Quick viewing(Text Mode)

Standardization of Development Process and Additional Efforts Focusing on Web Application Development

Standardization of Development Process and Additional Efforts Focusing on Web Application Development

Standardization of Development Process and Additional Efforts Focusing on Web Application Development

V Ryoko Saito V Satoru Okiyama V Fusami Hirai (Manuscript received March 14, 2006)

In this time of remarkable informationization, information have become an essential business infrastructure for managing corporate activities. Under these circumstances, due to the highly diverse functions and the related highly divisionized and specialized work, a large number of field workers are involved in develop- ment. They must therefore communicate properly and cooperate in work through a common understanding. They must also share their roles systematically and clarify the range of responsibilities between themselves. To help meet this need, Fujitsu has developed the Solution-oriented system Development Engineering Methodology 21 (SDEM21), a system development map that plainly systematizes the tasks of an entire lifecycle, from planning to operation and maintenance. Web application development has accelerated in recent years, and to assist in this area, Fujitsu has developed Com- ponentAA Development Method. This method makes it easy to construct a flexible development standard for various technologies for implementing Web applications. Moreover, Fujitsu has developed Secure Web Application, which is a security countermeasures standard for building stable and secure Web services. This paper introduces SDEM21, ComponentAA Development Method, and Secure Web Application.

1. Introduction 2. SDEM21 In this time of remarkable informationiza- This section gives an overview of SDEM21 tion, information systems have become an and some materials that enable SDEM21 to be essential business infrastructure for managing used more practically. enterprise activities. For this reason, many personnel in top management and user depart- 2.1 Overview of SDEM21 ments are involved in their development. At the Due to the highly diverse functions and the same time, the importance of security countermea- related highly divisionized and specialized work, sures within these systems is growing. workers must cover various fields. To succeed in This paper introduces Solution-oriented system planning, development, operation, and system Development Engineering Methodology 21 maintenance, workers must communicate prop- (SDEM21) to explain the standard procedures of erly and cooperate in work through a common system development in Fujitsu. It also introduc- understanding. They must also share their roles es ComponentAA Development Method and systematically and clarify the range of responsi- Secure Web Application and includes some view- bilities between themselves. points of Web application development, which is SDEM21 plainly systematizes the tasks of currently the predominant system type. an entire lifecycle, from planning to operation and maintenance. In other words, it visualizes sys-

FUJITSU Sci. Tech. J., 42,3,p.295-305(July 2006) 295 R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

tem development. It was developed based on the entire view of the diverse tasks to all workers WG activities of on-site system engineers and the involved, full coverage can be ensured. numerous project experiences of Fujitsu and com- plies with the standards of the International 2.1.2 Phase and V-model for quality Standards Organization (ISO). assurance The SDEM21 matrix and the phases and cat- Phases are defined to manage the process in egories of SDEM21 are described below. a continuous sequence of tasks in system plan- ning, development, operation, and maintenance 2.1.1 Outline of SDEM21 matrix (Table 1). Phases are set based on the V-model Phases such as design, implementation, and for quality assurance (hereafter called the testing are placed on the horizontal axis, while V-model). categories such as business, infrastructure, oper- The V-model associates the integration pro- ation and migration, which classify the tasks for cess with the breakdown process to assure quality development, are placed on the vertical axis. The (Figure 2). By pairing the testing phase and tasks to be performed (defined in the work break- design phase based on system components, it down structure [WBS]) are defined at the points makes verification and/or validation items in the where the axes meet (Figure 1). testing phase that correspond to the design phase By using this matrix and plainly showing the more specific and therefore enables quality to be

Contract process

Operation and Development maintenance process process Planning process

1) Phase (when) Designing, implementation, testing, etc.

Business, infrastructure, operation and migration, etc.

Organization 3) Work to be done 2) Category classification) (Task management process (task): WBS

Work Breakdown Structure (WBS) is a System audit process layered and defined work structure.

Figure 1 SDEM Matrix.

296 FUJITSU Sci. Tech. J., 42,3,(July 2006) R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

Table 1 Definition of phases. Information vision • Develop information vision strategy, determine execution priorities, and develop mid- planning VP term or long-term plans. Planning • Analyze current business system, define requirements, evaluate investment effects, and System planning SP make decision on development. • Check requirements for systemization, and decide range of systemization through System architectural business analysis. SA design • Design system architecture and study feasibility. • Develop project plan, and prepare method for managing project.

