this assignment, you will have opportunities to provide evidence against the following criteria.
Indicate the page numbers where the evidence can be found.
Assessment criteria

Expected evidence

Task

Assessors Feedback

no.
LO1. Understand the need for quality assurance in IT systems
Written
1.1 discuss appropriate A
standards
for
the which:

document 1

development of an IT 1. Explains
why
a
system
systematic approach to
quality assurance, and
quality

control

is

needed.
2. Discusses various SQA
standards.

A
1.2

assess

associated

the

risks

with

the

development of an IT
system

Written

discusses

system

quality

assurance practices at
stages

lifecycle

of

which

the
an

IT

has

database at its centre.

discuss

systems

risks

with

development

Written

describes

all

the

associated

1.3

document

of

the

development

document

the

development

systems
life-cycle

(SDLC) as it applies to
database

development,

and then go on to explain

how each phase of the
life-cycle

is

quality

assured
LO2. Be able to employ standard quality control documentation

2.1

produce

control

quality

software

test

plan

(STP)

documentation -

software

test

for each stage of the description (STD)

systems

development

lifecycle

- A software test report

(STR)

LO3. Be able to use project management tools

3.1

apply

planning
management

project 1. A Written
explains
and
tools

to

plan specific resources

document 3
the

importance of project
management

to

the

and requirements for an

production
3.2

evaluate

of

high

quality IT systems.

the

suitability of tools used b)

to

manage

the

development of an IT
system.

- a Work Breakdown
Structure
- a GANTT chart

Assessment criteria

Expected Evidence

Feedback
(note on Merit/Distinction if applicable)
5

M1 Identify and apply 1. Effective

strategies

to

find

appropriate solutions

judgements

have been made.

2. An effective approach
to study and research

M2

has been applied

Select/design and 1. Relevant theories and

apply

appropriate

methods/techniques

techniques have been

applied
2. The

design

of

methods/techniques
M3

Present

has been justified

and 1. An
appropriate

communicate

structure and method

appropriate findings

has

been

used

and

technical language has

been accurately used to
present the findings.
2. Communication

has

taken place in familiar

and unfamiliar contexts
6

D1

Use

critical 1. Conclusions have been

reflection to evaluate

arrived

at

through

own work and justify

synthesis of ideas and

valid conclusions

have been justified

2. The validity of results
has

been

evaluated

using defined criteria

D2 Take responsibility 1. Substantial
activities
for

managing

and

organising activities

have

been

managed and organized

2. Activities

D3

planned,

have

managed
Demonstrate 1. Self-evaluation

convergent/lateral/
creative thinking

been
has

taken place
2. Problems

have

been

solved

Summative feedback

Assessors

Date

Signature
IV Grading Check:

Comments if any:

Agree
Disagree

Modify grade to

IV Signature

Date

Amazon.com overview
The invention of the internet has changed the way we live our lives. Everything
people do in their day to day lives is in some form related to the internet. Days start
out by checking emails, posting on Facebook and Twitter, surfing the web, and then
shopping online. People use computer for just about everything in their lives and
over the past few years we have seen the growth of online sales increase
dramatically.
In 1994 Jeffrey Bezos began Amazon.com from his home is Seattle Washington. He
pioneered the idea of online sales and in 1995 officially launched the website and
made it available in English, Chinese, German and Japanese. It began selling strictly
books as a online book store. His ability to sell books online allowed his to carry
more books and titles in his inventory than an average book and mortar store. By
1997 he had gained 615 million visitors and sparked the interest of investors. After
he gained investors Benzos began to sell other item such as DVDs, VHS tapes,
software, videos and toys. He learned that people wanted to have the ability to buy
anything over the internet so he catered to their needs. By 1999 Bezon was named
man of the year by Time magazine and now Amazon expanded to food, jewelry,
baby products, beauty, sports goods, electronics and much, much more.
When Amazon was launched its intended market was readers and music lovers.
They offered varieties of books and music from every possible author and artist. Now
the websites audience is more than reader it expands to every person in the world.
Today, it is the world largest online retailer.
LO1. Understand the need for quality assurance in IT systems
1.1

discuss appropriate standards for the development of an IT system

Quality Assurance (QA):

9

Quality assurance is a process based approach whose prime objective is to prevent

defects in deliverables in the planning stage to avoid rework, which costs a lot.
Quality assurance is a proactive process and it emphasizes planning, documenting,
and finalizing the guidelines that will be necessary to assure the quality. This process
starts at the very beginning of the project to understand the products requirements
and expectations. Once all requirements and expectations are identified, a plan is
developed to meet these requirements and expectations.
There are basically three tools used in quality management: quality audit, process
analysis, and quality management and control tools.
In quality audit, a team of external experts come and review the process and
procedures. If they find any discrepancies, they will suggest corrective action.
They may also suggest an improvement in the process. Quality audit is a very
good tool to ensure that the best practice and approved procedures are being
followed.
In process analysis you analyze the process to find any improvements,
discover the root cause of any problem that occurred, and identify any nonvalue added activities.
Quality

management

and

control

tools

include

various

diagrammatic

techniques which help you find ideas, help you make decisions, and prioritize
issues.
Amazon has been successful in implementing QA:
Amazon has changed its design time by time in order to get more customers
satisfaction

10

o In 1998, the site had two top-level categories: books and music. As additional
categories were added (such as video and gifts), the horizontal tab system
scaled quite well and created a nice opportunity for differentiating product
categories through color.

o In 1999 and 2000, the site continued to expand- adding more categories and
stretching the tab system to its limit. When Z-shops, Toys & Games,
Electronics, and e-Cards were added, there was no longer any room for the
amazon logo in the header (it was placed in the center of the home page) and
the font size had to be reduced. (The site at this time was still designed to
work well for 800 by 600 screen resolutions.) It was not until the navigation
tabs spread out into two rows that the logo again had a place on top. Clearly
the tab system was being stretched to its limit and was poised to grow out of
control.

11

o In 2007 Amazon began testing a design that brought back a prominent listing
of their most popular categories. However, access to these links was now in
the form of a left-side navigation menu instead of tabs at the top of the page.
The new header featured a prominently displayed search box and access to
your shopping cart and lists. While I dont know the full context behind the
redesign, Im assuming the company needed a better way to expose the
breadth of their inventory as the dynamic all product categories tab
(described above) required an explicit action to activate. It also feels like
Amazon is hoping to capitalize on their investments in search (namely A9) by
emphasizing searching as a primary navigation mode. No doubt, people are
searching more on the site now than they were a few years ago. Yet when
people are motivated to shop, prompts like product categories and current
deals are almost equally important. This may be why Googles single search
box shopping experience (formerly known as Froogle) never registered with
consumers: they werent ever told what they could/should shop for.

12

EXTRA SHOPPING CART OPTIONS

As shown above, a few options are included on the shopping cart page that make
the user feel comfortable. First, if a user changes their mind about a particular
purchase, they have the option of deleting it from their cart.
But deleting is a rather final act, so they have the alternative of saving it for later,
too. You could call this a soft delete: it removes the item from the shopping cart
but keeps it on the users shopping cart page under a list of saved items, where the
user can easily add it back to their cart at any time.

13

CHANGE OR DELETE ITEMS ON SHIPPING PAGE

The users control continues in subsequent steps of the purchase. Take a look at the
next image.
The user sees this when selecting a shipping option, which likely means they are
already committedor nearly committedto buying the product.

14

When choosing a shipping method, the user is given the option, with a fairly
prominent button, to Change quantities or delete. Upon seeing the shipping
methods, the user could very well need these options, so having the button
available now is helpful and reassuring.

REMINDER THAT CONTINUE DOES NOT MEAN FINAL DECISION

15

After the user has added a product to their cart and selected a shipping method,
they review a summary of their order and click a button to Continue with their
purchase. That button takes them not to a confirmation of their order but rather to
one final page where they actually make their purchase.
To ensure that the user knows this is not the final step, a helpful reminder is put
directly below the Continue button, informing them that the final order will be
confirmed after one last summary.
E-commerce developers could learn from the example set by Amazons empathetic
user experience by understanding the various concerns and apprehensions that a
user might have at each stage of the shopping experience.

16

Developers should add enhancements to the shopping experience that make

the user feel comfortable and in control.

Quality Control (QC):

Quality control is concerned with the operational activities and techniques that are
used to fulfill the quality requirements. Quality control functions start once the
project work has begun. Quality control is a reactive approach and helps you find
defects in deliverables.
The objective of the quality control process is to make sure that the deliverables are
defect free and acceptable as per the quality requirements. If the deliverable has a
defect, you will take any suitable corrective action. The quality control process has
two objectives. The first objective is to find any defects in the product and correct
them. The second objective is to validate the deliverable.
Quality assurance and quality control are dependent on each other. The quality
control process receives input from the quality assurance process, and in turn gives
its feedback to the quality assurance process so that the quality assurance can
validate the operational process.
For example, if the project team finds a defect during the project execution, they will
correct it and the feedback will be sent to the quality assurance team. The quality
assurance people will investigate the cause of this defect and they will take
corrective and/or preventive action in the process so this defect will never happen
again in the future. Once the process is updated, the quality control people will
follow the process defined by the quality assurance team so the defect does not
recur.

17

Amazon has been successful in controlling its quality, after each stage, there would
be a test report for every function to make sure it works correctly on the website. For
example:
Search:
Search algorithms are very important for the success of Amazon

Search based on Product name, brand name or something more broadly, the
category. For example Camera, Canon EOS 700D, electronics, etc.

