Coding review guide & Security Coding review guide سنتطرق في هذه الشرائح لأمر مهم في أي شيفرة برمجية، وهو كيف يمكن مراجعة أي شيفرة برمجية وكيف يمكن اعتبارها شيفرة برمجية آمنة؟ وسيتم التركيز على تنمية المهارات للمبرمجين، وكيفية النظر للشيفرة البرمجية له ولغيره...

1. Coding Review
Guide
Security and review guideline and
practice, life cycle view
‫أﺑوﺣﻣﯾد‬ ‫ﺣﻛﻣت‬ ‫أﻧﯾس‬ :‫إﻋداد‬

2. ‫اﻟﻣﻘدﻣﺔ‬
‫اﻟرﺣﯾم‬ ‫اﻟرﺣﻣن‬ ‫ﷲ‬ ‫ﺑﺳم‬
،ً‫ﺎ‬ّ‫ﯾ‬‫وﻓ‬ ‫ﻟﮫ‬ ‫ﻛﺎن‬ ‫ﻣن‬ ‫وﯾﻛرم‬ ،ً‫ﺎ‬ّ‫ﯾ‬ِ‫ﯾ‬‫ﺣ‬ ‫ﻣﻧﮫ‬ ‫ﻛﺎن‬ ‫ﻣن‬ ُ‫د‬‫وﯾزﯾ‬ ،ً‫ﺎ‬ّ‫ﯾ‬‫ﻧﺟ‬ ‫ﻧﺎداه‬ ‫ﻣن‬ ‫ُﺟﯾب‬‫ﯾ‬‫و‬ ،ً‫ﺎ‬‫ﺧﻔﯾ‬ ‫دﻋﺎه‬ ‫ﻣن‬ ‫ُﺣب‬‫ﯾ‬ ،‫اﻟﻌﺎﻟﻣﯾن‬ ّ‫رب‬ ‫هلل‬ ‫اﻟﺣﻣد‬
.‫اﻟﻌﺎﻟﻣﯾن‬ ّ‫رب‬ ‫هلل‬ ‫اﻟﺣﻣد‬ ،ً‫ﺎ‬ّ‫ﯾ‬‫رﺿ‬ ‫اﻟوﻋد‬ ‫ﺻﺎدق‬ ‫ﻛﺎن‬ ‫ﻣن‬ ‫وﯾﮭدي‬
‫ﻟﻛل‬ ‫اﻟﻣﮭﻣﺔ‬ ‫اﻷﻣور‬ ‫ﻣن‬ ‫ﺑﮫ‬ ‫واﻹھﺗﻣﺎم‬ ‫اﻟﺗطور‬ ‫ھذا‬ ‫وﻣﺗﺎﺑﻌﺔ‬ ،‫وﻣﮭﺎﻣﮭﺎ‬ ‫وظﺎﺋﻔﮭﺎ‬ ‫ﻓﻲ‬ ‫ﺗﺗﻌدد‬ ،‫ﻛﺛﯾرة‬ ‫ﻣﺗﻧوﻋﺔ‬ ‫ﻋﻠوم‬ ‫اﻟﺗﻘﻧﯾﺔ‬ ‫اﻟﻌﻠوم‬
‫ﻣﻊ‬ ‫اﻟﺣﯾﺎة‬ ‫ﻗﯾد‬ ‫ﻋﻠﻰ‬ ‫اﻟﺗﻘﻧﯾﺔ‬ ‫اﻟﻌﻠوم‬ ‫ﺻﺎﺣب‬ ‫ﻟﺗﺟﻌل‬ ‫ﺑﻣﻛﺎن‬ ‫اﻷھﻣﯾﺔ‬ ‫ﻣن‬ ‫وھﻲ‬ ،‫واﻟﻌﻣﻠﯾﺔ‬ ‫اﻟﻌﻠﻣﯾﺔ‬ ‫ﻗدراﺗﮫ‬ ‫ﺗطوﯾر‬ ‫ﻓﻲ‬ ‫ﯾرﻏب‬ ‫ﻣن‬
.‫ﻋﺻره‬ ‫ﺑﻌد‬ ‫ﻣﺎ‬ ‫أو‬ ‫ﻋﺻره‬ ‫ﻓﻲ‬ ‫وﺗﺟددت‬ ‫اﻟﺗﻘﻧﯾﺎت‬ ‫ﺗﻌددت‬ ‫ﻣﮭﻣﺎ‬ ‫أﻗراﻧﮫ‬
‫أي‬ ‫ﻣراﺟﻌﺔ‬ ‫ﯾﻣﻛن‬ ‫ﻛﯾف‬ ‫وھو‬ ،‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫أي‬ ‫ﻓﻲ‬ ‫ﻣﮭم‬ ‫ﻷﻣر‬ ‫اﻟﺷراﺋﺢ‬ ‫ھذه‬ ‫ﻓﻲ‬ ‫ﺳﻧﺗطرق‬ ،‫ﺳﺑق‬ ‫ﻣﺎ‬ ‫ﻋﻠﻰ‬ ‫وﺑﻧﺎءا‬ ،‫ﻟذﻟك‬
.‫ﷲ‬ ‫ﺑﺈذن‬ ‫ﻧﺑدأ‬ ‫ھﻧﺎ‬ ‫وﻣن‬ ،‫آﻣﻧﺔ؟‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫اﻋﺗﺑﺎرھﺎ‬ ‫ﯾﻣﻛن‬ ‫وﻛﯾف‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬

3. ‫ﻧﺑدأ‬ ‫أن‬ ‫ﻗﺑل‬
●
‫ﻛﺗﺎﺑﺔ‬ ‫ﺗﻣت‬ ‫وﻗد‬ ،secure coding review ‫وال‬ coding review ‫ال‬ ‫ﻣﻔﺎھﯾم‬ ‫ﻋﻠﻰ‬ ‫ﺗرﻛز‬ ‫اﻟﺷراﺋﺢ‬ ‫ھذه‬
.‫وﻣﮭﺎراﺗﮭم‬ ‫اﻟﻌﻣل‬ ‫ﺑﻔرﯾق‬ ‫اﻟﺧﺎﺻﺔ‬ development plan ‫ال‬ ‫ﻣﻊ‬ ‫ﻟﺗﺗﻧﺎﺳب‬ ‫اﻟﺷراﺋﺢ‬ ‫ھذه‬
●
.‫ﺑﺳﮭوﻟﺔ‬ ‫ﻋﻧﮭﺎ‬ ‫اﻟﺑﺣث‬ ‫وﯾﻣﻛن‬ ،‫ﻣﻔﺻل‬ ‫ﺑﺷﻛل‬ ‫إﻟﯾﮭﺎ‬ ‫اﻟﺗطرق‬ ‫دون‬ ‫ھﻧﺎ‬ ‫اﻟﺗﻘﻧﯾﺔ‬ ‫اﻟﻣﺻطﻠﺣﺎت‬ ‫ﻣن‬ ‫ﻟﻠﻌدﯾد‬ ‫اﻹﺷﺎرة‬ ‫ﯾﺗم‬ ‫ﻗد‬
●
‫ﻣﺳﺗﻘﻠﺔ‬ ‫ﺷرﯾﺣﺔ‬ ‫أﻧﮭﺎ‬ ‫ﻣﻊ‬ ‫ﻗﺑﻠﮭﺎ‬ ‫ﺑﻣﺎ‬ ‫ﺗرﺗﺑط‬ ‫ﻋﻧﺎوﯾن‬ ‫ﺗﺟد‬ ‫ﻗد‬ ‫ﻟذﻟك‬ ،‫اﻟﺳرد‬ ‫طرﯾﻘﺔ‬ ‫ﻣﻊ‬ ‫ﻟﺗﺗﻧﺎﺳب‬ ‫اﻟﺷراﺋﺢ‬ ‫ﺑﻌض‬ ‫ﻋﻧوﻧﺔ‬ ‫ﺗم‬
.‫واﻟﺳرد‬ ‫اﻟﺷرح‬ ‫وﺳﮭوﻟﺔ‬ ‫ﻟﻠﺗﻔﺻﯾل‬ ‫وذﻟك‬

4. ‫اﻟذھﺑﯾﺔ‬ ‫اﻟﻘﺎﻋدة‬
،‫اﻹﻣﻛﺎن‬ ‫ﻗدر‬ ‫واﻷﻣﻧﯾﺔ‬ ‫اﻟﺗﻘﻧﯾﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫وﻣن‬ ‫اﻹﺧﺗراق‬ ‫ﻣن‬ ‫أﻧﻔﺳﻧﺎ‬ ‫ﻧﺣﻣﻲ‬ ‫ﻷن‬ ‫ﻧﺳﻌﻰ‬ ‫أﻧﻧﺎ‬ ‫ھﻲ‬ ،‫ﻧﺑدأ‬ ‫أن‬ ‫ﻗﺑل‬ ‫اﻟذھﺑﯾﺔ‬ ‫اﻟﻘﺎﻋدة‬
‫واﻟﻘﯾﺎم‬ ‫اﻟﻣوﺟودة‬ ‫اﻟﺛﻐرات‬ ‫ﻟﺗﻔﺣص‬ ‫اﻟﻼزم‬ ‫واﻟوﻗت‬ ‫اﻟﻘدرة‬ ‫ﻟدﯾﮭم‬ ‫اﻟﻣﺧﺗرﻗﯾن‬ ‫ﻓﺈن‬ ،‫ذﻟك‬ ‫ﻋﻠﻰ‬ ‫ﺣرﯾﺻﯾن‬ ‫ﻛﻧﺎ‬ ‫ﻣﮭﻣﺎ‬ ‫ﻟﻛﻧﻧﺎ‬
،‫اﻟﻣﻌرﻛﺔ‬ ‫أرض‬ ‫ﻋﻠﻰ‬ ‫اﻟﺻﻣود‬ ‫ﺷرف‬ ‫ﻧﻧﺎل‬ ‫أن‬ ‫ﯾﻣﻛن‬ ‫ﻟﻛﻧﻧﺎ‬ ،‫ﻋﺎدﻟﺔ‬ ‫ﻏﯾر‬ ‫ﻣﻌرﻛﺔ‬ ‫ھﻲ‬ ،‫ﻋﻠﯾﮭﺎ‬ ‫اﻟﻌﺛور‬ ‫ﺣﯾن‬ ‫اﻻﺧﺗراق‬ ‫ﺑﻌﻣﻠﯾﺎت‬
.‫وﻧﻘﺎوم‬ ‫ﺻﺎﻣدون‬ ‫ﻧﺑﻘﻰ‬ ‫أن‬ ‫ﯾﺟب‬ ‫ﺑل‬ ،‫ﺑﺎﻻﺳﺗﺳﻼم‬ ‫ﻧﻛﺗﻔﻲ‬ ‫ﻻ‬ ‫وأن‬

5. Secure Code Review ‫ﺑﺎل‬ ‫ﯾﻘﺻد‬ ‫ﻣﺎذا‬
،‫اﻟﺑرﻧﺎﻣﺞ‬- ‫اﻟﺗطﺑﯾق‬ ‫ﻓﻲ‬ ‫اﻟﻣوﺟودة‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻌﯾوب‬ ‫ﻣن‬ ‫واﻟﺗﺣﻘق‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻟﻣراﺟﻌﺔ‬ ‫ﺗﮭدف‬ ‫اﻟﺗﻲ‬ ‫اﻟﻌﻣﻠﯾﺔ‬ ‫ھﻲ‬
‫آﻣﻧﺔ‬ ‫ﺑطرﯾﻘﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫وﺑﻧﺎء‬ ‫ﺑﮫ‬ ‫اﻟﺧﺎص‬ ‫اﻟﺗﺻﻣﯾم‬ ‫وطرﯾﻘﺔ‬ ،‫اﻟﺗطﺑﯾق‬ ‫ﺑﮭذا‬ ‫اﻟﺧﺎﺻﺔ‬ ‫ﺑﺎﻟﻣزاﯾﺎ‬ ‫واﻟﻣﺗﻌﻠﻘﺔ‬ -‫اﻟﺦ‬..‫اﻟﻣوﻗﻊ‬
‫ﺷﯾوﻋﺎ‬ ‫اﻟﮭﺟﻣﺎت‬ ‫أﻛﺛر‬ ‫أﻣﺎم‬ ‫اﻟﺻﻣود‬ ‫ﯾﻣﻛﻧﮫ‬ ‫اﻟﺗطﺑﯾق‬ ‫أن‬ ‫ﺗﺿﻣن‬ ‫وﺑﺣﯾث‬ ،‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ﻣن‬ ‫ﻣﻣﻛن‬ ‫ﻋدد‬ ‫وﺑﺄﻗل‬ ‫وﻣﻧﺎﺳﺑﺔ‬
."self-defending" ‫اﻹﻣﻛﺎن‬ ‫ﻗدر‬ ‫ﻧﻔﺳﮫ‬ ‫ﺣﻣﺎﯾﺔ‬ ‫ﻋﻠﻰ‬ ‫اﻟﻘدرة‬ ‫وﻟدﯾﮫ‬
‫ﻟﻛن‬ ،‫اﻟﻣوﺟودة‬ ‫اﻟﺗطﺑﯾﻘﺎت‬ ‫ﺑﻌض‬ ‫اﺳﺗﺧدام‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫أو‬ ‫اﻟﺑﺷري‬ ‫اﻟﺟﮭد‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫ﺑﻌﻣﻠﯾﺔ‬ ‫اﻟﻘﯾﺎم‬ ‫ﯾﻣﻛن‬
‫ذات‬ ‫اﻟﺗطﺑﯾﻘﺎت‬ ‫ﻓﻲ‬ ‫ﺧﺻوﺻﺎ‬ ‫اﻟﺗطﺑﯾﻘﺎت‬ ‫ﻣن‬ ‫اﻹﺳﺗﻔﺎدة‬ ‫وﯾﻣﻛن‬ ،‫اﻟﺑﺷري‬ ‫اﻟﺟﮭد‬ ‫ﻋن‬ ‫اﻹﺳﺗﻐﻧﺎء‬ ‫ﯾﻣﻛن‬ ‫ﻻ‬ ‫اﻷﺣوال‬ ‫ﻛل‬ ‫ﻋﻠﻰ‬
‫اﻷﻣﺎﻛن‬ ‫ھذه‬ ‫ﺑﻣراﺟﻌﺔ‬ ‫اﻷﻣﻧﻲ‬ ‫اﻟﺧﺑﯾر‬ ‫ﻗﯾﺎم‬ ‫ﺛم‬ ‫وﻣن‬ ،‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫أﻣﺎﻛن‬ ‫ﻟﺗﺣدﯾد‬ ‫اﻟﻛﺑﯾرة‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬
...‫ﺑﮭﺎ‬ ‫اﻟﺧﺎص‬ ‫اﻟﻌﻣل‬ ‫وﺳﯾر‬ ‫ودراﺳﺗﮭﺎ‬ ‫اﻟﻌﻣﻠﯾﺎت‬ ‫ﻟﻛل‬ ‫اﻟﻧﺗﺎﺋﺞ‬ ‫ﻛل‬ ‫ﻣن‬ ‫واﻟﺗﺣﻘق‬

6. Code Review and Secure Code Review ‫ﺑﯾن‬ ‫اﻟﻔرق‬ ‫ھو‬ ‫ﻣﺎ‬
5 ‫إﻟﻰ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫ھذه‬ ‫ﺗﻘﺳﯾم‬ ‫ﯾﻣﻛن‬ ،‫اﻟﺑرﻣﺟﯾﺔ‬ ‫ﻟﻠﺷﯾﻔرة‬ ‫ﻣراﺟﻌﺔ‬ ‫ﺑﻌﻣل‬ ‫ﺗﻘوم‬ ‫ﺗطﺑﯾﻘﮭﺎ‬ ‫ﺑﺗطوﯾر‬ ‫ﺗﻘوم‬ ‫ﺷرﻛﺔ‬ ‫أي‬ ‫أن‬ ‫اﻟﻘول‬ ‫ﯾﻣﻛن‬
‫ﺗﻛرار‬ ‫ﺗﺣﺗوي‬ ‫اﻟﺗﻲ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫ﺑﺎﻟﺷﯾﻔرة‬ ‫اﻟﺧﺎص‬ ‫اﻟﻣﺳﺗوى‬ ‫ھو‬ ‫ﻣﺳﺗوى‬ ‫أول‬ ‫ﻓﯾﻛون‬ ،(CMM) ‫اﻟﻣﻘﯾﺎس‬ ‫وھذا‬ ،‫درﺟﺎت‬
‫واﻟﺷﯾﻔرة‬ ،‫اﻟﻣﺷﺎﻛل‬ ‫ﻣن‬ ‫ﻋدد‬ ‫وﺑﺄﻗل‬ ‫وﻣﻧﺳﻘﺔ‬ ‫ﻣﻧظﻣﺔ‬ ‫ﺗطوﯾر‬ ‫ﺑﯾﺋﺔ‬ ‫وھو‬ ‫اﻟﺧﺎﻣس‬ ‫اﻟﻣﺳﺗوى‬ ‫إﻟﻰ‬ ‫وﺻوﻻ‬ ،‫ﻣﺳﺗﻘرة‬ ‫ﻏﯾر‬ ‫واﻟﻧﺗﺎﺋﺞ‬
،‫اﻟﺻﺣﯾﺢ‬ ‫ﺑﺎﻟﺷﻛل‬ ‫ﯾﺳﯾر‬ ‫اﻟﻌﻣل‬ ‫أن‬ ‫ﻣن‬ ‫ﻟﻠﺗﺣﻘق‬ ‫ﺑﻣراﺣل‬ ‫اﻟﻣﺷروع‬ ‫وﯾﻣر‬ ،‫ﺑﺎﻟﻣﺷروع‬ ‫ﺧﺎص‬ ‫ﺗوﺛﯾق‬ ‫وھﻧﺎك‬ ،‫ﻣوﺛﻘﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬
.Code Review ‫ال‬ ‫ﺿﻣن‬ ‫ﯾﻘﺑﻊ‬ ‫ﻛﻠﮫ‬ ‫ھذا‬
‫أوﻟوﯾﺔ‬ ‫وإﻋطﺎء‬ ‫ﻓﯾﮫ‬ ‫ﺑﻣﺎ‬ ‫اﻟﺳﺎﺑق‬ ‫ﻟﻠﻧﻣوذج‬ ‫ﺗﺣﺳﯾن‬ ‫ﻋن‬ ‫ﻋﺑﺎرة‬ ‫وھﻲ‬ ،Secure Code Review ‫ال‬ ‫دور‬ ‫ﯾﺄﺗﻲ‬ ‫وھﻧﺎ‬
‫اﻟﻣﺷﺎﻛل‬ ‫ﺗراﻋﻲ‬ ‫اﻟﻌﻣل‬ ‫ﻟﺳﯾر‬ ‫وﻗواﻋد‬ ‫ﻧﻣوذج‬ ‫وﺑﻧﺎء‬ ‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ﯾﺧص‬ ‫ﻣﺎ‬ ‫ﺣول‬ ‫اﻟﻘرار‬ ‫اﺗﺧﺎذ‬ ‫ﻋﻠﻰ‬ ‫وﻗدرة‬
‫أﺛﻧﺎء‬ ‫ﺑﮭﺎ‬ ‫ﯾﻠﺗزﻣوا‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﻌﺎﯾﯾر‬ ‫ﻣن‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫ﺿﻣن‬ ‫اﻟﻣطورﯾن‬ ‫ﻣﻌﮭﺎ‬ ‫وﯾﺗﻌﺎﻣل‬ ،‫ﺣﺻوﻟﮭﺎ‬ ‫ﻗﺑل‬ ‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻷﻣﻧﯾﺔ‬
.‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻛﺗﺎﺑﺔ‬

