Category Archives: CS-443

Performance Testing

When I was in the process of learning how to build a PC as well as planning out what parts to choose, I had to weigh my options on the scales of price and performance. Some time after building it and using it almost daily, I was confident that my shiny new PC could handle nearly everything that I was using it for. I have yet to run into any major performance issues despite how my last sentence sounded but the fear of that still lingers in my mind when I try or want to try pushing my machine a bit. To prevent these worries, performance testing is done on software applications. 

Performance testing “is a type of software testing that ensures software applications perform properly under their expected workload.” It is meant to test and measure a system’s performance “in terms of sensitivity, reactivity, and stability,” using metrics such as response time, scalability, and resource usage (GeeksforGeeks). Doing so ensures that a system can handle the expected workload efficiently and effectively. 

Performance testing can be done on multiple levels such as on the application itself, the system running the application, and other levels that go a bit out of my knowledge.

There are many types of performance testing but the three that seemed most common and simple were load testing, stress testing, and endurance testing. Load testing involves testing the product’s performance under expected loads. This could include simulating user experiences through testing with different tiers of hardware, using the application for a certain amount of time, and doing things that a user may do. This ensures that the application is accessible to as many people as possible as hardware limits and mild activity will not do anything to the application nor the system. Stress testing involves putting the application under extreme loads, pushing to and even beyond its limits. This helps to identify the point in which the product breaks or affects the system, and gives an idea of what to optimize or fix in order to avoid breaking as much as possible. Endurance testing involves putting the application under stress for extended periods of time. Simply running the application over the course of a few hours, days, and possible weeks helps to identify memory leaks and how it handles a different type of load. 

Performance testing is really interesting to me as, on my PC building journey, I was very much interested in the performance of computers and how some applications require better and faster components to enjoy it at its true maximum. I, though not on the level of actual performance testing, have tested my own machine to see its limits, how it handles the maximum of certain applications, and how well it handles my use. Luckily, I’ve had very few crashing of applications, freezing, or other issues. 

https://www.geeksforgeeks.org/performance-testing-software-testing

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

“Confront Your Ignorance”.

“Confront Your Ignorance” stresses the significance of recognizing and dealing with one’s limitations and lack of knowledge in software development. It urges individuals to actively pursue areas where they lack understanding or skill, rather than disregarding or evading them. By facing their ignorance directly, developers can proactively take steps to learn and improve, ultimately enhancing their proficiency in their field.

REACTION: This pattern strongly resonates with me as a software developer. It reminds me that the learning journey is continuous and that it’s perfectly fine not to have all the answers. Recognizing our limitations can actually be the starting point for progress and expertise. Embracing the fact that there are areas where we lack knowledge allows us to explore new avenues for personal and professional advancement.

WHAT’S INTERESTING AND USEFUL: What I find particularly intriguing about this pattern is its focus on humility and self-awareness. In an industry that frequently values expertise and innovation, there’s often a temptation to feign having all the answers. However, by acknowledging our own ignorance, we open ourselves up to curiosity and new discoveries. This pattern serves as a reminder that it’s not about achieving perfection but rather about being open to learning and adjusting.

CHANGING PERSPECTIVES: This pattern has truly shifted my perspective on my profession. Rather than feeling compelled to have all the answers, I now perceive ignorance as a fundamental and valuable aspect of learning. Instead of a flaw, I see it as a chance for development. Going ahead, I intend to tackle challenges with more humility and curiosity, recognizing that there is always room for further learning.

DISSAGREEMENTS: I don’t disagree with the essence of this pattern. However, I believe it’s crucial to find a balance between acknowledging our ignorance and not letting it overwhelm us. While recognizing our limitations is important, we should also prioritize our learning, focusing on areas that will have the greatest impact on our development as developers.

In summary, “Confront Your Ignorance” underscores the significance of humility and self-awareness in the quest for mastery as a software developer. Embracing our ignorance and actively pursuing learning opportunities enables us to continually progress and enhance our skills.

From the blog CS@Worcester – THE SOLID by isaacstephencs and used with permission of the author. All other rights reserved by the author.

