Software Engineering final
What is TDD? (Test Driven Development)
A technique where the test is developed to test the requirement and then the code is developed to pass the test
Project
A temporary endeavor undertaken to create a unique product, service, or result.
Commercial software goes through three stages of testing: ___ testing is where bugs and defects are discovered during system construction.
Development
Briefly describe the three principal stages of testing for a commercial software system
Development Testing, Release Testing, and User Testing are the three types Development is where the system is tested during development to discover bugs and defects. Release testing, where a separate testing team test a complete version of the system before it is released to users. User testing, where users or potential users of a system test the system in their own environment.
What are the advantages of inspections over testing?
During testing, errors can mask (hide) other errors. Because inspection is a static process, you don't have to be concerned with interactions between errors. Incomplete versions of a system can be inspected without additional costs. If a program is incomplete, then you need to develop specialized test harnesses to test the parts that are available. Inspections can also consider broader quality attributes of a program, such as compliance with standards, portability and maintainability.
What are 4 ways to incorporate deployment support in a system?
Include support for viewing and analyzing configurations You should always include facilities in a system that allow administrators or permitted users to examine the current configuration of the system. Minimize default privileges You should design software so that the default configuration of a system provides minimum essential privileges. Localize configuration settings When designing system configuration support, you should ensure that everything in a configuration that affects the same part of a system is set up in the same place. Provide easy ways to fix security vulnerabilities You should include straightforward mechanisms for updating the system to repair security vulnerabilities that have been discovered.
Product Standards
Includes document standards, such as the structure of requirements documents, documentation standards, such as the comment header for an object class definition, and coding standards, which define how a programming language should be used
makes it more difficult to design object class tests
Inheritance
Tests that do not require execution of the system
Inspections
List 4 types of security threats.
Interception, Modification, Fabrication, and Interruption threats are four different security threats. Interception refers to an attacker gaining access to an asset. Modification refers to a system asset being tampered with. Fabrication refers to false info being added to a system. Interruption refers to an attacker making part of an asset unavailable.
What are the principal systems re-engineering activities?
Some activities include source code translation where you convert code to a new language, Reverse engineering where you analyse the program to understand it, program structure improvement restructure automatically for understandability, program modularization where you reorganize the program structure, or data reengineering where you clean up the system data.
Project Management
The application of knowledge, skills, tools, and techniques to project activities to meet project requirements
Teamwork
The most important thing needed in a software engineering project
A work product delivered to the customer
deliverable
Circumstances that have potential to cause loss or harm are a
threat
Software Standards
Defines the required attributes of a product or process.
Deliverables
Work products that are the result of the completion of tasks in a development project.
The system must be available 98 percent of the time
non-functional
4-16 hours
How long should a development task be?
What do Gamma et al. suggest are the four essential elements of a design pattern?
1. A name that is a meaningful reference to the pattern. 2. A description of the problem area that explains when the pattern may be applied. 3. A solution description of the parts of the design process, their relationships, and their responsibilities. 4. A statement of the consequences - results and trade offs
What are essential tools in a software development platform?
1. An integrated compiler and syntax-directed editing system that allows you to create, edit, and compile code. 2. A language debugging system. 3. Graphical editing tools, such as tools to edit UML models. 4. Testing tools, such as JUnit, that can automatically run a set of tests on a new version of a program. 5. Tools to support refactoring and program visualization. 6. Configuration management tools to manage source code versions and to integrate and build systems.
What are the fundamental elements of a legacy system?
1. System hardware 2. Support hardware 3. Application software 4. Application data 5. Business processes 6. Business policies and procedures
What are the essential elements of an organizational security policy?
1. The assets that must be protected 2. The level of protection that is required to protect different types of assets 3. The responsibilities of the individual users, managers, and the organization 4. The existing security procedures and technologies that should be maintained.
What are the 5 key activities in an object-oriented design process?
1. Understand and define the context and the external interactions with the system. 2. Design the system architecture. 3. Identify the principal objects in the system. 4. Develop design models. 5.Specify interfaces.