7. Coding Review ‫وال‬ ‫اﻟﺗوﺛﯾق‬
‫اﻟﺻﻔر‬ ‫ﺑﯾن‬ ‫اﻟﺷرﻛﺎت‬ ‫ﻓﻲ‬ ‫اﻟﺗوﺛﯾق‬ ‫وﯾﺗرواح‬ ،‫ﺗوﺛﯾﻘﮭﺎ‬ ‫وطرﯾﻘﺔ‬ ‫آﻟﯾﺔ‬ ‫ھﻲ‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫أي‬ ‫ﻛﺗﺎﺑﺔ‬ ‫ﻓﻲ‬ ‫اﻟﺗﺣدﯾﺎت‬ ‫أﻛﺑر‬ ‫ﻣن‬ ‫إن‬
‫ﻋﻧﺎ‬ ‫ﺗﻐﯾب‬ ‫ﻗد‬ ‫اﻟﺗﻲ‬ ‫اﻟﺗوﺛﯾق‬ ‫ﻧﻘﺎط‬ ‫ﻣن‬ ‫واﺣدة‬ ،-module ‫ال‬ ‫ﺣﺟم‬ ‫ﯾﻔوق‬ NASA ‫ﻓﻲ‬ ‫اﻟﺗوﺛﯾق‬- NASA ‫ﻣﺳﺗوى‬ ‫إﻟﻰ‬
‫ﺑوﺿﻊ‬ ‫ﻗﺎم‬ ‫وﻟﻣذا‬ ،‫اﻟﺧوارزﻣﯾﺔ‬ ‫ھذه‬ ‫اﻟﻣﺑرﻣﺞ‬ ‫اﺳﺗﺧدم‬ ‫ﻟﻣﺎذا‬ ‫ﺷرح‬ ‫ﻛﺗﺎﺑﺔ‬ ‫ھو‬ ‫ﺟدا‬ ‫ﻓﻌﺎل‬ ‫ﺑﺷﻛل‬ ‫ﻣﻧﮭﺎ‬ ‫اﻹﺳﺗﻔﺎدة‬ ‫وﯾﻣﻛن‬
‫اﻟﺑرﻣﺟﯾﺔ‬ ‫ﻟﻠﺷﯾﻔرة‬ ‫اﻟرﺟوع‬ ‫ﻣن‬ ‫ﺳﻧوات‬ ‫ﺑﻌد‬ ،‫ﻗدﯾم‬ ‫أو‬ ‫ﺟدﯾد‬ ‫ﻣﺑرﻣﺞ‬ ‫أي‬ ‫ﺳﯾﺳﺎﻋد‬ ‫ھذا‬ ،...‫ﻣﻌﯾن‬ ‫ﺑﺷﻛل‬ ‫ﻟﻠﻌﻣﻠﯾﺎت‬ ‫اﻟﺗﺳﻠﺳل‬
‫وھل‬ ،‫اﻟﻣﺷﻛﻠﺔ‬ ‫ﻟﺣل‬ ‫اﻷﻓﺿل‬ ‫ھو‬ ‫ﻛﺗب‬ ‫ﻣﺎ‬ ‫أن‬ ‫ﻣن‬ ‫اﻟﺗﺣﻘق‬ ‫ﻓﻲ‬ ‫ھﻧﺎ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫دور‬ ‫وﯾﻛون‬ ،‫ﺳﮭل‬ ‫ﺑﺷﻛل‬ ،‫اﻟﻌﻣل‬ ‫ﺳﯾر‬ ‫وﻓﮭم‬
‫ﻷي‬ ‫اﻟﻧﺎﺗﺟﺔ‬ bugs ‫ال‬ ‫ﻛﻣﯾﺔ‬ ‫ﺗﻘﻠﯾل‬ ‫ﻓﻲ‬ ‫ﺗﺳﺎﻋد‬ ‫اﻟﻌﻣﻠﯾﺔ‬ ‫ھذه‬ ‫ﻓﺈن‬ ‫ھذا‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،...‫ﺻﺣﯾﺢ‬ ‫واﻟﺗﻧﻔﯾذ‬ ،‫ﺻﺣﯾﺢ‬ ‫اﻟﺗوﺛﯾق‬
...‫ﺗﻌدﯾل‬ ‫أي‬ ‫ﻋﻧد‬ bugs ‫ال‬ ‫وﺗﻘﻠﯾل‬ ،‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬

8. Coding Review ‫وال‬ unit test ‫ال‬
‫ھذه‬ ،unit test ‫ﻛﺗﺎﺑﺔ‬ ‫ﻋﻠﻰ‬ ‫اﻟﻣﺑرﻣﺞ‬ ‫اﺟﺑﺎر‬ ‫أو‬ ‫اﺳﺗﺧدام‬ ‫ھﻲ‬ ‫اﻟﺷرﻛﺔ‬ ‫ﺗﺗﺧذھﺎ‬ ‫أن‬ ‫ﯾﻣﻛن‬ ‫اﻟﺗﻲ‬ ‫اﻟﺟﻣﯾﻠﺔ‬ ‫اﻟﻣﻌﺎﯾﯾر‬ ‫ﻣن‬ ‫واﺣدة‬
‫وﺟود‬ ‫ﻓرﺿﻧﺎ‬ ‫ﻟو‬ ‫ﻣﺛﻼ‬ ،‫ﻣوﺟودة‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫ﻣﺎ‬ ‫ﻟﻌﻣﻠﯾﺔ‬ ‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻟﻧﺗﺎﺋﺞ‬ ‫طﯾﺎﺗﮭﺎ‬ ‫ﻓﻲ‬ ‫ﺗﺣوي‬ unit test ‫ال‬
،‫ذﻟك‬ ‫ﻏﯾر‬ ‫اﻟﻧﺎﺗﺞ‬ ‫ﻛﺎن‬ ‫ﻓﺈن‬ ،3 ‫ﯾﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﻧﺎﺗﺞ‬ ‫ﻓﺈن‬ ،2 ‫و‬ 1 ‫ﻓﻲ‬ ‫اﻷرﻗﺎم‬ ‫وﻛﺎﻧت‬ function sum(var1,var2)
‫ھﻧﺎ‬ ‫وﻋﺎدة‬ reviewer ‫ال‬ ‫دور‬ ‫ﯾﺄﺗﻲ‬ ،‫ﺑذﻟك‬ ‫ﯾﻘم‬ ‫ﻟم‬ ‫ﻓﺈن‬ ،‫ﻣﻧﮫ‬ ‫اﻟﺗﺣﻘق‬ ‫ﻟﻠﻣطور‬ ‫وﯾﻣﻛن‬ ،‫ﺧطﺄ‬ ‫وﺟود‬ ‫ﻋﻠﻰ‬ ‫دﻟﯾﻼ‬ ‫ھذا‬ ‫ﺳﯾﻛون‬
‫ﺧطﺄ‬ ‫أي‬ ‫ﺣﺻل‬ ‫إن‬ ،‫ﺻﺣﯾﺣﺔ‬ ‫ﺗﻧﻔﯾذھﺎ‬ ‫ﻧﺗﯾﺟﺔ‬ ‫وھل‬ ،‫ﻣوﺟودة‬ unit test ‫ال‬ ‫ھل‬ ‫ﻓﯾﻧظر‬ ،automated test ‫ﯾﻛون‬
...‫اﻟﺟدﯾدة‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫رﻓﻊ‬ ‫ﯾﺗم‬ ‫ﻓﻠن‬

9. code review ‫ال‬ ‫ﻣن‬ ‫اﻟﻣﺑﺗدﺋﯾن‬ ‫اﻟﻣﺑرﻣﺟﯾن‬ ‫ﯾﺗﻌﻠﻣﮫ‬ ‫ﻣﺎ‬
‫ﺗﻌﻠﻣﮭم‬ ‫ﺑﻌد‬- (junior) ‫ال‬ ‫اﻟﻣﺑﺗدﺋﯾن‬ ‫اﻟﻣﺑرﻣﺟﯾن‬ ‫ﻣﻧﮭﺎ‬ ‫ﯾﺗﻌﻠم‬ ‫اﻟﺗﻲ‬ ‫اﻟطرق‬ ‫أھم‬ ‫ﻣن‬ ‫واﺣدة‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻣراﺟﻌﺔ‬ ‫إن‬
‫اﻟﺧﺑرة‬ ‫اﻷﻛﺛر‬ ‫ﻟﻠﻣﺑرﻣﺟﯾن‬ ‫اﻟﺿﻣﻧﯾﺔ‬ ‫اﻟﻣﻌرﻓﺔ‬ ‫ﻧﻘل‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫ﺗﺗﺣﻘق‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫ھذه‬ ،-‫اﻟﻛﺗب‬ ‫ﻟﺑﻌض‬ ‫ﻗراءﺗﮭم‬ ‫و‬ ‫اﻟﺑرﻣﺟﺔ‬
‫ﻋﻠﻰ‬ ‫اﻹطﻼع‬ ‫ﻋﻠﻰ‬ ‫ﻗدرة‬ ‫ﻣن‬ ‫ﻟﮫ‬ ‫ﺗﻘدﻣﮫ‬ ‫ﻟﻣﺎ‬ junior ‫ال‬ ‫ﻣﺳﺗوى‬ ‫ﻓﻲ‬ ‫ﻛﺑﯾرة‬ ‫ﻗﻔزات‬ ‫ﺗﻘدم‬ ‫ھذه‬ ‫اﻟﺧﺑرة‬ ‫ﻧﻘل‬ ‫ﻋﻣﻠﯾﺔ‬ ،‫ﻟﻶﺧرﯾن‬
‫ﯾﺗﻌﻠﻣون‬ ‫اﻟﺧﺑرة‬ ‫ذوي‬ ‫اﻟﻣﺑرﻣﺟﯾن‬ ‫أن‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫اﻟﻌﻣل‬ ‫ﻋﻠﻰ‬ ‫ﺗﺳﺎﻋده‬ ‫وﻣﻛﺗﺑﺎت‬ ‫وﺗﻘﻧﯾﺎت‬ ،‫ﻣﺎ‬ ‫ﻣﺷﻛﻠﺔ‬ ‫ﻟﺣل‬ ‫أﺧرى‬ ‫ﺣﻠول‬
‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫ﻣﻧﮫ‬ ‫أﻗدم‬ ‫ھو‬ ‫ﻣن‬ ‫ﯾﻌﻠﻣﮭﺎ‬ ‫وﻟم‬ ‫وﺗﻌﻠﻣﮭﺎ‬ ‫ﻋﻧﮭﺎ‬ ‫ﻗرأ‬ ‫رﺑﻣﺎ‬ ‫اﻟﻣﺷﻛﻠﺔ‬ ‫ﻟﺣل‬ ‫ﺟدﯾدة‬ ‫ﺗﻘﻧﯾﺔ‬ ‫أﺳﺎﻟﯾب‬ junior ‫ال‬ ‫ھذا‬ ‫ﻣن‬
،‫ﺧﺑرة‬ ‫اﻷﻛﺛر‬ ‫ﻟﻠﻣﺑرﻣﺟﯾن‬ ‫اﻟﻣﺑﺗدﺋﯾن‬ ‫اﻟﻣﺑرﻣﺟﯾن‬ ‫ﻣن‬ ‫اﻟﻔﻛرة‬ ‫ﻓﺗﻧﺗﻘل‬ ،‫ﻣﺎ‬ ‫ﻣﺷﻛﻠﺔ‬ ‫ﻟﺣل‬ ‫واﺑداﻋﯾﺔ‬ ‫ذﻛﯾﺔ‬ ‫ﺗﻛون‬ ‫ﻗد‬ ‫اﻟﺗﻲ‬ ‫اﻟﺣﻠول‬
‫ﻻ‬ ‫ﻛﺎن‬ ‫إن‬ ‫واﻟﺧﺑﯾر‬ ،‫اﻟﻣﺑﺗدئ‬ ‫أو‬ ‫اﻟﺧﺑﯾر‬ ‫رأي‬ ‫ﻓوق‬ ‫ھو‬ ‫وﺛﺑت‬ ‫اﻟﻌﻠم‬ ‫ﻣن‬ ‫ﺻﺢ‬ ‫ﻣﺎ‬ ‫أن‬ ‫وھﻲ‬ ،‫ﺟدا‬ ‫ﻣﮭﻣﺔ‬ ‫ﻟﻘﺎﻋدة‬ ‫ﯾﻘودﻧﺎ‬ ‫وھذا‬
‫إﻟﯾﮫ‬ ‫أﻟﻘﻰ‬ ‫ﻣن‬ ‫واﻗﺗراح‬ ‫ﻣﺷورة‬ ‫وﯾرﻓض‬ ،‫اﻟﺗﻌﻠم‬ ‫ﯾرﻓض‬ ‫اﻟذي‬ ‫واﻟﻣﺑﺗدأ‬ ،‫اﻵﺧرون‬ ‫ﺳﯾﺳﺑﻘﮫ‬ ‫أو‬ ‫ﺳﯾﻧﻘرض‬ ‫ﺑرأﯾﮫ‬ ‫إﻻ‬ ‫ﯾﺄﺧذ‬
...‫أﺑدا‬ ‫ﯾﺗطور‬ ‫ﻓﻠن‬ ‫ﻣﻌﻠوﻣﺔ‬

10. ‫واﻟﻌﺰﻳﻤﺔ‬ ،‫اﻷﻣﺮ‬ ‫ﻓﻲ‬ ‫اﻟﺜﺒﺎت‬ ‫أﺳﺄﻟﻚ‬ ‫إﻧﻲ‬ ‫اﻟﻠﻬﻢ‬
‫وأﺳﺄﻟﻚ‬ ،‫ﻧﻌﻤﺘﻚ‬ ‫ﺷﻜﺮ‬ ‫وأﺳﺄﻟﻚ‬ ،‫اﻟﺮﺷﺪ‬ ‫ﻋﻠﻰ‬
‫وأﺳﺄﻟﻚ‬ ،‫ﺳﻠﻴﻤﺎ‬ ‫ﻗﻠﺒﺎ‬ ‫وأﺳﺄﻟﻚ‬ ،‫ﻋﺒﺎدﺗﻚ‬ ‫ﺣﺴﻦ‬
‫ﺑﻚ‬ ‫وأﻋﻮذ‬ ‫ﺗﻌﻠﻢ‬ ‫ﻣﺎ‬ ‫ﺧﻴﺮ‬ ‫ﻣﻦ‬ ‫وأﺳﺄﻟﻚ‬ ،‫ﺻﺎدﻗﺎ‬ ‫ﻟﺴﺎﻧﺎ‬
‫أﻧﺖ‬ ‫إﻧﻚ‬ ،‫ﺗﻌﻠﻢ‬ ‫ﻟﻤﺎ‬ ‫وأﺳﺘﻐﻔﺮك‬ ،‫ﺗﻌﻠﻢ‬ ‫ﻣﺎ‬ ‫ﺷﺮ‬ ‫ﻣﻦ‬
‫اﻟﻐﻴﻮب‬ ‫ﻋﻼم‬

11. Familiarization with code base
‫أﺟزاء‬ ‫ﻣﻊ‬ ‫ﻣﺗﺂﻟﻔﺎ‬ ‫اﻟﻔرﯾق‬ ‫ﺟﻌل‬ ‫ھﻲ‬ ‫اﻟﻔرﯾق‬ ‫أﻋﺿﺎء‬ ‫ﺑﯾن‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻣراﺟﻌﺔ‬ ‫ﻣن‬ ‫ﺗﻧﺑﺛق‬ ‫اﻟﺗﻲ‬ ‫اﻟﻧﻘﺎط‬ ‫أھم‬ ‫ﻣن‬ ‫واﺣدة‬
‫ﺑﺄن‬ ‫اﻟﻌﻣل‬ ‫ﻓرﯾق‬ ‫ﻓﻲ‬ ‫ﻣﺗواﺟد‬ ‫ﻣطور‬ ‫ﻷي‬ ‫ﻗوة‬ ‫ﯾﻌطﻲ‬ ‫اﻟﺗﺂﻟف‬ ‫ھذا‬ ،‫اﻟﻣﺷروع‬ ‫ﺿﻣن‬ ‫واﻟﻣوﺟودة‬ ‫اﻟﻣﺧﺗﻠﻔﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬
‫ﻓﺈن‬ ‫وﺑﮭذا‬ ،‫واﺣد‬ ‫ﺷﺧص‬ ‫ﻋﻧد‬ ‫اﻟﻣﮭﺎم‬ ‫ﻣن‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫ﻟﺗﺛﺑﯾت‬ ‫اﻟﺣﺎﺟﺔ‬ ‫ودون‬ ‫ﺳﮭوﻟﺔ‬ ‫ﺑﻛل‬ ‫اﻹﺿﺎﻓﺔ‬ ‫ھذه‬ ‫ﺗﺣﺳﯾن‬ ‫أو‬ ‫ﺑﺗطوﯾر‬ ‫ﯾﺑدأ‬
‫ﻣن‬ ‫اﻹﻧﺗﻘﺎل‬ ‫ﻓﻲ‬ ‫أﻗل‬ ‫ﻟﻣﻣﺎﻧﻌﺔ‬ ‫وﻣﻧﮭﺎ‬ ،‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻟﻣﺟﻣوع‬ ‫ﺷﺎﻣﻠﺔ‬ ‫ﻧظرة‬ ‫ﻟﮫ‬ ‫ﺗﺗﺷﻛل‬ ‫واﻟﺟﻣﯾﻊ‬ ،‫ﻟﻠﺟﻣﯾﻊ‬ ‫ﺗﻧﺗﻘل‬ ‫اﻟﻣﻌرﻓﺔ‬
...‫ﻟﻠوﻗت‬ ‫وإﺿﺎﻋﺔ‬ ‫ﻋﺑﺋﺎ‬ ‫وأﻗل‬ ‫أﺳﮭل‬ ‫ﺑﺷﻛل‬ ‫ﻋﻠﯾﮭﺎ‬ ‫واﻟﻌﻣل‬ ‫ﻟﺟزﺋﯾﺔ‬ ‫ﺟزﺋﯾﺔ‬

