Software engineering Flashcards
Plan Driven WaterFall Model
Separate and distinct phases of specification and development
- used for large system engineering projects
and when safety is critical?
waterfall model issuess
-if outsoruced is used, hard for development team to check quailty of outsourced stage
-Only appropriate when the requirements are well understood and changes are limited. This is unlikely as few businesses have truly stable conditions
Why is plan driven less used like waterfall and when would they be still relevant
Difficult to handle unknown problems using a model that forces you to planeverything in advance
* Places a lot of emphasis on testing behaviour at the end
* Limits stakeholder interactions to beginning and end
Still relevant in large scale development where lots of coordination needed
Safety critical systems requiring certification
V-Model
Advantages and Disadvantages
Waterfall model with emphasis on testing(plan driven)
-Helps ensure legitamacy of testing leading to higher chance of success than waterfall
-Changes to specification midway require changes to past phases
-inefficient in ill-understood situations
Incremental development
ad dis
Develop systems in parts where each part provides a useful function to the customer
-Debugging is easier for each increment and easier to recieve feedback
-Rapid Delivery and development possible. Allows customers to gain value from software earlier
-Reduce cost of change for future incremenets from feedback.
Increased cost of change for past incremeents
More complex for manangement.
Iterative development
adv dis
Refining and improving the same functionality.
-Good for prototyping risky functions
-potential for ongoing feedback
-Not cost effective to proudce documents that reflect every version of system
-System Structure can degrade
Prototype advantage and disadvantage
Improved system usability
allows for improved design quality
closer match to users real needs
Costs of developing prototypes
Prototypes leave out many functionality
Specifying written requirements
Description - Short statement of purpose(system will provide print faacilitiy, website will support multiple languages)
ID- unique numerical number
Rationale- why is the requirement important(maximise users who can operate a website)
fit criteria- tells you how to go abt something. how to check it.
for example - a system supporting multiple file formats could have fit criteria system will be tested against pdf,jpeg
Owner- assigning an owner confers responsibility
Requirement classifications
Furps
Functionality
Usability
reliability
performance
supportability
Enduring vs volatile requirements
Enduring - Stable requirements derived from core activity(hospital will always have doctors)
Volatile requirements - requirements which change during development or when system is in use
Agile development applicability
Ensuring it isint a safety critical development
Ensuring it isint in a heavily regulated industry
If project contains uncertain elements at the time of starting
small medium size projects around 3-18 months
Agile development technique XP
takes extreme approach to iterative development
New software versions may be built several times per day
small increments are delivered to customers frequentyl
ALl test must be ran for every build
Key practices of XP
User stories- user requirements are expressed as scenarios then broken into task( AS A ? I WANT TO? , SO THAT I ?)
collective ownership- anyone can change it if bug spotted
refactoring - programming teeam look 4 possible software improvements. e.g renaming methods to make them more understandbable
Pair programming- developing code in pairs
More efficient as each line of code looked at by 2
Test Driven Development
Test are written before the code and code is developeed incrementally along with a test for that increment
how to go about running a TDD
identity functionality to test
write automated test for this functionality
Run the test(should fail as code not written yet)
implement the functionality and re-run test
Once successful, implement next chunk of functionality
Benefits of TDD > Poblems
Writing the tests before the code itself clarifies the
requirements to be implemented
Code Covereage as every code segment has at least one associated test
Test are simple so debugging should be simple
Testing emergent features is tricky such as security
Hard to determine when a set of test is complete
Agile development technique : SCrum
A daily meeting of the Scrum team that reviews progress and prioritizes work to be done that day.
nitial phase: outline planning phase (objective)
Sprints Phase: Where each sprint develops an increment of the system.(shippable piece of functionality)
Closure: Documentatin and lessons learned
Scrum Master
backlog
faciliator who arranges daily meetings
-Tracks the work to be done
-measures progress
communicates with customers and management outside the team
this is a list of ‘to do’ items which the Scrum team must tackle
A backlog is maintained containing the set of
user stories still to be implemented.
