With corporate data breaches occurring at an ever-alarming rate, all levels of organizations are struggling with ways to protect corporate data assets. Rather than choosing one or two of the many options available, Michael Jay Freer believes that the best approach is a combination of tools and practices to address the specific threats. To get you started, Michael Jay introduces the myriad of information security tools companies are using today: firewalls, virus controls, access and authentication controls, separation of duties, multi-factor authentication, data masking, banning user-developed MS-Access databases, encrypting data (both in-flight and at-rest), encrypting emails and folders, disabling jump drives, limiting web access, and more. Then, he dives deeper into data masking and describes a powerful data-masking language.
As developers, we've created heuristics that help us build robust systems and employed test-driven development (TDD) to improve code design and counter instability. Yet object-oriented development principles and TDD have failed to gain traction in the database world. That’s because database development involves an additional driving force-the data. Max Guernsey shows how to treat databases as objects with classes of their own-rather than as containers of objects-and how to drive database designs from tests. He illustrates a way to give these database classes the ability to upgrade old data without introducing undue risk. Max also shares how to apply good object-oriented design principles to database classes and how to enforce semantic connections between databases and clients.
Many software people look at creating great user experiences as a black art, something to guess at and hope for the best. It doesn't have to be that way! Jennifer Fraser explores the key ingredients for great user experience (UX) designs and shares the techniques she employs early-and often-during development. Find out how Jennifer fosters communications with users and devs, and works pro-actively to ensure true collaboration among UX designers and the rest of the team. Whether your team employs a formal agile methodology or not, Jennifer asserts that you need an iterative and incremental approach for creating great UX experiences. She shares her toolkit of communication techniques-blue-sky brainstorming sessions, structured conversation, and more-to use with different personality types and describes which types may approach decisions objectively versus empathetically.
Using an analogy to the building codes followed by architects and contractors in the construction of buildings, Rick Spiewak explores the fundamental principles for developing and delivering high quality, mission-critical systems. Just as buildings are constructed using different materials and techniques, we use a variety of languages, methodologies, and tools to develop software. Although there is no formal "building code" for software, software projects should consider-and judiciously apply-the recognized "best" practices of static analysis, automated unit testing, code re-use, and peer reviews. Rick takes you on a deep dive into each of these techniques where you'll learn about their advantages, disadvantages, costs, challenges, and more.
With the proliferation of mobile devices, cloud computing, and client-side scripting-coupled with web services-how do you guarantee adequate code coverage for your applications? Basic tests inadequately cover many of these technologies, leading to defects and disappointing user experiences. Michael Portwood describes the importance of unit test coverage and then presents techniques, tips, and tricks to simplify the process of achieving more complete coverage for Internet-enabled solutions. Michael shares tips for automation and techniques for testing both client- and server-side scripting. Gain insight into identifying code requiring complex testing techniques and explore ideas for covering them. Michael describes complex testing situations-like those found in multi-threaded and distributed code-where test coverage alone may provide misleading results.
DevOps is an increasingly popular development approach focused on ensuring that delivered code is immediately stable and works as expected. DevOps team members must be multi-skilled and are expected to perform all the activities of development, testing, and SysAdmin tasks. Manoj Narayanan shares how to implement testing using DevOps tenets and how it differs from its more popular cousin, agile development. To work productively with developers and SysAdmins, testers must develop knowledge of development and design principles, programming languages, and continuous integration. Manoj explores the critical role that functional and regression test automation plays in enabling testing organizations to be more productive. Manoj concludes with an analysis of the cultural impact DevOps has on the testing organization and its interaction with other critical stakeholders-business, developers, operations, and customers.
By next year, 90 percent of large enterprises will include open-source software as business critical elements of their IT portfolios. However, most software development organizations have limited capability to govern the process of selecting, managing, and distributing open-source components-leaving them exposed to unforeseen technical and compliance risks. Larry Roshfeld examines how open-source components-and their dependencies-may expose your company to unforeseen and unnecessary vulnerabilities. He outlines the significant threats to software quality, stability, performance, security, and intellectual property that have occurred using such components. Then, Larry shares an action plan for balancing the risk/reward trade-offs of open-source software in the enterprise. Find out how to ensure that your organization uses only the highest quality open-source components and avoids the common vulnerabilities.
Quality in delivered software is very different from quality in physical goods. You can see it or touch it, except in the code. When classes and methods are cohesive, non-redundant, well-encapsulated, assertive, and explicitly coupled, they are less prone to developer mistakes and far easier to debug, test, and maintain. David Bernstein asserts that paying attention to code quality helps developers focus every day on the key principles, patterns, and practices expert developers use. Even more, if you don’t pay attention to critical code quality attributes, iterative development practices can quickly degrade code into a maintenance nightmare. Join David and your peers to take a deep dive into the code quality attributes that make software more maintainable and less bug friendly. Learn to create software that provides value now and, in addition, is easy to change and extend so it can continue to deliver value far into the future.
The question of how much design to do up-front on a project is an engaging conundrum. Too much design often results in excess complexity and wasted effort. Too little design results in a poor architecture or insufficient system structures which require expensive rework and hurt more in the long run. How can we know the right balance of upfront design work versus emerging design approaches? Alan Shalloway shows how to use design patterns-coupled with the attitude from agile of “don’t build what you don’t need”-to guide your design efforts. The trick is to identify potential design alternatives, analyze how each may affect the system in the future, and then find the simplest approach for isolating those potential affects.
The cloud is penetrating every technology organization and almost every software product or service. The cloud affects everything inside development, bringing profound changes to how engineers build, test, release, and maintain software and systems.