12. Pre-warning of integration clashes
‫اﻟﺷﯾﻔرة‬ ‫ﻋﻠﻰ‬ ‫ﺑرﻣﺟﻲ‬ ‫ﺗﻌدﯾل‬ ‫ﻷي‬ ‫ﻣﺗوﻗﻊ‬ ‫ﻏﯾر‬ ‫ﺧطﺄ‬ ‫أي‬ ‫ﻋن‬ ‫ﻣﺑﻛرا‬ ‫ﺗﺣذﯾرا‬ ‫ﺗﻘدم‬ ‫أن‬ ‫ﯾﻣﻛن‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻣراﺟﻌﺔ‬ ‫ﻋﻣﻠﯾﺔ‬
‫ﻣن‬ ‫أﻛﺛر‬ ‫ﻋﻠﯾﮭﺎ‬ ‫ﯾﻌﻣل‬ ‫اﻟﺗﻲ‬ ‫واﻷﻗﺳﺎم‬ ‫اﻷﺟزاء‬ ‫ﻓﻲ‬ ‫ﺧﺻوﺻﺎ‬ ،‫أﺟزاﺋﮫ‬ ‫ﻣﺟﻣوع‬ ‫ﻓﻲ‬ ‫أو‬ ‫ﺟزﺋﯾﺔ‬ ‫أي‬ ‫ﻓﻲ‬ ‫ﻟﻠﻣﺷروع‬ ‫اﻟﺑرﻣﺟﯾﺔ‬
‫ﯾﻌود‬ ‫ذﻟك‬ ‫ﻓﻲ‬ ‫واﻟﺳﺑب‬ ،‫آﺧر‬ ‫ﻣﺑرﻣﺞ‬ ‫ﻣﺳﺋوﻟﯾﺔ‬ ‫ﺗﺣت‬ ‫ﺗﻘﻊ‬ ‫ﺑﺟزﺋﯾﺔ‬ ‫ﻣرﺗﺑط‬ ‫ﺑﮭﺎ‬ ‫اﻟﺧﺎص‬ ‫اﻟﺗﻌدﯾل‬ ‫أن‬ ‫أو‬ ،‫اﻟوﻗت‬ ‫ذات‬ ‫ﻓﻲ‬ ‫ﻣطور‬
‫ﻣن‬ ‫أو‬ ،‫ﺑﺎﻟﺗﻌدﯾل‬ ‫ﯾﺗﺄﺛر‬ ‫ﻗد‬ ‫اﻟذي‬ ‫اﻟﻣطور‬ ‫ﻗﺑل‬ ‫ﻣن‬ ‫وﺗﻌدﯾﻼﺗﮭﺎ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻣراﺟﻌﺔ‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫اﻟﺧطﺄ‬ ‫ﻧﺳﺑﺔ‬ ‫ﺗﻘﻠﯾل‬ ‫ﻓﻲ‬
...‫اﻟﺗﻌدﯾل‬ ‫ھذا‬ ‫ﻟﺗﻔﻌﯾل‬ ‫اﻟﻼزﻣﺔ‬ ‫اﻟﻣﺗطﻠﺑﺎت‬ ‫أو‬ ‫اﻟﺗﻌدﯾل‬ ‫ھذا‬ ‫ﺧطورة‬ ‫ﯾدرﻛون‬ ‫آﺧرﯾن‬ ‫ﺧﻼل‬

13. ‫اﻵﻣﻧﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻟﻣراﺟﻌﺔ‬ ‫اﻟﻔﻧﯾﺔ‬ ‫اﻟﺟواﻧب‬
‫ﯾﺑﺣث‬ ‫اﻟذي‬ ‫اﻷﻣﻧﻲ‬ ‫اﻟﻣراﺟﻊ‬ ‫أو‬ ،‫اﻷﻣﻧﻲ‬ ‫اﻟﺑﺎﺣث‬ ‫ﺑﻧظرة‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫أي‬ ‫ﻟﻣراﺟﻌﺔ‬ ‫اﻟﻔﻧﯾﺔ‬ ‫اﻟﺟواﻧب‬ ‫ﻣن‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫ھﻧﺎك‬
‫ﺑﺎﻟﻧظر‬ ‫ﻓﻘط‬ ‫ﺗﻛﺗﻔﻲ‬ ‫ﻻ‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﻧظرة‬ ‫ھذه‬ ،‫ﻣﻧﮭﺎ‬ ‫ﺑﺎﻟﺗﺣﻘق‬ ‫وﯾرﻏب‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻓﻲ‬ ‫اﻟﻣوﺟودة‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ﻋن‬
‫وﺣﺗﻰ‬ ‫اﻟﺑداﯾﺔ‬ ‫ﻣﻧذ‬ ‫اﻟﻌﻣل‬ ‫ﺗﺳﻠﺳل‬ ‫ﻟﺗﻔﮭم‬ ‫ذﻟك‬ ‫ﻣن‬ ‫أوﺳﻊ‬ ‫اﻟﻧظرة‬ ‫ھذه‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫ﺑل‬ ،‫ﻛﺗﺎﺑﺗﮭﺎ‬ ‫وطرﯾﻘﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫ﻟﻠﺷﯾﻔرة‬
،‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻓﻲ‬ ‫ﻣﻌﺎﻟﺟﺗﮭﺎ‬ ‫ﺳﯾﺗم‬ ‫واﻟﺗﻲ‬ ‫اﺳﺗﻘﺑﺎﻟﮭﺎ‬ ‫ﺳﯾﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣدﺧﻼت‬ ‫ﺟﻣﯾﻊ‬ ‫وﺣﺻر‬ ،‫ﺑرﻣﺟﯾﺔ‬ ‫وظﯾﻔﺔ‬ ‫ﻟﻛل‬ ‫اﻟﻧﮭﺎﯾﺔ‬
‫ﯾﻌﻧﻲ‬ ‫وھذا‬
.1
‫ﻣﺎ‬ ‫ﺟﻣﯾﻊ‬ ‫ﻟدراﺳﺔ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫ﻣﻌﮭﺎ‬ ‫اﺳﺗﺧداﻣﮫ‬ ‫ﺗم‬ ‫اﻟذي‬ validation ‫وال‬ input field ‫ال‬ ‫ﺟﻣﯾﻊ‬ ‫ﻣن‬ ‫اﻟﺗﺣﻘق‬
‫ﻻ‬ ‫أم‬ ‫اﻟﺣﺎﻻت‬ ‫ھذه‬ ‫ﺟﻣﯾﻊ‬ ‫ﯾﻐطﻲ‬ ‫اﻟﻣوﺟود‬ validation ‫ال‬ ‫وھل‬ ‫اﺳﺗﺧداﻣﮫ‬ ‫وﻣﻛﺎن‬ ‫اﻟﺣﻘل‬ ‫ھذا‬ ‫ﻓﻲ‬ ‫ﻛﺗﺎﺑﺗﮫ‬ ‫ﯾﻣﻛن‬

14. ‫اﻵﻣﻧﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻟﻣراﺟﻌﺔ‬ ‫اﻟﻔﻧﯾﺔ‬ ‫اﻟﺟواﻧب‬
.2
‫ﻣﻌﺎﻟﺟﺗﮫ‬ ‫ﺗﺗم‬ response ‫أو‬ log writer ‫أي‬ ‫او‬ (dynamic query) ‫ﻗﯾم‬ ‫ﻋﻠﻰ‬ ‫ﺗﻌﺗﻣد‬ sql query ‫أي‬
...‫اﻟﻣﺣﺗﻣﻠﺔ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ﺟﻣﻊ‬ ‫ودراﺳﺔ‬ ‫ﺑدﻗﺔ‬ ‫ﻓﺣﺻﮫ‬ ‫ﯾﺟب‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻗﺑل‬ ‫ﻣن‬
.3
‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﺧﻼﻟﮭﺎ‬ ‫ﻣن‬ ‫ﺳﺗﻣر‬ ‫اﻟﺗﻲ‬ component ‫ال‬ ‫أو‬ classes ‫ال‬ ‫ﺟﻣﯾﻊ‬ ‫دراﺳﺔ‬ ‫أﯾﺿﺎ‬ ‫ﺗﺷﻣل‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣراﺟﻌﺔ‬
‫وھذا‬ ،‫ﻟﻠﻣﺳﺗﺧدم‬ response ‫ﺷﻛل‬ ‫ﻋﻠﻰ‬ ‫إرﺟﺎﻋﮭﺎ‬ ‫أو‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﻟﻘواﻋد‬ ‫ﻹدﺧﺎﻟﮭﺎ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﻣﻌﺎﻟﺟﺔ‬ ‫ﻟﻣﻛﺎن‬ ‫وﺻوﻻ‬
…‫ﻣرﺣﻠﺔ‬ ‫ﻵﺧر‬ ‫وﺻوﻻ‬ ‫اﻟﻣﺷروع‬ ‫أﺟزاء‬ ‫ﻛل‬ ‫ﻓﻲ‬ ‫اﻟﻌﻣل‬ ‫ﻟﺳﯾر‬ ‫اﻷﻣﻧﻲ‬ ‫اﻟﺗﺳﻠﺳل‬ ‫ﻣن‬ ‫اﻟﺗﺣﻘق‬ ‫ﯾﺿﻣن‬
.4
‫ﺧﻼﻟﮭﺎ‬ ‫ﻣن‬ ‫أﻣﻧﯾﺔ‬ ‫ﺛﻐرة‬ ‫ﻟﺣﺻول‬ ‫اﻟﻣﺗوﻗﻌﺔ‬ ‫واﻷﻣﺎﻛن‬ ‫اﻟﺣﺎﻻت‬ ‫إﻟﻰ‬ ‫اﻟﻧظر‬ ‫ﺗﺷﻣل‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫ﻓﺈن‬ ،‫ﻟذﻟك‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬
‫ﻋﻧد‬ css injection ‫ال‬ ‫ﻣﺛل‬ ‫ﺑﺎﻟﺗﻘﻧﯾﺎت‬ ‫ﺧﺎﺻﺔ‬ ‫ﺛﻐرات‬ ‫ﺗوﻗﻊ‬ ‫أو‬ XSS ‫ال‬ ‫ﺛﻐرات‬ ‫ﻣﺛل‬ (‫ﺣﺻوﻟﮭﺎ‬ ‫أﻣﺎﻛن‬ ‫)ﺗوﻗﻊ‬
.css in js ‫ال‬ ‫اﺳﺗﺧدام‬

15. Security Review ‫ل‬ ‫ﺧطﺔ‬ ‫وﺿﻊ‬ ‫ﻋﻧد‬ ‫ﻣراﻋﺎﺗﮭﺎ‬ ‫ﯾﺟب‬ ‫اﻟﺗﻲ‬ ‫اﻟﻌواﻣل‬
Code
‫ﻣن‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫إﻟﻰ‬ ‫اﻹﻧﺗﺑﺎه‬ ‫ﯾﺟب‬ Securty Coding Review ‫ال‬ ‫ﻋﻠﻰ‬ ‫ﺛﻧﺎﯾﺎه‬ ‫ﻓﻲ‬ ‫ﯾﺣﺗوي‬ ‫ﺑﻧظﺎم‬ ‫ﻟﻠﻌﻣل‬ ‫اﻟﺗﺧطﯾط‬ ‫ﻋﻧد‬
‫اﻟﻣراﺟﻌﺔ‬ ‫ﺗﺳﺗﻠزم‬ ‫واﻟﺗﻲ‬ ‫اﻟﻣﺳﺗﻘﻠﺔ‬ ‫وﺣﺎﻟﺗﮭﺎ‬ ،‫اﻟﺧﺎص‬ ‫ﺳﯾﺎﻗﮭﺎ‬ ‫ﻣراﺟﻌﺔ‬ ‫ﻋﻣﻠﯾﺔ‬ ‫وﻟﻛل‬ ،‫اﻟﻣراﺟﻌﺔ‬ ‫ﻋﻠﻰ‬ ‫ﺳﺗؤﺛر‬ ‫اﻟﺗﻲ‬ ‫اﻟﻌواﻣل‬
.…‫اﻟﺗﺄﺛﯾر‬ ‫ﻣﻌدل‬ ‫ﺑﺎﺧﺗﻼف‬ ،‫اﻷﺧرى‬ ‫ﻋن‬ ‫ﻣﺧﺗﻠﻔﺔ‬ ‫ﺑطرﯾﻘﺔ‬
:‫ھﻲ‬ ‫اﻟﻌواﻣل‬ ‫ھذه‬
●
‫ﻷي‬ ‫اﻟﺧطورة‬ ‫ﻣﻌدل‬ ‫ﻗﯾﺎس‬ ‫ﯾﻣﻛن‬ ‫ﻟﻛن‬ ،%100 ‫آﻣﻧﺔ‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫أي‬ ‫ﺗﻛون‬ ‫أن‬ ‫اﻟﻣﺳﺗﺣﯾل‬ ‫ﻣن‬ :(risk) ‫اﻟﺧطورة‬
‫اﻟﺧطورة‬ ‫ﺗﺻﻧﯾف‬ ‫زاد‬ ‫وﻛﻠﻣﺎ‬ ،‫ﻓﯾﮭﺎ‬ ‫ﺗﻌدﯾل‬ ‫أي‬ ‫ﻟﻣراﺟﻌﺔ‬ ‫ﻗﺎﺳﯾﺔ‬ ‫ﻣﻌﺎﯾﯾر‬ ‫وﺿﻊ‬ ‫ﯾﺗم‬ ‫ﺣﺗﻰ‬ ‫ﺗﻧﻔﯾذھﺎ‬ ‫ﯾﺗم‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬
‫ﺷﯾﻔرة‬ ‫أي‬ ‫ﻣﻧﻊ‬ ‫وﯾﺟب‬ ،‫اﻟﺟزﺋﯾﺔ‬ ‫ﻟﮭذه‬ ‫اﻟﻼزﻣﺔ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻹﺣﺗﯾﺎطﺎت‬ ‫ﺗزداد‬ ‫ﺗﻌدﯾﻠﮭﺎ‬ ‫أو‬ ‫إﺿﺎﻓﺗﮭﺎ‬ ‫اﻟﻣراد‬ ‫ﻟﻠﺧﺎﺻﯾﺔ‬
-deadline ‫ﻋﻧدك‬ ‫ﻛﺎن‬ ‫ﻟو‬ ‫ﺣﺗﻰ‬- ‫ﺳﻼﻣﺗﮭﺎ‬ ‫ﻣن‬ ‫اﻟﺗﺄﻛد‬ ‫ﻗﺑل‬ ‫ﺗﻠﯾﮭﺎ‬ ‫اﻟﺗﻲ‬ ‫ﻟﻠﻣرﺣﻠﺔ‬ ‫اﻹﻧﺗﻘﺎل‬ ‫ﻣن‬ ‫ﺑرﻣﺟﯾﺔ‬

16. Security Review ‫ل‬ ‫ﺧطﺔ‬ ‫وﺿﻊ‬ ‫ﻋﻧد‬ ‫ﻣراﻋﺎﺗﮭﺎ‬ ‫ﯾﺟب‬ ‫اﻟﺗﻲ‬ ‫اﻟﻌواﻣل‬
Code
●
‫ﺣدا‬ ‫ﻋﻠﻰ‬ ‫ﻣراﺟﻌﺗﮭﺎ‬ ‫ﯾﺗم‬ ‫ﺟزﺋﯾﺔ‬ ‫ﺑﻛل‬ ‫اﻟﺧﺎص‬ ‫اﻟﺳﻠوك‬ ‫ﺗﺣدﯾد‬ ‫ﯾﺟب‬ :Purpose & Context
●
‫اﻷﺳطر‬ ‫ﻣن‬ ‫ﻣﻣﻛن‬ ‫ﻋدد‬ ‫أﻗل‬ ‫ﺗﺿﻣن‬ ‫ﺻﺣﯾﺣﺔ‬ ‫ﺑطرﯾﻘﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺗﻘﺳﯾم‬ ‫ﯾﺗم‬ ‫أن‬ ‫ﯾﻔﺿل‬ :Lines of Code
.‫وأﺳرع‬ ‫أﺳﮭل‬ ‫ﺑﺷﻛل‬ ‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻷﺧطﺎء‬ ‫ﻣﻛﺎن‬ ‫ﺗﺣدﯾد‬ ‫ﻹﻣﻛﺎﻧﯾﺔ‬ ،block of code ‫ﻛل‬ ‫داﺧل‬ ‫ﻓﻲ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬
●
‫اﻟﺗﻲ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫ﻟﻠﻣﺷﺎﻛل‬ ‫اﻟﺧطورة‬ ‫ﻣﻌدل‬ ‫أو‬ ‫ﻣﺳﺗوى‬ ‫ﻓﻲ‬ ‫اﻟﺑرﻣﺟﺔ‬ ‫ﻟﻐﺎت‬ ‫ﺗﺧﺗﻠف‬ :Programming language
‫اﻻﻋﺗﺑﺎر‬ ‫ﺑﻌﯾن‬ ‫أﺧذھﺎ‬ ‫ﯾﺗم‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﺗﻲ‬ ‫اﻷﻣور‬ ‫ﻣن‬ ‫وھذا‬ ،‫ﻣﻌﯾﻧﺔ‬ ‫ﺗﻘﻧﯾﺔ‬ ‫ﻣﯾزة‬ ‫ﻟﺗﻧﻔﯾذ‬ ‫اﺳﺗﺧداﻣﮭﺎ‬ ‫ﻣن‬ ‫ﺗﺗﺣﻘق‬ ‫ﻗد‬
buffer overflows ‫ال‬ ‫ﻣﺷﺎﻛل‬ ‫ﻓﻣﺛﻼ‬ ،‫اﻟﻣﻘﺻودة‬ ‫اﻟﻠﻐﺔ‬ ‫ﻓﻲ‬ ‫ﺣﻘﯾﻘﺔ‬ ‫ﺧﺑرة‬ ‫ﻟﮫ‬ ‫ﻟﯾس‬ ‫اﻟﻌﻣل‬ ‫ﻓرﯾق‬ ‫ﻛﺎن‬ ‫اذا‬ ‫ﺧﺻوﺻﺎ‬
...‫اﻟﻣﺛﺎل‬ ‫ﺳﺑﯾل‬ ‫ﻋﻠﻰ‬ Java ‫ال‬ ‫ﻣن‬ ‫ﺑﻛﺛﯾر‬ ‫أﻛﺑر‬ ‫ﺑﺷﻛل‬ ++C/C ‫ﺑﺎل‬ ‫ﻣوﺟودة‬
●
‫أو‬ ،‫ﻛﻛل‬ ‫اﻟﻣﺷروع‬ ‫ﻟﺗﺳﻠﯾم‬ ‫اﻟﻼزﻣﺔ‬ ‫اﻟﻣدة‬ ‫اﻻﻋﺗﺑﺎر‬ ‫ﺑﻌﯾن‬ ‫اﻷﺧذ‬ ‫ﯾﺟب‬ :Resources, Time & Deadlines
‫ﻟﮭذا‬ ‫اﻟﺣﯾﺎة‬ ‫ﻓﺗرة‬ ‫ﺿﻣن‬ ‫وﻣن‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫ﻣن‬ ‫اﻟﺣﻠﻘﺔ‬ ‫ھذه‬ ‫وﺟود‬ ‫ﯾﺿﻣن‬ ‫ﻣﺳﺗﻘل‬ ‫ﺑﺷﻛل‬ ‫اﺿﺎﻓﺔ‬ ‫أو‬ ‫ﻣزﯾﺔ‬ ‫ﻛل‬ ‫ﺗﺳﻠﯾم‬
...‫اﻟﺧطورة‬ ‫ﻣﻘدار‬ ‫اﻹﻋﺗﺑﺎر‬ ‫ﺑﻌﯾن‬ ‫اﻷﺧذ‬ ‫ﻣﻊ‬ ،...‫اﻟﻣﺷروع‬