Pattern: Sweep the Floor

This pattern underscores the value of humility and the readiness to tackle any task, regardless of its perceived significance, as a means to learn and contribute meaningfully to a team. The concept is that by beginning with basic responsibilities and executing them proficiently, you develop a comprehensive comprehension of the work environment, the tools, and the processes at play. This establishes a groundwork for advancement and enables you to establish credibility within your team.

Reaction: This pattern indeed serves as a valuable reminder that professional growth often hinges on our willingness to embrace all tasks, regardless of their perceived glamour or complexity. It’s a testament to the fact that success often starts with mastering the basics and being adaptable to the team’s needs, ultimately contributing to a more robust and effective team dynamic.

Interesting Points: This pattern really highlights the importance of having a humble and open mindset, especially at the beginning of one’s career. By showing a willingness to tackle any task, you not only acquire new skills but also showcase your dedication and team spirit, which can be incredibly valuable in establishing yourself within a team or organization.

Impact on Thinking: This pattern has caused me to rethink how I approach new opportunities. Instead of focusing only on the tasks that I find most appealing, I now see the value in taking on a variety of tasks, even if they seem mundane at first. I realize that by doing so, I can gain a better understanding of the overall work environment and make a more meaningful contribution to my team.

Disagreements: I don’t disagree with anything in this pattern. The principles of humility and a learning mindset are universally valuable, no matter where you are in your career journey. They can be particularly impactful at the outset, setting a strong foundation for growth and development. Embracing these principles can lead to more enriching experiences and better relationships with colleagues and mentors, which are essential for long-term success.

In summary, “Sweep the Floor” underscores the significance of humility and a readiness to tackle any task, regardless of size, to foster professional development. This mindset will remain a guiding principle as I progress in my chosen career path.

From the blog CS@Worcester – THE SOLID by isaacstephencs and used with permission of the author. All other rights reserved by the author.

Security Testing

Security Testing (A Complete Guide)

Security testing is a form of testing which is rapidly growing with consumers’ needs for security on the internet. As the article states, cybersecurity is becoming very important when you are online not only for personal reasons but also for business purposes. Many companies now use multiple online resources just to run their business day to day which may include payment systems, payroll, database management or any other range of services which are offered to companies through different platforms in order to help business owners run their business as efficiently as possible. These platforms have to be trusted so that consumers continue to use them and recommend them to friends, family, etc. Some examples provided of security issues within an  application are a student management system being insecure if the admission branch of the system can edit the exam branch, online shopping malls or any online storefront is not secure if the details from users credit cards or other payment methods is not encrypted as this opens up the users to credit card fraud, and even custom software can have security issues which is highlighted by the articles example of an SQL query retrieving the actual passwords associated with users accounts. Two tools recommended in this article for security testing are Invicti which is a web application that is used to scan both legacy and modern applications and Indusface which includes scanners for web, mobile and API applications. There are also different techniques involved with security testing some of these being access to application which involves going through the different roles in a system one by one ensuring they all only have access to what they should, data protection which similarly to access to application is meant to ensure that a specific user/role cannot see an aspect or menu of the application they are not supposed to and error handling which ensures detailed error messages cannot be used to aid in hacking.

Security testing while not being something we directly worked on during the semester it would have been interesting to work with as the many different types of security testing and the many different risks associated with application security. This type of testing seems to be much more manual in many aspects versus directly writing test cases as we did in most cases but being able to test for access or test the permissions of a role in a system would be very interesting to work with.

From the blog CS@Worcester – Dylan Brown Computer Science by dylanbrowncs and used with permission of the author. All other rights reserved by the author.

Performace Testing

https://www.opentext.com/what-is/performance-testing#:~:text=Performance%20testing%20is%20a%20non,up%20under%20a%20given%20workload.

