As we transition into a time in which technology is an integral and nearly essential part of daily life, the necessity of security in the technology we use becomes ever so important. Apps, devices, websites, and everything in between may have access to your personal information. You may have entered passwords, names, bank information, card details, and much more when using these things and possibly even allowed them to save that information. You may have confidence that your information will not be leaked or stolen but even with the biggest, most trusted companies, it is not impossible. 

To combat the potentially massive amount of information from getting into the wrong hands, we perform what is known as security testing. Security testing is an “aspect of software testing focused on identifying and addressing security vulnerabilities in a software application… and… it aims to ensure that the software is secure from malicious attacks, unauthorized access, and data breaches” (hackerone). It ensures that users have their privacy, the system is safe and secure, and that the software meets regulations. 

Security testing involves identifying vulnerabilities in the software through means of scanning, hacking, and evaluating it. Hacking is a method that seems to stand out compared to the other likely due to how it’s unique to security. Hacking falls under what is known as Penetration Testing which involves simulating real-world attacks on the software in order to expose vulnerabilities. Hacking, by definition, is the gaining of unauthorized access to data in a system or computer, but in this case this form of testing falls under ethical hacking. Ethical hacking is essentially hacking but with legal authorisation and is intended solely for security reasons. Overall, security testing is the perfecting of a software’s security through means of identifying and exposing weaknesses and remediating them.

I’ve actually had my debit card info taken in the past and my money used to purchase things without my knowledge. Thankfully, I got all my money back as well as a new card but, at the time, I was extremely anxious and worried. I was desperately searching for what could have taken my information and to this day, I still have no clue. It was likely my fault for putting my information in some shady place but there’s a chance that a site or app I had my info in and trusted was breached. I believed that I was being very careful with what information I shared and where I shared it but that situation really shook me. Security testing is not a topic we went over in class but it is a good topic to learn about nonetheless. Although learning about the testing of security is not something that everyone is interested in, I believe that teaching people how to protect their information is becoming more and more important.

https://www.hackerone.com/knowledge-center/what-security-testing#:~:text=Security%20testing%20is%20an%20important,unauthorized%20access%2C%20and%20data%20breaches.

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

This week I have read the section called Construct Your Curriculum The text emphasizes the immense access to information in the modern era, fueled by technological advancements like the printing press and the internet. Despite the abundance of digital media, it stresses the enduring value of books, particularly those authored by experienced professionals like Jerry Weinberg and Fred Brooks. These books offer a extent of wisdom and insight that goes beyond what can be found in blogs or online resources.

To manage the overwhelming number of books one may wish to read, the article suggests implementing a Reading List—a  list of books to read and those already read. This list serves as a personal curriculum, allowing individuals to prioritize their learning and track their progress over time. By making this list public, others can benefit from suggestions and contribute their own recommendations, fostering a collaborative learning environment.

The article introduces the concept of “Reading Constantly,” advocating for a steady intake of programming books to deepen one’s understanding of the field. It advises against rushing through books and emphasizes the importance of timing—reading the right book at the right time can significantly enhance the learning experience.

Additionally, the article encourages exploration of classic literature in the field, alongside more contemporary resources. It suggests asking mentors for recommendations and seeking out long-lived books that offer timeless insights into software development.

Finally, the article points out the value of a balanced approach to learning, incorporating both classic and modern literature, and leveraging tools like Reading Lists to navigate the vast sea of available knowledge effectively. Through continuous reading, reflection, and interaction with mentors and peers, individuals can cultivate a deeper understanding of their craft and continually improve their skills on their journey as software developers.

This was a good read to mark the importance of the continuation of learning and reading even after graduation and starting the professional career. It opens up the eyes for readers so that they grow and learn more and not stay stagnant.

From the blog CS@Worcester – CS- Raquel Penha by raqpenha and used with permission of the author. All other rights reserved by the author.

The article “Property-Based Testing: A Test Strategy for Modern Software” on Codemotion’s website explores into the concept and benefits of property-based testing (PBT) in the context of modern software development. PBT is a systematic approach to testing software by defining general properties that the program should satisfy, rather than focusing solely on specific input-output pairs.

The piece begins by highlighting the limitations of traditional example-based testing, which often fails to cover all possible edge cases and scenarios. This leads to the introduction of PBT as a more comprehensive testing methodology. Unlike example-based testing, where tests are explicitly defined, PBT generates test cases automatically based on the properties defined by the tester.

