Embed Size (px)
Citation preview
The So'ware Development Process
Prof. Andreas L. Symeonidis Aristotle University of Thessaloniki
[email protected], seaf-‐[email protected]
SEAF Webinar -‐ SoC Dev Process
SEAF Architecture & Technologies
26 Apr 2016 2
SEAF Webinar -‐ SoC Dev Process
Architectural diagram
UI (Browser)
Contractor UI
Investor UI
Admin UI
Back-‐end
API
DB
File Storage
SEA EvaluaQon
SEA StandardizaQon
SEA Risk Assessment
Accounts
Projects NoQficaQons
Monitoring
Logging
26 Apr 2016 3
SEAF Webinar -‐ SoC Dev Process
Contractor User Interface
• User interface to visualize and interact with contractor services as discussed earlier • Macroscopic (dashboard like) and Microscopic views (per project) will be offered
Project inputs Personal profile informaQon Recent acQvity on the plaZorm
NoQficaQons Pipeline quick view PorZolio performance metrics
Project form Project pipeline overview
Contractor Views
26 Apr 2016 4
SEAF Webinar -‐ SoC Dev Process
Investor User Interface
• User interface to visualize and interact with investor services • Macroscopic (dashboard like) and Microscopic views (per project) will be offered
Investor views Personal profile informaQon Recent acQvity on the plaZorm
NoQficaQons Pipeline quick view PorZolio performance metrics
Project form Project pipeline overview
26 Apr 2016 5
SEAF Webinar -‐ SoC Dev Process
Administrator User Interface
26 Apr 2016 6
• User interface to handle users/user categories and project logisQcs
Administrator views User request informaQon Recent acQvity on the plaZorm
NoQficaQons Pipeline creaQon New metrics
New input data New processes
SEAF Webinar -‐ SoC Dev Process
Technologies
• MEAN stack • MongoDB • ExpressJS • AngularJS • Node.js • Built for the web • Enormous community
• RESTful API
• Devops • Integrate operaQons into code • ConQnuous delivery • AutomaQc deployment • Logging • AnalyQcs • Monitoring • Quality
• SonarQube • Jenkins CI • LinQng
26 Apr 2016 7
SEAF Webinar -‐ SoC Dev Process
Agile/Scrum Development Methodology
26 Apr 2016 8
SEAF Webinar -‐ SoC Dev Process
Agile/Scrum
• We expect con;nuous changes in the requirements, so we want to be as agile as possible • We need to deliver soCware from day 1
• “A prototype is worth a 1000 meeQngs/10K slides” • ConQnuous value delivery
• 1 main developer partner è Team colocaQon è Beger face-‐2-‐face communicaQon è Agile/Scrum beger fit • The 2 releases (early/final) will be snapshots of the Scrum process.
26 Apr 2016 9
SEAF Webinar -‐ SoC Dev Process
Why Agile/Scrum? • ConQnuously aligns the delivered soCware with business needs easily adapQng to changing requirements throughout the process. • Accelerates the delivery of business value • Minimizes the overall project risks
26 Apr 2016 10
30 days 30 days 30 days 30 days
Backlog: 25 features
Backlog: 19 features
Backlog: 17 features
Backlog: 12 features
Planning Daily Scrum Daily Scrum Daily Scrum
Daily Scrum
Development
Sprint Review
Retrospec;ve
Planning Daily Scrum Daily Scrum Daily Scrum
Daily Scrum
Development
Sprint Review
Retrospec;ve
Planning Daily Scrum Daily Scrum Daily Scrum
Daily Scrum
Development
Sprint Review
Retrospec;ve
Planning Daily Scrum Daily Scrum Daily Scrum
Daily Scrum
Development
Sprint Review
Retrospec;ve
1
2
3
4
SEAF Webinar -‐ SoC Dev Process
Extract requirements from pilot case users and
the DoW
Transform requirements to user stories based on behavior-‐driven development
and prioriQze
Generate funcQonality based on test-‐driven development
Run regression, integraQon & acceptance tests and deploy
Retrospect the cycle and demo the release to the stakeholders
The Sprint process
SEAF Webinar -‐ SoC Dev Process
QRS Quality – Reliability – Security
26 Apr 2016 12
SEAF Webinar -‐ SoC Dev Process
Quality
• TesQng • Our tesQng process covers:
• Unit tests • API acceptance tests • User acceptance tests • Regression tests
• Goal: > 70% test coverage
• Readability & Best Coding PracQces • AirBnb’s linQng rules
• Technical debt • SonarQube • Goal: < 1 week
26 Apr 2016 13
SEAF Webinar -‐ SoC Dev Process
Reliability
• Aim for building reliability into code • Infrastructure:
• Dedicated server hosQng just SEAF • Server runs in the university network backed by an onsite administrator and an expert backbone group (hgp://it.auth.gr/en)
26 Apr 2016 14
SEAF Webinar -‐ SoC Dev Process
Security Plan
Go for a pracQcal (and pragma;c) approach towards security: 1. Learning from other people’s mistakes 2. Develop/deploy tools to detect and correct problems 3. Planning to have everything compromised
Our security plan will be documented in a deliverable, available upon request.
26 Apr 2016 15
SEAF Webinar -‐ SoC Dev Process
Learning from other people’s mistakes
CSA’s Top 8 cloud threats for SaaS 1. Data Breaches 2. Data Loss 3. Account or Service High-‐jacking 4. Insecure Interfaces and APIs 5. DoS 6. Malicious Insiders 7. Insufficient Due Diligence 8. Shared Technology
VulnerabiliQes
OWASP’s Top 10 security threats 1. InjecQon 2. Broken AuthenQcaQon and Session
Management 3. Cross-‐Site ScripQng (XSS) 4. Insecure Direct Object References 5. Security MisconfiguraQon 6. SensiQve Data Exposure 7. Missing FuncQon Level Access Control 8. Cross-‐Site Request Forgery (CSRF) 9. Using Components with Known
VulnerabiliQes 10. Unvalidated Redirects and Forwards
26 Apr 2016 16
SEAF Webinar -‐ SoC Dev Process
Our plan
• Our security plan will aim at counteracQng against major threats which are pregy broad and cover a lot of ground. • We plan to have everything automated by developing & deploying tools to detect and correct problems • In case of a compromise we aim for the data and criQcal informaQon to be safe: • Secured credenQals, even if compromised • Data Integrity – Frequent backups offsite • Cryptographic anonymizaQon of criQcal informaQon
• Upon comple;on we aim for SEAF to be in the top ;er of secure web apps.
26 Apr 2016 17