Performance testing is a form of testing in software development which is called non functional testing. Non functional testing means that the software’s function is not directly tested during this type of testing and in turn this makes a large majority of people view performance testing to be an afterthought or unimportant compared to other types of testing. Performance testing is specifically responsible for testing how a system or software may perform under a heavy amount of traffic or stress provided by many requests or users concurrently using the system. Some of the reasons that an organization may choose to undertake performance testing are to ensure a specific amount of users can be handles (for example 1000 concurrent users), to locate bottlenecks within an application which hinder performance or result in errors, to ensure that software is performing up to the standard that was given by the softwares vendor and to measure general stability as traffic goes up and down. Performance testing can require many different steps depending on the type of application being tested, the tester must make sure to look at the environment they wish to use for testing as well reading documentation on the environment or systems hardware in order to ensure the proper environment is used as performance testing may or may not involve testing within the production environment. The tester must also decide what is deemed acceptable performance wise which may involve meetings with the product owner or production team in order to set the correct standards for your tests and then you must also plan and design your original tests for performance. These tests may be all that you need, but if you require further testing due to necessary changes in a system if the system is originally unable to meet the requirements you will have to redesign and re-run your tests.

I feel as though performance testing is a lot more important than some people may think, especially to very large companies or social media platforms as they need to be able to accommodate a certain number of users not only everyday but also a certain number of users concurrently. Companies like amazon, microsoft, facebook, etc have to deal with thousands of customers or users at once and they can even reach millions of concurrent users which means they must do thorough performance testing in order to maintain the stability of their platforms and keep consumers happy.

From the blog CS@Worcester – Dylan Brown Computer Science by dylanbrowncs and used with permission of the author. All other rights reserved by the author.

Chapter 1 of “Apprenticeship Patterns” delves into the concept of the “Long Road” pattern.

The “Long Road” pattern underscores the importance of embracing the journey to mastery in software development rather than seeking quick fixes. It begins by emphasizing the complexity and depth of software development, stating that mastery is not achieved overnight. The pattern suggests committing to a lifelong journey of learning and improvement, recognizing that expertise requires time, effort, and dedication.

The chapter delves into the analogy of software development as a craft, comparing it to traditional crafts like woodworking or blacksmithing. It highlights the importance of embracing the iterative process of skill development, viewing each project as a chance to enhance abilities and deepen understanding. Additionally, it promotes a mindset of humility among practitioners, acknowledging that there is always more to learn and room for improvement.

One particularly intriguing and beneficial aspect is the focus on deliberate practice and intentional learning. The chapter highlights the importance of seeking challenges that expand one’s skills and actively soliciting feedback from experienced practitioners. It encourages the development of a personalized learning plan aligned with individual goals, promoting a proactive approach to skill enhancement.

Moreover, the chapter introduces the concept of “Kindling Your Enthusiasm,” which underscores the significance of retaining passion and curiosity in one’s profession. It proposes that nurturing a sense of wonder and excitement can bolster motivation and help individuals persevere through the challenges and setbacks they may face.

This chapter hasn’t fundamentally altered my perspective on my intended profession, as I already held the belief in continuous learning and growth. However, it serves as a reaffirmation of the significance of embracing the journey and dedicating oneself to lifelong improvement. It reinforces the understanding that expertise isn’t attained overnight but is rather the outcome of consistent effort and commitment.

Overall, Chapter One of “Apprenticeship Patterns” offers valuable insights into the mindset and approach crucial for success in software development. It highlights the significance of embracing the journey of mastery, engaging in deliberate practice, actively seeking feedback, and sustaining passion and enthusiasm. These principles are not limited to software development but can be applied to any profession or pursuit that demands continuous skill development and growth.

From the blog CS@Worcester – THE SOLID by isaacstephencs and used with permission of the author. All other rights reserved by the author.

CS-448: Week 18

Security Testing

Security testing is an important part of software development and testing. Security testing focuses on identifying security vulnerabilities such as malicious attacks, unauthorized access, and data breaches. Testing is done by verifying the system is compliant with security standards, evaluating security features and mechanisms, and conducting penetration tests to find weaknesses.