Search Results have to be relevant

Different sort options have to be available- based on Brand, Price, and

Reviews/ratings etc.

For multi-page results, there are options to navigate to them

Also search happens in many places. Please take the search drilling down into
multiple levels into consideration when validating this functionality. For
example: When I search on the home page, I might see something like this:

When navigating to categories and go to a sub-category, maybe movies, this is

what it should be:

Product details Page:

Once a user finds a product either through search or by browsing or by clicking on it
from the homepage, the user will be taken to the product information page:

18

Image or images of the product

Price of the product

Product specifications

Reviews

Check out options

Delivery options

Shipping information

In stock/Out of stock

Multiple color or variations options

Shopping Cart:

19

This is the penultimate stage before the user commits to the purchase.

Add items to the cart and continue shopping

If the user adds the same item to the cart while continuing to shop, the item
count in the shopping cart should get incremented

All items and their totals should be displayed in the cart

Taxes as per location should be applied

A user can add more items to the cart- total should reflect the same

Update the contents added to the cart- total should reflect that too

Remove items from the cart

Proceed to checkout

Calculate Shipping costs with different shipping options

Apply coupons

Dont check out, close the site and come back later. The site should retain the
items in the cart

Payments:

20

Check different payment options

If allowing check out as Guest, simply finish the purchase and provide an
option to register at the end

Returning customers Login to check out

User sign up

If storing customer Credit card or any other financial information, perform

security testing around this to make sure it is secure.(PCI compliance is a
must)

If the user is signed up for a long time, make sure the session is timed out or
not. Every site has a different threshold. For some, it is 10 minutes. For some,
it might be different.

Emails/Text confirmation with the order number generated

21

Why QA and QC is needed?

o Cut Costs & Save Time: In business, time is money. Time invest in setting
up quality control processes and policies at the front end, saves time in the
long run. Every employee will know what to do, when to do it and how to do
it. With a quality management system in place, the system ensures
mistakes are few and far between, which saves both time and money.
o Increases Customer Satisfaction: With a quality management system in
place, customers will receive better services from your business. Your
customers will experience the best your business has to offer from
beginning to end when all members of your company focus their energy on
quality.
o Reduced Risk: By emphasizing standard processes, will limit risk from
internal and external sources. Standardization minimizes errors in all
aspects of business and reduces liability. Management systems also foresee
risks and build in processes to address those problems before they arise.
o Improved Product Quality: The overall quality of products and services
will improve through system management as well. When emphasis on
quality, production quality control becomes the key focus of business from
product development to delivery and on through to customer satisfaction.
o Reduced

Response

Time:

When things do go wrong, a quality

management system will have best practices in place to address problems

immediately as they arise. You won't have to waste time and money
figuring out solutions because a quality system will have defined roles of
responsibility in place ahead of time when problems arise.

22

Quality assurance and quality control are closely related and their objective is
also the same, i.e. to deliver a defect-free product. Both processes are an
integral part of a quality management plan and complement each other.
Failing to apply either of them will result in a failure of quality management on
the project.
Discusses various SQA standards:
Software quality assurance (SQA) consists of a means of monitoring the software
engineering processes and methods used to ensure quality. SQA encompasses the
entire software
requirements

development process,
definition, software

which

includes

design, coding, source

processes
code

such

as

control, code

reviews, software configuration management, testing, release management, and

product integration. SQA is organized into goals, commitments, abilities, activities,
measurements, and verifications
The methods by which this is accomplished are many and varied, and may include
ensuring conformance to one or more standards, such as ISO 9000 or a model such
as CMMI and IEEE-SA.

ISO 9000
The ISO 9000 of quality management systems standards is designed
to help organizations ensure that they meet the needs of customers
and other stakeholders while meeting statutory and regulatory
requirements related to a product. ISO 9000 deals with the
fundamentals of quality management systems, including the eight
management principles upon of standards is based. ISO 9001 deals
with the requirements that organizations wishing to meet the
standard must fulfill.
23

Third-party certification bodies provide independent confirmation that

organizations meet the requirements of ISO 9001. Over one million
organizations worldwide are independently certified, making ISO
9001 one of the most widely used management tools in the world

today.
The ISO 9000 series are based on eight quality management

principles.
- Customer focus
- Leadership
- Involvement of people
- Process approach
- System approach to management
- Continual improvement
- Factual approach to decision making
- Mutually supportive supplier relationships
Capability Maturity Model Integration (CMMI)
Capability Maturity Model Integration (CMMI)
improvement

training

and

appraisal

program

is

process

and

service

administered and marketed by Carnegie Mellon University (CMU) and

required by many DoD and U.S. Government contracts, especially in
software development. CMU claims CMMI can be used to guide
process improvement across a project, division, or an entire
organization.

CMMI

defines

the

following

maturity

levels

for

processes: Initial, Managed and Defined. Currently supported is CMMI

Version 1.3. CMMI is registered in the U.S. Patent and Trademark

Office by CMU.
CMMI currently addresses three areas of interest:
- Product and service development CMMI for Development
-

(CMMI-DEV),
Service establishment, management, CMMI for Services

(CMMI-SVC), and
Product and service acquisition CMMI for Acquisition (CMMIACQ).

24

Organizations can receive CMM ratings by undergoing assessments

by qualified auditors:
- Level 1 characterized by chaos, periodic panics, and heroic
efforts

required

by

individuals

to

successfully

complete

projects. Few if any processes in place; successes may not be

-

repeatable.
Level 2 software project tracking, requirements management,
realistic planning, and configuration management processes

are in place; successful practices can be repeated.

Level 3 standard software development and maintenance
processes

are

integrated

throughout

an

organization;

Software Engineering Process Group is in place to oversee

software processes, and training programs are used to ensure
-

understanding and compliance.

Level 4 metrics are used to track productivity, processes, and
products. Project performance is predictable, and quality is

consistently high.
Level 5 the focus is on continuous process improvement. The
impact of new processes and technologies can be predicted and

Institute

effectively implemented when required.

of Electrical and Electronics Engineers

Standards

Association (IEEE-SA)
The Institute of Electrical and Electronics Engineers Standards
Association (IEEE-SA) is an organization within IEEE that develops
global standards in a broad range of industries, including: power and
energy, biomedical and health care, information technology and
robotics, telecommunication and home automation, transportation,

nanotechnology, information assurance, and many more.

IEEE-SA has developed standards for over a century, through a
program

that

offers

balance,

25

openness,

fair

procedures,

and

consensus. Technical experts from all over the world participate in the

development of IEEE standards.

IEEE-SA is not a body formally authorized by any government, but
rather a community. Formally recognized international standards
organizations (ISO, IEC, ITU, CEN) are federations of national

standards bodies (American ANSI, German DIN, Japanese JISC, etc.).

Maturity levels in CMMI for services:
- Maturity Level 2 - Managed
- Maturity Level 3 - Defined
- Maturity Level 4 - Quantitatively Managed
- Maturity Level 5 Optimizing
The benefits of SQA standards:
SQA has a host of benefits. It ensures that that software built as per SQA
procedures are of specified quality. SQA helps to
o
o
o
o

Eliminate errors when they are still inexpensive to correct

Improves the quality of the software
Improving the process of creating software
Create a mature software process

1.2

assess the risks associated with the development of an IT system which

has a database at its centre.

a) Privilege Abuse
Users may abuse legitimate database privileges for unauthorized purposes. For
example, in Amazon, an accountant can access to customers information such as
credit card, phone number, email and other rellevant information, this employee can
leak these information to campetitors or even use these information for bad
purposes.

26

b) Input Injection (Formerly SQL Injection)

There are two major types of database injection attacks:
1) SQL Injection that targets traditional database systems and
2) NoSQL Injection that targets Big Data platforms.
SQL Injection attacks usually involve inserting (or injecting) unauthorized or
malicious statements into the input fields of web applications. On the other hand,
NoSQL injection attacks involve inserting malicious statements into Big Data
components (e.g., Hive or MapReduce). In both types, a successful Input Injection
attack can give an attacker unrestricted access to an entire database.A crucial point
to realize here, is that although it is technically true that Big Data solutions are
impervious to SQL Injection attacks because they dont actually use any SQL-based
technology they are, in fact, still susceptible to the same fundamental class of
attack (i.e., Input Injection).
However, nowadays Amazon has installed some frameworks which can prevent this
kind of risk effectively.
c) Malware
Cybercriminals, state-sponsored hackers, and spies use advanced attacks that blend
multiple tactics such as spear phishing emails and malware to penetrate
organizations and steal sensitive data. Unaware that malware has infected their
device, legitimate users become a conduit for these groups to access your networks
and sensitive data.

