Security Isnt Simply a Technology

Document Sample
Security Isnt Simply a Technology Powered By Docstoc
					                                                                                                 s
                                                                                re for developer
                                                           Softwar e architectu



What is software   What is therole    of   How do you define         How do you share        How do you  deliver
  architecture?    a software architect?   software architecture?   software architecture?    software architecture?




          Good code isn’t enough
simon.brown@codingthearchitecture.com
    @simonbrown on Twitter
 “Software Architecture for Developers”

                          Enterprise Architecture
     Technology and business strategy across organisations and organisational units.




                       {
                                                                System Architecture
                                                            Software and infrastructure architecture
                                                                   for an end-to-end system.



                                                                            Application
  We call this                                                              Architecture
  software
                                                                     Software architecture for an
                                                                      application, sub-system or
                                                                             component.
architecture
and it’s the scope
                                                                 /// <summary>
                                                                 /// Represents the behaviour behind the ...
                                                                 /// </summary>
                                                                 public class SomeWizard : AbstractWizard

  of the training                                                {
                                                                     private DomainObject _object;
                                                                     private WizardPage _page;


      course
                                                                     private WizardController _controller;

                                                                      public SomeWizard()
                                                                      {
                                                                      }

                                                                      ...

                                                                 }
“Enterprise Software Developer”




                  ctical train ing course
 A fo ur-day pra
                 g softwar   e within an
  about buildin                   ructured,
          e environm  ent in a st
enterpris                     atic way.
                   and pragm
     lightweight
Does good code          guarantee
  a successful software project?
A successful software project is about much


   more                 than good code
   The reputation
of the development
 team is at stake!
It’s important    It’s important
that we know          that the
                   software we
   what                release
we’re releasing
                  “works”
                                   That’s us!
How much up-front
work do you need to do?
                This much?




                                   Iterative &
                                   Incremental
                                   Development


     Serial
  Development




                             This much?
Most projects simply do

what they’ve
always done
                                      a lly a
                                  usu
                           is is          e
                  An d th          f th
                          iat ion o       l! :-
                                               )
                      var          mod
                                        e
                         er  fall”
                   “ Wat
“
   What
are we building?
                                                User stories
                                                 are high-level
                                                 requirements
                                     ant to       statements
                        tome  r, I w
               s a c us                  y bank
( 003)     A                n ma  nage m
                 that  I ca
 log  in so
                ts o nline.
  ac  coun                 (009) Cus
                                       tomers ca
                          statement              n downloa
                                      s for the            d
             : Must                             last three
   P riority              months.

                   Priority: M
                               ust
Software architecture is the



    big         picture
                 Structure = components/services and their interactions
                 Guidelines = patterns, templates and examples



          Software architecture introduces

                    structure                           and


                    guidelines
        into a software system, leading to

   consistency clarity                          and


Consistency = a standard approach to solving common and recurring problems
Clarity = a thought out design with a clear architectural vision
                                Systems & Containers
Requirements




                 1-2 days
               for an initial design


                                                                 y
                                                          ativel
                                               coll  abor      te
                                          h is           e para
                                 Do ing t          e’s s
                                              eopl
                                  allows p         o  meet
                                          ide as t
   Components & Estimates
      Can you deliver

everything?
Probably not!

Refine a nd challenge
                        Prioritise
     the scope
Kanban boards
 are an excellent way to
  visually track progress
     Does your architecture

                          work?
                                                                 ng
   Satisfies th
                 e
                           Fou ndations for   Platform for solvi
                   vers                                        blem
arch itectural dri             the code       the business pro
                                                           y
                                                    e ss b
                                             l y gu         r
                                    c a n on          ms o
                                You           d iagra
                                        g at
                                 look
                                     in
                                                e code
Will these software systems            s ourc

perform and scale acceptably?
                   Concrete
                  experiments




Requirements




  A system
                                         /
                                    type
                              p roto
                      wa way       pt o
                                       r
                 thro         once
Foundations    A
                     of  of c     code
                  pro       ction
                     p rodu
     Load testing client
   simulating concurrent                      Website
        user access




Simulate multiple users
                with a
 typical usage profile,
preferably with an environment as near   Other systems, data
       to production as possible            sources, etc
Source code control
     introduces a number of things, including:



          Backed-up
         source code               A log of the
                                               e
                                   changes mad




                         to
A simple w  ay to revert
                       opy
 a previou s working c         Sim plified parall
                                                 el