17. Code Review Reports
،‫ﺣدا‬ ‫ﻋﻠﻰ‬ Module ‫ﻟﻛل‬ ‫ﺗﻘﺎرﯾر‬ ‫ﺷﻛل‬ ‫ﻋﻠﻰ‬ ‫إﻧﺷﺎﺋﮭﺎ‬ ‫ﯾﺗم‬ ‫ﺻﯾﻐﺔ‬ ‫ھﻧﺎك‬ ‫ﻓﺈن‬ ،‫ﻟﻠﻣﺷروع‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫ﻧظﺎم‬ ‫إدﺧﺎل‬ ‫ﻋﻧد‬
‫ﻗﺎم‬ ‫اﻟذي‬ ‫اﻟﻣﺑرﻣﺞ‬ ،‫ﻓﺣﺻﮭﺎ‬ ‫ﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﺟزﺋﯾﺔ‬ ‫أو‬ Module ‫ال‬ ،‫اﻟﻣﺷروع‬ ‫إﺳم‬ ،‫اﻟﺗﻘرﯾر‬ ‫ﺗﺎرﯾﺦ‬ ‫ﻋﻠﻰ‬ ‫ﯾﺣﺗوي‬ ‫اﻟﺗﻘرﯾر‬ ‫ھذا‬
‫ﻋن‬ ‫ﻣﺧﺗﺻر‬ ‫وﺻف‬ ،‫اﻟﻣطﻠوﺑﺔ‬ task ‫ال‬ ،‫اﻟﻌﻣل‬ ‫ھذا‬ ‫ﺑﻣراﺟﻌﺔ‬ ‫ﻗﺎم‬ ‫اﻟذي‬ reviewer ‫وال‬ ،Module ‫ال‬ ‫ھذا‬ ‫ﺑﺗﺻﻣﯾم‬
‫ﺧﻼل‬ ‫ﻣن‬ ‫ﺗﻠﻘﺎﺋﻲ‬ ‫ﺑﺷﻛل‬ ‫ھذا‬ ‫ﯾﺗم‬ ‫ﻣﺎ‬ ‫وﻋﺎدة‬ ،Ticket ‫ﺑﺎل‬ ‫اﻟﺗﻘرﯾر‬ ‫ھذا‬ ‫ورﺑط‬ ،‫ﻟذﻟك‬ ‫اﻟﻣﻧﺎﺳﺑﺔ‬ ‫اﻷوﻟوﯾﺔ‬ ‫إﻋطﺎء‬ ‫ﻣﻊ‬ ‫اﻟﻣﺷﻛﻠﺔ‬
FxCop, BinScope Binary Analyzer ‫ﻣﺛل‬ tools ‫ال‬ ‫ﺑﻌض‬

18. ‫؟‬When to Code Review
‫؟‬code review ‫ال‬ ‫ﻟﻌﻣل‬ ‫وﻗت‬ ‫اﻧﺳب‬ ‫ﻣﺗﻰ‬
‫أﻗﺳﺎم‬ ‫ﻟﺛﻼﺛﺔ‬ ‫ﻋﺎدة‬ ‫ﺗﻧﻘﺳم‬ ‫اﻟﺷرﻛﺎت‬
.1
‫ھذه‬ ،-pre-commit- ‫اﻷﺳﺎﺳﯾﺔ‬ branch ‫ال‬ ‫ﻋﻠﻰ‬ ‫رﻓﻌﮭﺎ‬ ‫ﻗﺑل‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺑﻣراﺟﻌﺔ‬ ‫اﻟﺷرﻛﺎت‬ ‫ھذا‬ ‫ﺗﻘوم‬
‫أو‬ ‫ﺻدورھﺎ‬ ‫ﻗﺑل‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ﺣل‬ ‫ﺗﺿﻣن‬ ‫ﻓﮭﻲ‬ ،‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫أي‬ ‫ﻟﻣراﺟﻌﺔ‬ ‫اﻟطرق‬ ‫أﻓﺿل‬ ‫ﺗﻌد‬ -‫ﺷﺧﺻﯾﺎ‬- ‫اﻟطرﯾﻘﺔ‬
…‫ﺗﺣﺗﺎﺟﮫ‬ ‫اﻟذي‬ ‫اﻟوﻗت‬ ‫ھﻲ‬ ‫اﻷﺳﺎﺳﯾﺔ‬ ‫ﻣﺷﻛﻠﺗﮭﺎ‬ ‫ﻟﻛن‬ ،‫ﻧظﯾﻔﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻋﻠﻰ‬ ‫ﺗﺣﺎﻓظ‬ ‫ﻛﻣﺎ‬ ،‫ﻣﻧﮭﺎ‬ ‫اﻟﺗﻘﻠﯾل‬
.2
‫ﻓﻲ‬ ‫اﻟﺳرﻋﺔ‬ ‫اﻷﺳﻠوب‬ ‫ھذا‬ ‫ﻣﻣﯾزات‬ ‫وأھم‬ ،-post-commit- ‫رﻓﻌﮭﺎ‬ ‫ﺑﻌد‬ ‫اﻟﺗﻌدﯾﻼت‬ ‫ﺑﺳﺣب‬ ‫ھﻧﺎ‬ ‫اﻟﺷرﻛﺎت‬ ‫ﺗﻘوم‬
‫ﻟﺗﻌدﯾﻠﮭﺎ‬ ‫ﻟﻠﻣطور‬ ‫ﻓﯾﮭﺎ‬ ‫اﻟرﺟوع‬ ‫ﯾﺗم‬ ‫ﻣﺷﻛﻠﺔ‬ ‫أي‬ ‫وﺟود‬ ‫وﻋﻧد‬ ،‫اﻟرﻓﻊ‬ ‫ﻋﻣﻠﯾﺔ‬ ‫ﺑﻌد‬ ‫ھﻧﺎ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫وﺗﺗم‬ ،‫اﻷﻋﻣﺎل‬ ‫رﻓﻊ‬
‫ﺑﺄﺟزاء‬ ‫ﺧﺻوﺻﺎ‬ ‫أﻛﺛر‬ ‫أﺧطﺎء‬ ‫وﺟود‬ ‫ﺗﺣﺗﻣل‬ ‫ﻛﻣﺎ‬ ،‫ﺳﯾﺋﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺗﺟﻌل‬ ‫أن‬ ‫ﻓﯾﮭﺎ‬ ‫ﻣﺎ‬ ‫أﺳوأ‬ ‫ﻟﻛن‬ ،‫ﻣﺑﺎﺷرة‬
...‫اﻟﻣﻛﺎن‬ ‫ﻧﻔس‬ ‫ﻓﻲ‬ ‫اﻟﻔﺗرة‬ ‫ھذه‬ ‫أﺛﻧﺎء‬ ‫آﺧر‬ ‫ﻣﺑرﻣﺞ‬ ‫أي‬ ‫ﻗﺑل‬ ‫ﻣن‬ ‫ﺗﻌدﯾل‬ ‫أي‬ ‫وﻗوع‬ ‫إﻣﻛﺎﻧﯾﺔ‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫اﻟﺗوﺛﯾق‬

19. ‫؟‬When to Code Review
.3
‫ﻓﺣﯾﻧﮭﺎ‬ ‫أﻣﻧﯾﺔ‬ ‫ﻣﺷﻛﻠﺔ‬ ‫وﺟود‬ ‫ﻋﻧد‬ ‫أو‬ ،‫ﺳﻧوﯾﺎ‬ ‫ﻣﻌﯾن‬ ‫ﻣرات‬ ‫ﻋدد‬ ‫أو‬ ‫ﻣﺣدد‬ ‫وﻗت‬ ‫ﻓﻲ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫وﺿﻊ‬ ‫ھو‬ ‫اﻟﺛﺎﻟث‬ ‫اﻷﺳﻠوب‬
‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫أﺟزاء‬ ‫ﺟﻣﯾﻊ‬ ‫ﻋﻠﻰ‬ ‫ﻟﻠﻣرور‬ ‫إﻻ‬ ‫ﻋﺎدة‬ ‫ﯾﺳﺗﺧدم‬ ‫ﻻ‬ ‫اﻷﺳﻠوب‬ ‫ھذا‬ ،‫ﻛﻛل‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻣراﺟﻌﺔ‬ ‫ﯾﺗم‬
‫ﺑﮫ‬ ‫وﻗﻌت‬ ‫ﺧطﺄ‬ ‫أﻛﺑر‬ ‫ھذا‬ ‫ﻓﺳﯾﻛون‬ ،‫اﻷﺳﻠوب‬ ‫ھذا‬ ‫ﻋﻠﻰ‬ ‫ﻓﻘط‬ ‫اﻟﺷرﻛﺔ‬ ‫اﻋﺗﻣدت‬ ‫إن‬ ‫ﻟﻛن‬ ،‫ﻓﻘط‬ ‫ﻣﻌﯾﻧﺔ‬ ‫ﻷﻧﻣﺎط‬ ‫وﻣراﺟﻌﺗﮭﺎ‬
-‫ﺷﺧﺻﯾﺔ‬ ‫ﻧظر‬ ‫وﺟﮭﺔ‬-

20. َ
‫ﻚ‬ َ‫وﻟ‬ ، ِ
‫ض‬ ْ
‫واﻷر‬ ِ
‫ات‬ َ
‫ﻮ‬ َ
‫ﻤ‬ َّ
‫اﻟﺴ‬ ُ
‫ﻮر‬ ُ
‫ﻧ‬ َ
‫ﺖ‬ ْ
‫أﻧ‬ ُ‫ﺪ‬ ْ
‫ﻤ‬ َ
‫اﻟﺤ‬ َ
‫ﻟﻚ‬ َّ
‫ﻢ‬ ُ
‫ﻬ‬ َّ‫اﻟﻠ‬
ُ‫ﺪ‬ ْ
‫ﻤ‬ َ
‫اﻟﺤ‬ َ
‫ﻚ‬ َ‫وﻟ‬ ، ِ
‫ض‬ ْ
‫واﻷر‬ ِ
‫ات‬ َ
‫ﻮ‬ َ
‫ﻤ‬ َّ
‫اﻟﺴ‬ ُ
‫ﻢ‬ ِّ
‫ﻴ‬ َ
‫ﻗ‬ َ
‫ﺖ‬ ْ
‫أﻧ‬ ُ‫ﺪ‬ ْ
‫ﻤ‬ َ
‫اﻟﺤ‬
َ
‫ﺖ‬ ْ
‫أﻧ‬ ، َّ
‫ﻦ‬ ِ
‫ﻴﻬ‬ ِ
‫ﻓ‬ ‫ﻦ‬ َ
‫وﻣ‬ ِ
‫ض‬ ْ
‫واﻷر‬ ِ
‫ات‬ َ
‫ﻮ‬ َ
‫ﻤ‬ َّ
‫اﻟﺴ‬ ُّ
‫ب‬ َ
‫ر‬ َ
‫ﺖ‬ ْ
‫أﻧ‬
َ
‫ك‬ ُ
‫ﺎؤ‬ َ
‫ﻘ‬ ِ‫وﻟ‬ ، ُّ
‫ﻖ‬ َ
‫اﻟﺤ‬ َ
‫ﻚ‬ ُ‫ﻟ‬ ْ
‫ﻮ‬ َ
‫وﻗ‬ ، ُّ
‫ﻖ‬ َ
‫اﻟﺤ‬ َ
‫ك‬ ُ‫ﺪ‬ ْ
‫ﻋ‬ َ
‫وو‬ ، ُّ
‫ﻖ‬ َ
‫اﻟﺤ‬
، ٌّ
‫ﻖ‬ َ
‫ﺣ‬ َ
‫ﻮن‬ ُّ‫ﻴ‬ ِ
‫ﺒ‬ َّ
‫واﻟﻨ‬ ، ٌّ
‫ﻖ‬ َ
‫ﺣ‬ ُ
‫ﺎر‬ َّ
‫واﻟﻨ‬ ، ٌّ
‫ﻖ‬ َ
‫ﺣ‬ ُ
‫ﺔ‬ َّ
‫ﻨ‬ َ
‫واﻟﺠ‬ ، ُّ
‫ﻖ‬ َ
‫اﻟﺤ‬
، ُ
‫ﺖ‬ ْ
‫ﻨ‬ َ
‫آﻣ‬ َ
‫ﻚ‬ ِ
‫وﺑ‬ ، ُ
‫ﺖ‬ ْ
‫ﻤ‬ َ‫ﻠ‬ ْ
‫أﺳ‬ َ
‫ﻟﻚ‬ َّ
‫ﻢ‬ ُ
‫ﻬ‬ َّ‫اﻟﻠ‬ ، ٌّ
‫ﻖ‬ َ
‫ﺣ‬ ُ
‫ﺔ‬ َ
‫ﺎﻋ‬ َّ
‫واﻟﺴ‬
، ُ
‫ﺖ‬ ْ
‫ﻤ‬ َ
‫ﺎﺻ‬ َ
‫ﺧ‬ َ
‫ﻚ‬ ِ
‫وﺑ‬ ، ُ
‫ﺖ‬ ْ
‫ﺒ‬ َ
‫أﻧ‬ َ
‫ﻚ‬ ْ
‫ﻴ‬ َ‫وإﻟ‬ ، ُ
‫ﺖ‬ ْ‫ﻠ‬ َّ‫ﻛ‬ َ
‫ﻮ‬ َ
‫ﺗ‬ َ
‫ﻚ‬ ْ
‫ﻴ‬ َ‫ﻠ‬ َ
‫وﻋ‬
، ُ
‫ت‬ ْ
‫ﺮ‬ َّ
‫أﺧ‬ ‫وﻣﺎ‬ ُ
‫ﺖ‬ ْ
‫ﻣ‬ َّ‫ﺪ‬ َ
‫ﻗ‬ ‫ﻣﺎ‬ ‫ﻟﻲ‬ ْ
‫ﺮ‬ ِ
‫ﻔ‬ ْ
‫ﺎﻏ‬ َ
‫ﻓ‬ ، ُ
‫ﺖ‬ ْ
‫ﻤ‬ َ‫ﺎﻛ‬ َ
‫ﺣ‬ َ
‫ﻚ‬ ْ
‫ﻴ‬ َ‫وإﻟ‬
. َ
‫ﺖ‬ ْ
‫أﻧ‬ َّ
‫إﻻ‬ َ
‫ﻪ‬ َ‫إﻟ‬ ‫ﻻ‬ ‫ﻲ‬ ِ
‫ﻬ‬ َ‫إﻟ‬ َ
‫ﺖ‬ ْ
‫أﻧ‬ ، ُ
‫ﺖ‬ ْ
‫ﻨ‬ َ‫ﻠ‬ ْ
‫أﻋ‬ ‫وﻣﺎ‬ ُ
‫ت‬ ْ
‫ر‬ َ
‫ﺮ‬ ْ
‫أﺳ‬ ‫وﻣﺎ‬

21. :reviewer should develop familiarity with the following aspects
‫ﻣن‬ ‫ﻋدد‬ ‫ﻓﻲ‬ ‫ﻣﮭﺎراﺗﮫ‬ ‫ﺑﺗطوﯾر‬ ‫ﯾﻘوم‬ ‫أن‬ ‫اﻷﻣﻧﯾﺔ‬ ‫ﺑﺎﻟﺟواﻧب‬ ‫واﻹھﺗﻣﺎم‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻷﻋﻣﺎل‬ ‫ﺑﻣراﺟﻌﺔ‬ ‫ﯾرﻏب‬ ‫ﻣطور‬ ‫ﻛل‬ ‫ﻋﻠﻰ‬
:‫وھﻲ‬ ،‫ﺑﮭﺎ‬ ‫ﯾﮭﺗم‬ ‫وأن‬ ‫اﻟﻣﮭﻣﺔ‬ ‫اﻟﻣواﺿﯾﻊ‬
●
‫اﻟﺧﺎﺻﺔ‬ ‫اﻟﻣزاﯾﺎ‬ ‫ﯾﻔﮭم‬ ‫أن‬ ‫ﻣطور‬ ‫ﻛل‬ ‫ﻋﻠﻰ‬ ‫ﯾﺟب‬ :Application features and Business Rules
،Business ‫ﺑﺎل‬ ‫اﻟﺧﺎﺻﺔ‬ ‫واﻟﻣﺣددات‬ ،‫واﻟﺗﻘﻧﯾﺎت‬ ،‫ﺑﺎﻟﻣﺷروع‬ ‫اﻟﺧﺎﺻﺔ‬ ‫واﻟﻣﺣددات‬ ‫اﻟﻘواﻋد‬ ‫وﻛل‬ ،‫اﻟﻣﺷروع‬
‫ﻓﺷﻠﮭﺎ‬ ‫أو‬ ‫ﻣﻌﯾﻧﺔ‬ ‫ﻣزﯾﺔ‬ ‫ﻧﺟﺢ‬ ‫ﻋﻠﻰ‬ ‫وﺗﺄﺛﯾرھﺎ‬ ‫ﺑﺎﻟﻣراﺟﻌﺔ‬ ‫اﻟﺧﺎص‬ ‫اﻟﺗﺄﺛﯾر‬ ‫ﺗﺣدﯾد‬ ‫ﻓﻲ‬ ‫ﺗﻛﻣن‬ ‫اﻟﻧﻘطﺔ‬ ‫ھذه‬ ‫أھﻣﯾﺔ‬ ‫وﺳﺑب‬
Business ‫ال‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫واﻟﻣطﻠوب‬ ‫اﻟﺻﺣﯾﺢ‬ ‫اﻟﻧﺣو‬ ‫ﻋﻠﻰ‬ ‫ﺳﺗﻌﻣل‬ ‫اﻟﺧﺎﺻﯾﺔ‬ ‫ھذه‬ ‫ﻣن‬ ‫واﻟﺗﺄﻛد‬
●
‫اﻟﻣﻌﺎﯾﯾر‬ ‫ﺟﻣﯾﻊ‬ ‫ﺗوﺛﯾق‬ ‫ﯾﺗم‬ ‫أن‬ ‫وﯾﺟب‬ ،‫اﻟﻣراﺟﻌﺔ‬ ‫ﺧﻼﻟﮭﺎ‬ ‫ﻣن‬ ‫ﺗﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﻌﺎﯾﯾر‬ ‫ﺟﻣﯾﻊ‬ ‫ﻛﺗﺎﺑﺔ‬ ‫ﯾﺗم‬ ‫أن‬ ‫ﯾﺟب‬ :Context
‫وﻣﻘدار‬ ،‫وﻣﻌﺎﻟﺟﺗﮭﺎ‬ ‫ﻣﻌﮭﺎ‬ ‫اﻟﺗﻌﺎﻣل‬ ‫ﯾﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫أﻧواع‬ ‫ﺟﻣﯾﻊ‬ ‫ذﻟك‬ ‫وﯾﺷﻣل‬ ،‫ﻛذﻟك‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫ﻟﻠﺷﯾﻔرة‬ ‫اﻷﻣﻧﯾﺔ‬
‫ﻋﻠﯾﮭﺎ‬ ‫اﻟﺣﺻول‬ ‫وطرﯾﻘﺔ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ھذه‬ ‫ﻣﻌﺎﻟﺟﺔ‬ ‫ﻣﻛﺎن‬ ‫اﻻﻋﺗﺑﺎر‬ ‫ﺑﻌﯾن‬ ‫ﺑﺎﻷﺧذ‬- ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ھذه‬ ‫ﻣن‬ ‫اﻟﻣﺗوﻗﻊ‬ ‫اﻟﺿرر‬
. -‫إرﺟﺎﻋﮭﺎ‬ ‫وطرﯾﻘﺔ‬