27

d) Storage Media Exposure

Backup storage media is often completely unprotected from attack. As a result,
numerous security breaches have involved the theft of database backup disks and
tapes. Furthermore, failure to audit and monitor the activities of administrators who
have low-level access to sensitive information can put your data at risk. Taking the
appropriate measures to protect backup copies of sensitive data and monitor your
most highly privileged users is not only a data security best practice, but also
mandated by many regulations.
e) Exploitation of Vulnerable, Misconfigured Databases
It is common to find vulnerable and un-patched databases, or discover databases
that still have default accounts and configuration parameters. Attackers know how
to exploit these vulnerabilities to launch attacks against your organization.
Unfortunately, organizations often struggle to stay on top of maintaining database
configurations even when patches are available. Typical issues include high
workloads and mounting backlogs for the associated database administrators,
complex and time-consuming requirements for testing patches, and the challenge of
finding a maintenance window to take down and work on what is often classified as
a business-critical system. The net result is that it generally takes organizations
months to patch databases, during which time they remain vulnerable.
f) Unmanged Sensitive Data
Many companies struggle to maintain an accurate inventory of their databases and
the critical data objects contained within them. Forgotten databases may contain
sensitive information, and new databases can emerge e.g., in application testing
environments without visibility to the security team. Sensitive data in these
databases will be exposed to threats if the required controls and permissions are not
implemented.
28

g) Denial of ServiceDenial of Service

(DoS) is a general attack category in which access to network applications or data is
denied to intended users. DoS conditions can be created via many techniques. The
most common technique used in database environments is to overload server
resources such as memory and CPU either by flooding them with an excessive
number of queries, or with a smaller volume of well-crafted queries that consume a
disproportionate amount of system resources (e.g., because they lead to recursive
look-ups or table operations). The result in either case is the same; the resourcestarved servers become unresponsive and, in some instances, even crash. The
motivations behind DoS attacks are often linked to extortion scams in which a
remote attacker will repeatedly crash servers until the victim meets their demands.
Whatever the source, DoS represents a serious threat for many organizations.
h) Limited Security Expertise and Education
Internal security controls are not keeping pace with data growth and many
organizations are ill-equipped to deal with a security breach. Often this is due to the
lack of expertise required to implement security controls, enforce policies, or
conduct incident response processes.

Database Risks Solutions Defined

There are many different categories of solutions:
Discovery and Assessment locate where database vulnerabilities and critical data
reside.
User Rights Management identifies excessive rights over sensitive data.

29

Monitoring and Blocking protect databases from attacks, unauthorized access, and
theft of data.
Auditing helps demonstrate compliance with industry regulations.Data Protection
ensures data integrity and confidentiality.
Non-Technical Security instills and reinforces a culture of security awareness and
preparedness.
a) Discovery and Assessment
Scan for Vulnerabilities: Understanding vulnerabilities that expose databases to
input injection is essential. Malware may be looking to exploit known database
vulnerabilities, making un-patched databases an easy target. Weak authentication
rules can enable an application-layer DoS attack by granting access to a database
without needing a password. Use vulnerability assessment tools to detect security
vulnerabilities, misconfigurations, and missing vendor patches. Risk scores help
prioritize risk, manage, and research vulnerabilities. In this case, higher risk scores
would relate to input injection.
Mitigate Vulnerabilities: If vulnerability is discovered and the database vendor
hasnt released a patch, a virtual patching solution should be used. Applying virtual
patches will block attempts to exploit vulnerabilities without requiring actual patches
or changes to the current configuration of the server. Virtual patching will protect
the database from exploit attempts until the patch is deployed. Again, focus on
patching high-risk vulnerabilities that can facilitate a DoS or input injection attack.
Analyze Risk and Prioritize Remediation Efforts: Use reports and analytical tools to
understand risks and help prioritize remediation efforts.

30

Discover Database Servers: In order to build and maintain an inventory of

databases and isolate sensitive data contained within them, organizations should
first catalog all databases in their data centers. Leverage discovery tools that scan
enterprise networks and identify active database services. Look for solutions that
can reduce scan duration by filtering on IP addresses and ranges and by specific
database services (e.g. Oracle, Microsoft SQL, IBM DB2, etc.). Periodically re-run
discovery scans to identify new or changed databases.
Analyze Discovery Results: Review database discovery and classification results
to

determine

which

databases

that

store

sensitive

data

need

to

be

monitored.Identify and Classify Sensitive Data:

Once you have constructed a catalog of databases, it is critical to understand which
databases contain sensitive data. Scan the objects, rows, and columns of databases
to pinpoint sensitive data. Use data classification solutions that are aware of data
types such as credit cards, email addresses, and national identity numbers, and
which enable users to add custom data types as well. Classification results should
include the IP address and host name of the asset, and indicate the existence of
sensitive data on that server. Automatically identifying sensitive data and personally
identifiable information helps narrow the scope of security and compliance efforts.
b) User Rights Management
Aggregate Access Rights: Scan databases for both granted and privileged user
rights and extract details such as the actual access right (e.g. SELECT, DELETE,
CONNECT, etc), who granted them, who received those rights, and objects to which
rights have been granted. Aggregating user rights into a single repository helps
streamline the reporting and analysis of user access to sensitive data. Enrich Access
Rights Information with User Details and Data Sensitivity: Adding information related
to user roles and their database behavior adds considerable value to user rights
31

analysis and helps zero-in on the abuse of privileges. Collect and append contextual
details to user rights information including the user name, department, database
object sensitivity, and last time accessed. This allows you to focus your analysis on
the access rights that represent the highest business risk.
Review and Approve/Reject Individual User Rights: Perform an organized
review of user rights to determine if they are appropriate. Reviewers should approve
or reject rights, or assign them to another for review, and administrators can report
on the review process. Conducting organized user rights reviews meets regulatory
requirements and reduces risk by ensuring that user privileges are granted on a
need-to-know basis.

c) Monitoring and Blocking

Real-Time Alerting and Blocking: Monitor all database access activity and usage
patterns in real time to detect data leakage, unauthorized SQL and Big Data
transactions,

and

protocol

and

system

attacks.

When attempts

to

access

unauthorized data occur, generate alerts or terminate the user session. Use a
solution that leverages policies both pre-defined and custom that inspect
database traffic to identify patterns that correspond to known attacks, such as DoS
attacks, and unauthorized activities.

Security policies are useful for not only

detecting excessive privilege abuse by malicious, compromised, or dormant users,

but also for preventing most of the other top ten database threats.
Detect Unusual Access Activity: Establish a comprehensive profile of each
database users normal activity. Monitoring for deviations from these baselines
enables detection of DoS, malware, input injection, and anomalous activities.If any
user initiates an action that does not fit their profile, log the event, generate an alert

32

or block the user. Creating activity-based user profiles increases the likelihood of
detecting inappropriate access to sensitive data.
Block Malicious Web Requests: Because web applications are the most common
vector for initiating an input injection attack, another important line of defense will
be your Web Application Firewall (WAF). A WAF will recognize and block input
injection attack patterns that originate from web applications.To protect against
Input Injection attacks, a WAF should:
Inspect HTTP parameter values for special characters like apostrophes and
brackets and know whether these characters are expected or indicative of an attack.
Use application signatures and policies of known input injection patterns to alert
and block.
Monitor Local Database Activity: DAP solutions can audit and monitor the
activities of your most highly privileged users database and system administrators.
These users have been granted the highest levels of access to your databases and,
therefore, require close attention. Should they abuse their privileges or become
compromised by malware, the risk of data theft and damage to your organization
increases.
Validate Database Protocols: Leverage database activity monitoring solutions
that can analyze the protocol and isolate anomalous communications. When atypical
communication events are detected, the solution should trigger an alert or block the
transaction.
Response Timing: Database DoS attacks designed to overload server resources lead
to delayed database responses. This includes delays in both individual query
responses and the overall system. Use solutions that monitor response timing and
generate alerts when response delays or system sluggishness is observed.
33

d) Auditing
Automate Auditing with a DAP Platform: Implement a DAP solution that delivers
the performance, scalability, and flexibility to meet the needs of the most
demanding environments. A DAP solution can address most of the weaknesses
associated with native audit tools:
Separation

of

Duties: DAP

solutions

operate

independently

of

database

administrators, making it possible to separate audit duties from routine system

administration. In addition, they operate independently of the database server and
are invulnerable to privilege elevation attacks carried out by non-administrators.
Cross-Platform Auditing: DAP solutions support database platforms from multiple
vendors enabling uniform standards and centralized audit operations across large
and distributed heterogeneous database environments.
Performance: Leading DAP solutions can leverage high performance appliances
that have zero impact on database performance. In fact, by offloading audit
processes to network appliances rather than using native auditing, organizations can
expect to improve database performance.
Capture Detailed Transactions: To support regulatory compliance requirements,
advanced fraud detection, and forensic analysis, DAP solutions can capture audit
logs that include details such as source application name, complete query text,
query response attributes, source OS, source host name, and more.
Generate Reports for Compliance and Forensics: Summarize and format
database activity details into reports that help meet compliance requirements,
conduct forensic investigations, communicate vital database activity statistics, and
monitor system performance. Leverage DAP solutions that include reports for

34

industry and government regulations which can be customized to meet business

needs.
e) Data Protection
Archive External Data: Automate the long-term data archival processes.Use
solutions that can be configured to periodically archive data to external mass
storage systems. Data should be optionally compressed, encrypted, and signed prior
to archival.
Encrypt Databases: Encrypt sensitive data across heterogeneous database
environments. This allows you to secure both production and backup copies of
databases, then audit the activity of and control access to sensitive data from users
who access databases at the operating system and storage tiers. By leveraging
database auditing along with encryption, organizations can monitor and control
users both inside and outside of the database.
f) Non-Technical Security
Cultivate Experienced Security Professionals: To defend against a growing array of
internal and external threats, hire information security personnel that are well
versed in IT Security and have experience implementing, administering, and
monitoring security solutions. Ongoing education and training are also important for
growing deeper security knowledge and skills. Consider outside IT security and
specialists to help with implementation, conduct security assessments and
penetration tests, and provide training and support for your administrators.