The article talks about the key components of PBT, including generators, properties, and test runners. Generators are used to create random inputs for testing, ensuring a wide range of scenarios are covered. Properties, on the other hand, represent the general rules or invariants that the software should adhere to. These properties are then used to validate the behavior of the software under test.

One of the main advantages of PBT highlighted in the article is its ability to uncover edge cases and bugs that may not be caught by traditional testing methods. By generating random inputs based on defined properties, PBT can uncover unexpected behaviors and corner cases, leading to more robust and reliable software.

The article also discusses the challenges associated with PBT, such as the need for careful property definition and the overhead of generating and executing a large number of tests. Yet, it argues that the benefits of PBT outweigh these challenges, particularly in complex systems where traditional testing methods may fall short.

I really like this blog post because not only did it explain the theoretical aspects of PBT, the article provides practical examples and case studies to illustrate its effectiveness in real-world scenarios. It also showed like coding examples which really helped understand how it work instead of just trying to imagine how it could look like.

From the blog CS@Worcester – CS- Raquel Penha by raqpenha and used with permission of the author. All other rights reserved by the author.

The piece “Draw Your Own Map” encourages individuals to take control of their career paths rather than relying solely on their employers or societal expectations. It addresses the common notion that programming and career advancement in the field are limited, especially for those who may not fit the stereotype of fresh graduates. It emphasizes the importance of identifying one’s own career goals and taking proactive steps to achieve them.

The solution proposed involves identifying logical yet ambitious career steps and visualizing the incremental actions needed to reach those goals. It advocates for taking the first step, even if seemingly insignificant, as it generates momentum towards larger aspirations. Rather than setting only high-level goals, the article suggests defining small, achievable steps that provide feedback and aid in obtaining assistance from like-minded individuals.

The narrative includes personal stories illustrating individuals’ struggles to pursue programming despite organizational constraints. It highlights the importance of prioritizing personal aspirations over organizational expectations and seeking opportunities that align with one’s goals.

The actionable advice includes listing potential career paths, extending the list to explore additional options, and challenging preconceived constraints to open up new possibilities. It also encourages seeking mentors and kindred spirits who can provide guidance and support along the way.

Overall, the piece advocates for a proactive and flexible approach to career planning, empowering individuals to chart their own paths and overcome obstacles to achieve their desired destinations. What I thought was the most important of this piece is the career planning aspect of it especially since this semester I am finishing up my degree and starting on looking for a career, this also like points me in the write direction on a professional work future.

From the blog CS@Worcester – CS- Raquel Penha by raqpenha and used with permission of the author. All other rights reserved by the author.

The article “Pairwise Testing” by Ryan Craven explores into the concept and application of pairwise testing, a powerful technique used in software testing to enhance efficiency and effectiveness. Pairwise testing, also known as all-pairs testing, aims to analytically reduce the number of test cases required to test a system while still maintaining thorough coverage.

This blog begins by introducing the problem of combinatorial explosion in testing. Traditional thorough testing, where every possible combination of inputs is tested, quickly becomes impractical as the number of variables or parameters increases. Pairwise testing offers a solution to this problem by focusing on testing pairs of input values. The key insight is that many faults in software are caused by interactions between pairs of inputs rather than individual inputs themselves.

The author explains the core principles behind pairwise testing, emphasizing its ability to efficiently cover many combinations by selecting a representative subset. This approach significantly reduces the number of test cases needed compared to exhaustive testing while still providing effective coverage.

This blog also shares the concept of pairwise testing with a simple example involving a fictional coffee shop application. By identifying the parameters and their respective values (e.g., coffee size, type, extras), he demonstrates how pairwise testing can be applied to generate a minimal set of test cases that cover all possible pairs of values.

Also, the article discusses the benefits and limitations of pairwise testing. While it offers substantial reductions in test case count and provides good coverage, it may not detect faults involving interactions between more than two inputs. Craven advises on when pairwise testing is most suitable, such as in situations with limited time and resources or when dealing with complex systems with numerous input parameters.

This was a good blog post to read because it covered somethings we talked about in class during the group work. Through clear explanations and examples, the article serves as a helpful guide for understanding and applying pairwise testing in real-world scenarios. This is definitely something that will be very useful in the feature as my professional career expanded

From the blog CS@Worcester – CS- Raquel Penha by raqpenha and used with permission of the author. All other rights reserved by the author.

