This is my first blog for CS-343
. Feel free to follow my journey.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
This is my first blog for CS-343
. Feel free to follow my journey.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
Overall, I believe the second sprint went well. Like the previous sprint, we had meetings in person or over discord. All in all, I believe we all did a fantastic job of keeping each other updated and asking each other questions when we got stuck. I noticed that once we finished one issue, nobody hesitated to start another issue which really helped us with moving the project along. During this sprint, we worked on several of the issues as a group. We kept up the open-mindedness, accountability, honesty, and respect that were originally described as the culture we hoped to establish in the working agreement. Like in the previous sprints, we determined the maximum amount of work that each person should attempt to finish in order to split the work fairly and equally in regards to the issues we had, and we mostly adhered to it.
I worked on multiple issues that involved verifying that the pantry projects had the correct extensions, linters, and pipeline stages. Like the last sprint, I looked over the project’s file types, created a list of required linters based on the files, added any new linters, verified that the new linters passed, verified which stages were required, and adjusted the stages as necessary. For this type of issue, I worked on “Verifying that all Thea’s Pantry projects have the correct extensions, linters, and pipeline stages – InventorySystem General” by myself and then worked on “Verifying that InventoryAPI has the correct extensions, linters, and pipeline stages” and “Verifying that all Thea’s Pantry projects have the correct extensions, linters, and pipeline stages – Inventory Backend” with the group. When working on the issue for InventorySystem General, I realized that the build and test scripts weren’t needed so I also removed those files. I also worked on “Determine what needs to be done on GuestInfoFrontend” with the group. For this issue, we reviewed comments left in the code, wireframe, and documentation. Then if any work worthy of note needed to be done, we created new issues for them. We created these issues (“Moving “Other Assistance” attribute” and “Moving Receiving Unemployment Attribute to Assistance”) and linked them to the initial issue.
I think we did really well as a team for this sprint. We did not get around to establishing a method that will guarantee that particular individuals are not examining the majority of issues, as we had originally intended when drafting our working agreement. For this sprint, we did not discuss how we would make sure to stay on top of issues that needed to be reviewed because many of the issues included us working together and we stayed on top of a lot of the issues. The time frame between finishing an issue, reviewing, and merging was a lot shorter than the last sprint. We made sure to constantly communicate with each other and the first one that could review an issue took the task. As a group, I can see that we improved a lot in that regard but I still think we could establish a method to make sure that reviewing code is not done mainly by a few individuals in the group. As an Individual, I showed a lot of improvement by checking on what needs to be done compared to the previous sprints but I think I can still improve when it comes to merging my issues as quickly as possible after they’ve been reviewed.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
For this week’s blog, I decided to research security testing because we didn’t have the chance to go over it in class. While researching, I found a blog called “Security Testing: Types, Tools, and Best Practices” by Oliver Moradov. The article is split up into a few main sections: “What is Security Testing?”, “Types Of Security Testing”, “Security Test Cases and Scenarios”, “Security Testing Approaches”, “What Is DevSecOps?”, “Data Security Testing”, “Security Testing Tools”, and “Security Testing Best Practices”.
The first section “What is Security Testing?” explains the definition of security testing then spits off into two sections that explain the main goals and key principles of security testing using bullet points to organize the information. Security testing determines if the software is vulnerable to cyber assaults and evaluates the effect of malicious or unexpected inputs on its operations. Security testing demonstrates that systems and information are safe and dependable and that they do not accept unauthorized inputs. It’s a type of non-functional testing that focuses on testing if the software is configured and designed correctly. The main goals of this kind of testing are to identify assets, risks, threats, and vulnerabilities. It gives actionable instructions for resolving detected vulnerabilities and can verify that they have been effectively fixed. The key principles of security testing are confidentiality, integrity, authentication, authorization, availability, and non-repudiation.
The next section provides multiple sections that delve deeper into the multiple types of security testing. The examples provided are penetration testing (ethical hacking), application security testing (AST), web application security testing, API security testing, vulnerability management, configuration scanning, security audits, risk assessment, and security posture assessment. I knew about a few of these types of security testing. However, it was interesting to learn about API security testing and security posture assessments. It provided information like how APIs allow attackers to gain access to sensitive data and utilize them as an entry point into internal systems and the basics of what a security posture entails.
The blog then discusses some important test scenarios like authentication, input validation, application, and business logic then provides other tests in a bulleted list. It then discusses the types of approaches ( white box, black box, and grey box testing) and a few useful tools.