1.3

discuss quality assurance practices at all stages of the systems

development lifecycle

35

SDLC is a process followed for a software project, within a software organization. It

consists of a detailed plan describing how to develop, maintain, replace and alter or
enhance specific software. The life cycle defines a methodology for improving the
quality of software and the overall development process.
The following figure is a graphical representation of the various stages of a typical

SDLC.

A typical Software Development life cycle consists of the following stages:

Stage 1: Planning and Requirement Analysis
Requirement analysis is the most important and fundamental stage in SDLC. It is
performed by the senior members of the team with inputs from the customer, the
sales department, market surveys and domain experts in the industry. This
information is then used to plan the basic project approach and to conduct product
feasibility study in the economical, operational, and technical areas.
36

Planning for the quality assurance requirements and identification of the risks
associated with the project is also done in the planning stage. The outcome of the
technical feasibility study is to define the various technical approaches that can be
followed to implement the project successfully with minimum risks.
Stage 2: Defining Requirements
Once the requirement analysis is done the next step is to clearly define and
document the product requirements and get them approved from the customer or
the market analysts. This is done through .SRS. . Software Requirement
Specification document which consists of all the product requirements to be
designed and developed during the project life cycle.
Stage 3: Designing the product architecture
SRS is the reference for product architects to come out with the best architecture
for the product to be developed. Based on the requirements specified in SRS,
usually more than one design approach for the product architecture is proposed and
documented in a DDS - Design Document Specification.
This DDS is reviewed by all the important stakeholders and based on various
parameters as risk assessment, product robustness, design modularity , budget and
time constraints , the best design approach is selected for the product.
A design approach clearly defines all the architectural modules of the product along
with its communication and data flow representation with the external and third
party modules (if any). The internal design of all the modules of the proposed
architecture should be clearly defined with the minutest of the details in DDS.

37

Stage 4: Building or Developing the Product

In this stage of SDLC the actual development starts and the product is built. The
programming code is generated as per DDS during this stage. If the design is
performed in a detailed and organized manner, code generation can be
accomplished without much hassle.
Developers have to follow the coding guidelines defined by their organization and
programming tools like compilers, interpreters, debuggers etc are used to generate
the code. Different high level programming languages such as C, C++, Pascal, Java,
and PHP are used for coding. The programming language is chosen with respect to
the type of software being developed.
Stage 5: Testing the Product
This stage is usually a subset of all the stages as in the modern SDLC models, the
testing activities are mostly involved in all the stages of SDLC. However this stage
refers to the testing only stage of the product where products defects are reported,
tracked, fixed and retested, until the product reaches the quality standards defined
in the SRS.
Stage 6: Deployment in the Market and Maintenance
Once the product is tested and ready to be deployed it is released formally in the
appropriate market. Sometime product deployment happens in stages as per the
organizations. business strategy. The product may first be released in a limited
segment and tested in the real business environment (UAT- User acceptance
testing).

38

Then based on the feedback, the product may be released as it is or with suggested
enhancements in the targeting market segment. After the product is released in the
market, its maintenance is done for the existing customer base.
SDLC Models
There are various software development life cycle models defined and designed
which are followed during software development process. These models are also
referred as "Software Development Process Models". Each process model follows a
Series of steps unique to its type, in order to ensure success in process of software
development.
Following are the most important and popular SDLC models followed in the industry:

Waterfall Model

Iterative Model

Spiral Model

V-Model

Big Bang Model

The other related methodologies are Agile Model, RAD Model, Rapid Application
Development and Prototyping Models.
DATABASE SDLC
A database is usually a fundamental component of the information system,
especially in business oriented systems. Thus database design is part of system
development. The following picture shows how database design is involved in the
system development lifecycle.
39

The

phases

in

the

middle

of

the

picture

(Database

Design,

Database

Implementation) are the phases that you concentrate on in the Database Design
course. The other phases are briefly described. They are part of the contents of the
Systems Analysis and Design courses, for example. There are various methods of
how the different phases of information system design, analysis and implementation
can be done. Here the main tasks or goals are described but no method is
introduced.

a) Database Planning

40

The database planning includes the activities that allow the stages of the database
system development lifecycle to be realized as efficiently and effectively as possible.
This phase must be integrated with the overall Information System strategy of the
organization. The very first step in database planning is to define the mission
statement and objectives for the database system. That is the definition of:
o
o
o
o
b)

The major aims of the database system

The purpose of the database system
The supported tasks of the database system
The resources of the database system
Systems Definition

In the systems definition phase, the scope and boundaries of the database
application are described. This description includes:
o Links with the other information systems of the organization
o What the planned system is going to do now and in the future
o Who the users are now and in the future.
The major user views are also described. i.e. What is required of a database system
from the perspectives of particular job roles or enterprise application areas.
c) Requirements Collection and Analysis
During the requirements collection and analysis phase, the collection and analysis of
the information about the part of the enterprise to be served by the database are
completed. The results may include eg:
o
o
o
d)

The description of the data used or generated

The details how the data is to be used or generated
Any additional requirements for the new database system
Database Design

The database design phase is divided into three steps:

o Conceptual database design
o Logical database design
41

o Physical database design

In the conceptual database design phase, the model of the data to be used
independent of all physical considerations is to be constructed. The model is based
on

the

requirements

specification

of

the

system.

In the logical database design phase, the model of the data to be used is based on a
specific data model, but independent of a particular database management system
is constructed. This is based on the target data model for the database e.g.
relational data model.
In the physical database design phase, the description of the implementation of the
database on secondary storage is created. The base relations, indexes, integrity
constraints, security, etc. are defined using the SQL language.
e) Database Management System Selection
This in an optional phase. When there is a need for a new database management
system (DBMS), this phase is done. DBMS means a database system like Access,
SQL

Server,

MySQL,

Oracle,

MongoDB,

NoSQL

In this phase the criteria for the new DBMS are defined. Then several products are
evaluated according to the criteria. Finally the recommendation for the selection is
decided.
f) Application Design
In the application design phase, the design of the user interface and the application
programs that use and process the database are defined and designed.
g) Protyping
The purpose of a prototype is to allow the users to use the prototype to identify the
features of the system using the computer. There are horizontal and vertical
42

prototypes. A horizontal prototype has many features (e.g. user interfaces) but they
are not working. A vertical prototype has very few features but they are working.
See the following picture.

h) Implementation
During the implementation phase, the physical realization of the database and
application designs are to be done. This is the programming phase of the systems
development.
i) Data Conversion and Loading
This phase is needed when a new database is replacing an old system. During this
phase the existing data will be transferred into the new database.
j) Testing
Before the new system is going to live, it should be thoroughly tested. The goal of
testing is to find errors! The goal is not to prove the software is working well.
k) Operational Maintenance
The operational maintenance is the process of monitoring and maintaining the
database system. Monitoring means that the performance of the system is
43

observed. If the performance of the system falls below an acceptable level, tuning or
reorganization of the database may be required. Maintaining and upgrading the
database system means that, when new requirements arise, the new development
lifecycle will be done.
Nowadays, Amazon has applied competitive database including big data and
cloud-based e-commerce applications which are web-browser accessible and
database-centred.

Big Data Basics

The te rm big da ta re fe rs not only to la rge da ta s ets , but a ls o to the

fra m e wo rks ,

te chniq ues ,

and

tools

us e d

to

a na lyze

it.

It

ca n

be

c o lle c te d through a ny da ta -ge ne ra ting proce ss such a s s ocia l me dia ,

pub lic util ity infra s tructu re , a nd s ea rch e ngines . Bi g da ta ma y be
e ithe r se mi- struct ure d, s tructure d , or uns tructure d.
Ty pic a lly big da ta is a na lyze d and co lle cte d at s pe cifi c inte rv a ls , but
re a l- tim e big da ta a na lytic s col le ct and a na lyze da ta cons ta ntly. The
pur pos e o f this con tinuo us p roce ss ing loop is to o ff e r ins ta nt ins igh ts
to use rs .

Pros of Real-Time Big Data

Fi rs t,

it

a llows

s igni fi c a ntly

Ama zon

mit iga tes

to

de te ct

a ga ins t

e rrors

loss e s .

a nd

Se cond,

fra ud
it

quick ly.

prov ide s

This
ma j or

a dva nta ge s from a compe tit ive s ta ndpo int. Re a l- time a na lys is a llows
Am a z on to de ve lop mo re e ff e ctive stra te gie s towa rds compe t itors in
le ss tim e , o ff e ring dee p ins ight into cons ume r tre nds a nd s a les . In

44

a dditi on, da ta col le cte d is va lua ble a nd o ff e rs Ama zon a cha nc e to

im p rov e profi ts a nd cus tome r se rvice .
Pe rha ps the gre a tes t a rgume nt in fa vor of re a l-time ana lys is of big
da ta

is

tha t

it

ma y

be

use d

to

p rovi de

cutting -e dge

he a lthc a re .

Prop one nts of big da ta poin t out tha t hea lthca re o rga niza tio ns ca n us e
e le c t ronic me dica l re c ords and da ta from wea ra ble s to pre ve nt de a dly
hos pita l infe cti ons , fo r exa mple . To thes e propone nts , priva cy c a nnot
trum p the live s bi g da ta might s ave .

Cons of Real-Time Big Data

As v a lua ble as this k ind of bi g da ta ca n be , it a ls o p res e nts s e rious
c ha lle nge s . Firs t is the lo gis tica l iss ue . C ompa nies hop ing to us e big
da ta will ne e d to modi fy the ir e ntire app roa ch a s da ta fl o wing into the
c om pa ny be comes cons ta nt ra the r tha n pe riod ic: this ma nda tes ma jo r
s tra te gic

cha nge s

for

ma ny

bus ine ss e s .