Security testing plays a critical role in software testing for numerous reasons. Some of these include the protection of sensitive data, meets compliance requirements, and most importantly maintains trust. An application with strong security helps build trust among clients and end users because strong security makes users feel that they can use the application without their information being at risk to be compromised. Organizations are held to security standards that are used to regulate the minimum level of security in an application. Security testing can be used to identify security vulnerabilities and ensure the application meets the set standards.

Main types of security testing

There are many types of security testing based what the intended use is. For example there is security testing for software applications, web based applications, APIs, and more.

Application security testing tests the security of a software application. The process includes a combination of automated and manual testing techniques such as code analysis, penetration testing, and security scanning.

As the name suggests, web based application security testing focuses on identifying vulnerabilities in web based applications. Testing also involves a commination of manual and automated testing; however, what is actually tested differs from application security testing. This is because testing web based applications involves methods such as SQL injection testing, and cross site scripting testing.

API testing evaluates the security of an application’s APIs and the systems that the APIs interact with. When testing APIs, various types of malicious requests are sent to the APIs and their responses are analyzed to find potential vulnerabilities. APIs are susceptible to specific threats such as denial of service attacks, API injection, and man in the middle attacks. Man in the middle attacks are where an attacker intercepts the API communication to steal sensitive information. Therefore the goal of API security is to ensure that they are secure from attacks and sensitive information is protected.

Conclusion

This article was chosen because it clearly explained what security testing is, why it is important, and the different types of security testing. This was important to me because I have a very little knowledge/experience with security testing. I enjoyed learning about security testing as it plays an essential role in software development because no one wants to use an application where their information could be compromised. In the future I intend to look further into standard security measures, and how to test them.

Resources:

https://www.hackerone.com/knowledge-center/what-security-testing#:~:text=Security%20testing%20is%20an%20important,unauthorized%20access%2C%20and%20data%20breaches.

From the blog CS@Worcester – Zack's CS Blog by ztram1 and used with permission of the author. All other rights reserved by the author.

Chapter 6 of “Apprenticeship Patterns,” introduces the concept of “Sweep the Floor”.

In Chapter 6 of “Apprenticeship Patterns,” introduces the concept of “Sweep the Floor” is introduced, highlighting the significance of humility and readiness to undertake even the simplest tasks as a way of learning and contributing effectively to a software development team.

The pattern starts by addressing the mistaken belief that novice software developers should concentrate solely on coding or tackling intricate challenges. Nevertheless, the authors contend that there’s considerable merit in tackling routine or seemingly unimportant tasks like documentation, testing, or tidying up code. Engaging in these activities offers chances to gain knowledge, grasp the project’s scope, and establish trust among team members.

The pattern advises apprentices to adopt humility and adopt a mindset where they are eager to contribute in any capacity, regardless of the task’s level of complexity or appeal. By undertaking modest, low-stakes duties, apprentices can incrementally bolster their self-assurance, broaden their exposure to various facets of software development, and exhibit their dedication to the team’s prosperity.


An intriguing facet of this pattern lies in its stress on the significance of context and comprehending the overarching objectives of the project or organization. Through involvement in activities such as documentation or testing, apprentices can acquire a deeper understanding of the project’s needs, limitations, and obstacles, which can serve as valuable insights for their subsequent contributions and decision-making processes.

Additionally, the pattern underscores the importance of collaboration and teamwork within software development. By engaging wholeheartedly in all project facets, irrespective of their level of experience or expertise, apprentices can position themselves as indispensable team players and forge robust connections with their peers.

This pattern is useful because it provides a practical approach to learning and professional development for apprentices in software development. By promoting humility and a readiness to tackle even the simplest duties, it aids apprentices in constructing a strong groundwork of competencies, understanding, and connections within their teams. Furthermore, by actively contributing to the team’s achievements in diverse roles, apprentices can hasten their learning curve, amass invaluable experience, and eventually evolve into more proficient and esteemed members of the software development realm.

Ultimately, this pattern encourages a mindset that values practical proficiency, self-directed learning, and a commitment to continuous skill development. It can inspire me to approach me intended profession with a greater sense of agency, confidence, and readiness to tackle real-world challenges.