Briefly describe three approaches that may be used to identify object classes
1. Use grammatical analysis of a natural language description of the system to be constructed. Objects and attributes are nouns. Operations and services are verbs. 2. Use tangible entities (things) in the application domain such as aircraft, roles such as manager, events such as request, interactions such as meetings, etc. 3. Use a scenario-based analysis where various scenarios of system use are identified and analyzed in turn. As each are analyzed the team responsible must determine the required objects, attributes, and operations.
Algorithmic Cost Modeling
A formulaic approach is used to compute the project effort based on estimates of product attributes. Effort = A*Size^B*M, where A is the organization dependent constant, B reflect the disproportionate effort for large projects and M is a multiplier reflecting produce, process, and people attributes
Quality Review
A group of people carefully examine part or all of a software system and its associated documentation
Select the types of USER testing
Acceptance, Beta, Alpha
Shows activities involved in a process
Activity model
What are the benefits/problems with agile software development?
Agile is very useful to many companies now a days. It is widely used as the organizational process for new and medium sized companies for its flexibility and rapid deployment of software. Benefits - 1. It has quick and rapid deployment 2. You can get customer feedback quickly and make changes as needed. 3. Bugs seen on previous deployments can be addressed and maintained throughout the next sprint. So issues are found on the get go. Problems - 1. Informality of agile development is incompatible with a legalistic approach to contract definitions seen in large companies. 2. It's more appropriate for new software rather than trying to maintain software in a large company. 3. Won't work well with large team. Best used in small, co-located teams.
What good is a software architecture document?
All of these: It is a tool for communicating with stakeholders in the early design phase of a project, In the early stages of planning, it encourages a detailed analysis of the system, and In large organizations with large systems it is helpful with large-scale reuse.
What are the three types of user testing?
Alpha, Beta, and Acceptance Testing. Alpha - Users of the software work with the development team to test the software at the developer's site. Beta - A release of the software is made available to users to allow them to experiment and to raise problems that they discover with the system developers. Acceptance - customers test a system to decide whether or not it is ready to be accepted from the system developers and deployed in the customer environment.
Inspection Checklists
Checklist of common errors should be used to drive the inspection
ISO 9001 Standards Framework
An international set for standards used as a basis for developing quality management systems
identifies the major components of a system and their interaction
Architectural design
List 4 design guidelines for secure systems engineering?
Avoid a single point of failure, fail securely, log user actions, compartmentalize your assets. Ensure that a security failure can only result when there is more than one failure in security procedures. For example, have password and question-based authentication. When systems fail, for whatever reason, ensure that sensitive information cannot be accessed by unauthorized users even although normal security procedures are unavailable. Maintain a log of user actions that can be analyzed to discover who did what. If users know about such a log, they are less likely to behave in an irresponsible way. Organize the system so that assets are in separate areas and users only have access to the information that they need rather than all system information.
____ is a non-reciprocal license that allows you to use open source code in proprietary systems and you do not have to re-publish changes to that code.
BSD
Story Based Planning
Based on user stories that reflect the features that should be included in the system
shows what happens, or what is supposed to happen, when a system responds to a stimulus
Behavior model
Task Allocation
Breaking down the user stories into development tasks
Project Planning
Breaking down the work into parts and assigning these to project team members, anticipate problems that may rise and prepare solutions to problems
What guidelines does Whittaker suggest for defect testing?
Choose inputs that force the system to generate all error messages. Design inputs that cause input buffers to overflow. Repeat the same inputs or series of inputs numerous times. Force invalid outputs to be generated. Force computation results to be too large or too small.
What are the most important benefits of test-driven development?
Code coverage, Regression testing, simplified debugging, and system documentation.
What tests should be included in object class testing?
Complete test coverage of a class involves testing all operations associated with an object, setting and interrogating all object attributes, and exercising the object in all possible states.
Quality Management
Concerned with ensuring that the required level of quality is achieved in a product
Risk Management
Concerned with identifying risks and drawing up plans to minimize their effect on a project
structural model that demonstrates the other systems in the environment
Context model
Process Standards
Defines the processes that should be followed during the software development.
The philosophy behind agile methods is reflected in the agile manifesto. List and briefly describe the 5 principles of agile methods.