N ext,

re a l- time

bi g

da ta

de m a nds the abi lity to con duct s ophis tica te d ana lys e s ; compa nie s who
fa il to do this co rre ctly ope n the ms e lve s up to imp le me nting e nti re ly
inc orre c t stra te gie s o rga n iza tion- wide . Fur the rmore , ma ny c urre nt ly
us e d da ta to ols a re not a ble to ha ndle re a l- time a na lys is .
One of the big ges t conce rns ma ny la ype ople a nd pol iticia ns ha v e
a bout re a l- time ana lys is of bi g da ta is pr iva cy. C ivil libe rt ies a dv oc a tes
ha v e atta cke d the us e of big da ta f rom lice ns e pla te sca nne rs and
d rone s , for exa mple . The idea is tha t a uthorit ie s s hould not be a ble to
c i rc um v e nt cons tit utiona l prote ctio ns aga ins t unre a s ona ble s ea rc he s .

45

LO2. Be able to employ standard quality control documentation

2.1

Produce quality control documentation for each stage of the systems

development lifecycle
A- SOFTWARE TEST PLAN (STP)
A test plan documents the strategy that will be used to verify and ensure that a
product or system meets its design specifications and other requirements. A test
plan is usually prepared by or with significant input from test engineers.
Depending on the product and the responsibility of the organization to which the
test plan applies, a test plan may include a strategy for one or more of the following:

Design Verification or Compliance test - to be performed during the

development or approval stages of the product, typically on a small sample of
units.

Manufacturing or Production test - to be performed during preparation or

assembly of the product in an ongoing manner for purposes of performance
verification and quality control.

Acceptance or Commissioning test - to be performed at the time of delivery or

installation of the product.

Service and Repair test - to be performed as required over the service life of
the product.

Regression test - to be performed on an existing operational product, to verify

that existing functionality didn't get broken when other aspects of the
environment are changed (e.g., upgrading the platform on which an existing
application runs).

46

1. Scope of The Tests

1.1 The web site develops by Amazon version 1.0
1.2 The documents: Requirement Document, Analysis Document, Coding Document,
Design Document, Database Document.
1.3 Testing time: from April 1st 2017 to July 1st 2017
2. Testing Environment:
2.1 Testing sites: All the site develop by Amazon
2.2 Software
Documentation tool
Scheduling tool
IDE

Microsoft word 2013

Microsoft project 2013
Eclipse Mars

Web Server
Design tool
JDK
DBMS
Operating System

Netbean 8.1
Glassfish Server 4.1
Photoshop CS6
JDK 1.8
Microsoft SQL Server 2012
Windows 8.1, 10, Linux

2.3 Hardware
Client
Server

8 laptops, 5 desktops
Reuse one 24/7 available desktop to
simulate the server for testing and
deployment

2.4 Resources
Worker
Test Manager

Specific Responsibilities/Comments
Provide management oversight
Responsibilities: provide technical
direction, accuquire appropriate
resources
Management reporting
47

Test Designer

Identifies, priorities and implements

test cases
Responsibilites: generate test plan,

System Tester

evaluate effectiveness of test effort

Executes the test
Responsibilites: executes tests, log
results, recover from errors,

Test System Administrator

document defects
Ensures test environment and assets
are managed and maintained
Responsibilites: administer test
management system, manage

Designer

worker access to test system

Identifies and defines the operations,
attributes
Responsibilites: identifies and defines
the test class, identifies and defines

Implementer

the test packages

Implements and unit tests the test
classes and test packages
Responsibilites: create the test
classes and packages implemented
in the test suite

2.5 Participating organizations: Amazon

2.6 Manpower requirements: Requirement Document, Analysis Document, Coding
Team, Analysis Team, Testing Team
2.7 Preparation and training required of the test team: Senior System Analyst
3. Test Detail (For Each Test):
3.1 Test identification: Test web site, test UI, test server
48

3.2 Test objective: All of the requirement function

3.3 Cross- reference to relevant design document and the requirement document:
Requirement Document, Analysis Document, Coding Document, Design Document,
Database Document
3.4 Test class: admin class, user class, search class, order class, payment class,
insert class, delete class, update class, login class, register class.
3.5 Test level (unit, integration or system tests)
a) Unit: States, transaction, data flow, functionally, UI
b) Integration: APIs, error handling, functionally, performance
c) System: States, Transaction, data flow coverage, functionally, UI, error
handling, operation, reliability,date/time, localization, installation and
configuration options
3.6 Test case
A. User Test case
a) Test case of Log in and Log out Use case
b) Fail to login the system when providing invalid username
c) Fail to login the system when providing valid username and invalid
password
d) Fail to login the system when providing empty username
e) User logs in the system using an account is being blocked
f) Recover password
g) User Register New Account With Valid Information
h) User Register New Account with one or some or all fields are empty
B. Admin Test Case
a) Test case of Log in and Log out Use case
b) Fail to login the system when providing invalid username
c) Fail to login the system when providing valid username and invalid
d)
e)
f)
g)
h)
i)

password
Fail to login the system when providing empty username
Recover password
Admin add product with valid information
Fail to add product with name that already exists in the system
Fail to add product when one or some or all fields are empty
Fail to add product when inputting special character(s) to one or some or all

fields
j) Update a product with valid information
49

k) Fail to update a product with name that already exists in the system
l) Fail to update product when one or some or all fields are empty
m) Fail to update product when inputting special character(s) to one or some
or all fields
n) Update cancel
o) Delete product
p) Delete cancel
C. Search Product Test Case
a) Seacrh Product by Product Name : Good search
b) Seacrh Product by Product Name: Empty search
c) Search Product by Product Name : Wrong Search
D. Shopping Cart Test Case
a) Add Product to Shopping Cart
b) Remove Product from Shopping Cart
c) Change Quantity
d) Select Delivery Option
e) Payment System
f) Pay Now Process
g) Cancel Order
E. Browsers Test Case
a) Internet explorer 11
b) Microsoft edge
c) Google Chrome (lastest version)
3.7 Special requirements: Measurements of response times, Security requirements:
Fast response time and good performance, all the requirement met the standard of
security
3.8 Data to be recorded: Yes
4. Test Schedule (For Each Test or Test Group) including time estimates for
the following:
4.1 Preparation: 1 week
4.2 Testing: 3 weeks
4.3 Error correction: 6 weeks
4.4 Regression test: 1 week

50

B - SOFTWARE TEST DESCRIPTION (STD)

The test design is carried out on the basis of the software test plan as documented
by STP. The test procedures and the test case database/file may be documented in a
software test procedure document and test case file document or in a single
document called the software test description (STD)
1. Scope of The Tests
1.1 The web site develops by Amazon version 1.0
1.2 The documents: Requirement Document, Analysis Document, Coding Document,
Design Document, Database Document.
1.3 Testing time: from April 1st 2017 to July 1st 2017
2. Test Environment (For Each Test)
2.1 Test identification: Software Test Plan (STP)
2.2 Software
Documentation tool
Scheduling tool
IDE

Microsoft word 2013

Microsoft project 2013
Eclipse Mars

Web Server
Design tool
JDK
DBMS
Operating System

Netbean 8.1
Glassfish Server 4.1
Photoshop CS6
JDK 1.8
Microsoft SQL Server 2012
Windows 8.1, 10, Linux

2.3 Hardware
51

Client
Server

8 laptops, 5 desktops
Reuse one 24/7 available desktop to
simulate the server for testing and
deployment

2.4 Resources
Worker
Test Manager

Specific Responsibilities/Comments
Provide management oversight
Responsibilities: provide technical
direction, accuquire appropriate
resources

Test Designer

Management reporting
Identifies, priorities and implements
test cases
Responsibilites: generate test plan,

System Tester

evaluate effectiveness of test effort

Executes the test
Responsibilites: executes tests, log
results, recover from errors,

Test System Administrator

document defects
Ensures test environment and assets
are managed and maintained
Responsibilites: administer test
management system, manage

Designer

worker access to test system

Identifies and defines the operations,
attributes
Responsibilites: identifies and defines
the test class, identifies and defines

Implementer

the test packages

Implements and unit tests the test
classes and test packages
52

Responsibilites: create the test

classes and packages implemented
in the test suite

3. Test cases (For Each Case)

3.1 User Test case
a) Test case of Log in and Log out Use case

Name

Test case: user logs in successfully with valid username

Requirement

and password
The user is logged in correctly after providing correct

Preconditions
Steps

username and password

The user is at the homepage or the log in page
Provide valid username in the username textbox
Provide valid password in the password textbox

Expected results

Click on log in button

The user is redirected to the specific hompage after that
user

b) Fail to login the system when providing invalid username

Name

Test case: Fail to login the system when providing invalid

Requirement
Preconditions
Steps

username
The user is at the homepage or the login page
The user is at the homepage or the log in page
Provide invalid username in the username textbox
Provide valid password in the password textbox or let
password field empty

Expected results

Click on log in button

The user is redirected to the error page with a warning
We can not find an account with that username
53

c) Fail to login the system when providing valid username and invalid
password
Name

Test case: Fail to login the system when providing valid

Requirement

username and invalid password

The user is not logged in when providing valid username

Preconditions
Steps

and invalid password

The user is at the homepage or the log in page
Provide valid username in the username textbox
Provide invalid password in the password textbox

