This is the first installment of learning reflection posts for my capstone at WSU.  This week in class we formed groups to work on projects.  I am still figuring out what we will be doing exactly, we are very early in the process, but we started pulling resources.  This week I read up on OpenMRS and AMPATH.  I started reading through this book which I found on the OpenMRS website and gained some knowledge about the background and goals of the project.  As for AMPATH, I perused the website, and gained an understanding as to what they are trying to accomplish.  In all honesty, it seems like OpenMRS and AMPATH are noble endeavors, and I’m excited to get started on our own project.  I suppose the next step is to get together with our group and begin creating our product backlog, and start our first sprint cycle.  Unfortunately, this week was mostly spent on researching what we are getting involved with, and there was little physical progress.  Hopefully, next week will involve more direction and some real progress will be made.

From the blog cs443 – TayNock's Blog by taynock and used with permission of the author. All other rights reserved by the author.

This past week I read the first two chapters of The Clean Coder by Robert C. Martin.  The first chapter’s main focus is on professionalism.  Martin defines professionalism as a “marker of responsibility and accountability,” (8).  He then proceeds to explain what he means by that statement, and he describes what he believes makes a programmer a nonprofessional.  In chapter two Martin describes in detail an aspect of being a professional.  He stresses the importance of saying “no” when a programmer is asked to complete tasks in unrealistic timeframes.  He provides numerous situations and describes why some ways of handling the situation of saying “no” are better than others.

So I am 43 pages into reading The Clean Coder, and I must say that Martin definitely has a very strong opinion concerning his topic.  To an extent I would say that I find it overboard and at times even condescending.  The thought that an employee is only a professional if he or she would pay ten thousand dollars back to the company for an error just seems unrealistic.  Additionally, I can’t imagine an employee keeping his or her job for very long if he or she kept saying no to their employer when asked to complete an assignment.  I understand that I am oversimplifying Martin’s point, but at the same time, you must make adjustments and compromises in order to fulfill demand, even if that means not testing every piece of code that you write.  Hopefully I find some more realistic information in the later chapters, because as it stands, I find Martin’s writing to be far too idealistic to be useful.

From the blog cs443 – TayNock's Blog by taynock and used with permission of the author. All other rights reserved by the author.

Well, it’s a brand new semester and that means a whole new slew of blog posts.  Buckle up buckaroos!

From the blog cs443 – TayNock's Blog by taynock and used with permission of the author. All other rights reserved by the author.

Week 12

For my final blog I want to talk about a skill that I have learned is needed, when to give up. When having a deadline you must not only try and implement new interesting technologies, yet also provide a fluid user experience that is inline with the software requirements. While working on a school project I crammed learning many tools into a three week span to produce a product. Our product was a web based Hall pass. This was a simple application that would stress many concepts yet as an idea remained simple relative to many other ideas.

To name a few tools Chris Braley and I learned:

• gulp
• composer
• Laravel Framework
• Homestead using Vagrant
• Eloquent
• Elixr

These are just the main components of our web application. We worked very hard to learn and implement our ideas and Models in this new environment. We were successful yet we had to make some compromises on how we went about it. In order to preserve the development time we had we needed to skip learning the in’s and out’s of Laravel Homestead. This is a virtual machine vagrant setup that has everything you need to work with laravel, yet getting it to work properly for both of us was a challenge and we spent a great deal of time on this. Eventually we had to make the decision to throw in the towel to ensure we could produce the requirements at the quality we desired. Choosing to ignore this aspect and the advanced Roles management library allowed us to develop a system that could handle improper input from the user to avoid errors. We chose to step back and reevaluate the need of this aspect of laravel and we knew we could continue to develop without it. This ultimately led to our success of our final project.

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 11

Penetration Testing and Vulnerability Scanning are two sides of vital testing that should be preformed on all production applications. But what are they? and what are their differences?

Lets start by defining each.

Penetration Testing is the act of brute forcing, and using common and known hacking techniques to exploit weaknesses of an application.

Vulnerability Testing/Scanning is the act of checking all software versions to ensure they are up to date with current security standards.

Will these prevent an attack, maybe…There will always be a possibility of being compromised but the more caution and thought you put into your design you can minimize this risk. Because just like physical crimes, criminals look for unlocked doors.

 As you can imagine both of these are vital to a systems analysis. Yet both have their time and place. These test should be ran when major software upgrades and even downgrades are needed to ensure software integrity. Tools like Kali and Appscan by IBM, are just an example of a penetration testing software suite and a vulnerability scanner.

The main difference is this:

Penetration testing looks for unknown vulnerabilities and scanning checks for known security issues in older dependencies.