Customer Involvement - This is important because agile works close to the customer; feedback is important. They provide and prioritize new system requirements. Incremental delivery - short 2 - 4 week sprints to bring in new features to an application or system. The customer specifies the requirements for the next delivery. People not process - it is about the who not the what. It should be customer focused. Skills of the development team should be recognized and exploited. Embrace change - If the user or customer doesn't like something, embrace the change they request. System requirements will change, it is important to design the system to accommodate that. Maintain simplicity - Focus on simplicity in the software and the process. Agile doesn't work well with complexity. This can lead to carrying over into the next sprint and not completing work.
Software Pricing
Estimates are made to discover the cost, to the developer, of producing a software system
Explain the distinction between a Vulnerability and an Exposure.
Exposure - Possible loss or harm to a computing system. This can be loss or damage to data or can be a loss of time and effort if recovery is necessary after a security breach. Vulnerability - A weakness in a computer-based system that may be exploited to cause loss or harm.
What are the three different types of software maintenance and how is effort distributed across these maintenance types?
Fault Repairs, Environmental Adaptation, Functionality addition/modification Fault repairs refers to fixing bugs and vulnerabilities. Environmental adaptation refers to maintenance of a software to adapt to a different operating environment (Different OS, different mobile devices, IE, Chrome, IE8 for old systems) Functionality addition/modification refers to modifying the system to meet new requirements.
____ is a reciprocal license that allows you to use licensed open source software in your software, and in return, you must make that software open source.
GPL
Why might it sometimes be necessary to bypass the normal change management system and make urgent changes to a system?
If a serious system fault needs to be repaired to allow operations to continue, changes to the system, like a software update have unexpected effects, or if there are business changes that require a very rapid response.
What are the three important classes of interface errors?
Interface misuse - A calling component calls another component and makes an error in its use of its interface e.g. parameters in the wrong order. Interface misunderstanding - A calling component embeds assumptions about the behavior of the called component which are incorrect. Timing errors - The called and the calling component operate at different speeds and out-of-date information is accessed.
Completeness (As it relates to software engineering and what we are studying)
It is one of the checks that is made during Requirements validation. The requirements document should include requirements that define all functions and the constraints intended by the system user.
____ is a license that allows your software components to link to open source code without having to publish the source.
LGPL
Why is it expensive and risky to replace legacy systems with new systems?
Legacy systems continue to work and represent a huge investment to companies. If something needs to be replaced for the sake of being replaced it seems like a bad investment for companies. Often times they still work fairly well. There are a number of risks involved including undocumented business rules embedded in legacy systems, Lack of complete system specification, tight integration of the system and business processes, and new system software could be late or over budget.
Reusing existing software to create a new software system of product can be a cost-efficient approach to development in many software projects. It may not be cost-efficient in all projects. As a software engineer, you can determine if it is the best approach for your project only if you know, and can estimate, the associated costs. Which of the following costs is NOT one of the costs typically considered when estimating the cost of reuse?
Legal costs associated with defending against charges of copyright infringement
One of the standard architectural patterns is named MVC. What does MVC stand for?
Model-View-Controller
Interaction-Oriented People
Motivated by the presence and actions of co-workers
Consistency Respect Inclusion Honesty
Name some examples of people management factors
What process metrics might be used to assess maintainability?
Number of requests for corrective maintenance, average time required for impact analysis, average time required to implement change request, and number of outstanding change requests are a few process metrics.
Briefly describe the idea of open-source development.
Open-source development is an approach to software development in which the source code of a software system is published and volunteers are invited to participate in the development process.
How does operational security differ from application and infrastructure security?
Operational Security is concerned with ensuring the people do not take actions that may compromise system security. For instance, telling others passwords, leaving PC's on. Application and Infrastructure refers to the engineering problems of designing applications to resist attacks (application) and configuring the infrastructure to resist attacks (infrastructure).
Why is software evolution important?
Organizations are ever evolving, and they have huge investments in their software because they are critical business assets. To continue to show value to these businesses, software must be updated, maintained, and changed in order to continue to show that value.
How do design patterns contribute to reuse?
Patterns support high-level concept reuse. When you try to reuse executable components, you are constrained to the design the interpreters created for executing. This can range from interface type components to algorithms used to implement different components. When the designs conflict with your requirements, reuse isn't possible or it is inefficient. Using certain design patterns means you can reuse the ideas, but can adapt the implementation to suit the system you are developing.
