As we transition into a time in which technology is an integral and nearly essential part of daily life, the necessity of security in the technology we use becomes ever so important. Apps, devices, websites, and everything in between may have access to your personal information. You may have entered passwords, names, bank information, card details, and much more when using these things and possibly even allowed them to save that information. You may have confidence that your information will not be leaked or stolen but even with the biggest, most trusted companies, it is not impossible. 

To combat the potentially massive amount of information from getting into the wrong hands, we perform what is known as security testing. Security testing is an “aspect of software testing focused on identifying and addressing security vulnerabilities in a software application… and… it aims to ensure that the software is secure from malicious attacks, unauthorized access, and data breaches” (hackerone). It ensures that users have their privacy, the system is safe and secure, and that the software meets regulations. 

Security testing involves identifying vulnerabilities in the software through means of scanning, hacking, and evaluating it. Hacking is a method that seems to stand out compared to the other likely due to how it’s unique to security. Hacking falls under what is known as Penetration Testing which involves simulating real-world attacks on the software in order to expose vulnerabilities. Hacking, by definition, is the gaining of unauthorized access to data in a system or computer, but in this case this form of testing falls under ethical hacking. Ethical hacking is essentially hacking but with legal authorisation and is intended solely for security reasons. Overall, security testing is the perfecting of a software’s security through means of identifying and exposing weaknesses and remediating them.

I’ve actually had my debit card info taken in the past and my money used to purchase things without my knowledge. Thankfully, I got all my money back as well as a new card but, at the time, I was extremely anxious and worried. I was desperately searching for what could have taken my information and to this day, I still have no clue. It was likely my fault for putting my information in some shady place but there’s a chance that a site or app I had my info in and trusted was breached. I believed that I was being very careful with what information I shared and where I shared it but that situation really shook me. Security testing is not a topic we went over in class but it is a good topic to learn about nonetheless. Although learning about the testing of security is not something that everyone is interested in, I believe that teaching people how to protect their information is becoming more and more important.

https://www.hackerone.com/knowledge-center/what-security-testing#:~:text=Security%20testing%20is%20an%20important,unauthorized%20access%2C%20and%20data%20breaches.

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

Although I wasn’t present for the class in which code reviewing was introduced, it seems like a pretty simple topic to understand. It consists of… well, reviewing code; the only thing is, it can’t be done alone. Code review’s core and effectiveness lies in cooperation with others, where two or more people are required to even attempt code review. Of course, you can literally “code review,” as in, you review your own code but this refers to something more. 

What does it mean to review when it comes to code? Well, everyone is human, for the most part, and humans are prone to mistakes; and in the case of developers, these end up as bugs, errors, and everything in between. Code review allows others to look through one’s code to find these mishaps that the original developers may have missed or overlooked. I am also human and have had many cases in which I get stuck and have to ask a friend to look through my code just for them to point out something so simple and easy to spot yet I managed to miss. 

Code reviews encompass not only the spotting of mistakes but also the improvement of overall code, so as to have a better, more-refined end product before merging and such. This improvement of overall code includes but is not limited to structure, cohesion, cleanliness, and readability. Clean code is something that I hadn’t heard of until somewhat recently, so that aspect of my code from the past and even now can be improved upon heavily and would be greatly appreciated. 

Code reviews are usually chances for the one being reviewed to correct their mistakes and improve their code but there is also an opportunity for the reviewer to learn. The reviewer may encounter new techniques, solutions, and perspectives through this process, ultimately benefiting both reviewer and reviewee. 

One of the major downsides to code review is that the length and content of them depends entirely on the length of the code; and code can get to some very large sizes. The time spent reviewing especially large code could potentially be put into the current project, workflow, or what have you. 

As someone who is not so confident in their coding skill and proficiency, I believe that code reviews are great opportunities to learn and improve, which will in turn improve my confidence in my skill. There is much to be gained with code review and the downsides seem to only apply to much larger projects; so as a student and novice developer, they will be great to implement to my learning.

https://medium.com/@priyanthinisivasubramaniyam/everything-to-know-about-code-review-as-a-beginner-2a360cdd89ca

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

It’s certainly been a while since my last post. I’ve been slacking way too hard, especially with break, but now it’s time to lock in and focus on my work. 