22. :reviewer should develop familiarity with the following aspects
●
‫ﺧطﯾر‬ ‫ﺑﺷﻛل‬ ‫ﺗﺄﺛر‬ ‫ﻗد‬ ‫واﻟﺗﻲ‬ ،‫اﻟﻧظﺎم‬ ‫ﻓﻲ‬ ‫اﻟﺣﺳﺎﺳﺔ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﺑﺟﻣﯾﻊ‬ ‫اﻹھﺗﻣﺎم‬ ‫اﻟﺟزﺋﯾﺔ‬ ‫ھذه‬ ‫وﺗﺷﻣل‬ :Sensitive Data
‫ﺑﻧﺎﺋﺎ‬ ‫ﻣﻌﻠوﻣﺎﺗﮭم‬ ‫ﻣﻌﺎﻟﺟﺔ‬ ‫أو‬ ،‫اﻟﺻﺣﯾﺢ‬ ‫ﺑﺎﻟﺷﻛل‬ ‫ﻟﻠﻣﻧﺗﺞ‬ ‫وﺻوﻟﮭم‬ ‫إﻣﻛﺎﻧﯾﺔ‬ ‫ﻋﻠﻰ‬ ‫أو‬ ،‫ﻟﻠﻣﻧﺗﺞ‬ ‫اﻟﻣﻧﺗﺳﺑﯾن‬ ‫اﻷﻓراد‬ ‫ﺧﺻوﺻﯾﺔ‬ ‫ﻋﻠﻰ‬
‫ﺑﺎﻟطرﯾﻘﺔ‬ ‫اﻟﺻﺣﯾﺢ‬ ‫ﺑﺎﻟﺷﻛل‬ ‫ﺣﻔظﮭﺎ‬ ‫ﻣن‬ ‫واﻟﺗﺄﻛد‬ ‫ﺑﮭﺎ‬ ‫واﻹھﺗﻣﺎم‬ ،‫ﺟﯾد‬ ‫ﺑﺷﻛل‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ھذه‬ ‫ﻣﻌرﻓﺔ‬ ‫ﺗﻛون‬ ‫ﻟذﻟك‬ ،‫ﻓﻘده‬ ‫ﺗم‬ ‫ﻣﺎ‬ ‫ﻋﻠﻰ‬
…‫ﻋﺿو‬ ‫ﻷي‬ ‫اﻟﻣرور‬ ‫ﻛﻠﻣﺔ‬ ‫ذﻟك‬ ‫ﻋﻠﻰ‬ ‫اﻷﻣﺛﻠﺔ‬ ‫وﻣن‬ ،‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫أي‬ ‫ﻣراﺟﻌﺔ‬ ‫ﻋﻧد‬ ‫اﻟﻧﻘﺎط‬ ‫أھم‬ ‫ﻣن‬ ‫اﻟﺻﺣﯾﺣﺔ‬
●
‫اﻟﺻﻼﺣﯾﺎت‬ ‫ﺟﻣﯾﻊ‬ ‫ﺗﺣدﯾد‬ ‫ﯾﺗم‬ ‫ﻣﺎ‬ ‫وﻋﺎدة‬ ،‫ﻧظﺎم‬ ‫أي‬ ‫ﻓﻲ‬ ‫ﺟدا‬ ‫ﻣﮭﻣﺔ‬ ‫اﻟﻧﻘطﺔ‬ ‫ھذه‬ :User roles and access rights
‫ﻧظﺎم‬ ‫اﻟﻣراﺟﻊ‬ ‫ﯾﻌرف‬ ‫أن‬ ‫ﺟدا‬ ‫اﻟﻣﮭم‬ ‫ﻣن‬ ‫ﻟذﻟك‬ ،‫ﻣﺳﺑﻘﺎ‬ ‫اﻟﻣﻧﺗﺞ‬ ‫داﺧل‬ ‫اﻟﻣوﺟودة‬ ‫ﻟﻠﻣزاﯾﺎ‬ ‫اﻟوﺻول‬ ‫وإﻣﻛﺎﻧﯾﺔ‬ ‫ﻟﻸﻋﺿﺎء‬
،‫اﻹﻧﺗرﻧت‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫إﻟﯾﮫ‬ ‫اﻟوﺻول‬ ‫ﯾﻣﻛن‬ ‫ﻣﻧﺗﺞ‬ ،‫ﻗﺳﻣﯾن‬ ‫إﻟﻰ‬ ‫اﻟﺟزﺋﯾﺔ‬ ‫ھذه‬ ‫ﺗﺻﻧﯾف‬ ‫وﯾﻣﻛن‬ ،‫اﻟﻌﻣل‬ ‫ﻓﻲ‬ ‫اﻟﻣﺗﺑﻊ‬ ‫اﻟﺻﻼﺣﯾﺎت‬
‫ﻓﻲ‬ ‫اﻟﻣوظﻔﯾن‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫ﻓﻘط‬ ‫إﻟﯾﮫ‬ ‫اﻟوﺻول‬ ‫ﯾﻣﻛن‬ ‫وﻣﺳﺗوى‬ ،‫اﻟدرﺟﺎت‬ ‫أﻋﻠﻰ‬ ‫ﻓﻲ‬ ‫ﻓﯾﮫ‬ ‫اﻹھﺗﻣﺎم‬ ‫ﯾﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫وھذا‬
...‫وﺿوﺣﺎ‬ ‫وأﻛﺛر‬ ‫ﺻراﻣﺔ‬ ‫أﻗل‬ ‫ﻟﻣﻌﺎﯾﯾر‬ ‫ﺗﺧﺿﻊ‬ ‫أن‬ ‫ﯾﻣﻛن‬ ‫واﻟﺗﻲ‬ ‫اﻟﻣؤﺳﺳﺔ‬

23. :reviewer should develop familiarity with the following aspects
●
‫اﻟﺗﻲ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ﻓﺈن‬ ،‫ﻋﻠﯾﮫ‬ ‫ﯾﻌﻣل‬ ‫اﻟذي‬ ‫اﻟﺗطﺑﯾق‬ ‫ﺑﻧوع‬ ‫ﯾﮭﺗم‬ ‫أن‬ ‫اﻟﻣراﺟﻊ‬ ‫ﻋﻠﻰ‬ ‫ﯾﺟب‬ :Application type
‫أو‬ desktop ‫ال‬ ‫ﺗطﺑﯾﻘﺎت‬ ‫ﻋﻠﻰ‬ ‫ﺗظﮭر‬ ‫اﻟﺗﻲ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ﻋن‬ ‫ﺗﺧﺗﻠف‬ ‫ﻗد‬ ‫اﻹﻟﻛﺗروﻧﯾﺔ‬ ‫اﻟﻣواﻗﻊ‬ ‫ﻋﻠﻰ‬ ‫ﺗظﮭر‬
…‫ﺧﺻوﺻﺎ‬ ‫اﻷﻣﻧﻲ‬ ‫ﺑﺎﻟﺟﺎﻧب‬ ‫ﺳﯾﮭﺗم‬ ‫اﻟذي‬ ‫ﻟﻠﻣراﺟﻊ‬ ‫ﻣﮭﻣﺔ‬ ‫اﻟﺗطﺑﯾق‬ ‫وﻧوع‬ ‫ﺑطﺑﯾﻌﺔ‬ ‫اﻟﻌﻠم‬ ‫ﻟذﻟك‬ ،‫اﻟﻣﺣﻣوﻟﺔ‬ ‫اﻟﮭواﺗف‬
●
‫ﻗد‬ ‫اﻟﺗﻲ‬ ‫وﺧﺑﺎﯾﮭﺎ‬ ‫ﻣزاﯾﺎھﺎ‬ ‫ﻟﻐﺔ‬ ‫ﻟﻛل‬ ‫ﻷن‬ ،‫ﺟدا‬ ‫ﺟدا‬ ‫ﻣﮭم‬ ‫أﻣر‬ ‫ﻓﯾﮭﺎ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻛﺗﺎﺑﺔ‬ ‫ﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﻠﻐﺔ‬ ‫ﻣﻌرﻓﺔ‬ :Code
‫ﺗﺣﺳﯾن‬ ‫ﯾﺗم‬ ‫ﺣﺗﻰ‬ ‫اﻟﻠﻐﺔ‬ ‫ھذه‬ ‫ﻓﻲ‬ ً‫ﺎ‬‫ﻣﻠﻣ‬ ‫ﯾﻛون‬ ‫أن‬ ‫اﻟﻣراﺟﻊ‬ ‫ﻋﻠﻰ‬ ‫ﯾﺟب‬ ‫ﻟذﻟك‬ ،‫اﻟﻠﻐﺔ‬ ‫ھذه‬ ‫ﺧﺎرج‬ ‫ھو‬ ‫ﻣن‬ ‫ﻋﻠﻰ‬ ‫ﺗﺧﻔﻰ‬
…‫اﻟﻣﻣﻛﻧﺔ‬ ‫اﻟﺿﻌف‬ ‫ﺑﺄﻣﺎﻛن‬ ‫اﻟﻌﻠم‬ ‫ﺑﺳﺑب‬ ‫ﻣﻣﻛﻧﺔ‬ ‫ﺣﻣﺎﯾﺔ‬ ‫أﻓﺿل‬ ‫ﻣﻊ‬ ،‫ﻟﮫ‬ ‫ﺷﻛل‬ ‫ﺑﺄﻓﺿل‬ ‫ﻟﯾﻛون‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬

24. :reviewer should develop familiarity with the following aspects
●
،‫ﻵﺧر‬ Design Pattern ‫ﻣن‬ ‫ﺗﺧﺗﻠف‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻛﺗﺎﺑﺔ‬ ‫ﻓطرﯾﻘﺔ‬ ،‫ﺟدا‬ ‫ﻣﮭﻣﺔ‬ ‫اﻟﻧﻘطﺔ‬ ‫وھذه‬ :Design
‫ﻓﻲ‬ ،‫ﺑﮫ‬ ‫ﺧﺎص‬ Pattern ‫ﺑﻛﺗﺎﺑﺔ‬ ‫ﻗﺎم‬ ‫ﻋﻣن‬ ‫ﯾﺧﺗﻠف‬ MVC ‫ال‬ ‫ﯾﺳﺗﺧدم‬ ‫ﻣن‬ ‫ﻓﻣﺛﻼ‬ ،‫آﺧر‬ ‫إﻟﻰ‬ Code Layout ‫وﻣن‬
‫ﺷﻛل‬ ‫ﺗﺷﻣل‬ design ‫ال‬ ‫وﻛذﻟك‬ ،‫آﺧر‬ ‫إﻟﻰ‬ ‫ﺷﻛل‬ ‫ﻣن‬ ‫ﺳﺗﺧﺗﻠف‬ ‫وﺣﻣﺎﯾﺗﮭﺎ‬ ‫وﺣﻔظﮭﺎ‬ Configuration ‫ال‬ ‫أﻣﺎﻛن‬
‫اﻟﺦ‬...user ‫ﻷي‬ ‫وﺷﻛﻠﮫ‬ rendering ‫ال‬ ‫طرﯾﻘﺔ‬ ‫ﺗﺷﻣل‬ ‫ﻛﻣﺎ‬ ،‫اﻟرواﺑط‬ ‫ھذه‬ ‫وﺗﺳﻠﺳل‬ Url ‫ال‬
●
‫وﯾﺟب‬ ،‫اﻷﻗﺳﺎم‬ ‫ﺑﯾن‬ ‫ﻣﺷﺎرﻛﺗﮭﺎ‬ ‫ﻓﯾﺟب‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻟﻛﺗﺎﺑﺔ‬ ‫ﻟﻠﺷرﻛﺔ‬ ‫ﻣرﺟﻌﯾﺔ‬ ‫أي‬ ‫وﺟود‬ ‫ﺣﺎل‬ ‫ﻓﻲ‬ :Guideline
...‫اﻟﻣﻌﺎﯾﯾر‬ ‫ھذه‬ ‫ﻓﮭم‬ ‫اﻟﺟﻣﯾﻊ‬ ‫ﻋﻠﻰ‬ ‫وﯾﺟب‬ ،‫اﻟﺗطوﯾر‬ ‫ﻓرﯾق‬ ‫أﻋﺿﺎء‬ ‫ﺑﯾن‬ ‫ﻣﺷﺎرﻛﺗﮭﺎ‬ ‫ﺗﺗم‬ ‫أن‬

25. Questions During Secure Code Review

26. Code Review Checklist
‫اﻟﻌﻣل‬ ‫ﺗم‬ ‫إن‬ ‫اﻟﻣﺑﺎدئ‬ ‫ھذه‬ ،‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫ﻷي‬ ‫ﻣراﺟﻌﺔ‬ ‫ﺑﺄي‬ ‫اﻟﺧﺎﺻﺔ‬ ‫اﻟﻣﺑﺎدئ‬ ‫ﻟﺗﺣدﯾد‬ ‫ﺻﻣﻣت‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﺗﻧوﻋﺔ‬ ‫اﻟﻧﻣﺎذج‬ ‫ﻣن‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫ھﻧﺎك‬
‫ھذه‬ ،‫اﻟﺻﺣﯾﺢ‬ ‫ﺑﺷﻛﻠﮭﺎ‬ ‫اﻟﻣﺑﺎدئ‬ ‫ﺑﮭذه‬ ‫ﻋﻣﻠﮫ‬ ‫ﺣﺎل‬ ‫ﻓﻲ‬ ‫اﻟﺧﺑراء‬ ‫ﻣن‬ ‫ﯾﻌد‬ ‫إﻧﮫ‬ ‫ﺑل‬ ،‫واﻟﺧﺑراء‬ ‫اﻟﻣﺣﺗرﻓﯾن‬ ‫ﻟدرﺟﺔ‬ ‫ﯾرﺗﻘﻲ‬ ‫اﻟﻣراﺟﻊ‬ ‫ﺳﺗﺟﻌل‬ ‫ﺑﮭﺎ‬
‫اﻟﻣﺷﺎﻛل‬ ‫وﻣﻌﺎﻟﺟﺔ‬ ‫ﻟﻣراﻗﺑﺗﮭﺎ‬ ‫وﺗﮭدف‬ ‫ﻓﯾﮭﺎ‬ ‫ﺗﮭﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﻌرﯾﺿﺔ‬ ‫اﻟﻌﻧﺎوﯾن‬ ‫أو‬ ‫اﻷﺳﺎﺳﯾﺔ‬ ‫اﻟﻧﻘﺎط‬ ‫ﻣن‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫ﻋﻠﻰ‬ ‫ﺗﺣﺗوي‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﻘﺎﺋﻣﺔ‬
:‫وھﻲ‬ ،‫ﻣﻧﮭﺎ‬ ‫اﻟﻣﺗوﻗﻌﺔ‬
● Security & Architecture: Data Validation, Authentication, Session Management, Authorization,
Cryptography, Error Handling, Logging, Security Configuration, Network Architecture.
● Application Design: Font uniformity, Color Accessibility, Uniformity of color and design scheme,
Ease of use for users, Minimum number of screens to achieve a use-case, Performance,
Presentation of information, Responsiveness, Accessible content, Accuracy of information
‫ﻓﻲ‬ ‫اﻟﺗﻲ‬ ‫اﻟﻧﻘﺎط‬ ‫ﻓﻲ‬ ،...‫اﻟﺷرﻛﺔ‬ ‫اﺣﺗﯾﺎﺟﺎت‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫ﺑﻧﺎﺋﮫ‬ ‫أو‬ ‫اﻟﻧﻣوذج‬ ‫اﺧﺗﯾﺎر‬ ‫وﯾﺗم‬ ،‫ﻋﺎﻣﺔ‬ ‫وﻧﻣﺎذج‬ ‫ﺗﻔﺻﯾﻠﯾﺔ‬ ‫ﻧﻣﺎذج‬ ‫وھﻧﺎك‬ ،‫وأھداﻓﮭﺎ‬ ‫اﻟﻧﻣﺎذج‬ ‫ﺗﺗﻌدد‬ ‫طﺑﻌﺎ‬
‫ﺑﺷﻛل‬ ‫ﺗﺗوزع‬ ‫أو‬ ،‫اﻛﺑر‬ ‫ﻋﻧوان‬ ‫ﺗﺣت‬ ‫ﻣرﺗﺑﺔ‬ ‫ﻧﻘﺎط‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫ﻣن‬ ‫ﺟزﺋﯾﺔ‬ ‫اﻵﺧر‬ ‫ﺑﻌﺿﮭﺎ‬ ‫وﻓﻲ‬ ،‫اﻷﺳﺎﺳﯾﺔ‬ ‫اﻟﻌﻧﺎوﯾن‬ ‫ھﻲ‬ ‫اﻟﻧﻣﺎذج‬ ‫ﺑﻌض‬ ‫ﻓﻲ‬ ‫ﺗﻛون‬ ‫ﻗد‬ ‫اﻷﻋﻠﻰ‬
...‫ﻣﺧﺗﻠف‬