Program Inspections
Peer reviews where engineers examine the source of a system with the aim of discovering anomalies and defects
Task-Oriented People
People who are motivated by the work they do
Other than MVC, select 3 of the architectural patterns discussed in this class.
Pipe-and-Filter, Layered, Repository
Release Planning
Planning looking ahead for several months
Milestones
Points in the schedule against which you can assess progress
What are the 3 stages of risk assessment?
Preliminary Risk Assessment, Design Risk Assessment, and Operational Risk Assessment. Preliminary - The aim of this initial risk assessment is to identify generic risks that are applicable to the system and to decide if an adequate level of security can be achieved at a reasonable cost. Design - This risk assessment takes place during the system development life cycle and is informed by the technical system design and implementation decisions. Operational - This risk assessment process focuses on the use of the system and the possible risks that can arise.
Self Oriented People
Principally motivated by personal success and recognition
shows how a system is used in a broader business process
Process model
Deciding how the work in a project will be organized as separate tasks, and when and how these tasks will be executed is
Project Scheduling
Explain the difference between Reengineering and Refactoring as it relates to software maintenance.
Refactoring is smaller scale compared to Reengineering. Refactoring deals with taking existing code, maybe a class or method, and changing it in a way to allow it to run more efficiently than it did previously. Reengineering is taking a legacy system and not changing the functionality, but how it runs to meet a business's requirements. Reengineering might be a better option for companies if that system still presents value to the company. It might also be too risky to get rid of the system because they might not know what certain methods do if naming was too obscure. Therefore, reengineering might be a more viable option, than rebuilding a system from the ground up and missing key functionality.
Testing that focuses on making sure changes have not broken previously working code
Regression
Commercial software goes through three stages of testing: ___ testing is where a dedicated team tests a complete version of the system in the developer's environment.
Release
Project Risks
Risk affecting schedule or resources.
Business Risks
Risk affecting the organization developing the procuring the software
Product Risks
Risk affecting the quality or performance of the software being made
What is an SQL Poisoning attack and how can testing determine if the source code is susceptible to such an attack?
SQL poisoning is where a malicious user inputs an SQL fragment that is interpreted by a server, is another fairly common attack. To check that buffer overflow errors will not occur, you can examine all input buffers to see if the program is checking that assignments to buffer elements are within bounds.
What are the strategic options for legacy system evolution?
Scrap the system entirely, and modify business processes so that it no longer requires the old system. Continue maintaining the system. Maintain it by re-engineering the system. Replace the system with a new system.
Explain 2 reasons why security testing is especially difficult.
Security requirements are 'shall not' requirements i.e. they specify what should not happen. It is not usually possible to define security requirements as simple constraints that can be checked by the system. The people attacking a system are intelligent and look for vulnerabilities. They can experiment to discover weaknesses and loopholes in the system.
Shows interaction between actors and the system
Sequence model
Quality Plan
Sets out the desired product qualities and how these are assessed and defines the most significant quality attributes.
Iteration Planning
Shorter term outlook, focuses on planning the next increment of a system
Why is it important to specify the interfaces of components that are being developed by a software engineering team?
Specifying interfaces of components is important so that objects and subsystems can be designed in parallel. Once it has been specified, the developers of other objects can assume that interface will be implemented.
shows how the system reacts to internal and external events
State model
Testing that focuses on testing component integrations
System
What should be the principal concerns of system testing?
System testing during development involves integrating components to create a version of the system and then testing the integrated system. The focus in system testing is testing the interactions between components. System testing checks that components are compatible, interact correctly and transfer the right data at the right time across their interfaces. It tests the emergent behavior of a system.
Briefly summarize the test-driven development process
Test-driven development (TDD) is an approach to program development in which you inter-leave testing and code development. Tests are written before code and 'passing' the tests is the critical driver of development. You develop code incrementally, along with a test for that increment. You don't move on to the next increment until the code that you have developed passes its test.
Which of these should be the principal concerns of system testing?