For this blog post, I’ll be talking about Test Driven Development, or TDD for short. TDD is a “software development practice that focuses on creating unit test cases before developing the actual code.” It attempts to avoid or solve the issues that arise in “traditional testing.” TDD, rather than testing one big system, tests small chunks of code at a time. It also “follows an iterative process, where small chunks of code are developed, tested, and refined until they pass all tests.” This allows for errors to be found, debugged, and fixed as early as possible in the development process (BrowserStack).

In Kent Beck’s blogpost, “Canon TDD,” he lists the steps to properly adhering to TDD:

1. Write a list of the test scenarios you want to cover
2. Turn exactly one item on the list into an actual, concrete, runnable test
3. Change the code to make the test (& all previous tests) pass (adding items to the list as you discover them)
4. Optionally refactor to improve the implementation design
5. Until the list is empty, go back to #2

Being introduced to a process that differs so much from the “norm” and is also quite efficient and thorough is both refreshing and exciting to learn about. When this topic was first introduced in class, I was very lost but I picked it up not long after; but then again, the example we followed was a very simple one. Once we moved onto a more advanced one to work on within our groups, I was lost again. I understand the concept of Test Driven Development but putting it into practice, at least for now, seems pretty hard. It also seems like a skill that is easy to pick up but hard to master as some tests can be more beneficial than others when it comes to coverage or time management. 

I feel as though there are little downsides to TDD and when it comes to those downsides, they mostly lie in the capability of the individual. Forgetting to run tests, writing too many tests, writing too much for a test, and writing tests that are impractical are just some of the issues that may arise when using this practice. 

Overall, Test Driven Development is a practice that individuals and teams may want to use to try something new or to test if it’s more effective than their current one. It‘s a very different approach to the development processes that I’m familiar with but that’s not always a bad thing; and in this case, TDD seems like a great practice.

Sources Used:

https://www.browserstack.com/guide/what-is-test-driven-development

https://tidyfirst.substack.com/p/canon-tdd

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

Among various testing techniques, equivalence class testing stands out as an efficient method for cutting down the number of test cases required while maintaining thorough test coverage. 

Equivalence class testing is based on the principle that inputs can be grouped into equivalence classes that exhibit similar behavior. By selecting representative test cases from these classes, testers can efficiently cover various scenarios without testing every possible input value individually. This technique is the best of both worlds, optimizing test case selection all while maintaining thorough test coverage; as those from ProfessionalQA.com put it, both the quality of test cases as well as testing as a whole is enhanced “by removing the vast amount of redundancy and gaps that appear in the boundary value testing.”

Equivalence class testing has four variations, each of which have their own benefits, downsides, and uses. They are determined using the combinations of two factors, the number of test cases and whether only valid values are tested or both valid and invalid are tested Thus, in terms of equivalence classes, we have weak-normal, strong-normal, weak-robust, and strong-robust. Weak-normal has few but effective tests and only covers the valid equivalence classes, strong-normal covers every valid equivalence class, weak-robust is like weak-normal but includes an invalid equivalence class(es) as well, and strong-robust covers every valid and invalid equivalence class. One thing to note about strong-robust equivalence class testing is that there is some redundancy when it comes to testing the invalid equivalence classes.

Equivalence class testing was a bit hard to pick up initially but it really clicked thanks to some visual aid, that being the graphs of the variations of equivalence class testing. With this visual, I was able to understand how effective equivalence class testing is and why some will want to use it. It allows testers to “focus on smaller data sets, which increases the probability to uncovering more defects in the software product” and may reduce the possibility of error on the tester’s part. With other testing techniques that are more difficult or time-consuming when it comes to larger data sets, equivalence class testing is a great alternative.

https://www.professionalqa.com/equivalence-class-testing

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

Boundary testing is a technique that “involves evaluating data based on boundary values… such as minimums and maximums.” It involves testing the lower and upper limits of a domain of inputs, as well as values just inside and outside those limits. This technique helps improve software quality by detecting defects early in the development process, which ultimately saves time and resources. This is due to the fact that “the number of defects at the boundaries of an input domain tends to be higher than in other areas of the domain.” 

Going back to how it saves time and resources, it helps developers choose more efficient test cases, which cuts down on time and how much they have to do, especially with large sets of data and number of inputs to consider. Furthermore, this technique “allows for a lot of uniformity and the test cases are much smaller” meaning that it can be automated. This would save more time, possibly result in less errors than if a person were to write the test cases, and allow for developers to put their focus on other tests or somewhere else, resulting in increased productivity. 