27. Code Review Checklist

28. Code Review Checklist
●
‫ﻟﺗﺣﺳﯾن‬ ‫وذﻟك‬ ،!‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺗﻧﺳﯾق‬ ‫أن‬ ‫ﻣن‬ ‫ﺗﺣﻘق‬ ،‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺗﺻﻔﺢ‬ ‫أﺛﻧﺎء‬ :Code formatting
tabbing, ‫ال‬ ‫اﻟﻛﻼم‬ ‫ھذا‬ ‫وﯾﺷﻣل‬ ،‫ﻗراﺋﺗﮫ‬ ‫أو‬ ‫إﻟﯾﮫ‬ ‫اﻟﻧظر‬ ‫ﻋﻧد‬ ‫إزﻋﺎج‬ ‫أي‬ ‫وﺟود‬ ‫ﻋدم‬ ‫ﻣن‬ ‫واﻟﺗﺄﻛد‬ ‫اﻟﻘراءة‬ ‫ﻗﺎﺑﻠﯾﺔ‬
...spacing, naming conventions, line length, remove any commented code
‫اﻟﺦ‬
●
‫اﻟﻣﺷروع‬ ‫ﺗﻘﺳﯾم‬ ‫ﯾﺷﻣل‬ ‫وھذا‬ ،‫واﺿﺢ‬ ‫ﺑﺷﻛل‬ ‫وﻣﺑﻧﯾﺔ‬ ‫ﻣﻧظﻣﺔ‬ ‫اﻟﻣﺷروع‬ ‫ﻣﻌﻣﺎرﯾﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ :Architecture
html, css, js ‫ﻣﺛﻼ‬ ‫ﻣﻧظم‬ ‫ﺑﺷﻛل‬ ‫اﻟﻣﻠﻔﺎت‬ ‫وﺗﻘﺳﯾم‬ ،data layer, presentation ‫ال‬ ‫ﻣﺛل‬ ‫طﺑﻘﺎت‬ ‫ﻋدة‬ ‫إﻟﻰ‬
‫اﻟﻣﻛﺗوﺑﺔ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫أن‬ ‫ﻣن‬ ‫اﻟﺗﺄﻛد‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫ﻣﺳﺗﻘﻠﺔ‬ ‫ﻣﻠﻔﺎت‬ ‫ﺷﻛل‬ ‫وﻋﻠﻰ‬ ،‫وواﺿﺣﺔ‬ ‫ﻣﺣددة‬ ‫ﻣﺳﺎرات‬ ‫ﻓﻲ‬
design ‫ال‬ ‫واﺳﺗﺧدام‬ ‫اﻋﺗﻣﺎد‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫اﻟﻣﺳﺗﺧدم‬ framework ‫ال‬ ‫ﻣﻊ‬ ‫ﺻﺣﯾﺢ‬ ‫ﺑﺷﻛل‬ ‫وﺗﺳﯾر‬ ‫ﺗﺗﺑﻊ‬
...‫ﺑرﻣﺟﯾﺎ‬ ‫اﻟﻣﺷروع‬ ‫ﺑﺑﻧﺎء‬ ‫اﻟﺑدء‬ ‫ﻗﺑل‬ ‫اﻟﻣﻧﺎﺳب‬ pattern

29. Code Review Checklist
●
‫اﻟﺷﯾﻔرة‬ ‫ﻟﻛﺗﺎﺑﺔ‬ ‫اﻟﻣﻌﺎﯾﯾر‬ ‫ﺑﺄھم‬ ‫اﻹﻟﺗزام‬ ‫ﯾﺟب‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻛﺗﺎﺑﺔ‬ ‫أﺛﻧﺎء‬ :Coding best practices
،Don't write hard coded ‫ﺗﺷﻣل‬ ‫اﻟﻣﻌﺎﯾﯾر‬ ‫ھذه‬ ،-‫ﻧﻘطﺔ‬ ‫أول‬ ‫ﻓﻲ‬ ‫ذﻛرﻧﺎ‬ ‫ﻛﻣﺎ‬- ‫ﺑﺗﻧﺳﯾﻘﮭﺎ‬ ‫ﻧﻠﺗزم‬ ‫ﻛﻣﺎ‬ ‫اﻟﺑرﻣﺟﺔ‬
‫ال‬ ‫ﺑﻛﺗﺎﺑﺔ‬ ‫وﻋﻠﯾك‬ ،configuration variable ‫ﺗﺿﯾف‬ ‫أو‬ const ‫ﺗﻌرف‬ ‫أو‬ ‫ﺗﺳﺗﺧدم‬ ‫داﯾﻣﺎ‬ ‫ﺑﺗﻘدر‬
‫اﺿﺎﻓﺔ‬ ‫ﺗم‬ ‫ﻟﻣﺎذا‬ ‫وﺗوﺿﯾﺢ‬ ‫ﺷرح‬ ‫ﻓﻲ‬ ‫ﺗﻛﻣن‬ comments ‫ال‬ ‫أھﻣﯾﺔ‬ ‫أن‬ ‫اﻹﻋﺗﺑﺎر‬ ‫ﺑﻌﯾن‬ ‫اﻷﺧذ‬ ‫ﻣﻊ‬ comments
،‫اﻟﺗﻌدﯾل‬ ‫ﻗﺑل‬ ‫إﻟﯾﮭﺎ‬ ‫اﻟﻧظر‬ ‫ﯾﺟب‬ ‫ﻣﺣﺗﻣﻠﺔ‬ ‫ﻣﺷﺎﻛل‬ ‫ھﻧﺎك‬ ‫ﻛﺎن‬ ‫وإن‬ ،‫اﻟﺷﻛل‬ ‫ﺑﮭذا‬ block of code ‫ال‬ ‫ھذا‬ ‫ﻛﺗﺎﺑﺔ‬ ‫أو‬
‫اﻟﺻﻐﯾرة‬ enums ‫ال‬ ‫ﻣن‬ ‫ﻣﺟﻣوﻋﺎت‬ ‫ﺑﻧﺎء‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫ﯾﺣﺗوﯾﮫ‬ ‫ﻣﺎ‬ ‫أو‬ ‫اﻟﻣﺗﻐﯾر‬ ‫ھذا‬ ‫وظﯾﻔﺔ‬ ‫اﻟﻣﺗﻐﯾرات‬ ‫ﻋﻧد‬ ‫واﻟﻛﺗﺎﺑﺔ‬
nested loop, ‫ال‬ ‫ﺗﺟﻧب‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،...Gender: {Male, Female} ‫ﻣﺛل‬ ‫اﻟﺑرﻣﺟﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫داﺧل‬
‫وﺗﺣﻘﯾق‬ ،‫ظﮭورھﺎ‬ ‫ﺣﺎل‬ ‫ﻓﻲ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ھذه‬ ‫ﻣﺛل‬ ‫ﻟﺣل‬ ‫أﺧرى‬ ‫ﺑطرق‬ ‫واﻟﺗﻔﻛﯾر‬ ،levels 3 ‫ﻣن‬ ‫ﻷﻛﺛر‬ nested if
...custom code ‫أي‬ ‫ﻛﺗﺎﺑﺔ‬ ‫ﻗﺑل‬ ‫اﻟﻣﺳﺗﺧدﻣﺔ‬ ‫اﻟﻣﻛﺎﺗب‬ ‫او‬ framework ‫ال‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫ﻣﻣﻛﻧﺔ‬ ‫اﺳﺗﻔﺎدة‬ ‫أﻛﺑر‬

30. Code Review Checklist
●
‫وﯾﻣﻛن‬ ‫ﻣﺑرﻣﺞ‬ ‫ﻷي‬ ‫اﻟﻣﮭﻣﺔ‬ ‫واﻟﻘواﻋد‬ ‫اﻟﻣﻔﺎھﯾم‬ ‫ﺟﻣﯾﻊ‬ ‫وﺗﺷﻣل‬ :Non Functional requirements
:‫ﯾﻠﻲ‬ ‫ﻓﯾﻣﺎ‬ ‫اﺧﺗﺻﺎرھﺎ‬
○
‫وھذا‬ ،‫ﻣﻣﻛن‬ ‫ﺟﮭد‬ ‫ﺑﺄﻗل‬ ‫واﻟﺗﺣدﯾث‬ ‫ﻟﻠﺻﯾﺎﻧﺔ‬ ‫ﻗﺎﺑل‬ ‫ﺑﻧﺎﺋﮫ‬ ‫اﻟﻣراد‬ ‫اﻟﻣﺷروع‬ ‫ﯾﻛون‬ ‫أن‬ ‫ﯾﺟب‬ :Maintainability (Supportability)
‫ﻓﺎﻟﺷﯾﻔرة‬ ،Readability، Testability، Debuggability، Configurability :‫وھﻲ‬ ‫رﺋﯾﺳﯾﺔ‬ ‫ﻣواﺿﯾﻊ‬ 4 ‫ﻓﻲ‬ ‫اﻹھﺗﻣﺎم‬ ‫ﯾﻌﻧﻲ‬
‫وھذه‬ ،comments ‫ال‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫ذﻟك‬ ‫ﯾﺗم‬ ‫أن‬ ‫ﻓﯾﺟب‬ ‫ﺳﮭﻼ‬ ‫ذﻟك‬ ‫ﯾﻛن‬ ‫ﻟم‬ ‫ﻓﺈن‬ ،‫ﺑﻧﻔﺳﮭﺎ‬ ‫ﻧﻔﺳﮭﺎ‬ ‫ﺗﻔﺳر‬ ‫واﺿﺣﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﺑرﻣﺟﯾﺔ‬
‫ﺗﺣﺗوي‬ ،small blocks ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺗﻘﺳﯾم‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫ﯾﺗم‬ ‫وھذا‬ ،Test ‫ﻋﻣﻠﯾﺔ‬ ‫ﺑﺄي‬ ‫اﻟﻘﯾﺎم‬ ‫ﻋﻧد‬ ‫ﺳﮭﻠﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﺷﯾﻔرة‬
‫ﻋﻣل‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫اﻟﻣﻣﻛﻧﺔ‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ﺗﺗﺑﻊ‬ ‫إﻣﻛﺎﻧﯾﺔ‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،block ‫ال‬ ‫ھذا‬ ‫ﺿﻣن‬ ‫ﯾﺗم‬ ‫واﻟﺗﺣﻘق‬ ،block ‫ﻛل‬ ‫ﻓﻲ‬ ‫ﺗﻧﻔﯾذھﺎ‬ ‫اﻟﻣراد‬ ‫اﻟوظﺎﺋف‬
‫ﻣﻌﮫ‬ ‫اﻟﺗﻌﺎﻣل‬ ‫ﯾﺗم‬ ‫ﻣﻛﺎن‬ ‫ﻓﻲ‬ configuration ‫ال‬ ‫ﯾﻛون‬ ‫وأن‬ ،‫اﻟﻔﺣص‬ ‫ﻋﻣﻠﯾﺔ‬ ‫أﺛﻧﺎء‬ ‫ﺗﺣدﯾث‬ ‫اﻟﺗﻲ‬ ‫أو‬ ،‫ﺣدﺛت‬ ‫اﻟﺗﻲ‬ ‫ﻟﻠﻌﻣﻠﯾﺎت‬ ‫واﺿﺢ‬ log
…hard code ‫ﺷﻛل‬ ‫ﻋﻠﻰ‬ ‫ﯾﻛﺗب‬ ‫ﻻ‬ ‫وأن‬ dynamically ‫ﺑﺷﻛل‬
○
‫ﻟل‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺗﻛون‬ ‫وأن‬ ،‫ﻣﻛﺎن‬ ‫ﻣن‬ ‫أﻛﺛر‬ ‫ﻓﻲ‬ ‫ﻟﻺﺳﺗﺧدام‬ ‫ﻗﺎﺑﻠﺔ‬ ‫ﺗﻛﺗﺑﮭﺎ‬ ‫اﻟﺗﻲ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ :Reusability
‫ﺑﻛﺗﺎﺑﺔ‬ ‫أﺑدا‬ ‫ﺗﻘم‬ ‫ﻓﻼ‬ ،DRY ‫ھو‬ ‫ھﻧﺎ‬ ‫اﻟﻣﺑﺎدئ‬ ‫أھم‬ ‫وﻣن‬ ،‫ﺑﺳﮭوﻟﺔ‬ ‫ﻣﻛﺎن‬ ‫ﻣن‬ ‫أﻛﺛر‬ ‫ﯾﺧدم‬ ‫أن‬ ‫ﯾﻣﻛن‬ ‫ﺑﺷﻛل‬ ‫ﻣﺻﻣﻣﺔ‬ classes & function
.‫ﻣﻛﺎن‬ ‫ﻣن‬ ‫أﻛﺛر‬ ‫ﻓﻲ‬ ‫ﻣﻛررة‬ ‫ﻣﺗطﺎﺑﻘﺔ‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬

31. Code Review Checklist
○
‫ﻓﻲ‬ ‫اﻟﻣﺳﺗﺧدﻣﺔ‬ ‫ﻏﯾر‬ ‫اﻟﻣﺻﺎدر‬ ‫ﻣن‬ ‫أي‬ ‫وﺣذف‬ ‫ﺗﻧظﯾف‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫اﻟﻣﺗوﻗﻌﺔ‬ ‫ﻏﯾر‬ ‫اﻷﺧطﺎء‬ ‫ﻣﻌﺎﻟﺟﺔ‬ ‫ﺗﺷﻣل‬ ‫وھﻲ‬ :Reliability
.‫اﻟﻣﺷروع‬
○
.‫ﺑﺳﮭوﻟﺔ‬ ‫أﺧرى‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬ ‫ﻓﻲ‬ ‫واﻻﺳﺗﺑدال‬ ‫ﻟﻠﺗﺣدﯾث‬ ‫ﻗﺎﺑﻠﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫أن‬ ‫ﺗﻌﻧﻲ‬ ‫وھذه‬ :Extensibility
○
‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫واﻟﺗﮭدﯾدات‬ Authentication, authorization, input data validation ‫ﻛل‬ ‫ﺗﺷﻣل‬ ‫وھﻲ‬ :Security
،‫اﻟﻣرور‬ ‫ﻛﻛﻠﻣﺎت‬ ‫وﺣﻣﺎﯾﺗﮭﺎ‬ ‫اﻟﺣﺳﺎﺳﺔ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﻋﻠﻰ‬ ‫ﺑﺎﻟﺣﻔﺎظ‬ ‫اﻻھﺗﻣﺎم‬ ‫ﻋﻠﻰ‬ ‫ﺗﺷﺗﻣل‬ ‫ﻛﻣﺎ‬ ،‫أﻟﺦ‬...XSS, SQL injection ‫ﻛﺎل‬ ‫ذﻟك‬ ‫وراء‬ ‫ﻣن‬
…‫وﻏﯾرھﺎ‬ ‫اﻻﺋﺗﻣﺎﻧﯾﺔ‬ ‫اﻟﺑطﺎﻗﺎت‬ ‫وﻣﻌﻠوﻣﺎت‬
○
‫ھو‬ ‫اﻟﻣوﺿوع‬ ‫ﻟﮭذا‬ ‫اﻟﻌرﯾﺿﺔ‬ ‫اﻟﻧﻘﺎط‬ ‫وأھم‬ ،‫ﻟﻠﻧظﺎم‬ ‫وﻣﻣﺗﺎز‬ ‫ﻋﺎﻟﻲ‬ ‫أداء‬ ‫ﻋﻠﻰ‬ ‫ﻟﻠﺣﻔﺎظ‬ ‫اﻟﻣﻣﻛﻧﺔ‬ ‫اﻟوﺳﺎﺋل‬ ‫ﻛل‬ ‫ﺗﺷﻣل‬ ‫وھﻧﺎ‬ :Performance
synchronous ‫ال‬ ‫اﺳﺗﺧدام‬ ‫ﻋن‬ ‫واﻻﻣﺗﻧﺎع‬ Lazy loading, asynchronous and parallel processing ‫ال‬ ‫اﺳﺗﺧدام‬
.session data ‫وال‬ Caching ‫ال‬ ‫اﺳﺗﺧدام‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫ﻟﻠﺿرورة‬ ‫إﻻ‬
○
‫اﻟﻣﺗوﻗﻌﺔ‬ ‫أو‬ ‫اﻟﻣﻔﺎﺟﺋﺔ‬ ‫اﻟزﯾﺎدة‬ ‫ﺗﺣﻣل‬ ‫ﻋﻠﻰ‬ ‫ﻗﺎدر‬ ‫أﺑﻧﯾﮫ‬ ‫وﻣﺎ‬ ‫ﻓﯾﮫ‬ ‫أﻗوم‬ ‫ﻣﺎ‬ ‫ھل‬ ،‫اﻟﻣﺷروع‬ ‫ﺗﻧﻔﯾذ‬ ‫وأﻧﺛﺎء‬ ‫ﻣﺳﺑﻘﺎ‬ ‫اﻟﺗﻔﻛﯾر‬ ‫ﯾﺗم‬ ‫أن‬ ‫ﯾﺟب‬ :Scalability
‫ﻻﺣق؟‬ ‫وﻗت‬ ‫ﻓﻲ‬ ‫اﻟزﯾﺎدات‬ ‫ﻣﻊ‬ ‫ﻟﺗﺗﻧﺎﺳب‬ ‫اﻟﺟزﺋﯾﺔ‬ ‫ھذه‬ ‫ﺑﺗطوﯾر‬ ‫ﯾﺳﻣﺢ‬ ‫اﻟﻧظﺎم‬ ‫وھل‬ ،‫ﻣﺛﻼ؟‬ ‫اﻟﻣﺳﺟﻠﯾن‬ ‫اﻷﻋﺿﺎء‬ ‫زﯾﺎدة‬ ‫ﺣﺎل‬ ‫ﻓﻲ‬
○
‫ﻓﺈن‬ ،‫وﻣﻔﮭوم‬ ‫ﺳﮭل‬ ‫ﺑﺷﻛل‬ ‫ﻟﻺﺳﺗﺧدام‬ ‫ﻗﺎﺑﻠﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﻧظﺎم‬ ‫ﻓﻲ‬ ‫ﺗظﮭر‬ ‫وظﯾﻔﺔ‬ ‫وأي‬ ‫ﺑﺑﻧﺎﺋﮭﺎ‬ ‫ﺗﻘوم‬ API ‫أي‬ ‫أن‬ ‫اﻟﺗﺄﻛد‬ ‫وﯾﺟب‬ :Usability
...‫ﻣﻌﮭم‬ ‫ﺑك‬ ‫اﻟﺧﺎﺻﺔ‬ ‫اﻷﻓﻛﺎر‬ ‫وﻣﻧﺎﻗﺷﺔ‬ product ‫ال‬ ‫ﻣراﺟﻌﺔ‬ ‫ﻓﻌﻠﯾك‬ ‫ﺑﺎﻟﺗﺻﻣﯾم‬ ‫ﻣﻘﺗﻧﻌﺎ‬ ‫ﺗﻛن‬ ‫ﻟم‬