From the blog CS@Worcester – THE SOLID by isaacstephencs and used with permission of the author. All other rights reserved by the author.

Sprint 3 Reprospective

Docker Build Pipeline:

  • Issue: Path not correct for copying files into Docker Compose container.
  • Solution: Adjust copy statements in Dockerfile to specify correct paths.
  • Implementation: Modify paths relative to Docker directory, e.g., bin/ if in src/.

Development Docker:

  • New scripts added for running and installing nodemon with package.
  • Type noderundev in shell script for consistency.

Reconfigure Pipeline:

  • Existing issue persists for team OL1.
  • Keep test.sh temporarily until linters are added to config.
  • Reporting system pipeline configure fails due to missing es.lint configuration file.

Linters Integration:

  • Linters not in repo for pipeline.
  • Documentation required for pipeline operation.
  • Branches cleanup ongoing.

Shell Scripts for Convenience:

  • Provide shell scripts in directories for ease of use.
  • Example: build/backend.dev for npmrundev.

Backend Development:

  • Start nodemon instead of rpm for backend changes.
  • Ensure nodemon reloads backend on code changes.

Scripts Management:

  • Separate scripts for dev and prod environments.
  • Create backenddevup.sh for backend development.
  • Later adjust for production environment.

Startup Procedures:

  • Determine startup procedure for MongoDB and RabbitMQ.
  • Currently, Docker runs MongoDB and RabbitMQ for production.
  • Scripts needed to start these services.

Research:

  • Update es.lint Docker image for better functionality.
  • Transfer existing config to new format for better linting.
  • Investigate linting for syntax and code errors.
  • Configure Gitpod workspace for linting and formatting.
  • Set up Gitpod.yaml for npm install and linting.

Code Formatting:

  • Utilize Prettier in pipeline for automatic code formatting.
  • Ensure neat documentation of all procedures.

From the blog CS@Worcester – THE SOLID by isaacstephencs and used with permission of the author. All other rights reserved by the author.

Behavior-Driven Development

Behavior-driven development is a shift in software development practices, aiming to minimize feedback loops and better efficiency. This article explores BDD and its changes from usual waterfall models to feedback-driven methods. It emphasizes the connections between analysis, testing, coding, and design within a loop of continuous feedback, leading to more effective software development. As a student, understanding cutting-edge methods like BDD is crucial. I chose this resource to go more into the details of behavior-driven development, its principles, implementation strategies, and the benefits it offers in terms of efficiency and quality assurance. Behavior-driven development focuses on behavior, collaboration, and continuous improvement that follows my class’s ideas to develop great working software solutions. The source’s discussion on behavioral-driven development’s misconceptions, especially regarding its association with UI testing, was interesting. Looking ahead, I aim to use behavioral-driven development principles in my development workflow. By adopting a test-driven analysis approach, I want to gain a deeper understanding of system behavior, prioritize features effectively, and deliver value-driven software solutions. 

Behavior-driven development offers strong communication, a shorter learning curve, and high visibility. With the shared language it’s easier for everyone to have an understanding of the project development and BDD can reach a bigger audience. Since BDD is taught in a simple language it makes learning shorter and easier. This source has sparked a curiosity to explore behavior-driven development frameworks like Cucumber and Gherkin to articulate behavior-driven tests effectively. While dealing with behavior-driven development there are a ton of rules used to guide those principles. BDD is a little tough but with a lot of practice, this principle will allow people to master this skill. The journey through BDD’s principles, misconceptions, and real-world applications has been very interesting. I enjoyed reading about behavioral-driven development and how it works in software development. It has given me a deeper understanding of iterative development, collaboration, and user-centric design. Using a behavior-driven development approach to software development, I look forward to using its power to drive efficiency, quality, and customer satisfaction in my future projects. BDD isn’t just a method, it’s an idea that focuses on continuous learning, improvement, and innovation in software development.

https://semaphoreci.com/community/tutorials/behavior-driven-development

Behavior-Driven Development

From the blog CS@Worcester – Kaylene Noel's Blog by Kaylene Noel and used with permission of the author. All other rights reserved by the author.