Scrum benefits
Product broken down into a set of managable chunks
Unstable requirements do not hold up progress
Customers see benefits with every increment
Daily meetings take up valuable resources restricting team size
Scrum master is challeniging
Close ties depend on team co-location
Feasibility study
Decides whether or not the propsed system is worthwhile
-risk of project
how will system help
Why would personas be used
Personas are used to represent the interests of user
groups without identifying with real world individuals
Particularly useful when exploring negative character
traits
Benefits of software reuse
Problems of reusye
Increased dependability- Tested software likely to be more dependable then new software
Lower development costs- lower cost than developing new software
accelerated development- speed up system production as development and validation time reduced.
Increased mainteneance costs- reused elements of system may become increasingly incompatible with system changes.
Finding,understanding and adapting reusable components- software components have to be understood and sometimes apdapted to work in new enviroments.
Open source licensing models
General public license - ‘recipricol license’ meaning if you use open source spftware under GPI, you must make that software open source.
Lesser general public license- you can write components that link to open-source code without having to publish source of your component
Berkley standard distribution license- Non reciripocol license meaning not obligated to re-publish any changes made to open source code
ERP , CRM , LCNC
ERP-costly, increases process speeds of business
CRM - customer niteraction and sales
For LCNC - low code no code ( point and click programming)
Short lifespan systems
Rapid deployment situations
Limited functionality systems
Non mission critical infrastructure
Measurements for reliability
Mean time between failure = Mean time to failure + mean time to recover
Availability = MTTF / (MTTF + MTTR)
Drawbacks of measurements for reliability
System load difficult to model as it may vary by time of day
Disasters may occur
Seasonality
Growing business
Static Software inspection (testing)
No execution of code
used for verification and not validaiton.
AD-Incomplete versions of a system can be inspected without additional costs
An inspection can also consider some nonfunctional attributes of a program
D
Dynamic testing
Development testing, where the system is tested during development to discover bugs
Release testing, where a separate testing team test a complete version of the system before it is released to users.
User testing, where users or potential users of a system test the system in their own environment.
Testing strategies
Partition testing - where you identify groups of inputs that have common characteristics and should be processed in the same way.
Guideline-based testing, where you use testing guidelines to choose test cases.
Development testing
Includes
Unit testing- Individual program units or objects classes are tested.
unit tested should be automated to make retesting easier.
Component testing- several indiviudal units are integrated to create composite component
System testing- some or all of the components in a system are integrated and the system is tested as a whole.
Release testing
usually black box testing process so unit test wont help.
may involve testing the emergent properties, such as performance and reliability.
Load is steadily increased until the system
performance becomes unacceptable.
User testing types
Alpha testing- Users of the software work with the development team to test the software at the developer’s site.
Beta testing -release of the software is made available to users to allow them to experiment and to raise problems that they discover with the system developers.
Acceptance testing- Customers test system to decide if its ready to be accepted from system developers and deployed in customer environment
DevOps Practices
DevOps involves far deeper communication and cooperation between Development staff and Operations staff.
DevOps would be used where there is uncertain functionality, and potential for ongoing change
Automated Testing - TDD
Integrated software configuration- Systems allow staff to manage and share information about configuration and change
Continuous integration and deployment - integrate changes quickly and deploy quickly. – leads to far more responsive development but increase risk as it relies on programmers testing codes themself
real-time-monitoring- proactive monitoring canresolve issues before they become catastrophic( making logs available to developers)
Devops drawbacks
Requires organisational culture change. Management, employee training.
Requires significant investment in software development tools such as docker
currently few studies to measure effectiveness
DevSecOps
Similar to Devops but Centred on security engineering
Key processes to support DevSecOps
Test Driven Security- Regression test to cover common security failures
SAST- used testing in relation to security without running the code.