The next section that I found very important was the section about best practices. The best practices mentioned were: “Shift Security Testing Left”, “Test Internal Interfaces, not Just APIs and UIs”, “Automate and Test Often”, “Third-Party Components and Open Source Security” and “Using the OWASP Web Security Testing Guide”. I knew about some of the practices like automating and testing often and testing often but I did not know about the Web Security Testing Guide (WSTG). I like the fact that the author provided a link to that resource as well. I think this blog is a great resource for those who want to learn about security testing. It is well organized and made me feel like I’m a bit better prepared to enhance security for future projects.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
For this week’s blog, I decided to research a bit on performance testing because it is listed as a topic for a class. While doing research, I found a blog called “How To Do Performance Testing: Tips And Best Practices” by Volodymyr Klymenko. In this blog, he discusses the primary purpose of this kind of software testing, types of performance testing, its role in software development, common problems revealed by performance testing, tools, steps, best practices, and common mistakes to avoid. The blog was well organized and clearly simplified each topic.
The purpose of performance testing is to find potential performance bottle necks to identify possible errors and failures. This is to ensure that the software meets the performance requirements before it is released. Some types are load testing(response under many simultaneous requests), stress testing ( response under extreme load conditions or resource constraints), spike testing (response under a significant and rapid increase in workload that exceeds normal expectations), soak testing(simulates a gradual increase in end users over time to test the system’s long-term stability), scalability testing(how the system scales when the volume of data or users increases), capacity testing (which tests the traffic load based on the number of users but differs in scope) and volume testing(which tests the response to processing a large amount of data).
The next section discusses the role of performance testing. I found some of the bullet points to be a bit obvious like “improving the system’s overall functioning”, “monitoring stability and performance”, and “assessing system scalability”. The other points mentioned were “failure recovery testing”, ”architectural impact assessment”, “resource usage assessment” and “code monitoring and profiling”.
After discussing the role of performance testing, the author discussed the common issues revealed by performance testing. The problems discussed were speed problems, poor scalability, software configuration problems, and insufficient hardware resources. This section is broken down into many bullet points to explain each issue. I found it to be very beneficial in simplifying the ideas presented.
The last three sections are the steps for performance testing, best practices, and common mistakes to avoid. The steps presented in this article for performance testing were: 1.Defining the Test Environment, 2.Determination of Performance Indicators , 3. Planning and Designing Performance Tests , 4. Setting up the Test Environment, 5. Development of Test Scenarios, 6. Conducting Performance Tests , and 7. Analyze, Report and Retest. The section after explaining the steps includes some best practices like “Early Testing And Regular Inspections “ and “Testing Of Individual Blocks Or Modules”. Some of the common mistakes to avoid that I found to be noteworthy were “Absence of Quality Control System” and “Lack of a Troubleshooting Plan”. While working on the Hack.Diversity Tech.Dive project, I had to do some performance testing and even used a tool that was mentioned in the article called Postman. In the future, I will definitely be more prepared to do performance testing now that I can reference this article.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
For this week’s blog, I decided to write about the pattern called “The Long Road” from Chapter 3. My previous blogs touched a bit on the contents of this pattern so I decided to discuss what the authors suggest for this pattern. In this pattern, the situation that is presented relates to how your aspirations to become a master software developer conflict with the expectations of others and how “Conventional wisdom tells you to take the highest-paying job and the first promotion you can get your hands on, to stop programming and get onto more important work rather than slowly building up your skills”.
The solution that is presented is to first accept the judgments you may receive from others to go against the status quo and then to stay focused on the long term. During the journey you will gain quite a bit of skills and knowledge; it is a long one so you need to prepare for it by drawing your own map. The text mentions “ you should keep in mind the expectation that you will be a working software developer even when you are middle-aged. Let this influence the jobs you take and the scope of your ambitions. If you’re still going to be working in 20 years’ time, then you can do anything”. You will be able to catch up to anyone in terms of skills in the decades that you will work and you may just pass them. Before reading this pattern I never really thought about just how long I will be working in the field. As I have discussed in many of my blogs for this class, I have been working on developing myself professionally and learning from other developers; as I have progressed, I have thought about the possibility of not being the weakest on the team so I agree that it is realistic to surpass people during your long journey.
The pattern really stresses the idea that instead of counting the days to retirement, a craftsman will willingly work until their final decades. You should thoughtfully work on developing your craft over many years. The idea of taking the long road is the foundation for a successful apprenticeship along with self-assessment. I couldn’t find anything in this section that I could disagree with. It definitely made me think of what I want to get out of this long journey because I didn’t take the time to think about it in-depth before.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
Overall I think the second sprint went well. Like the last sprint, I think we all did a good job of keeping each other updated and asking each other questions if we became stuck. For this sprint, we worked on a lot of the issues as a group. We also were open enough to communicate with each other when we realized that issues may not have been merged for a long period after being reviewed. Unfortunately, there were a couple of times when we didn’t keep up with issues that were in the “Needs Review” column. This resulted in a lot of merge conflicts that need to be resolved for those issues. We continued to display aspects of the original description of the culture we wanted in the working agreement: open-mindedness, honesty, respect, and accountability. We decided how much weight everyone should try to complete to divide the work evenly and fairly before the sprint started and we kept to it for the most part.