Getting Started with Web Application Penetration Testing

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 10

Backend testing sounds like a scary word. To be able to take out the intimidation from this idea we need to break it down into its components that usually make up a backend:

• Database(s)
• API’s
• Servers

Honestly that all! Now that we broke it down into terms that we have heard before it become easier to think about how we would go about testing each one of these components.

Databases:

How would you test a database? Well lets start with what does this component should provide.

• Lists of data
• Quick Responses
• Secure connections

Now there is a lot of room for error if your database is not properly configured. Security relies on both the UI restricting access, and security patches being up to date. Quick responses is something that should not be too hard, yet if you create complex queries without the hardware to handle the transactions in mass quantities, bottlenecking could occur. The same could be in the inverse. If you have a poor query and have multiple collections of data stored and variable you may use more time than thought to manipulate the data. This is why you want Entity relationships to be properly initialized to leverage the Databases design for relational queries that are cached and fast.

So how do we test this? well the answer is pretty simple. SQL! you want to create queries of equal complexity of your application and gather results and statistics on how your database handles the queries. By doing these tests a developer is able to leverage the optimal way of extracting data for their application.

API’s:

API’s are Application Program Interface’s that allow you to connect to a suite of public functions that are open for use. These are usually decided upon early on. So testing for these can begin early to allow for re-evaluation of the goal/implementation if problems arise. The trouble with many API’s is that they can be depreciated and this is common as many companies improve their software and databases. You can create custom tests and view the logs to see the output of the API call.

Servers:

Now this is a topic which is hard get specific but say you have a server with a OS and tools that server the purpose needed then the steps you can take to test this just like any part of the database is benchmark softwares. This allows the tester to grade the performance and many other factors of software and other tools.

Working on a backend in a way may sound scary but remember this is not something we have not worked with before, it just could be on a larger scale :).

Resource:

How to Perform Backend Testing

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 9

I have been enjoying the Software Testing Help Blog. The writer has a way with keeping me interested while making me think in a few different ways. When I saw this post I couldn’t help but read it. Sushma goes on to many points and explains both sides of the coin for Developers vs Tester. I love the start and it just makes sense, Developers think “how can I build this application” and Testers think “how can I break it”. She goes on to explain that this game of cat and mouse is like Tom and Jerry ( a Cartoon that makes up a large portion of my childhood so it rang with me) when they work together you get a beautiful end result. Although much of her article explains how testing at the end of an applications development cycle is just expensive and impractical. That testing is something that should and is commonly done throughout the development cycle.  The ending of her blog sums up some great ideals of both a Tester and Developer that really shows how they are designed to work together to achieve an end result. Throughout she explains how a tester needs to think about how an input form may react to different inputs based on the requirements. This to me only makes sense yet the whole time I was thinking the developer should be wise enough to put in place these error messages and handlings. She ended up wrapping this up in a nice description of what a developer’s goal is and what a tester’s goal is.

I could not write this portion any better and it made the whole blog meld together perfectly for me. It really sums up the job descriptions to see how they end up with the same goal in mind, a great piece of software/1=

Resource:

The Difference in Perspective of “Testers” and “Developers”

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 8

Coding as we all know can have its challenges, yet sometimes you just get stuck and frustrated with seemingly no solution. Then you decide you need a walk or coffee break and you come back solve your problem almost immediately. Trust me it has happened to me more than I can count. Taking a break is not always just to get through a coding wall but also to allow yourself to think more clearly of your goals and the direction you choose to take.

Sometimes you can go on a coding marathon and at the end realize you have overcomplicated the solution and need to refactor. This is why we are seeing so many companies in the tech industry encourage their employees to stop and take a break from their work. Stress can be a motivator but also a hindrance to clear thought. The open environments that companies such as Google or Facebook have are not just to keep their employees happy but to make them feel less constricted and stressed, they can solve problems in an environment that encourages creativity as well as being human and playing a game or interacting with coworkers. Companies like Google have seen the power of leaving computer nerds with free time and plenty of passion (and an NDA that owns every cool Idea you have :P). Taking a break is not just for getting stuck but also can help us take a step back and realize the big picture and not just the piece you are working on.

Inspiring Resource Blog:

http://brianburridge.com/2007/07/08/increase-programming-efficiency-by-taking-breaks/

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 7

What if there is just not enough time to test your software?

Well this is something that every company has to deal with and ultimately tough decisions must be made.  The company needs their product launched and the user needs something stable enough for them to keep coming back. As we learned early on in our Software Testing Quality and Assurance course is that your test cases can become exponential. And just down right impossible to test it all, as well as you can address many cases yet the test quality can be lacking making this process even more of a headache. So what do you do?