-Analyse system based on static code
-Largely automated tool based checking
-Prone to false positives
DAST - Attack a system while it is running to look for vulnerabilities.
-Largely automated
-Can still generate false positives despite use of IA
-blackbox in nature
IAST(interactive application)- Similar to DAST but whitebox in nature
- Only checks code being executed
-programming language dependent
Penetration testing
-Uses ethical hackers
- mix of automation and manual testing
-avoids false positives
-Expensive and requires expertise
How to monitor for intrusion
Intrusion detection system- Alerts human or dsicovery of threat but takes no action
Intrusion prevention systems - Would take pro-active action and alert humans.
Logging Pipelines- Without logs, we cannot monitor, Without logging pipelines, logs will remain scattered
-Logs provide easy access to info.
-Provides audit trail for secuitry incidents.
Professional responsibility
Confidentiality- respect the confidentiality of employers or clients whether or not agreement has been signed
Competence - Dont accept work outside their competence
Intellectual property right- Engineers should be aware of local laws governing the use of intellectual property(copyright)
Computer misuese- Software engineers should not use their technical skills to misuse other ppls computers
8 ethical priniples of ACM/IEEE
Public interest, client and employers intrest, product standards, professional judgement, ethical management, professional integrity, support colleagues, self growth.
Equality Act
DPA
GDPR
Unlawful Act- Unlawful for service to discriminate against a disabled person.
Data Protection Act-Data used fairly,lawfully and transparency
- used for explicit purposes
- Used in a way that is relevant and limited
-Accurate and kept up to date
-Kept for no longer than necessary
-Handled in a way that ensures appropriate Security
GDPR- .Strengthens ability to find where your data is held
Prevents sale of your personal data without consent
GDPR issues
- infereed data. Say you are 80 years old living in london st 1 kenworth ==> The fact you are old and in kenworth is known
- Hidden information - you can ask a company where they got your info from. but they only have to give a rough idea
Foi Act
FOI act 2000 gives individuals the right to
access information about certain public bodies
by two routes :
Publication scheme- MAny orgs provide much of the info that can be requested using websites.
General right of access –> to be told whether info exist.
requests must be in permanent form
decision to withold requires good reasons such as:
Excessive costs
Communications with the King
law enforcement
Vexatious- clearly has no purpose or value
Repeated
Software process activity
software ( specification, development, validation, evolution)
software produces with bespoke (from scratch)
COts(from standard products)
Behavioural driven development
uses structered english language and focuses on providing suitable unit and acceptance test which are executable
BDD advantages and disadvantages
Allows a broader range of stakeholders to check acceptance test are approriate and accurate.
-Acts as a bridge between user storeis and code test
Requires training as writing gherkin is a little difficult.
Ensures code will work but not that it is good or efficient code.
Architectual patterns
Anti patterns
peer to peer
event driven
clinet server
replicated, dead code, very long methods, poor method names
role of defensive progrmaming
imrpoves progarm and robustness of software through,
error handling,
input handling
redudancys
making code easily understandable
Purpose of usecase diagram notation
Shows how systems are linked at a high level.
It supports non-technical users in discussing design
Purpose of class diagrams
shows the existence of Classes and is used to
represent the static structure of the system
Details of the relationships between classes
Beneftis and disadvantages to globilisation
Allows outsourcing to the best organisation for a given area of development
Allows 24 hour development in theory at least making use of hand offs around the
world, saving money and time
Requires understanding of local laws etc in the deployment market
Limited in-person meetings can restrict communication opportunities
Use Case Diagrams : To determine what functionality is required
and who interacts with it
Class and Object Diagrams : To determine what objects there are
and what associations exist between them
Sequence Diagrams : To determine the behaviour of objects as
they interact
State Diagrams : To explore the state of a given system
Activity Diagrams : To determine what an object does during
states of a state diagram, and what a collection of objects do
through a whole use case