Testing that reusable components integrated in the system function as expected. Testing component interfaces
Initiating Planning Executing Monitoring and Controlling Closing
The 5 Process Groups of Project Management
What are the stages in the system evolution process and what triggers that process?
The Change request triggers the process: the stages include Impact Analysis, Release Planning, Change implementation, and System release.
Explain why it is important to make a distinction between developing user requirements and developing system requirements in the requirements engineering process.
The distinction is to facilitate communication depending on the audience. Users may not understand the technical jargon in system requirements and developers need more detail than the user documentation.
Experience Based Estimation
The estimate of future effort requirements based on the manager's experience of past projects and the application domain
What are the 4 levels at which software reuse is possible?
The four levels include: 1. Abstraction level: You can reuse successful abstractions in the design of your software at this level. 2. Component level: These include objects and object classes that operate together. You often have to adapt and extend the component by adding some code of your own. An example of component-level reuse is where you build your user interface using a framework. 3. Object level: At this level you use objects from a library instead of writing the code yourself. 4. System level: At this level you reuse an entire application system.
Project Scheduling
The process of deciding how the work in a project will be organized as separate tasks, and when and how these tasks will be executed
What do you understand by the system context and interaction model?
The system context and interaction model present complementary views of the relationship between the system and its environment. 1. The system context model is a structural model that demonstrates the other systems in the environment of the system being developed. 2. An interaction model is a dynamic model that shows how the system interacts with its environment as it is being used.
Explain why a company might justifiably charge a much lower price for a software system than the software cost estimate.
There are five reasons according to the book why a company might have a lower price. Contractual terms, cost estimate uncertainty, financial health, market opportunity, and requirements volatility Contractual terms - the customer may allow the developer to keep the source code to the developer. Cost estimate uncertainty - uncertain of the cost estimate may be lower or higher its normal profit Financial health - companies may lower price to gain a contract due to financial strain. Its better to have smaller than normal profit than go out of business. Market opportunity - A development organization may quote a low price because it wishes to move into a new segment of the software market. Requirements volatility - If the requirements are likely to change, an organization may lower its price to win a contract. After the contract is awarded, high prices can be charged for changes to the requirements.
What fundamental issues have to be considered when designing system architecture for security? Are these issues compatible or conflicting - and why?
There are two fundamental issues: Protection: How should the system be organized so that critical assets can be protected against external attack? Distribution: How should system assets be distributed so that the effects of a successful attack are minimized? These issues are potentially conflicting. If assets are distributed, then they are more expensive to protect. If assets are protected, then usability and performance requirements may be compromised.
List 3 generic software process models and briefly describe a project where each would be better suited for use.
There is the waterfall model, integration/configuration model, and Incremental Development model Waterfall is plan driven, with separate and distinct phases of specification development. It is used in large systems engineering projects where it is developed at several places. Integration/Configuration - relies on the availability of reusable components or systems. If you already have a standard system that you can pull useful components from to implement a new system this would be beneficial. Incremental development - With this, specification development, and validation are interleaved, and can be plan driven or agile. It is best used when working close to a customer since its easier to get customer feedback. This would work well on a new system that might be used to replace an old system where the customers can be a user group for "testing" purposes. The most critical functions of this new system can be used by them and new features can be added as you go.
Non-functional requirements (As it relates to software engineering and what we are studying)
These are constraints on the services or functions offered by the system. They include timing constraints, constraints on the development process, and constraints imposed by standards. Non-functional requirements often apply to the system as a whole rather than individual system features or services.
Functional Requirements (As it relates to software engineering and what we are studying)
These are statements of services the system should provide, how the system should react to particular inputs, and how the system should behave in particular situations. In some cases, the functional requirements may also explicitly state what the system should not do.
What factors should be assessed to understand the relationship between a system and its environment?
Tightly coupled systems require changes whenever the environment is changed. Factors that might influence this are the number and complexity of system interfaces, number of inherently volatile system requirements, and the business process where the system is used.
a set of different diagram types that may be used to model software systems
UML
Are we building the product right?
Validation
Testing that focuses on testing functionality
Unit
shows interaction between a system and its environment
Use Case
Select diagrams that your textbook author considers to be the essential UML diagrams needed to describe any software system.