Expected results

Click on log in button

The user is redirected to the error page with a warning
You have provided invalid username or password

d) Fail to login the system when providing empty username

Name

Test case: Fail to login the system when providing empty

Requirement
Preconditions
Steps

username
The user is not logged in when providing empty username
The user is at the homepage or the log in page
Provide empty username in the username textbox
Provide invalid password in the password textbox or let
password field empty

Expected results

Click on log in button

The user is redirected to the error page with a warning
You must provide username and password

e) User logs in the system using an account is being blocked

Name

Test case: User logs in the system using an account is

Requirement

being blocked
User can not log in the system using account is being

Preconditions
Steps

blocked
A given account is being blocked by logging in fail 3 times
Provide username of given account being blocked
Provide password of given account being blocked
54

Expected results

Click on log in button

User is redirected to the error page with a warning This
account is being blocked. Please wait for 30 minutes or
contact the administrator

f) Recover password
Name
Requirement
Preconditions

Test case: Recover password

The user lost or forget password
User clicks on Forget password

Steps

The system warns the user about recovering password

Choose the security question from the drop down list
Specify the answer of the security question in the text box

Expected results

Click on Recovery password button

The system issues the message indicates the password
has been reset to default password abcd1234 and warns
the user to change their password for the next log in
The password is reset to the default password abcd1234
The system redirects user to the log in page

g) User Register New Account With Valid Information

Name
Requirement
Preconditions

Test case: Register New Account

The user wants to register new account
User clicks on Register

Steps

The system redirect user to register page

Provide valid user name
Provide valid password
Provide valid phone number
Provide valid email address
Provide valid home address

Expected results

Click on Register button

The user is registed to the system successfully.
The system redirects user to the log in page
55

h) User Register New Account with one or some or all fields are empty
Name

Test case: User Register New Account with one or some or

Requirement
Preconditions

all fields are empty

The user wants to register new account
User clicks on Register

Steps

The system redirect user to register page

Provide empty user name or/and
Provide empty password or/and
Provide empty phone number or/and
Provide empty email address or/and
Provide empty home address and

Expected results

Click on Register button

The system redirects user to the error page
The user is not registed to the system successfully. A
warning message should be shown Your account is not
registed, please fill all fields

3.2 Admin Test Case

a) Test case of Log in and Log out Use case

Name

Test case: admin logs in successfully with valid username

Requirement

and password
The admin is logged in correctly after providing correct

Preconditions
Steps

username and password

The admin is at the admin login page
Provide valid username in the username textbox
Provide valid password in the password textbox

Expected results

Click on log in button

The user is redirected to admin control panel page

56

b) Fail to login the system when providing invalid username

Name

Test case: Fail to login the system when providing invalid

Requirement
Preconditions
Steps

username
The admin is at the admin login page
The admin is at the admin login page
Provide invalid username in the username textbox
Provide valid password in the password textbox or let
password field empty

Expected results

Click on log in button

The admin is redirected to the error page with a warning
We can not find an account with that username

c) Fail to login the system when providing valid username and invalid
password
Name

Test case: Fail to login the system when providing valid

Requirement

username and invalid password

The admin is not logged in when providing valid username

Preconditions
Steps

and invalid password

The admin is at the admin log in page
Provide valid username in the username textbox
Provide invalid password in the password textbox

Expected results

Click on log in button

The admin is redirected to the error page with a warning
You have provided invalid username or password

d) Fail to login the system when providing empty username

Name

Test case: Fail to login the system when providing empty

Requirement

username
The admin is not logged in when providing empty

Preconditions
Steps

username
The admin is at the admin login page
Provide empty username in the username textbox
Provide invalid password in the password textbox or let
57

password field empty

Expected results

Click on log in button

The admin is redirected to the error page with a warning
You must provide username and password

e) Recover password
Name
Requirement
Preconditions

Test case: Recover password

The admin lost or forget password
User clicks on Forget password

Steps

The system warns the admin about recovering password

Choose the security question from the drop down list
Specify the answer of the security question in the text box

Expected results

Click on Recovery password button

The system issues the message indicates the password
has been reset to default password abcd1234 and warns
the admin to change their password for the next log in
The password is reset to the default password abcd1234
The system redirects admin to the admin log in page

f) Admin add product with valid information

Name
Requirement
Preconditions

Test case: Add new product with valid information

All fields are filled with valid data
The webpage that allows admin to input information of

Steps

product is displayed
Provide products name in the textbox
Provide products price in the textbox
Provide products category in the selection box
Provide products image in the picture box
Provide products description in the textbox

Expected results

Click on add button

The new product is added to the system
58

g) Fail to add product with name that already exists in the system
Name

Test case: Fail to add product with name already exists in

Requirement
Preconditions

the system
All fields are filled with valid data
The webpage that allows admin to input information of

Steps

product is displayed
Provide products name in the textbox (which already exist
in the system)
Provide products price in the textbox
Provide products category in the selection box
Provide products image in the picture box
Provide products description in the textbox

Expected results

Click on add button

The new product is not added to the system
The admin is redirected to the error page with a warning
Fail to add product to the system. The product name that
you have provided already exists in the system

h) Fail to add product when one or some or all fields are empty
Name

Test case: Fail to add product when one or some or all

Requirement
Preconditions

fields are empty

Not all fields are filled with valid data
The webpage that allows admin to input information of

Steps

product is displayed
Provide empty products name in the textbox or/and
Provide empty products price in the textbox or/and
Provide empty products category in the selection box
or/and
Provide empty products image in the picture box or/and
Provide empty products description in the textbox and
59

Expected results

Click on add button

The new product is not added to the system
The admin is redirected to the error page with a warning
Fail to add product to the system. You must provide all
information

i) Fail to add product when inputting special character(s) to one or some or all
fields
Name

Test case: Fail to add product when inputting special

Requirement
Preconditions

character(s) to one or some or all fields

All fields are filled with data
The webpage that allows admin to input information of

Steps

product is displayed
Provide products name containing special character(s) in
the textbox or/and
Provide products price containing special character(s) in
the textbox or/and
Provide products category in the selection box
Provide products image in the picture
Provide products description containing special
character(s) in the textbox and

Expected results

Click on add button

The new product is not added to the system
The admin is redirected to the error page with a warning
Fail to add product to the system. Some fields contain
special character(s)

j) Update a product with valid information

Name

Test

case:

Update

Requirement

successfully
All fields are filled with valid data
60

product

with

valid

information

Preconditions

The webpage that allows admin to update information of

Steps

product is displayed
Provide products name in the textbox or/and
Provide products price in the textbox or/and
Provide products category in the selection box or/and
Provide products image in the picture box or/and
Provide products description in the textbox and

Expected results

Click on update button

The product is updated to the system

k) Fail to update a product with name that already exists in the system
Name

Test case: Fail to update product with name already exists

Requirement
Preconditions

in the system
All fields are filled with valid data
The webpage that allows admin to update information of

Steps

product is displayed
Provide products name in the textbox (which already exist
in the system) or/and
Provide products price in the textbox or/and
Provide products category in the selection box or/and
Provide products image in the picture box or/and
Provide products description in the textbox and

Expected results

Click on update button

The product is not updated to the system
The admin is redirected to the error page with a warning
Fail to update product to the system. The product name
that you have provided already exists in the system

l) Fail to update product when one or some or all fields are empty
Name

Test case: Fail to update product when one or some or all

fields are empty
61

Requirement
Preconditions

Not all fields are filled with valid data

The webpage that allows admin to update information of

Steps

product is displayed
Provide empty in the textbox or/and
Provide empty products price in the textbox or/and
Provide empty products category in the selection box
or/and
Provide empty products image in the picture box or/and
Provide empty products description in the textbox and

Expected results

Click on update button

The product is not updated to the system
The admin is redirected to the error page with a warning
Fail to update product to the system. You must provide all
information

m) Fail to update product when inputting special character(s) to one or some

or all fields
Name

Test case: Fail to update product when inputting special

Requirement
Preconditions

character(s) to one or some or all fields

All fields are filled with data
The webpage that allows admin to update information of

Steps

product is displayed
Provide products name containing special character(s) in
the textbox or/and
Provide products price containing special character(s) in
the textbox or/and
Provide products category in the selection box
Provide products image in the picture
Provide products description containing special
character(s) in the textbox and
Click on update button
62

Expected results

The product is not updated to the system

The admin is redirected to the error page with a warning
Fail to update product to the system. Some fields contain
special character(s)

n) Update cancel
Name
Requirement

Test case: Update cancel

When admin decides to cancel updating, the system must

Preconditions

allow him/her to stop operation

The webpage that allows admin to update information of

Steps
Expected results

product is displayed
Click on update button
The product is not updated to the system
The admin is redirected to him/her main page

o) Delete product
Name
Requirement

Test case: Delete a product

When admin decides to delete the selected product, the

Preconditions

system remove that from the system

The webpage that allows admin to delete information of

Steps

product is displayed
Admin choose a product to delete
Veriry that the system retrieves and display the product
information for admin and prompts message to confirm the
deletion of the product
Admin confirm to delete the selected product by clicking

Expected results

on delete button
The system deletes the selected product from the system

p) Delete cancel
Name
Requirement

Test case: Delete cancel

All fields are filled with data
63

Preconditions

When admin decides to cancel deletion, the system allows

Steps

admin to cancel the operation

Admin choose a product to delete
Veriry that the system retrieves and display the product
information for admin and prompts message to confirm the
deletion of the product

Expected results

Admin click on cancel button

The selected product is not deleted from the system
User is redirected to his/her main page