Understanding the Pattern of Failure

The insightful pattern discussed in Atul Gawande’s “Better” emphasizes a profound truth: recognizing and reflecting on our failures is crucial for personal and professional growth. This notion is encapsulated in the phrase “Learn How You Fail,” which posits that true ingenuity stems not from sheer intellect but from character—specifically, the courage to face our shortcomings and adapt.

Personal Reaction

I found this pattern both challenging and refreshing. Initially, it’s discomforting to focus on failures rather than celebrate successes. However, Gawande’s approach—focusing on identifying and understanding the causes of our failures—provides a constructive framework for turning apparent setbacks into stepping stones.

This perspective is not just about acknowledging weaknesses but actively choosing which battles are worth fighting. The notion that not all failures need to be addressed equally, and some might even be embraced as limitations, is liberating. It helps in setting realistic goals and focusing efforts where they can truly make a difference.

Changes in Professional Perspective

As someone aspiring to thrive in a fast-evolving sector, this pattern has shifted my thinking towards a more adaptive and resilience-oriented professional mindset. The emphasis on continuous self-assessment and setting realistic boundaries resonates deeply. It underlines the importance of focusing on areas where I can excel and accepting areas where I may never be the best. This realization takes away the useless pursuit of perfection in every domain, instead encouraging a strategic approach to skill development and goal setting.

Points of Disagreement

While I appreciate the core message of the pattern, I hold reservations about the practicality of some suggested exercises, such as writing and debugging code without initial testing. While this can reveal unforeseen errors and personal blind spots, it may not be the most efficient learning method for everyone. This approach could lead to frustration or demotivation, particularly for novices who might benefit more from immediate feedback and iterative learning.

Conclusion

“Learn How You Fail” is not just about understanding how to handle failure—it’s about strategically leveraging these insights to refine our skills, set achievable goals, and foster a mindset that views challenges as opportunities for growth. This pattern has encouraged me to embrace my limitations, prioritize my efforts, and continue pushing the boundaries of my capabilities with a clear and realistic vision.

From the blog CS@Worcester – Site Title by rkaranja1002 and used with permission of the author. All other rights reserved by the author.

Blog Entry:

As a student deeply involved in computer science, understanding the significance and methodologies of code review is pivotal. This week, I chose to delve into an article from freeCodeCamp, titled “Code Review: The Ultimate Guide,” which explores the intricacies of code reviews in software development. This resource is particularly relevant to our ongoing discussions in class about software quality and maintenance.

Summary of the Article:

The article comprehensively outlines what code review entails and why it is a critical practice in software development. It discusses the benefits, such as catching bugs early, improving code quality, and fostering team knowledge sharing. Moreover, it provides practical tips on how to conduct effective code reviews, emphasizing the importance of a constructive attitude and specific, actionable feedback.

Reason for Selection:

I selected this resource because, as we learn to code and develop software, understanding the peer review process is essential for professional growth and skill enhancement. This article not only complements our coursework but also offers practical advice that can be immediately applied in any coding environment.

Personal Reflection:

Reading about the detailed processes and benefits of code reviews has been enlightening. I learned that effective code reviewing goes beyond merely finding errors; it is about collaboration, learning, and improving as a team. This has changed my perspective on coding assignments and projects. Instead of viewing them as solitary tasks, I now see them as part of a broader, collaborative process.

I am particularly struck by the emphasis on the mindset and communication skills needed during code reviews. The idea that feedback should be constructive and focused on the code rather than the coder is something I plan to carry forward into my professional life. This approach not only minimizes potential conflicts but also enhances the learning environment, making it more open and conducive to improvement.

Application in Future Practice:

Going forward, I expect to apply the principles from this article in my class projects and eventually in my professional work. Understanding the dynamics of effective communication and feedback within code reviews will be crucial as I work with others on software development projects. This will help in creating more robust, error-free software and in building a supportive team environment.

It is an important skill for everyone regardless of their place in the chain of development. The principles also apply outside of the field of computer science as a successful review is a part of any team process.

From the blog CS@Worcester – Abe's Programming Blog by Abraham Passmore and used with permission of the author. All other rights reserved by the author.