                                  development
Developers c
             ommit
              ode
                     Source code   Developers u
                                                 pdate
                                                 orking
 (check-in) c                        heir local w

                      repository
                                   t
              ocal                                -out)
 from their l                       copy (check
               y
   working cop




Developers
have a local
            y
working cop
of the code
                          2. Work on the
                         branch instead of
                             the trunk


                             branch
                                              4. Merge the
1. Create a branch                           branch back to
  from the trunk                             the trunk when
                                                 finished
                     3. Merge from the
                     trunk to keep the
                     branch up to date




                              trunk
How do you know that you’ve not

  broken something?
                                            e you
                                     t s giv
                            te d tes        acto
                                                 r
                   Au toma         t o re
                                          f
                            de nce
                    c  onfi
                         Low-level tests for
                            classes and
                            components




     Unit            &


 integration                     tests

“Functional” tests
 across container
    boundaries
 How much do you test?
        This much?




0%                                     100%
                                                      e
                                                 t th
                                         s , tes
                                all step        code
                             Sm              ”
                                     ortant d goal)
                     This much? “imp      a go
                                               o
                                       is
                                       +
                                  (70%
          to do  when
  T hings
             e soft ware
 building th
1. Compile  the code
                    to your w eb server
 2. Pub lish files
                   it works
 3. M aybe check
“
It works on
my machine!
       Even
             t h
            shou
                 e sim
                   ld
                       pl
                      be a
                          est
                           ut
                              of build
                              omat
                                   ed
                                      s
Continuous Integration                             Development Server
                                                          Web-tier
       Server



                                                   Development Server
                                                         Middle-tier

                           Automated
                           build script

                                                   Development Server
                                                          Database

      Subversion
  Source code repository


                             The continuous integration server gets the source
                               code from the repository and runs the build

                                    compiling, testing,
                                script;

                                 packaging and installing
                                               the software
                       Build-Test-Run when
                        we commit code to
                           the repository




     Continuous                    &


      nightly        builds

Continuous build +
   longer running
 integration tests
   Automation introduces


 consistency
           and


repeatability          Auto
                             mate
                             ly us
                                   d rel
                                   eful
                                         eas
                                          if
                                             es a
                                             you’
                                                  re
                                                  re
                                                 es
                        real             br anch
                                ing on
                          work
Database connection strings

     Web service URLs

    Server IP addresses
                                            Software
     E-mail addresses                        System
      File locations
                                                                    are
                                                            it ems
                                                    ation                se
    Service credentials                       igu r             xternali
                                       conf           if ic; e        de
                               Many            spec               e co
                                      nmen
                                            t                urc
                                    o                 e so
                              envir      f rom
                                                  th
                                 them
“
Anybody know which

  version
  we’re running?
“It doesn’t look
like version 1.2
           I’ve
            wo
                se en th
                rryin
                     gly
                         is h
                          regu
                              app
                               lar
                                   en o
                                        n a
                                    basis
                                          !
Software architectures don’t live in


     isolation
Current Development Team   Business Sponsors           Future Development Team




                           Your system

 Database Administrators                                Operations/Support Staff


                                                                          e
                                                                    ectur
                                                             r chit
                                                    w are a           for
                                               Soft     pla  tfor
                                                                   m
                                                                        ocia
                                                                            l!
                                                  is a          .. be s
                                                         t ion .
                                                    ersa
                                               conv
      Other Teams           Security Team                Compliance and Audit
O peration al View


                         stem
        How  does the sy
                             nd
        support monitoring a
            management?




              ple diagnose
   How do peo
        problems?
Let’s wrap up...
“Enterprise Software Developer”




                  ctical train ing course
 A fo ur-day pra
                 g softwar   e within an
  about buildin                   ructured,
          e environm  ent in a st
enterpris                     atic way.
                   and pragm
     lightweight
                                 Source Code
                                                    Release
                                   Control
Enterprise software developer




     Software                   Automated Unit
                                                  Configuration
   Development                  and Integration
                                                  Management
    Processes                       Testing




                                  Automated
   Requirements                                   Load Testing
                                    Builds




    Architecture                  Continuous      Operational
     and Design                   Integration     Hand-over
simon.brown@codingthearchitecture.com
    @simonbrown on Twitter


                                                    !
                                            Th anks




     http://www.codingthearchitecture.com
                                               s
                              re for developer
         Softwar e architectu

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:8/12/2011
language:English
pages:43
Description: Security Isnt Simply a Technology document sample