• Design business system specifications (process function, data structure, screens, forms). User interface UI • Develop detailed system architectural design, and design means or operation and design migration. Design • Develop overall test plan.

• Break down process into programs, determine internal structure of system, and design System structure common programs. SS design • Design operation management system, security system, and migration tool. • Develop system test plan and operational test plan. Program structure design PS • Determine program structure, and define logic. Programming PG • Develop program based on program structure design, and check the operation. Development Program test PT • Conduct test based on program test specifications, and verify quality. Implementation • Integrate programs, perform tests for each process, and verify quality. • Conduct interface tests between all processes, including interface for external systems. Integration test IT • If necessary, divide IT phase based on integration level or processing type (e.g., online or batch). • Test business system functions on actual machine. System test ST • Conduct overall system verification for performance, reliability, operability, security, etc. Testing • Conduct trial operation by user departments using machine used in operation, environment, and data. Operational test OT • Validate business system functions, performance, reliability, operability, security, etc. • Make decision on migration to start of operations and migrate business.

Operation • Check means for business operation management, user department support, system and System operation operation, operation management, and system maintenance. OM mainte- and maintenance • Deal with problems and Q&As, manage modifications of network, hardware, software, nance application specifications, etc. and develop improvement plan. ensured. Needless to say, it is essential to For example, the categories in the develop- perform verification and/or validation using ment process are business, business system reviews and/or prototyping at each design phase specification, application, infrastructure, opera- and to perform quality evaluation and judgment tion and migration (including security), at each testing phase. development support, and . By classifying the tasks as described above, 2.1.3 Categories omissions in task management, task estimation, A category is a large classification of the tasks and role assignment are prevented, while progress required to execute each process. Categories are management is also enabled. In addition, by classified based on the relationships between estimating the volume of tasks, setting quality tasks and the knowledge and technology required targets, and managing the results based on to perform tasks. They can be used to determine specific task classifications, it becomes easier to the roles of the workers involved in planning, measure the extent of progress. Furthermore, development, operation, and maintenance and to systematized tasks can be used as a basis for hu- build teams in the project. man resource development (e.g., when training

FUJITSU Sci. Tech. J., 42,3,(July 2006) 297 R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

Operation and Planning Development process maintenance process process Phase Information System User System Program System vision System architectural interface structure structure Program- Program Integration System Operational operation and planning planning design design design design ming test test test test maintenance Category VP SP SA UI SS PS PG PT IT ST OT OM

Enter- Enter- prise prise

Validation by user

Business Busi- Busi- Busi- ness ness ness

Verification by designer Sys- Sys- tem tem ...

Verification by developer Proc- Proc- ess ess Business system Breakdown Program Integration process process (design) Module (test)

Figure 2 V-model of quality assurance. new and junior employees or defining the image that describe 1) how to cope with tasks, 2) the of an ideal employee) and improving processes (as actions to be taken based on the results of tasks, a basis for evaluation when seeking improve- and 3) the know-how in development tasks for ments, etc.). each theme required to execute . The handbook covers 16 themes, based on SDEM 2.2 Materials for using SDEM more matrix, for example, , application practically architecture, and system architecture. The time allowed to develop a system in a project is becoming shorter, and there is little time 2.2.2 SDEM practical development to spend on initiating a project. To address this standards situation, codes of conduct that define the required These are practical development standards actions and practical development standards that that specify task sequences proceduralized from a project can use with the least possible workload WBS using PERT, practical WBS descriptions, and are prepared for system engineers. document templates. They are prepared for three areas: 1) general business application 2.2.1 SDEM practical handbook (codes of development (non-Web application, COBOL/C, conduct) conventional notation), 2) ComponentAA Devel- This handbook summarizes three principles opment Method (Web application, Java, Unified