I worked on multiple issues that involved verifying that the pantry projects had the correct extensions, linters, and pipeline stages. For this issue, we examined the file types on the project, made a list of linters that were needed based on the files, added any linters, made sure the new linters passed, checked which stages were needed, and fixed the stages accordingly. I worked on verification for GuestInfoBackend, GuestInfoAPI, and GuestInfoSystem/General. I worked on the first two issues with the group and worked on verifying GuestInfoSystem/General by myself. We also had an issue for talking to group 3 about InventoryFrontend and InventoryBackend because they decided to work on some issues for it. Towards the end of the sprint, I realized they didn’t reach out so our group initiated a conversation to confirm if they were all set. Once that conversation finished I moved that issue to the done column. I also worked on reviewing the issue for getting InventoryBackend test working and getting the InventorySystem General test and build working. The issue for getting the InventoryBackend working was an issue that was left in the “Needs Review” column for an extended amount of time and needed an extensive amount of work to resolve merge conflicts.
As a team, I think we did fairly well but we needed to keep up with the issues that need review more. We also did not rotate reviewing issues as we originally planned when creating our working agreement and or set up a system that will ensure that there aren’t certain people who are reviewing the majority of issues. Because a lot of the issues involved us working together, we didn’t address how we would make sure to stay on track of issues that needed review. As an individual, I need to make sure I can review issues as soon as possible to prevent the possibility of having a team member work through multiple merge conflicts. I think as a group we could benefit from a specific plan for keeping up with completed issues. For the next sprint, I plan on picking a schedule to check on the needs review column.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
For this week’s blog, I decided to do more research about pairwise testing. During my search for more information I found the blog “Pairwise Testing | What It Is, When & How to Perform?” by Kiruthika Devaraj. In this blog, Devaraj breaks down the process of pairwise testing in simple steps, along with the advantages and disadvantages. She first defines pairwise testing as a “permutations and combinations based software testing technique that tests each pair of input parameters to verify that the system functions correctly for all possible discrete combinations”. It uses a minimum set of test cases to test all possible discrete combinations. The purpose of this kind of testing is to test all possible discrete combinations of inputs without the need to test every single combination. This reduces the time, cost, effort, and number of cases that need to be written. It also allows the tester to identify errors that may occur when multiple different parameters are combined which in turn increases the overall quality of the software.
Devaraj then explains the disadvantages and challenges of this testing technique. One of the disadvantages that is explained is that it can be time-consuming especially if there are a large number of test cases. Another case is where assumptions can be false because pairwise testing relies on all pairs of parameters interacting to determine the results. She explains the challenges in bullet points to make it easier for the reader to comprehend. Some of the bullets include challenges in finding meaningful inputs and the correct set of inputs. If you don’t test carefully then the test coverage may not be enough. One also needs to determine how parameters interact with each other.
The last few paragraphs of the blog describe using pairwise testing to speed up cross-browser testing. In this example, she explains the parameters that one would test (browser, operating system, device type, and screen resolution) and how to follow through with a real-world example. The author also includes a list of testing tools to help with automation for this type of testing.
The last section of this blog is the answers to frequently asked questions like “Is pairwise testing completely automatic?” and “How effective is pairwise testing at finding bugs?”. It helped clarify some aspects of the testing technique that weren’t explicitly answered earlier in the blog.
Overall I think this blog was helpful in understanding pairwise testing especially because the author included a lot of examples. It gave me a better understanding of a testing technique that I may use in the future when I have to test a complex system that has multiple input parameters and multiple possible values for each parameter.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
For this week’s blog I decided to talk about the pattern from chapter 4 called “Be the Worst”. This pattern describes the situation where you have taken every opportunity to learn and eventually have outgrown your team. In this situation, it is important that you find developers that are better than you. When you take this route you will need to put in a lot of work because your aim is not to stay at the bottom but work your way up. You will be able to use multiple methods like mimicking other developers until you are on the same level and them.
I agree with the solution for this scenario. I have found that I learn a lot when I am the weakest on a team. I am able to study the code written by the stronger members of my team and get insight on their choices. I found that learning from another person also speeds the process along. During this process, its important to avoid bothering your other team members too much. Although it can be convenient to just ask others, you need to establish a way to learn on your own so you can avoid prohibiting thew progress of others.