1. Prepare, and analyze what is important
2. Stand by your thoughts of what your software needs
3. Ensure no critical bugs are released.

This may seem difficult but like I explained in my last blog about web application testing it is about tying up loose ends and ensuring the functionality required is up to par. First ensure your data integrity is bullet proof and that all of your CRUD functions properly. You do not want loose ends in your database because this could become a immediate problem when a field is deleted and makes your application crash. What also is important is input validation!!! I can not stress this enough, if you ensure that your input is valid every time you will reduce the possible causes of your bugs and this can reduce the cost to you and your company down the line.  After reading a couple blogs about this topic it is clear that some social skills is useful when describing what issues could lie in your software and what the risks associated with these potential bugs are. Interface bugs that are just aesthetic is not a priority over your relationships and functionality being hindered. Using Mutation Testing and code coverage tools can give you a better feel for what areas need to be addressed and what other places you need to move on from. This topic of what to do in this crisis is very open ended because it comes down to per situation and requirements for the client. So there is no one cut and dry approach to this yet with many more applications being released yearly we can grow as a community of developers educating each other on what worked best for you and your team.

I really enjoyed the first link I have below because not only does it talk about how to prioritize, but also how to deal with others who may have a different perspective on the product you are producing. Social skills go a long way in these situations and how you present your potential issues is vital to having the situation controlled and keeping your credibility.

Related Reads I used:

http://www.softwaretestinghelp.com/what-if-there-isnt-enough-time-for-thorough-testing/

You can’t test it all

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 6

As I described earlier web frameworks can be amazing, but regardless if you are using one or building a website or web app from scratch. There are a few places to start. After reading a few websites the options are pretty obvious, and from experience designing and building many websites these obvious points will still come to haunt you if you are not thorough. Trust me its the little things!

Lets start from the Obvious to less so:

• Website routes/links
  • Ensure they all work properly and no dead links exist
•  Input form testing
  • Valid input
  • Invalid input and validation handling
  • Ensure your CRUD functions properly
• Secure/Authenticated Route 
  • Ensure you can not access routes that require login
  • Ensure users can not manipulate the url to gain access to other information than what they are give
  • This can include cookie testing for logged in sessions
• Cookie testing
  • It is important to ensure your cookies are properly encrypted
    • This can contain data that the user or yourself as a developer would not want exposed
• In Depth Interface testing
  • This can include anything from usability to the look and feel
  • Is it intuitive? Could a user use this without prior knowledge? Too complex or want a feature Explain it to your user!
    • Many apps now have neat and sleek introduction walkthroughs to guide a user through the new interface
• Web compatibility!
  • Honestly this one should be first! I can not stress enough how unsightly it is to use a unsupported browser and to have a completely different user experience or just have some functionality not work.
  • Image Links in chrome do not show borders, underlines, or history color changes, yet IE does?
    • I know what you are thinking IE is just horrible. YES that it is but you need to ensure your site not only preforms properly but looks great

Website  links may seem like a given yet it could be easy to forget a simple link that could cost you. For example for a friends business venture I for the first week forgot to have the logo redirect you to the home page, yet this is an almost expected feature at this point yet if you are a sole developer its easy to miss.

Input testing is a must, time and time again developers talk about elegant and flexible applications. Allowing invalid input is just unacceptable and should be handled properly for any production application. Not only should you prevent this you must inform the user of what is allowed or why the input was not accepted and what should they change it to. Using a framework such as laravel makes validation a breeze and really leaves no excuse for anything less. The next main point for input forms is your CRUD functionality, does your database handle when a user is connected to many aspects of your design and deletes themselves,  this is when you need to ask yourself is this data important for others or can I cascade on delete. And more importantly does it properly cascade throughout your relationships? This is something that could become a big headache for both you and your users.

Authentication is something I will briefly mention, it should be known that a user should not have access to data they are not associated with or have the ability to access pages without being a validated user.

Cookies are a resource to not be taken lightly, some users don’t allow them and therefore does this make them unable to use important aspects of your application? It shouldn’t. Cookies can hold vital data such as remember tokens that store login sessions and if in the wrong hands can compromise your users data or more.

Testing your interface is important not only for debugging but it can and will also expose cumbersome tasks that could be minimized or eliminated by adding a interface feature.

I don’t think I should need to say much about Web compatibility. A clunky and inconsistent application is not intuitive for users and can be confusing or just ugly. With web design ensuring your web interface looks and feels great or at minimum the same will carry a lot of weight for you and your users.

Now get out there and start perfecting that application your work so hard on!

. Resources:

http://www.softwaretestinghelp.com/web-application-testing/

https://www.tutorialspoint.com/software_testing_dictionary/web_application_testing.htm

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.