32. Code Review Checklist
●
:Object-Oriented Analysis and Design (OOAD) Principles
○
‫وﻟﯾﻛن‬ ،class ‫ال‬ ‫أو‬ function ‫ال‬ ‫ﻋﻠﻰ‬ ‫واﺣد‬ ‫ﻣطور‬ ‫أو‬ ‫ﻣﺑرﻣﺞ‬ ‫ﺑوﺿﻊ‬ ‫ﻗم‬ :Single Responsibility Principle (SRS)
‫ﯾوﺟد‬ function ‫أو‬ class ‫وﻛل‬ ،functions ‫وال‬ classes ‫ال‬ ‫ﻣن‬ ‫ﻗطﻊ‬ ‫ﺷﻛل‬ ‫ﻋﻠﻰ‬ ‫ﻣﻘﺳﻣﺎ‬ OOP ‫أﺳﺎس‬ ‫ﻋﻠﻰ‬ ‫ﻟﻠﻌﻣل‬ ‫اﻟﺗوزﯾﻊ‬ ‫ﻧظﺎم‬
‫أﺛﻧﺎء‬ ‫ﻟﻛن‬ ،function ‫ال‬ ‫او‬ class ‫ال‬ ‫ھذا‬ ‫ﺗطوﯾر‬ ‫ﻓﻲ‬ ‫اﻵﺧرﯾن‬ ‫دﻣﺞ‬ ‫ﻣﻊ‬ ‫ﯾﺗﻌﺎرض‬ ‫ﻻ‬ ‫ھذا‬ ‫وطﺑﻌﺎ‬ ،‫ﻟﺑﻧﺎﺋﮫ‬ ‫ﻋﻠﯾﮫ‬ ‫ﯾﻌﻣل‬ ‫ﻓﻘط‬ ‫واﺣد‬ ‫ﻣﺻدر‬
،‫أﺟزاﺋﮫ‬ ‫ﺑﺗطوﯾر‬ ‫اﻟﻣطورﯾن‬ ‫ﻣن‬ ‫ﻛل‬ ‫ﺷروع‬ ‫ﻗﺑل‬ ‫واﺿﺣﺔ‬ ‫اﻟﻣﺧﺗﻠﻔﺔ‬ ‫اﻟﻣﺻﺎدر‬ ‫ﺑﯾن‬ ‫واﻻﻋﺗﻣﺎدﯾﺔ‬ ‫اﻟﺗوزﯾﻊ‬ ‫ﺗﻛون‬ ‫أن‬ ‫وﯾﻔﺿل‬ ،‫اﻟﻛﻼم‬ ‫ﯾﺧﺗﻠف‬ ‫اﻟﺑﻧﺎء‬
.‫ﺑﯾﻧﮭم‬ ‫ﻓﯾﻣﺎ‬ ‫اﻟﺗﻘﺎطﻊ‬ ‫ﻧﻘﺎط‬ ‫ﻟﻣﻌرﻓﺔ‬
○
‫أي‬ ‫ﺗﻌدﯾل‬ ‫ﻋن‬ ‫اﻟﺗوﻗف‬ ‫ﻓﯾﺟب‬ -New functionality- ‫ﺟدﯾدة‬ ‫ﺧﺎﺻﯾﺔ‬ ‫وﺗطوﯾر‬ ‫ﺑﺗﻧﻔﯾذ‬ ‫اﻟﻘﯾﺎم‬ ‫ﻋﻧد‬ :Open Closed Principle
‫ﺑﺣدوث‬ ‫ذﻟك‬ ‫ﻓﯾﺗﺳﺑب‬ ‫ﻣﺗﻧﺎﺳق‬ ‫ﻏﯾر‬ ‫ﺗﺣدﯾث‬ ‫أي‬ ‫أو‬ ‫ﻣﺗوﻗﻌﺔ‬ ‫ﻏﯾر‬ ‫ﻣﺷﺎﻛل‬ ‫أي‬ ‫ﺣدوث‬ ‫ﻟﻣﻧﻊ‬ functionality ‫ال‬ ‫ﺑﮭذه‬ ‫ﻣرﺗﺑطﺔ‬ ‫ﺑرﻣﺟﯾﺔ‬ ‫ﺷﯾﻔرة‬
…‫ﻟﮭﺎ‬ ‫ﺣﺻر‬ ‫ﻻ‬ ‫ﻣﺷﺎﻛل‬
○
‫أن‬ ‫ﯾﺟب‬ sub class ‫ال‬ ‫ﻓﺈن‬ ،sub class ‫وال‬ super class ‫وﺟود‬ ‫ﺣﺎل‬ ‫ﻓﻲ‬ :Liskov substitutability principle
‫ﯾﻣﻛن‬ ‫ﻻ‬ ‫ﻟﮭذا‬ ،‫ﻣﺷﻛﻠﺔ‬ ‫أي‬ ‫ﺣﺻول‬ ‫دون‬ sub class ‫ﺑﺎل‬ super class ‫ﺑﺎل‬ ‫اﻟﺧﺎص‬ object ‫ال‬ ‫إﺳﺗﺑدال‬ ‫ﻣن‬ ‫ﺗﻣﻛﻧﮫ‬ ‫ﺑطرﯾﻘﺔ‬ ‫ﯾﻛﺗب‬
‫ﯾﺟب‬ ‫ﻓﮭﻧﺎ‬ ،!‫ﺑذﻟك‬ super class ‫ال‬ ‫ﯾﺳﻣﺢ‬ ‫أن‬ ‫دون‬ override ‫ﻋﻠﯾﮭﺎ‬ ‫اﻧﻌﻣل‬ method ‫ﻣن‬ param ‫ﺣذف‬ ‫أو‬ ‫ﻣﺣددات‬ ‫وﺿﻊ‬ ‫ﻣﺛﻼ‬
...‫اﻟﻘواﻋد‬ ‫ﺑﻧﻔس‬ ‫ﻟﻛن‬ sub class ‫ﻟل‬ ‫ﻣﻌدﻟﺔ‬ ‫ﻧﺳﺧﺔ‬ ‫ھﻲ‬ override method ‫ال‬ ‫ﺗﻛون‬ ‫أن‬

33. Code Review Checklist
○
interface ‫ﻛل‬ ‫ﻟﯾﺷﻣل‬ ‫اﻟﻣﺳﺗطﺎع‬ ‫ﻗد‬ ‫ﺣﺟﻣﮭﺎ‬ ‫وﺗﻘﻠﯾل‬ interface ‫ال‬ ‫ﻓﺻل‬ ‫ﻣﺑدأ‬ ‫ﻋﻠﻰ‬ ‫ﺗﻘوم‬ ‫وھذه‬ :Interface segregation
.interface ‫ال‬ ‫داﺧل‬ -required- ‫ﺿرورﯾﺔ‬ ‫ﻏﯾر‬ params ‫أي‬ ‫إﺿﺎﻓﺔ‬ ‫ﻋن‬ ‫اﻹﻣﺗﻧﺎع‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫ﻓﻘط‬ ‫ﻷﺟﻠﮭﺎ‬ ‫ﺑﻧﻲ‬ ‫اﻟﺗﻲ‬ ‫اﻟوظﺎﺋف‬
○
‫أي‬ ‫ﻛﺗﺎﺑﺔ‬ ‫ﻣن‬ ‫ﺗﻣﻧﻊ‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﺑدأ‬ ‫أو‬ ‫اﻟطرﯾﻘﺔ‬ ‫ﺑﺄﻧﮭﺎ‬ ‫اﻟﻘول‬ ‫ﯾﻣﻛن‬ ‫ﻋﺎم‬ ‫ﺑﺷﻛل‬ :Dependency Inversion principle
‫ﺑﺗﺻﻣﯾﻣﮫ‬ ‫ﻗﻣﻧﺎ‬ ‫ﻣﺎ‬ ‫ذﻟك‬ ‫ﻋﻠﻰ‬ ‫اﻷﻣﺛﻠﺔ‬ ‫وﻣن‬ ،‫ﻣﻛﺎن‬ ‫ﻣن‬ ‫أﻛﺛر‬ ‫ﻓﻲ‬ dependency ‫ال‬ ‫ھذه‬ ‫اﺳﺗﺧدام‬ ‫وﺳﯾﺗم‬ ‫ﺟزﺋﯾﺔ‬ ‫داﺧل‬ dependency
.axios ‫ال‬ ‫طرﯾق‬ ‫ﻋن‬ API ‫ال‬ ‫ﻣن‬ ‫ﻟﻠﺑﯾﺎﻧﺎت‬ fetch ‫ﻟﻌﻣل‬
،Low level ‫ال‬ ‫ﻋﻠﻰ‬ ‫ﯾﻌﺗﻣد‬ ‫أن‬ ‫ﯾﺟب‬ ‫ﻻ‬ High level ‫ﻓﺈن‬ abstractions ‫ال‬ ‫ﺛﻧﺎﯾﺎھﺎ‬ ‫ﻓﻲ‬ ‫ﺗﺣﺗوي‬ ‫اﻟﺗﻲ‬ ‫اﻟﺑرﻣﺟﺔ‬ ‫ﻟﻐﺎت‬ ‫ﻓﻲ‬ :‫ﻣﻼﺣظﺔ‬
abstractions ‫ال‬ ‫ﻋﻠﻰ‬ ‫ﯾﻌﺗﻣدو‬ ‫ﻻزم‬ low level & high level ‫ال‬ ‫ﺑل‬

34. Code Review Checklist
●
:Application Design
○
‫واﻷﻗﺳﺎم‬ ‫اﻷﺟزاء‬ ‫ﺟﻣﯾﻊ‬ ‫ﻓﻲ‬ ‫واﺣد‬ ‫ﺣﺟم‬ ‫وذات‬ ،‫اﻟﺣﺟم‬ ‫ﻣﺗﻧﺎﺳﻘﺔ‬ ‫اﻟﺗطﺑﯾق‬ ‫داﺧل‬ ‫اﻟﻣﺳﺗﺧدﻣﺔ‬ ‫اﻟﺧطوط‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ :Font uniformity
…‫اﻷﺟﮭزة‬ ‫ﺟﻣﯾﻊ‬ ‫ﻋﻠﻰ‬ ‫ﻟﻠﻘراﺋﺔ‬ ‫ﻗﺎﺑﻠﺔ‬ ‫اﻟﺧطوط‬ ‫أﺣﺟﺎم‬ ‫ﺗﻛون‬ ‫أن‬ ‫وﯾﺟب‬ ،‫اﻷﻟوان‬ ‫وﻛذﻟك‬ ،‫اﻟﻣﺗﺷﺎﺑﮭﺔ‬
○
‫ﻓﻲ‬ ‫اﻟﻣﺳﺗﺧدﻣﯾن‬ ‫ﻓﺋﺎت‬ ‫ﺟﻣﯾﻊ‬ ‫ﻣن‬ ‫إﻟﯾﮭﺎ‬ ‫اﻟوﺻول‬ ‫وﯾﻣﻛن‬ ‫ﻣﺳﺗﺧدﻣﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﻧظﺎم‬ ‫ﻓﻲ‬ ‫اﻟﻣﺳﺗﺧدﻣﺔ‬ ‫اﻷﻟوان‬ :Color Accessibility
‫اﻟﻣوﻗﻊ‬
○
.‫ﺑﺎﻟوﺿوح‬ ‫وﯾﺗﺳﻣﺎن‬ ،‫ﻣﻌﺎ‬ ‫ﻣﺗﻧﺎﺳﻘﯾن‬ ‫واﻟﺗﺻﻣﯾم‬ ‫اﻷﻟوان‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ :Uniformity of color and design scheme
○
.‫ﻟﻠﻣﺳﺗﺧدﻣﯾن‬ ‫وﺳﻠﺳﻠﺔ‬ ‫ﺳﮭﻠﺔ‬ ‫اﻟوﺻول‬ ‫طرﯾﻘﺔ‬ ‫ﻣﻌرﻓﺔ‬ ‫أو‬ ‫اﻟوﺻول‬ ‫ﯾﻛون‬ ‫أن‬ ‫ﯾﺟب‬ :Ease of use for users
○
‫اﻟﻣﺳﺗﺧدﻣﯾن‬ ‫ﻗﺑل‬ ‫ﻣن‬ ‫ﻟﻠﻣطﻠوب‬ ‫اﻟوﺻول‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺣب‬ :Minimum number of screens to achieve a use-case
‫واﻟﺗﻧﻘﻼت‬ ‫اﻟواﺟﮭﺎت‬ ‫ﻣن‬ ‫ﻋدد‬ ‫ﺑﺄﻗل‬
○
.‫ﻟﻠﻌرض‬ ‫ﻓﻘط‬ ‫اﻟﻣطﻠوﺑﺔ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫واﺳﺗرﺟﺎع‬ ،‫اﻟﺳﯾرﻓر‬ ‫ﻋﻠﻰ‬ requests ‫ال‬ ‫ﻣﻣﻛن‬ ‫ﻋدد‬ ‫وأﻗل‬ caching ‫ال‬ ‫وﺗﺷﻣل‬ :Performance

35. Code Review Checklist
○
،‫ﻣﺗﺎﺣﺔ‬ ‫طرﯾﻘﺔ‬ ‫أو‬ format ‫ﺑﺄﻓﺿل‬ ‫ﻣﺗﺎﺣﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫ﻋرﺿﮭﺎ‬ ‫ﯾﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﻌﻠوﻣﺎت‬ :Presentation of information
‫اﻷﺟﮭزة‬ ‫أﻧواع‬ ‫ﺟﻣﯾﻊ‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫اﻟﻣﻌﻠوﻣﺎت‬ ‫ﻟﮭذه‬ ‫اﻟوﺻول‬ ‫ﯾﺗم‬ ‫أن‬ ‫وﯾﺟب‬ ،‫واﺿﺣﺔ‬ ‫ﺑطرﯾﻘﺔ‬ ‫اﻟﻣﻌﻠوﻣﺎت‬ ‫ھذه‬ layout ‫ال‬ ‫ﯾﻌرض‬ ‫أن‬ ‫وﯾﺟب‬
…‫اﻟطرﯾﻘﺔ‬ ‫ﺑﻧﻔس‬ ‫وﻏﯾرھﺎ‬ ‫واﻟﻣواﻗﻊ‬ ‫واﻟﮭواﺗف‬
○
.‫اﻟﻣﺧﺗﻠﻔﺔ‬ ‫اﻟﺷﺎﺷﺎت‬ ‫ﻷﺣﺟﺎم‬ ‫اﻷﺳﺎﺳﯾﺔ‬ ‫اﻟواﺟﮭﺎت‬ ‫ﺟﻣﯾﻊ‬ ‫اﻟوﯾب‬ ‫ﺗطﺑﯾق‬ ‫ﯾدﻋم‬ ‫أن‬ ‫ﯾﺟب‬ :Responsiveness
○
‫ﺣﺗﻰ‬ ‫اﻟﻣﺗﺻﻔﺣﺎت‬ ‫او‬ ‫اﻷﺟﮭزة‬ ‫ﺟﻣﯾﻊ‬ ‫ﻋﻠﻰ‬ ‫وﺳﺗﻌﻣل‬ ‫ﺳﯾظﮭر‬ ‫ﺑﺗﺻﻣﯾﻣﮫ‬ ‫ﺗﻘوم‬ ‫اﻟذي‬ ‫اﻟﻣﺣﺗوى‬ ‫ﺑﺄن‬ ‫ﺗﮭﺗم‬ ‫أن‬ ‫ﯾﺟب‬ :Accessible content
،mobile ‫وﺟود‬ ‫ﺣﺎل‬ ‫ﻓﻲ‬ touch screen ‫ﻛﺎل‬ ‫اﻟﻣﮭﻣﺔ‬ ‫اﻟﺧﺻﺎﺋص‬ ‫ﺑﻌض‬ ‫اﻹﻋﺗﺑﺎر‬ ‫ﺑﻌﯾن‬ ‫اﻷﺧذ‬ ‫ﯾﺟب‬ ‫ﻛﻣﺎ‬ ،‫اﻟﺷرﻛﺎت‬ ‫اﺧﺗﻠﻔت‬ ‫ﻟو‬
.‫ﺗﻠزم‬ ‫ﻻ‬ redirects ‫أي‬ ‫ﻋن‬ ‫واﻻﻣﺗﻧﺎع‬
○
‫ﯾﺗوﻗف‬ ‫أن‬ ‫دون‬ ‫ﯾﺣﺗﺎج‬ ‫ﻟﻣﺎ‬ ‫اﻟﻣﺳﺗﺧدم‬ ‫ﯾﺻل‬ ‫ﺑﺄن‬ ‫ﻛﻔﯾﻠﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ API ‫ال‬ ‫ﯾﻘدﻣﮭﺎ‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﻌﻠوﻣﺎت‬ :Accuracy of information
.‫ﻓﯾﮫ‬ ‫ﯾﻘوم‬ ‫اﻟذي‬ flow ‫ال‬ ‫ﻟﺗﺳﻠﺳل‬ ‫ﻗطﻊ‬ ‫أي‬ ‫ﻣن‬ ‫ﻣﻣﻛن‬ ‫ﻗدر‬ ‫وﺑﺄﻗل‬

36. :‫اﻟﺰﻣﺮ‬ ‫ﺳﻮر‬ ‫ﻓﻲ‬ ‫ﺗﻌﺎﻟﻰ‬ ‫ﻗﺎل‬
ُ
‫ر‬َ‫ﺬ‬ ْ
‫ﺤ‬ َ
‫ﻳ‬ ‫ﺎ‬ ً
‫ﻤ‬ ِ
‫ﺎﺋ‬ َ
‫ﻗ‬ َ
‫و‬ ‫ا‬ ً‫ﺪ‬ ِ
‫ﺎﺟ‬ َ
‫ﺳ‬ ِ
‫ﻞ‬ ْ
‫ﻴ‬ َّ‫اﻟﻠ‬ َ
‫ﺎء‬ َ
‫آﻧ‬ ٌ
‫ﺖ‬ ِ
‫ﺎﻧ‬ َ
‫ﻗ‬ َ
‫ﻮ‬ ُ
‫ﻫ‬ ْ
‫ﻦ‬ َّ
‫ﻣ‬َ‫"أ‬
َ
‫ﻳﻦ‬ ِ
‫ﺬ‬ َّ‫اﻟ‬ ‫ي‬ ِ
‫ﻮ‬ َ
‫ﺘ‬ ْ
‫ﺴ‬ َ
‫ﻳ‬ ْ
‫ﻞ‬ َ
‫ﻫ‬ ْ
‫ﻞ‬ ُ
‫ﻗ‬ ۗ ِ
‫ﻪ‬ ِّ
‫ﺑ‬ َ
‫ر‬ َ
‫ﺔ‬ َ
‫ﻤ‬ ْ
‫ﺣ‬ َ
‫ر‬ ‫ﻮ‬ ُ
‫ﺟ‬ ْ
‫ﺮ‬ َ
‫ﻳ‬ َ
‫و‬ َ
‫ة‬ َ
‫ﺮ‬ ِ
‫ﺧ‬ ْ
‫اﻵ‬
‫ﻮ‬ ُ‫وﻟ‬ُ‫أ‬ ُ
‫ﺮ‬ َّ‫ﻛ‬َ‫ﺬ‬ َ
‫ﺘ‬ َ
‫ﻳ‬ ‫ﺎ‬ َ
‫ﻤ‬ َّ
‫ﻧ‬ِ‫إ‬ ۗ َ
‫ﻮن‬ ُ
‫ﻤ‬ َ‫ﻠ‬ ْ
‫ﻌ‬ َ
‫ﻳ‬ َ
‫ﻻ‬ َ
‫ﻳﻦ‬ ِ
‫ﺬ‬ َّ‫اﻟ‬ َ
‫و‬ َ
‫ﻮن‬ ُ
‫ﻤ‬ َ‫ﻠ‬ ْ
‫ﻌ‬ َ
‫ﻳ‬
" ِ
‫ﺎب‬ َ
‫ﺒ‬ ْ‫ﻟ‬ َ ْ
‫اﻷ‬