3.3 Search Product Test Case

a) Seacrh Product by Product Name : Good search
Name
Requirement
Preconditions

Test case: Search Product

Search textbox is filled with product name
When user decides to search a product, the system allows

Steps

him/her to search
Users navigate to Search textbox
Users enter product name

Expected results

Click on search button

The system show user the result page with 10 matching
products along with their information

b) Seacrh Product by Product Name: Empty search

Name
Requirement
Preconditions

Test case: Empty Search

Search textbox is not filled with product name
When user decides to search a product, the system allows

Steps

him/her to search
Users navigate to Search textbox
User does not enter product name

Expected results

Click on search button

The user is redirected to the error page, a warning
64

message is show No search term was entered. Please

enter product name
c) Search Product by Product Name : Wrong Search
Name
Requirement
Preconditions

Test case: Wrong Search

Search textbox is filled with unexisted product name
When user decides to search a product, the system allows

Steps

him/her to search
Users navigate to Search textbox
Users enter unexisted product name

Expected results

Click on search button

The user is redirected to the error page, a warning
message is show No matches found. Please try again

3.4 Shopping Cart Test Case

a) Add Product to Shopping Cart
Name
Requirement
Preconditions

Test case: User Add Product to Shopping Cart

Users choose product to add to cart
When user decides to add a product, the system allows

Steps

him/her to add product to cart

User navigate to product

Expected results

Click on Add to Cart button

The system add product to users shopping cart
A message should be shown Your product is added to
cart

b) Remove Product from Shopping Cart

Name
Requirement
Preconditions
Steps

Test case: User Remove Product from Shopping Cart

Users choose product to remove from cart
There is at least one product in the shopping cart
Users navigate to their shopping cart

65

Users choose a product they want to remove from cart

Expected results

Click on Remove from Cart button

The system remove product from users shopping cart
A message should be shown Product is removed

c) Change Quantity
Name

Test case: User Change Quantity of Product in Shopping

Requirement
Preconditions
Steps

Cart
Users change quantity of product in cart
There is at least one product in the shopping cart
Users navigate to their shopping cart
Users choose a product they want to change quantity in
cart

Expected results

Click on + or - button
The system should change quantity of product in cart.

d) Select Delivery Option

Name
Requirement
Preconditions
Steps

Test case: Select Delivery Option

Users want to choose a delivery option
There is at least one product in the shopping cart
Users navigate to their shopping cart
Users choose a delivery option from dropdown list

Expected results

Click on Choose button

The system add delivery option to shopping cart

e) Payment System
Name
Requirement

Test case: Payment System

Users want to choose a payment method for their

Preconditions
Steps

shopping
There is at least one product in the shopping cart
Users navigate to their shopping cart
Users choose a payment method from dropdown list
Click on Choose button
66

Expected results

The system add payment method to shopping cart

f) Pay Now Process

Name
Requirement
Preconditions
Steps

Test case: Pay Now Process

Users want to choose pay now process
There is at least one product in the shopping cart
Users navigate to their shopping cart
Users choose a pay now

Expected results

Click on Checkout button

The system add the order to the delivery system and
remove all products from shopping cart. A message should
be shown Your product(s) is on the way. Thank you
Users are redirected to the home page

g) Cancel Order
Name
Requirement
Preconditions
Steps

Test case: Cancel Order

Users want to cancel order
There is at least one product in the shopping cart
Users navigate to their shopping cart

Expected results

Click on Cancel button

The system should remove all information in users
shopping cart
Users should be navigated to the homepage

3.5 Browsers Test Case

a) Internet explorer 11
Name
Requirement
Preconditions
Steps

Test case: Internet explorer 11

Users want to load page in internet explorer 11
Internet explorer 11 browser is already installed
Open internet explorer 11 browser
Navigate to address bar and input the address

67

Amazon.com
Expected results

Press Enter button

The browser should load page successfully such as:
Links
o
o
o
o

Internal Links
External Links
Mail Links
Broken Links

Forms
o Field validation
o Error message for wrong input
o Optional and Mandatory fields
Database
o Testing will be done on the database integrity.
Cookies
o Testing will be done on the client system side, on the
temporary Internet files.
o Users should be navigated to the homepage
b) Microsoft edge
Name
Requirement
Preconditions
Steps

Test case: Microsoft edge

Users want to load page in Microsoft edge
Microsoft edge browser is already installed
Open Microsoft edge
Navigate to address bar and input the address
Amazon.com

Expected results

Press Enter button

The browser should load page successfully such as:
68

Links
o
o
o
o

Internal Links
External Links
Mail Links
Broken Links

Forms
o Field validation
o Error message for wrong input
o Optional and Mandatory fields
Database
o Testing will be done on the database integrity.
Cookies
o Testing will be done on the client system side, on the
temporary Internet files.
o Users should be navigated to the homepage
c) Google Chrome (lastest version)
Name
Requirement
Preconditions
Steps

Test case: Google Chrome

Users want to load page in Google Chrome
Google Chrome browser is already installed
Open Google Chrome
Navigate to address bar and input the address
Amazon.com

Expected results

Press Enter button

The browser should load page successfully such as:
Links
69

o
o
o
o

Internal Links
External Links
Mail Links
Broken Links

Forms
o Field validation
o Error message for wrong input
o Optional and Mandatory fields
Database
o Testing will be done on the database integrity.
Cookies
o Testing will be done on the client system side, on the
temporary Internet files.
o Users should be navigated to the homepage
4.Testing Process - How the test is run - step by step
Instructions for input, detailing every step of the input process
Data to be recorded during the tests
5. Action to Be Taken in Case of Program Failure / Cessation
6. Procedures to Be Applied According to The Test Result Summary

C - SOFTWARE TEST REPORT (STR)

Document that records data obtained from an experiment of evaluation in an
organized manner, describes the environmental or operating conditions, and shows
the comparison of test results with test objectives.

70

1. Test Identification Site Schedule and Participation

1.1 The web site develops by Amazon
1.2 The documents: Requirement Document, Analysis Document, Coding Document,
Design Document, Database Document, Implement and Maintain Document
1.3 Test site: All of the requirement function
1.5 Test team members:
Worker
Test Manager

Specific Responsibilities/Comments
Provide management oversight
Responsibilities: provide technical
direction, accuquire appropriate
resources

Test Designer

Management reporting
Identifies, priorities and implements
test cases
Responsibilites: generate test plan,

System Tester

evaluate effectiveness of test effort

Executes the test
Responsibilites: executes tests, log
results, recover from errors,

Test System Administrator

document defects
Ensures test environment and assets
are managed and maintained
Responsibilites: administer test
management system, manage

Designer

worker access to test system

Identifies and defines the operations,
attributes
Responsibilites: identifies and defines
the test class, identifies and defines
the test packages
71

Implementer

Implements and unit tests the test

classes and test packages
Responsibilites: create the test
classes and packages implemented
in the test suite

1.6 Other participants: None

1.7 Time invested in performing the tests: April 1st 2017 to July 1st 2017
2. Test Environment
2.1 Software
Documentation tool
Scheduling tool
IDE

Microsoft word 2013

Microsoft project 2013
Eclipse Mars

Web Server
Design tool
JDK
DBMS
Operating System

Netbean 8.1
Glassfish Server 4.1
Photoshop CS6
JDK 1.8
Microsoft SQL Server 2012
Windows 8.1, 10, Linux

2.2 Hardware
Client
Server

8 laptops, 5 desktops
Reuse one 24/7 available desktop to
simulate the server for testing and
deployment

2.3 Preparations and training prior to testing: Senior System Analyst

3. Test Results
3.1 Rationale for decision
After executing a test, the decision is defined according to the following rules:
72

OK: The test sheet is set to "OK" state when all steps are in "OK" state. The
real result is compliant to the expected result.

NOK: The test sheet is set to "NOK" state when all steps of the test are set to
"NOK" state or when the result of a step differs from the expected result.

NOT RUN: Default state of a test sheet not yet executed.

NOT COMPLETED: The test sheet is set to "Not Completed" state when at
least one step of the test is set "Not Run" state.

3.2 Test case result (for each test case individually)

A. User Test case
TASK
Test case of Log in and Log out Use case
Fail to login the system when providing invalid

DECISION
P
P

username
Fail to login the system when providing valid username

and invalid password

Fail to login the system when providing empty

username
User logs in the system using an account is being

blocked
Recover password
User Register New Account With Valid Information
User Register New Account with one or some or all

P
F
F

fields are empty

B. Admin Test Case
TASK
Test case of Log in and Log out Use case
Fail to login the system when providing invalid

DECISION
P
P

username
Fail to login the system when providing valid username

and invalid password

Fail to login the system when providing empty

73

username
Recover password
Admin add product with valid information
Fail to add product with name that already exists in the

P
P
P

system
Fail to add product when one or some or all fields are

empty
Fail to add product when inputting special character(s)

to one or some or all fields

Update a product with valid information
Fail to update a product with name that already exists

F
P

in the system
Fail to update product when one or some or all fields are

empty
Fail to

update

product

when

inputting

character(s) to one or some or all fields

Update cancel
Delete product
Delete cancel

special

F
P
F

C. Search Product Test Case

TASK
Seacrh Product by Product Name : Good search
Seacrh Product by Product Name: Empty search
Search Product by Product Name : Wrong Search

DECISION
P
F
F

D. Shopping Cart Test Case

TASK
Add Product to Shopping Cart
Remove Product from Shopping Cart
Change Quantity
Select Delivery Option
Payment System
Pay Now Process
Cancel Order
E. Browsers Test Case
74