Boundary testing involves determining the input value range, which is whatever values the system accepts. Values inside that range are valid while those outside are invalid. Test cases are then created based on the values at the extreme ends, end values, and values just before and after the end values. For example, with a range of 0 to 100, we test values less than 0 (-50), greater than 100 (150), values around and at 0 and 100 (-1, 1, 99, 101). 

Another example the article shares is one that allows users to create a password. The password has to be 5 digits meaning that the range is 10000 at minimum and 99999 at maximum. Any combination of numbers is valid as long as it is 5 digits long, meaning that 4 digit long and 6 digit long passwords are outside the range and are invalid. 

Boundary testing seems like a very useful testing technique with very little downsides. It’s a black-box testing technique which usually means that testers don’t need extensive knowledge of coding, computer science, or the system at hand. It also seems very easy to do as long as all the necessary knowledge for testing is provided. Seeing as how it can also be easily automated, it may be more efficient to focus on more complex or time-consuming testing techniques while this test is running in the background or on the backburner.

https://www.indeed.com/career-advice/career-development/what-is-boundary-testing

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

Over the past few classes of the semester, we’ve gone over some of the terms as well as the methods used in software testing. Two of the methods that stood out to me were Black Box Testing and White Box Testing, mainly because I assumed they were methods that were closely related. We didn’t go in depth with these terms and methods but from what I researched and discussed with my group, my assumption was correct.

Black Box Testing is a method in which the software is tested without looking into how it works internally. Testers provide inputs then observe the outputs produced by the system. The goal is to evaluate how the system responds to “user actions that are both expected and unexpected.” This method can help identify defects, errors, and the like from a user’s perspective, as they usually have no knowledge of the inner workings of the software. This also means that testers don’t need a deep understanding of software testing or the particular code of the software; and as such, qualifications are not so important.

White Box Testing is a method in which the internals of the software are examined and tested. Testers examine everything within the software, such as the structure, logic, and code, and create test cases that assess that. This method is effective at uncovering issues with code quality and structure, bugs, and more that can’t be seen or evaluated with Black Box Testing. Like Black Box Testing, testers must ensure that the software meets specification. Unlike Black Box Testing, testers need a deep understanding of coding and software testing as well as that particular software being tested. 

I believe that both will be very important in the software development process, although I do lean towards White Box Testing having more impact. Those with specialized knowledge and skills will likely sort things out faster looking at the internals of the code than those without looking at just the inputs and outputs. It’ll generally be more effective as well as tests are done on the code and thus developers can quickly fix and solve those issues; whereas with Black Box Testing, it’s more of a way to acknowledge that there is some issue. I can only imagine Black Box Testing to be a very tedious and monotonous process although I could be completely wrong. It may be most effective to implement White Box Testing first and Black Box Testing afterward, as a double check of sorts.

Source: https://www.ranorex.com/blog/black-box-vs-white-box-testing-understanding-the-differences/

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

Within the past few years, AI has really made a name for itself. Whether it be through art, music, chatbots, or whatever else AI can take part in, AI has cemented itself into our daily lives. One area in which AI has become an integral part of is in software development, transforming various aspects of the process.

One of the greatest features that AI brings to software development is the fact that it can assist in generating code and finishing code as developers develop. Using existing patterns in databases for code, AI can generate code according to what the developer is trying to achieve. Say a developer needs to create a function that checks if a number is prime, returning false if it isn’t and true if it is; if a function that meets these requirements exists in a database, then the AI will simply suggest that function. 

Although using AI in this way is very useful for developers, they also need to be able to develop without it. AI can suggest code but that doesn’t mean that said code will perfectly fit into the program or that it’ll suddenly work thanks to the AI’s help. At the moment, it should just be used as a tool to make the development process easier and faster; although we may see these features and much more in the future. 

Another way in which AI can assist in the software development process is through analyzing the project timeline, workflow, and other such data and making predictions based on them. By analyzing previous projects, sprints, and other data in the development process, AI could create some insight and predictions that the project managers could take into account when dealing with current and future endeavors. These insights may include timelines, potential highs, lows, bottlenecks, roadblocks, and other such information that the managers could use to optimize the workflow and avoid issues. 

As with the developers and generated code, project managers should also have knowledge of management. AI’s suggested timeline, insights, and all that aren’t guaranteed but simply ideas based on what has happened in the past. It, like for coding, should be used as a tool but in this case, it should be used to see and suggest things that the human manager may not have anticipated or seen.