As one can guess, this method has risks like dragging the team down and running the risk of being fired because your productivity is not as expected. I have experienced pressure to avoid bringing the team down along with a lack of confidence in my own abilities. The first steps to follow this pattern is to develop confidence in yourself and focus on learning. Second, I think it is important to have open conversations with your team members and speak up when you may be falling behind. As mentioned in my other blogs, I have worked on past teams where I had to learned from other members. During this process, we all kept each other updated on our progress and it was crucial for us to work together to finish by our deadline.
I think this pattern aligns well with the way I’ve been developing my professional skills and I cant say that I disagree with anything. Following this path will definitely help with self-assessment because the more you know, the more you know what you don’t know.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
For this week’s blog I decided to dive a bit deeper into writing testable code because I think it is a valuable skill. While searching for blogs that discuss this topic I found “TDD: Writing Testable Code” by Eric Elliott. In this blog, Elliott explains the importance of writing testable code barriers to writing testable code, and different tips to keep in mind to write testable code.
The first thing he touches on is how a good quality process is essential to continuous delivery. One of the most important principles, he mentions, is the separation of concerns because “simplifies complexity and enhances the overall quality of your work”.
In the overview about testable code, he explains that achieving testable “allows for more efficient and effective identification of defects, ensuring higher quality and reliability”. The key characteristics of testable code are modularity (when code is organized into discrete units), clarity (code that is easily comprehensible), and independence (when code can be tested in isolation).One of the barriers of writing testable code that Elliott describes is tight coupling in code. The coupling in code is the instance where changing one part of the code can heavily impact or even break the functionality of another part in the code. If one part is changed there can be a chain reaction of bugs in various other parts of the code. Right coupling can be caused by parent class dependencies, shared mutable states, concrete class dependencies, event chains, state shape dependencies, control dependencies or temporal coupling. He explains that to write testable code you must reduce the forms of tight coupling mentioned because it makes testing easier and promotes a “more sustainable and scalable codebase”. This is why testable code and maintainable code are the same thing.
Later he explains the test first vs test after approaches. The test first approach is the test driven development approach where tests are written before the code. The benefits include better developer experience and clearer requirements and design. The test after approach is where the tests are written after the implementation which leads to a probability of biased tests and reduced code coverage.
One of the last sections provided is about the separation of concerns which a design principle for programs into distinct sections that addresses separate concerns”. This principle is important because it allows independent testing and allows developers to isolate problems more effectively in addition to allowing the ability to make changes without unintended consequences. He describes that he likes to isolate into 3 distinct sections business and state logic (the core logic of the application), user interface, and I/O and effects (the part of the application that interacts with the database).
I think this source was well organized and easy to follow. It made the text easy to understand and provided great advice for writing testable code. I think the last section about how he likes to isolate the sections was especially helpful and I will keep it in mind for the future.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.
For this week’s blog, I decided to discuss the pattern from Chapter 2 called “Unleash Your Enthusiasm”. This pattern discusses the enthusiasm for learning that many software engineering apprentices experience and how you should show it because, at this point in your career, you can provide unique qualities. This section discusses the situation where you may find yourself holding back because you may find that you have more enthusiasm than your colleagues. This is because there may be pressure to conform to the norm whenever you work on a team. In addition to this, many teams mainly focus on delivering the next product or improving on the aspects of the development life cycle. It also explains the risk of exposing your enthusiasm to an established team. In this situation, the text explains if the morale of the team is low or if they are not very welcoming to newcomers, you might make a poor impression. In this case, the text mentions that the advice in the section should not be applied blindly because you need to consider team dynamics.
The reason that I decided to pick this pattern is that I have never thought of concealing or holding back my enthusiasm for my craft. Every team that I have gotten the pleasure of joining in some way really valued my enthusiasm and the skills that they could learn from me. I have always been on a team where we all encouraged each other to learn from someone else on the team. Needless to say, I have never thought about the possibility of making a bad impression because of my enthusiasm for the task. In hindsight, I can see how exposing your ignorance of a topic can upset a team that values competence over enthusiasm for learning. I do think this quote from the text holds truth to it because of my own experience: “it is actually healthier for a team to consist of people with varying levels of experience”. Tech is a fast-paced industry so everyone is forced to keep up with new trends. A team that has a diverse set of skills at different levels is bound to create a healthy environment. With that being said, I can’t say that I disagree with anything from this section but I will be more aware of unleashing my enthusiasm on certain teams.
From the blog CS@Worcester – Live Laugh Code by Shamarah Ramirez and used with permission of the author. All other rights reserved by the author.