DECISION
P
F
F
F
P
F
P

TASK
Internet explorer 11
Microsoft edge
Google Chrome (lastest version)

DECISION
P
P
P

4. Summary Tables for Total Number of Error Their Distribution and Types

TYPES
INPUT
OPERATION
DATABASE
HUMAN

STATUS
OK
16
6
0
0

NOK
11
4
0
0

5. Special Events and Testers proposals

5.1 Special events and unpredicted responses of the software during testing: none
5.2 Problems encountered during testing: none
5.3 Proposals for changes in the test environment, including test preparations: none
5.4 Proposals for changes or corrections in the test procedures and test case files:
yes

LO3. Be able to use project management tools

3.1 apply project planning and management tools to plan specific resources and
requirements for an IT system development
75

a) Explain the importance of project management to the production of high quality

IT systems.
Projects are completed by teams of people who are specially chosen for their skills,
knowledge and potential to contribute to the final result. The team is led by a project
manager. He or she is responsible for keeping the project tasks on schedule,
communicating with all stakeholders and managing resources the people, money,
tools and time needed to achieve the goal. The project manager is the centre of the
project and the driving force behind the team.
The discipline of project management is extremely versatile and can be adapted to
any business or industry. Its strength is focused teams of experts who can quickly
adapt, organise and troubleshoot, meaning that most problems can be resolved
efficiently.
Here are three reasons why project management is important to modern businesses.
Human focused
Today's employees are no longer satisfied with comfortable, rote work for which they
need not take any responsibility. In fact, many people are looking for more creative,
empowered and hands-on positions where they can make a real impact. Projectbased organisations provide this since they focus on goals and outcomes rather than
working according to the clock. This makes it a more logical and stimulating
structure for skilled people.
In addition, since project management relies so much on good communication, the
discipline emphasises the need to focus on the realities of working with people
mistakes and successes, good and bad days, conflicts and so on. Research has
proven that the more understanding and flexible an employer is, the more devoted,
productive and happy the staff are.
76

Flexible but structured

Project management perfectly combines the two needs of organisations first, to be
adaptable to changing circumstances, and second, to be structured, predictable and
organised. Good project managers spend a lot of time ensuring that everybody
knows what their responsibilities are and when requirements are due. They are also
masters at adapting these schedules if something goes wrong, or things proceed
better than expected.
Project-based organisations can be adapted much more easily than other business
structures since whole teams can shift together to accommodate changes.
Efficient
A core project team with an excellent manager can be much more efficient than a
whole stable of workers because, as a cohesive and dedicated unit, they can focus
all of their energy on the task at hand. Fewer people can accomplish a single project,
meaning that human resources are freed up for other work.
One of the essential concepts of project management is balancing the three
requirements of cost, time and quality a project needs to be under budget,
delivered by the deadline, and of sufficiently high quality. Often, however, these
three factors are in conflict and not all of them can be achieved at once; a project
may be running late due to some unavoidable delays, or the quality desired may
require more money than was initially budgeted for. A good project manager
balances these three factors and produces the most efficient result possible.
On top of that, good planning and organisation can save a lot of mistakes, confusion,
backtracking and delays all of which decrease the efficiency of an organisation.
Planning for risks is inextricably linked to project management; the sooner these can

77

be avoided, mitigated or prepared for, the better for the team, project and
organisation as a whole.

b) Produce:
Task Name

Duration

Start

Finish

Project Initation
(1).
Hardware
(2).
Software
(3).
Database Server
(4).
Web Server
(5).
Wait Frame

20 days
3 days
7 days
3 days
10 days
7 days

Tue 1/3/17
Tue 1/3/17
Thu 1/5/17
Fri 1/13/17
Mon 1/16/17
Fri 1/20/17

Mon 1/30/17
Thu 1/5/17
Fri 1/13/17
Tue 1/17/17
Fri 1/27/17
Mon 1/30/17

Designing
(1).
(2).
(3).
(4).

Back End
Front End
Debug
Review

30 days
27 days
28 days
20 days
25 days

Thu 2/2/17
Thu 2/2/17
Fri 2/3/17
Mon 2/13/17
Thu 2/9/17

Wed 3/15/17
Fri 3/10/17
Tue 3/14/17
Fri 3/10/17
Wed 3/15/17

Developing
(1).
Home Page
(2).
Log in - Register Page
(3).
Product Page
(4).
Search Page
(5).
Shopping Cart Page
(6).
Payment Page
(7).
Help Page

45 days
26 days
27 days
26 days
28 days
28 days
30 days
12 days

Wed 2/15/17
Wed 2/15/17
Wed 2/15/17
Wed 2/15/17
Wed 2/15/17
Wed 2/22/17
Wed 3/1/17
Mon 4/3/17

Tue 4/18/17
Wed 3/22/17
Thu 3/23/17
Wed 3/22/17
Fri 3/24/17
Fri 3/31/17
Tue 4/11/17
Tue 4/18/17

Testing
(1).
(2).
(3).

45 days
25 days
30 days
28 days

Wed 3/15/17
Wed 3/15/17
Tue 3/21/17
Wed 3/22/17

Tue 5/16/17
Tue 4/18/17
Mon 5/1/17
Fri 4/28/17

45 days
7 days
7 days
30 days

Wed 3/29/17
Wed 3/29/17
Mon 4/3/17
Mon 4/3/17

Tue 5/30/17
Thu 4/6/17
Tue 4/11/17
Fri 5/12/17

Software Test Plan

Software Test Description
Software Test Report

System Deployment and Maintaine

(1).
Hosting
(2).
Configuration
(3).
Training

78

(4).

Support and Maintaine

32 days

1) a Work Breakdown Structure

79

Mon 4/17/17

Tue 5/30/17

2) a GANTT chart

3) a Critical Path Method

80

Database Server
Web Server
Wait Frame

6
7

Debug
Review

12
13

Product Page
Search Page
Shopping Cart Page
Payment Page
Help Page

18
19
20
21
22

Finish
3

Software Test Report

Training

Support and Maintaine 32 daysMon 4/17

T/1
ue
75/30/17

33

30 daysMon 4/3/1
Fri
75/ 12/17

7 days Mon 4/3/1

Tue
7 4/11/17

Configuration

32

7 days Wed 3/29

T/1
hu
74/6/17

Hosting

31

SystemDeployment andMa
45in
da
ta
yin
sW
eed3/2T
9u
/1
e
75/30/17

30

29

28 daysWed 3/ 22
Fri
/14
7/28/17

Software Test Description

30 daysTue 3/21Mon
/17 5/1/17

27

25 daysWed 3/15
T/1
ue
74/18/17

26

45daysWed3/1T
5u
/1
e
75/16/17

12 daysMon 4/3/1
Tue
7 4/18/ 17

30 daysWed 3/ 1/1
Tue
7 4/11/17

28 daysWed 2/22
Fri
/13
7/ 31/ 17

28 daysWed 2/15
Fri
/13
7/24/ 17

26 daysWed 2/ 15
Wed
/17 3/ 22/17

27 daysWed 2/ 15
T/1
hu
73/23/17

26 daysWed 2/15
Wed
/ 17 3/22/ 17

45daysWed2/1T
5u
/1
e
74/18/17

25 daysThu 2/9/1
W
7ed 3/15/17

20 daysMon 2/13
Fri
/ 17
3/10/17

28 daysFri 2/3/ 17
Tue 3/14/17

27 daysThu 2/2/1
Fri
7 3/ 10/17

30daysThu2/2/1
W
7ed3/15/17

7 days Fri 1/20/1

Mon
7
1/ 30/17

10 daysMon 1/16
Fri
/ 17
1/27/17

3 days Fri 1/13/1

T7
ue 1/17/17

7 days Thu 1/5/1

Fri
7 1/ 13/17

3 days Tue 1/3/1

T7
hu 1/5/17

Software Test Plan

28

11 19 27 4

12 20 28 8

16 24 1

17 25 3

11 19 27 4

Jan 1, '17 Jan 22, '17

Feb 12, '17
Mar 5, '17Mar 26, '17
Apr 16, '17
May 7, '17May 2

20daysTue 1/3/1
M
7on1/30/17

Duration
Start

25

24

Testing

Log in - Register Page

17

23

Home Page

16

15

Developing

Front End

11

14

Back End

9
10

Designing

Software

Hardware

Project Initation

Mode

Task Task Name

ID

Critical Path: Start (1) (2) (4) (5) Finish

(1):
(2):
(3):
(4):
(5):

Project Initation
Designing
Developing
Testing
System Deployment and Maintaine

81

(1): Project Initation

Critical Path: Start (1) (2) (3) (4) (5) (6) Finish

(1).
(2).
(3).
(4).
(5).

Hardware
Software
Database Server
Web Server
Wait Frame

(2): Designing

Critical Path: Start (2) (3) (4) Finish

(1).

Back End

(2).
(3).
(4).

Front End
Debug
Review

(3): Developing

Critical Path: Start (4) (5) (6) (7) Finish

(1).
(2).
(3).
(4).
(5).
(6).
(7).

Home Page
Log in - Register Page
Product Page
Search Page
Shopping Cart Page
Payment Page
Help Page

(4): Testing

Critical Path: Start (1) (2) (3) Finish

(1).
(2).
(3).

Software Test Plan

Software Test Description
Software Test Report

(5): System Deployment and Maintaine

Critical Path: Start (3) (4) (6) (7) Finish

(1).
(2).
(3).
(4).

Hosting
Configuration
Training
Support and Maintaine