298 FUJITSU Sci. Tech. J., 42,3,(July 2006) R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

Modeling Language [UML] notation) for assumed implementation technologies (e.g., mid- developing business applications, and 3) an dleware and frameworks), so the design items and infrastructure task kit for developing a system objects to be implemented are completely differ- infrastructure. ent from those for Web application development. If these development standards are applied forc- 3. ComponentAA Development ibly, a substantial change in the development Method standards is inevitable. In addition, there are ComponentAA Development Method1) is several technology options for implementing intended to provide a consistent development Web applications. For example, Servlet/JSP standard covering various technologies of Web technology or Applet technology can be used for applications. It consists of standards for develop- implementing a screen. For this reason, a change ment task procedures, document standards, of design items occurs depending on the and various types of development techniques technology selected. This is another reason why (Figure 3). The following section gives a brief the construction of development standards for Web explanation of how ComponentAA Development applications is a difficult task. Method supports Web application technologies. ComponentAA Development Method directs developers to build a system by assembling 3.1 Dealing with implementation components so that the structure of those compo- technologies of Web applications nents is arranged in the following three layers:2) It is difficult to apply development standards the presentation layer, which displays and of mainframe and client/server systems to the controls screens; the control layer, which executes development of Web applications. This is because application logic; and the model layer, which the application structure differs depending on the is responsible for accessing databases and

Development method frameworks for overall Standards for development. Defines flowchart of development development task procedures/ tasks, document system, and entry rules of each Document standards document for all tasks.

Development techniques Business operation modeling technique guide, Business analysis, data analysis/design technique guide for business designing techniques application designer.

Application common processing Designing guide of application common processing designing technology for architects and standardization teams.

Testing guide for architects and standardization Testing technology teams.

Application guide of development standard for Application guide project managers.

Figure 3 Technology system of ComponentAA Development Method.

FUJITSU Sci. Tech. J., 42,3,(July 2006) 299 R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

maintaining data consistency. This structure is 3.2 Using UML appropriate for implementing Web applications. UML3) is a widely used general notation for To facilitate the development of Web applications, object-oriented analysis and design. However, ComponentAA Development Method defines when applying UML, it cannot be used effectively design procedures and design documents for the if the purpose and method of use are not clearly components of each layer (Figure 4). It also defined in the specific development procedures. provides design guides for each selectable tech- For example, if designers are simply asked to de- nology. For example, when Servlet/JSP technology sign classes using UML class diagrams, the is applied to the presentation layer, design guides contents and quality of the completed design doc- for Servlet/JSP are used, and design guides for uments will vary and development will not be Applet can be used when applying Applet tech- efficient. nology. By combining these rules and design ComponentAA Development Method pro- guides, it becomes possible to deal with various vides a specific purpose and method for using technologies for implementing Web applications UML. For example, it states that a screen de- and easily constructing development standards signer should write a UML activity diagram in suited for the project. the user interface design phase in order to design a screen transition diagram (i.e., it defines who writes what and also defines when and why

Development process of ComponentAA Development Method Layer to be SA/UI SS/PS/PG implemented

Applet designing Application guide structure Business / Servlet/JSP Browser data analysis design guide

Business Design/ Function Presentation function implementation of breakdown layer designing presentation layer

Design/ implementation of Control layer control layer

Design/ Data implementation of Model layer design model layer

Database

Figure 4 Development process corresponding to Web application architecture.

300 FUJITSU Sci. Tech. J., 42,3,(July 2006) R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

it should be written). By combining UML with 4. Secure Web Application ComponentAA Development Method, UML can be As Web application development accelerates, used very effectively. attacks from the Internet and other external at- tacks such as injection attacks and fishing are sure 3.3 Proven integration method of data to increase at the same time. Figure 5 shows an analysis and designing technique SQL injection attack, which takes advantage of To develop an appropriate system for busi- the Internet’s vulnerability. In this example, ness requirements, data analysis and design “A0012’ OR ‘A’=‘A” is accidentally entered as a techniques are effective. This is also true when product code on a purchase information inquiry developing Web applications implemented based screen. The Web application interprets this as an on object-oriented technologies. It is necessary to SQL statement requesting a search of all items, fill the gap between data analysis and design with, and as a result, transaction information such in- for example, an entity relationship diagram (ER formation intended to be disclosed at a later date diagram) in the upper process and an implemen- or pricing information for other customers is tation based on object-oriented technology. leaked. Although a high-quality, high-reliability Object-oriented technologies enable great flexibil- information system has been developed, it may ity in design and implementation; consequently, contain vulnerabilities that necessitate costly without appropriate design guidelines, the appli- modifications or cause the to stop, which cation structure becomes inconsistent and the may lead to trust issues. quality and maintainability of the system becomes These problems illustrate that vulnerability low. countermeasures are becoming important in Web ComponentAA Development Method pro- application development.4),5) vides design guidelines that reflect data analysis In this section, SDAS secure programming, and design in the implementation of components which Fujitsu is working on, is explained. in the model layer, so data analysis and design- ing techniques, together with object-oriented 4.1 Activation of vulnerability implementation tasks, are integrated into a sin- countermeasures gle development standard with no discrepancies. A predominant style of countermeasures of- ten seen today is to assure quality by applying 3.4 Achievements and future plans separate fee-based services. These services have ComponentAA Development Method has been coping with these issues by analyzing been applied to more than 50 projects since its vulnerability information and making full use of release in April 2004. Its document standard sec- diagnostic tools. The vulnerability information is tion is disclosed to the public through a Web site, provided by the BugTraq mailing list from and it has been downloaded and is being used by SecurityFocus and by the Open Web Application over 1080 people. Security Project (OWASP).6) Web application technologies are constantly In Japan in July 2004, the “Standards for developing, and new implementation technologies Handling Software Vulnerability Information,” and frameworks are continuously appearing, some was announced by the Ministry of Economy, Trade of which are becoming popular. We will continu- and Industry, and the IPA security center (IPA/ ously enhance ComponentAA Development ISEC) started receiving vulnerability-related Method, focusing on Web applications, so it keeps reports about Web applications.7) In addition, up with new technologies and continue to provide vulnerability diagnosis services for Web leading-edge development standards. applications have been started.