Overall, AI can be very useful in the software development process but this doesn’t mean that it is the savior for all issues within it. Like with any field one goes into, having knowledge of the fundamental ideas and practices are necessary if one wants to succeed. AI, as of now, is still in its early stages compared to what it is capable of and should be used with caution. AI was used to help write this post and I hope to be able to use it fully both now and in the future whether in my career or outside of it. 

https://www.zdnet.com/article/implementing-ai-into-software-engineering-heres-everything-you-need-to-know/

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

I’ve taken programming classes for over five years, however, just programming is not my end goal. My goal has been to get into the field of game development. 

Classes that tackle game development are rather rare and aren’t offered at most schools, so I haven’t had the opportunity to learn in a classroom environment. This means that my goal depends on my drive to learn game development in my own time. After looking into what makes a game, specifically the technical aspects of it, I found that I have much to learn. 

Development of a game can be divided into five general sections: the engine, programming, visuals, audio, and testing.

Engines are software platforms that provide “the core functionalities and features for developing and running games.” The most popular game engines today, such as Unreal Engine and Unity, are extremely versatile and allow the whole or most of the game development process to be done in that platform alone. 

Any game, at its core, is a bunch of code. And while you can develop games without programming knowledge, it becomes very difficult at the higher, more professional levels. Programming language is usually up to user preference, although some tools may require specific languages.

Visuals and audio are rather similar in the fact that both require great creativity and are crucial to games today. Any model, texture, sound effect, and music are created from scratch or borrowed from some library. Software for both categories are typically used by artists of all kinds; music producers, artists, graphic designers, and such.

Finally, testing is the “last” process of developing the game. This could be seen as the verification and maintenance steps of software development. Making sure that there are no bugs and that every other section is working properly is crucial to a better user experience.

That’s a lot of things to do in order to create a game. So many processes, so many programs and tools to learn, and so many skills I need to learn. Learning a tool is one thing, mastering one takes so much time and effort. It makes me think about how I want to tackle my goal, do I focus on one section of game development? Do I learn a decent bit of every section? I have no clue.

It feels like the path to achieve what I want becomes longer and longer. Procrastination, poor time management, and lack of dedication only worsen that. 

If you want to achieve things, you have to take the first steps towards them. I want to land a career in game development and in order to do so, I need to learn. In my free time, I will spend some of it learning online and tinker around with free game development tools until I feel confident in my ability. I could then develop my own game and take those next steps toward my goal.

https://www.linkedin.com/advice/0/which-technologies-tools-do-you-use-game-development#:~:text=Some%20of%20the%20testing%20tools,analytics%20to%20improve%20your%20game.

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

Over the past few weeks, we’ve learned about the importance of collaboration in a team. Whether that team is using Scrum or some other software development methodology, communicating with one another is one of the key pieces to achieving whatever goals they have. 

While going through the syllabus, I saw “Collaboration tools” as one of the course topics. I thought about what would exist under this category and the first one that came to mind were video calls. Zoom specifically was the one that came to mind and I wondered how it is or would be used in a software development environment.

In an article from Shari Cleare, they share that “video conferencing software provides powerful communication and collaboration tools that scrum masters can use to engage participants, especially those who cannot attend these meetings in person.” One of my first thoughts regarding this topic was that not every person on the team physically has to be at the meetings; or better yet, no one no one has to physically meet at all. This allows for greater flexibility in choosing members or in general as members can be anywhere or from anywhere, as long as they are able to be present for these online meetings.

The Scrum Master or whoever is hosting the meetings doesn’t even have to be present. Zoom allows for automatic meetings at a set time for the team so, If they are unable to make the meeting, in person or online, the other members can still perform their Sprint Planning, Daily Scrum, or other meeting.

If a team choses to meet online only due to location constraints or other reasons, you may think that it would be nice being able to work from home. I’m sure many people would rather work from the comfort of their own home, but that comfort could turn into the thing that holds them and the team back. 

Zoom can be a great tool for members that are unable to make the physical meeting, but as the main form of communication, I feel that it can easily go downhill over time. Personally, I get distracted with other things when I’m at home so doing work takes much longer than it needs to. It is also why I try to do my work while on campus. I feel that many people can relate to this and if they want to get work done and contribute to meetings and such, they should separate where they work and where they can relax.

I hope that I can have the option to do both in the future and am able to find a good balance. Going into the workplace to get work done before going home and having the freedom to work online should I be unable to make it would be great. I believe that this has become more commonplace as well. During Covid, people had to work from home, and now that it has died down, many companies are allowing either option.

https://blog.zoom.us/using-zoom-agile-software-development/

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.