Use Case, Sequence, Class, Activity, and State diagrams
Use Case (As it relates to software engineering and what we are studying)
Use case is a type of UML diagram. It shows the interactions between a system and its environment.
Object-oriented design requires us to identify what objects/classes are needed in a system. There is no 'cookbook' approach to tell us exactly how to do this. There are, however, some general approaches that can be used to help identify objects. Number, name, and describe 4 of these approaches as discussed in the textbook.
Use grammatical analysis of a natural language description of the system to be constructed. Objects and attributes are nouns; operations or services are verbs Use tangible entities (things) in the application domain such as aircraft, roles such as manager, events such as request, interactions such as meetings, locations such as offices, organizational units such as companies, and so on. Use a scenario-based analysis where various scenarios of system use are identified and analyzed in turn. As each scenario is analyzed, the team responsible for the analysis must identify the required objects, attributes, and operations Create UML diagrams to help identify objects, context, actions, class naming, and how the system will work.
Project Plan
Used to communicate how the work will be done to the project team and customers
Commercial software goes through three stages of testing: ___ testing is where customers test the completed system in the customer's environment.
User
User Requirements (As it relates to software engineering and what we are studying)
User requirements are diagrams or statements of the services the system provides and its operational constraints that are written for customers. This can be written on cards (tasks) by a project manager for developers and put in the product backlog.
What is the distinction between validation and verification?
Validation: -These check that the requirements reflect the real needs of system users. Because of changing circumstances, the user requirements may have changed since they were originally elicited. Verification: - To reduce the potential for dispute between customer and contractor, system requirements should always be written so that they are verifiable. This means that you should be able to write a set of tests that can demonstrate that the delivered system meets each specified requirement.
Are we building the project right?
Verification
What are the principal aims of software configuration management?
Version management, System integration, Problem tracking, and Release management are some principal aims of software configuration management. 1. Version management is used to keep track of the different version of software components you develop, and stops overwriting of the same components by different developers. 2. System integration is referring to where support is provided to help developers define what versions of components are used to create each version of a system. 3. Problem tracking, refers to allowing feedback from users to keep track of bugs in your software application. and allow developers to see who is working on those bugs. 4. Release management is where new versions of a system are released to customers. This is concerned with planning the functionality of new releases.
A weakness in a computer-based system that may be exploited to cause loss or harm
Vulnerability
Use of reused systems and components Programming Language Distribution of system
What are some factors influencing the final size of the project?
Integration, Scope, Time, Cost, Quality, Human Resources, Communications, Risk, Procurement, Stakeholder
What are the 10 knowledge areas of project management?
Identification: Finding risks in a project Analysis: Assess probability and seriousness of risk Planning: Consider each risk and develop a strategy to manage the risk Monitoring: Checking up for upcoming risks
What are the 4 risk management processes?
A systematic way to estimate the effort required to develop a system
algorithmic cost model
Designed to resist attack
application security
An exploitation of a weakness in a computer system is a
attack
Triggers the software evolution process
change request
The stage where operational software is updated with new functionality
evolution
A technique where managers judge the effort required for a project is
experience-based estimating
A possible loss or harm to a computing system is referred to as a
exposure
Each student will be identified with their 6-digit ID number
functional
Students can view grades
functional
The system will generate management reports for administration officials
functional
Development teams use agile methods and maintenance teams use plan-driven methods, or vice-versa
handover problems
Configured to resist attack
infrastructure security
Older systems with languages and technology no longer used for new development
legacy
Points in a project schedule to assess progress
milestones
Grades must remain secure
non-functional
The programs will be coded in Java
non-functional
The system development process will use SCRUM
non-functional
Secure use of the organization's systems
operational security
The stage where operational software is used with no further changes
phase-out
Ensuring that software is delivered on time, on budget, and meets expectations
project management
Risks that affect schedule or resources are
project risks
A massive upgrade to part, or all, of a legacy system without changing its functionality is known
reengineering
The agile term for making improvements to a program to slow down degradation through change is
refactoring
The probability and seriousness of each security risk is assessed by a
risk analysis
Developing systems that can resist malicious attacks
security engineering
The stage where operational software has bugs fixed with no new functionality.
servicing