FUJITSU Sci. Tech. J., 42,3,(July 2006) 301 R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

Purchase information inquiry

Product code A0012’ OR ‘A’=‘A

Search

SQL statement issued by Web application

SELECT * FROM product_table WHERE product_code = ‘A0012’ OR ‘A’=‘A’;

Vulnerability: interpreted as “search all items.”

Product Customer Unit price Type of Pricing Valid from code Transaction information leaked A0012 Company A 100 Customer price 2005/10/1 • Undisclosed customer price A0012 Company A 50 Special price 2006/3/1 • Other customers’ prices A0012 Company B 20 Customer price 2005/10/1

Figure 5 Example of SQL injection attack using vulnerability of Web application.

4.2 Challenges of vulnerability countermeasures should be tackled by all teams, countermeasures and they must be strictly controlled by consider- These services can provide fine-tuned coun- ing who takes care of what. Otherwise, the termeasures suited to a customer’s system countermeasures cannot be formalized and in- configuration by 1) limiting the diversification of creases in costs and diagnosis time may occur. vulnerabilities when Web application development technologies change and 2) providing threat anal- 4.3 Determining the type of yses and ways of coping by fully exploiting countermeasures know-how to find these vulnerabilities. However, As shown in Figure 6, SDAS provides a these services tend to be expensive. “Secure Web programming guide” for developing In many cases, these services are applied just secure Web applications as part of the develop- before an application starts, and a system for ment standards. Mandatory countermeasures to implementing countermeasures during develop- be included in application development costs and ment has not yet been established. the implementation of non-functional require- It is therefore necessary to make arrange- ments — which must be considered as a ments based on the roles of developers. Also, the mandatory requirement in the same manner as viewpoints of the team that develops business logic reliability and operational countermeasures — are based on business specifications and the team that handled separately. This separation enables the provides the processing method that makes the items to be included in application development business logic function as a Web application costs to be discussed with the customer in advance. should be considered when developing counter- By establishing this baseline and systemizing measures. In the early stages, security already known vulnerability countermeasures

302 FUJITSU Sci. Tech. J., 42,3,(July 2006) R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

Application security

Secure programming á Verifying parameters á Sanitizing Secure application architecture á Protection against session leaks and injection attacks Platform security

Authentication & Network security encryption

Reducing risk of Access controls [Reducing development costs] information leaks

Protection against Commoditization for PC security viruses security requirement

Routine procedure Process, management (Anyone can handle)

Laws related to security, Standards, certification disclaimer of warranty Effective tools

Compliance Security literacy

Figure 6 Scope of SDAS Web application securities.

beforehand, additional vulnerability countermea- 4.4 Further determination of types sures that could become necessary on a daily basis The concept of reducing costs by determin- can be distinguished from the already known ones, ing the types of countermeasures is a rather new and it becomes possible to determine whether they one that requires extra work, and to promote it in should be included in the baseline or dealt with system development projects, Fujitsu will use at extra expense. SDAS to further promote improvements in initial It will also be important to consider the tim- examinations in interviews with workers and ing of countermeasures and process selection and diagnostic procedures. ways to inspect things that must not be done. So Although the principles of vulnerability coun- far, third parties have performed these two tasks, termeasures are relatively stable, diagnostic resulting in high costs. Therefore, to reduce costs, methods and processing methods must be quick- the following three requirements will become im- ly developed to keep up with today’s rapid changes portant (Figure 7). in technology. We also aim to establish ways to 1) Confirmation methods that enable self- handle cases that cannot be managed by the base- implementation and self-correction. line, for example, authentications that require 2) Detection tools for mass-production items. threat analysis or encryption countermeasures, as 3) Frameworks and application processing well as ways to accumulate proven processing methods that have been verified in advance methods and know-how and share information. to realize 1) and 2).

FUJITSU Sci. Tech. J., 42,3,(July 2006) 303 R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

Category Check points Techniques

Business Applet, Java code35 Code checker: SIMPLIA/JF Kiyacker, etc. logic Servlet (JSP, JavaScript)11 Diagnostic tool: String search, AppScan, etc.

Application • Authentication, SSO, encryption, architecture session management, etc. 16 Consulting • Development standard, etc. (Including coverage range of frameworks) Operation, platform configuration, etc. 13

Common Business logic components, etc.

Servlet Business logic A I/F DB access DB access components control control Business logic

components B Business logic eb application I/F

Applet W

• password Common • authentication, limit access

Common checking • encryption, random numbers components

• session management components I/F • log, message, etc.

Framework verified in advance

: Business logic : Application architecture

Figure 7 Protection profiles for vulnerabilities of Web applications.

5. Conclusion References This paper introduced SDEM21, which is a 1) Fujitsu: ComponentAA Development Method. (in Japanese). basic concept for system construction, and the http://segroup.fujitsu.com/sdas/technology/ SDEM practical template, which is a code of develop_guide/1_caa.html 2) EJB Component Consortium: Reusable EJB Com- conduct for SEs. It also introduced the SDEM ponent Design (technical report) DE-00-01. (in practical development standard, ComponentAA Japanese). http://www.ejbcons.gr.jp/rules/DE-00-01-PR.PDF Development Method, and Secure Web program- 3) Object Management Group: Superstructure ming guide, which are practical development Specification, v2.0 (formal/05-07-04UML). http://www.omg.org/ standards that can be used for standardized tasks 4) H. Takagi: 40 rules for secure Web application pro- at a project site. We will continue to promote and gram development. 2003. (in Japanese). http://java-house.jp/~takagi/paper/idg-jwd2003- enhance these standards to make projects more takagi-dist.pdf effective, taking into account the trends in new 5) IPA ISEC: Secure programming course. (in Japanese). technologies. http://www.ipa.go.jp/security/awareness/vendor/ programming/

304 FUJITSU Sci. Tech. J., 42,3,(July 2006) R. Saito et al.: Standardization of Development Process and Additional Efforts Focusing on Web Application Development

6) OWASP: The Ten Most Critical Web Application 7) J. Hayakashi: About the handling of the security Security Vulnerabilities. vulnerability information. (in Japanese), Infor- http://www.owasp.org/ mation Processing Society of Japan Magazine, 46, 6, p.662-671 (2005).

Ryoko Saito, Fujitsu Ltd. Fusami Hirai, Fujitsu Ltd. Ms. Saito received the B.A. degree in Mr. Hirai received the B.S. degree in Language and Culture from Tokyo Science and Engineering from Aoyama University of Foreign Studies, Japan in Gakuin University, Japan in 1990. He 2002. She joined Fujitsu Ltd., Tokyo, joined Fujitsu Ltd., Japan in 1990, where Japan in 2002, where she has been he has been engaged in development engaged in development of standard and support of application architectures processes for system engineers at for industrial business systems. Fujitsu.

Satoru Okiyama, Fujitsu Ltd. Mr. Okiyama received the B.S. degree in Mathematics from Tokyo University of Science, Japan in 1989 and the M.S. degree in Mathematics from Nagoya University, Japan in 1991. He joined Fujitsu Ltd., Tokyo, Japan in 1992, where he has been engaged in devel- opment and application support of technology in the upper processes of Fujitsu’s System Development Method- ology, SDAS.

FUJITSU Sci. Tech. J., 42,3,(July 2006) 305

Top View