37. Application Threat Modeling
‫أي‬ ‫ﻓﻲ‬ ‫اﻷﻣﻧﻲ‬ ‫اﻟﻧظﺎم‬ ‫ﺗﺣﻠﯾل‬ ‫ﺻﻣﯾم‬ ‫ﻓﻲ‬ ‫ﺗدﺧل‬ ‫اﻟﺗﻲ‬ ‫اﻟطرق‬ ‫إﺣدى‬ Application Threat Modeling ‫ال‬ ‫ﺗﻌد‬
‫ﻓﻲ‬ ‫اﻟﻧظر‬ ‫ﻋﻧد‬ ‫ﻟﻠﻣطورﯾن‬ ‫ﻣﮭﻣﺔ‬ ‫ﻟﻠﻔﺗﺔ‬ ‫ﻧﻣوذج‬ ‫ﺗﻘدم‬ ‫أﻧﮭﺎ‬ ‫إﻻ‬ ،‫اﻟﺷراﺋﺢ‬ ‫ھذه‬ ‫ﺻﻣﯾم‬ ‫ﻣن‬ ‫ﻟﯾﺳت‬ ‫اﻟﺟزﺋﯾﺔ‬ ‫ھذه‬ ‫أن‬ ‫وﻣﻊ‬ ،‫ﺗطﺑﯾق‬
‫أﻗرب‬ ‫ﯾﻛون‬ ‫ﻗد‬ ‫ﺗﻌداد‬ ‫أو‬ ‫ﺑﺻﯾﻐﺔ‬ ‫ﻟﻛن‬ modeling ‫ال‬ ‫ھذا‬ ‫ﺑﮭﺎ‬ ‫ﯾﮭﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻷﺟزاء‬ ‫ھﻧﺎ‬ ‫وﺳﺄذﻛر‬ ،‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬
:‫وھﻲ‬ ،‫اﻟﺗﺳﻠﺳل‬ ‫ﻟﺳرد‬ ‫اﻟﻛﺗﺎب‬ ‫ﻓﻲ‬ ‫اﻟﻣﻌﺗﻣدة‬ ‫اﻟﺧطوات‬ ‫ﻧﻔس‬ ‫ﺳﺄﻋﺗﻣد‬ ‫و‬ ،‫اﻟﺷراﺋﺢ‬ ‫ھذه‬ ‫ﻟﻣوﺿوع‬
:‫اﻷوﻟﻰ‬ ‫اﻟﺧطوة‬
‫اﻟﺗطﺑﯾق‬ ‫ﺑﻔﮭم‬ ‫اﻻھﺗﻣﺎم‬ ‫ﺑوﺟوب‬ ‫ﺗﻔﯾد‬ ‫واﻟﺗﻲ‬ ‫ﺧطوة‬ ‫وأھم‬ ‫أول‬ ‫اﻟﺧطوة‬ ‫ھذه‬ :Decompose the Application
‫ﺛﺎﻟث‬ ‫طرف‬ ‫أو‬ ‫ﺟﮭﺔ‬ ‫أي‬ ‫ﻣﻊ‬ ‫اﻟﺗطﺑﯾق‬ ‫ﺗﻌﺎﻣل‬ ‫وﻛﯾﻔﯾﺔ‬ ‫ﻋﻣﻠﮫ‬ ‫وﺳﯾر‬
:‫ﺑﮭﺎ‬ ‫اﻹھﺗﻣﺎم‬ ‫ﯾﺟب‬ ‫اﻟﺗﻲ‬ ‫اﻟﻧﻘﺎط‬ ‫أھم‬ ‫ھﻲ‬ ‫وھذه‬

38. Application Threat Modeling
●
‫ﻣن‬ ‫اﻟﺗﺄﻛد‬ ‫ﯾﺟب‬ ‫ﺧﺎرﺟﯾﺔ‬ dependencies ‫ك‬ ‫ﻋﻧﺻر‬ ‫أي‬ ‫إﺿﺎﻓﺔ‬ ‫ﻋﻧد‬ :External Dependencies
‫إذا‬ ‫ﻓﻣﺛﻼ‬ ،‫ﺗﺣدﯾدا‬ production env ‫ال‬ ‫ﻋﻠﻰ‬ ‫واﻟﺗﺄﺛﯾر‬ ‫اﻹﺳﺗﺧدام‬ ‫طرﯾﻘﺔ‬ ‫اﻟﺗﺄﺛﯾر‬ ‫ﯾﺷرح‬ ‫ﺑﺷﻛل‬ ‫ﻟﻠﺗوﺛﯾق‬ ‫إﺿﺎﻓﺗﮭﺎ‬
production ‫ال‬ ‫إﻟﻰ‬ ‫ﺑﺎﻹﺿﺎﻓﺔ‬ ،‫اﻟﻣراد‬ ‫وﺗطﺑﯾق‬ ‫ﺑﻧﺎء‬ ‫آﻟﯾﺔ‬ ‫ﺗوﺛﯾق‬ ‫ﯾﺗم‬ ‫أن‬ ‫ﻓﯾﺟب‬ AWS ‫ﻋﻠﻰ‬ ‫اﻋﺗﻣدﻧﺎ‬
‫وﻋدم‬ ‫ﺑﺎﻟﻣؤﺳﺳﺔ‬ ‫اﻟﻣﻌﺗﻣدة‬ ‫اﻟﺗوﺛﯾق‬ ‫طرﯾﻘﺔ‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫ﻣﻧظم‬ ‫ﺑﺷﻛل‬ ‫ﯾﺗم‬ ‫أن‬ ‫ﺑﺟب‬ ‫اﻟﺗوﺛﯾق‬ ‫وھذا‬ ،environment
‫ﺣﯾن‬ ‫اﻟﻔﺎﺋدة‬ ‫ﻣﻊ‬ ،task ticket ‫ﻋﻠﻰ‬ ‫اﻟﺗﻌﻠﯾق‬ ‫ﺑﻛﺗﺎﺑﺔ‬ ‫اﻹﻛﺗﻔﺎء‬ ‫ﻣﺛل‬ ‫ﺑﮭﺎ‬ ‫ﺗﺗﻌﻠق‬ ‫ﻻ‬ ‫اﻟﺗﻲ‬ ‫اﻷﻧظﻣﺔ‬ ‫ﻋﻠﻰ‬ ‫ﺑﺗوﺛﯾﻘﮭﺎ‬ ‫اﻹﻛﺗﻔﺎء‬
...‫ﺗﺣرﯾﻛﮭﺎ‬ ‫أو‬ ‫إﻏﻼﻗﮭﺎ‬ ‫ﻗﺑل‬ ‫اﻟﺗﻛت‬ ‫ﻋﻠﻰ‬ ‫ﻛﺗﺎﺑﺗﮭﺎ‬
●
‫اﻟﻣﺧرب‬ ‫أو‬ ‫اﻟﻣﺧﺗرق‬ ‫أو‬ ‫اﻟﻣﮭﺎﺟم‬ ‫ﺧﻼﻟﮭﺎ‬ ‫ﻣن‬ ‫ﯾﻣﻛن‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﻧﺎﻓذ‬ ‫ﺟﻣﯾﻊ‬ ‫ﺳرد‬ ‫ﺗﺷﻣل‬ ‫اﻟﻧﻘطﺔ‬ ‫ھذه‬ :Entry Points
‫اﻟﻣواﻗﻊ‬ ‫ﻓﻲ‬ ‫اﻟﺟزﺋﯾﺔ‬ ‫ھذه‬ ‫وﺗﺷﻣل‬ ،attack vector ‫ب‬ ‫أﯾﺿﺎ‬ ‫وﺗﺳﻣﻰ‬ ،‫ھدﻓﮫ‬ ‫إﻟﻰ‬ ‫ﻟﻠوﺻول‬ ‫اﺳﺗﻐﻼھﺎ‬ ‫ﻣن‬
،popup window ‫ال‬ ،chat ‫ال‬ ‫وﺗﺷﻣل‬ ،emails ‫ال‬ ‫ﻣﺛﻼ‬ ‫وﺗﺷﻣل‬ ،form pages ‫ﻣﺛﻼ‬ ‫اﻹﻟﻛﺗروﻧﯾﺔ‬
‫ﻓﻲ‬ ‫واﻟﺗﻌدﯾل‬ ،‫ﺟدا‬ ‫دﻗﯾﻘﺔ‬ ‫اﻟﺟزﺋﯾﺎت‬ ‫ھذه‬ ‫ﻓﻲ‬ ‫اﻟﻣراﺟﻌﺔ‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫ﻟذﻟك‬ ،...socket messages ‫ال‬
.‫اﻟﻣﻧﻔذ‬ ‫ﻟﮭذا‬ ‫ﺷﺎﻣﻠﺔ‬ ‫ﻣراﺟﻌﺔ‬ ‫ﯾﺗطﻠب‬ ‫ﺟزﺋﯾﺎﺗﮭﺎ‬

39. Application Threat Modeling
●
‫وإﻣﺎ‬ ،Physical Assets ‫ال‬ ‫ﻓﻲ‬ ‫رﻏﺑﺔ‬ ‫إﻣﺎ‬ ،‫إﺛﻧﯾن‬ ‫ﻣن‬ ‫ﻟﮭدف‬ ‫ﺑذﻟك‬ ‫ﯾﻘوم‬ ‫ﻣﺎ‬ ‫ﻋﺎدة‬ ‫ﻣﺧﺗرق‬ ‫أي‬ ‫إن‬ :Assets
‫ﻓﻲ‬ ‫ﻋوﻧﺎ‬ ‫ﻟﮫ‬ ‫ﺗﻘدم‬ ‫ﻗد‬ ‫وﺑﯾﺎﻧﺎت‬ ‫ﻣﻌﻠوﻣﺎت‬ ‫ﻣن‬ ‫ﻋﻠﯾﮫ‬ ‫ﯾﺣﺻل‬ ‫ﻗد‬ ‫ﻣﺎ‬ ‫ﻓﻲ‬ ‫ﻣﮭﺗم‬ ‫ﻓﮭو‬ ‫اﻷوﻟﻰ‬ ‫ﻓﻲ‬ ،abstract asset
‫إن‬ ،‫ﻟذﻟك‬ ،‫اﺧﺗراﻗﮭﺎ‬ ‫اﻟﻣراد‬ ‫اﻟﺷرﻛﺔ‬ ‫ﺑﺳﻣﻌﺔ‬ ‫ﻟﻺﺿرار‬ ‫ﺗﻛون‬ ‫واﻟﺛﺎﻧﯾﺔ‬ ،‫اﻟﺦ‬...‫ﻣﺎدﯾﺔ‬ ‫ﻣﻧﻔﻌﺔ‬ ،‫أﺧرى‬ ‫اﺧﺗراق‬ ‫ﻋﻣﻠﯾﺎت‬
‫ﻓﺈن‬ ‫ﻟﮭذا‬ ،‫ﺑوﺟودھﺎ‬ ‫ﺗﻧﺑﺄت‬ ‫أو‬ ‫اﻟﺧطورة‬ ‫ﻣﻘدار‬ ‫ﻣن‬ ‫ﻗﻠﻠت‬ ‫ﺣﻣﺎﯾﺗﮭﺎ‬ ‫ﯾﺟب‬ ‫واﻟﺗﻲ‬ ‫ﻟدﯾك‬ ‫اﻟﺗﻲ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫أھم‬ ‫ﺗﺣدﯾد‬ ‫اﺳﺗطﻌت‬
...‫ﺑﺧﺳﺎرﺗﮫ‬ ‫ﺗرﻏب‬ ‫ﻻ‬ ‫وﻣﺎ‬ ‫ﺑﺣﻣﺎﯾﺗﮫ‬ ‫ﺗرﻏب‬ ‫ﻣﺎ‬ ‫اﻹﻋﺗﺑﺎر‬ ‫ﺑﻌﯾن‬ ‫ﺗﺄﺧذ‬ ‫أن‬ ‫ﯾﺟب‬ ‫ﻣراﺟﻌﺔ‬ ‫ﻋﻣﻠﯾﺔ‬ ‫أي‬
●
‫اﻟﺗﻲ‬ ‫اﻟطرق‬ ‫أﻛﺛر‬ ‫ﻣن‬ ‫وﺗوﻗﻌﮭﺎ‬ ‫اﻟﮭﺟوم‬ ‫طرق‬ ‫ﺗﺣدﯾد‬ ‫ﯾﻌد‬ :Determining the Attack Surface
‫ھﻲ‬ ‫ﺟزﺋﯾﺔ‬ ‫وأول‬ ،‫اﻟﻧظﺎم‬ ‫ھذا‬ ‫ﺣﻣﺎﯾﺔ‬ ‫ﻋن‬ ‫ﻣﺳؤول‬ ‫ھو‬ ‫ﻣن‬ ‫وﻛذﻟك‬ ،‫ﻧظﺎم‬ ‫أي‬ ‫إﻟﻰ‬ ‫ﻟﻠدﺧول‬ ‫اﻟﻣﺧﺗرﻗون‬ ‫ﯾﺳﺗﺧدﻣﮭﺎ‬
‫ھذا‬ ‫وﯾﺷﻣل‬ ،‫اﻟﻌﻣل‬ ‫أﺛﻧﺎء‬ ‫ﻋﻠﯾﮭﺎ‬ ‫ﯾطرأ‬ ‫ﺗﻌدﯾل‬ ‫أي‬ ‫وﻣراﺟﻌﺔ‬ ‫ﻣﻧﮭﺎ‬ ‫واﻟﺗﺣﻘق‬ ‫اﻟﻣﻣﻛﻧﺔ‬ input paths ‫ال‬ ‫ﺟﻣﯾﻊ‬ ‫ﺣﺻر‬
Browser input, Cookies, Property files, External processes, Data feeds,
Service responses, Flat files, Command line parameters, Environment
variables

40. Application Threat Modeling
●
‫ﺷﯾﻔرة‬ ‫أي‬ ‫ﻣﻊ‬ ‫اﻟﺗﻌﺎﻣل‬ ‫ﻓﻲ‬ ‫ﻣﮭم‬ ‫أﻣر‬ ‫ﺟزﺋﯾﺔ‬ ‫أي‬ ‫ﻋﻠﻰ‬ ‫اﻟﻌﻣل‬ ‫ﻋﻧد‬ ‫اﻟﻼزﻣﺔ‬ ‫اﻟﺻﻼﺣﯾﺔ‬ ‫ﻣﻘدار‬ ‫ﺗﺣدﯾد‬ :Trust Levels
‫ﻣراﺟﻌﺔ‬ ‫أﺛﻧﺎء‬ ‫اﻟﻣﺑدأ‬ ‫ھذا‬ ‫ﻋﻠﻰ‬ ‫اﻟﺗﺄﻛﯾد‬ ‫ﯾﻌﻧﻲ‬ ‫وھذا‬ ،external resource ‫ال‬ ‫ﻣن‬ ‫ﺧﺻوﺻﺎ‬ ‫ﻟﻠﺗﻧﻔﯾذ‬ ‫ﻗﺎﺑﻠﺔ‬ ‫ﺑرﻣﺟﯾﺔ‬
‫ﻓﯾﺟب‬ ‫ﻧﻘﺻﺎن‬ ‫أو‬ ‫زﯾﺎدة‬ ‫إﻣﺎ‬ ‫اﻟﻘواﻋد‬ ‫ﺗﻐﯾﯾر‬ ‫وﻋﻧد‬ ،‫اﻟﻣطﻠوب‬ ‫ﻣن‬ ‫أﻛﺑر‬ ‫ﺻﻼﺣﯾﺔ‬ ‫ﻹﻋطﺎء‬ ‫داﻋﻲ‬ ‫ﻓﻼ‬ ،‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬
…‫اﻟﺟدﯾد‬ ‫اﻟﺗﻌدﯾل‬ ‫ﻣﻊ‬ ‫ﯾﺗﻧﺎﺳب‬ ‫ﺑﻣﺎ‬ ‫أﯾﺿﺎ‬ ‫اﻟﺻﻼﺣﯾﺔ‬ ‫ﻋﻠﻰ‬ ‫اﻟﺗﻌدﯾل‬
●
‫وﻛﯾﻔﯾﺔ‬ ‫ﻣﻌﺎﻟﺟﺗﮭﺎ‬ ‫آﻟﯾﺔ‬ ‫ھﻲ‬ ‫وﻣﺎ‬ dynamic data & static data ‫ال‬ ‫ﻣﻌرﻓﺔ‬ :Data flow analysis
...‫ﺗﺣﻣﻠﮭﺎ‬ ‫اﻟﺗﻲ‬ ‫اﻟﻘﯾم‬ ‫وﻣﻌﺎﻟﺟﺔ‬ ‫ﺑﮭﺎ‬ ‫اﻟﺧﺎﺻﺔ‬ params ‫ال‬ ‫ﻣﻊ‬ ‫اﻟﺗﻌﺎﻣل‬

41. Application Threat Modeling
●
‫ﺟﻣﯾﻊ‬ ‫ﻋن‬ ‫ﯾﻌرف‬ ‫أن‬ ‫اﻟﻣراﺟﻊ‬ ‫ﻋﻠﻰ‬ ‫ﻓﯾﺟب‬ ،‫ﺟدا‬ ‫ﺟدا‬ ‫اﻟﻣﮭﻣﺔ‬ ‫اﻟﻧﻘﺎط‬ ‫ﻣن‬ ‫اﻟﻧﻘطﺔ‬ ‫ھذه‬ :Transaction analysis
‫اﻟﻣوﺿوع‬ ‫ھذا‬ ‫أھﻣﯾﺔ‬ ‫وﺗﻛﻣن‬ ،‫ﻣﻌﮭﺎ‬ ‫اﻟﺗﻌﺎﻣل‬ ‫ﯾﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻋﻠﻰ‬ ‫أﻣﺎﻣﮫ‬ ‫اﻟﺣﺎﺻﻠﺔ‬ Transaction ‫ال‬
:‫ب‬ ‫ﺟﻣﻌﮭﺎ‬ ‫ﯾﻣﻛن‬ ‫اﻟﺣرﻛﺎت‬ ‫وھذه‬ ،"‫وإﻟﻰ‬ ‫"ﻣن‬ ‫اﻟﺣرﻛﺎت‬ ‫ﻣن‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫ﻋﻠﻰ‬ ‫ﻗﺎﺋم‬ ‫ھو‬ ‫اﻟﻧظﺎم‬ ‫ﺑﺄن‬
Data/Input Validation of data from all untrusted sources, Authentication,
Session Management, Authorization, Cryptography (data at rest and in
transit), Error Handling /Information Leakage, Logging /Auditing

42. Application Threat Modeling
‫ﻓﻣن‬ ،‫اﻟﻣراﺟﻌﺔ‬ ‫ﻣن‬ ‫اﻷﻣﻧﻲ‬ ‫اﻟﺟﺎﻧب‬ ‫ﯾﺑرز‬ ‫اﻟﺧطوة‬ ‫ھذه‬ ‫ﻓﻲ‬ :Determine and rank threats :‫اﻟﺛﺎﻧﯾﺔ‬ ‫اﻟﺧطوة‬
‫اﻟﺗﮭدﯾدات‬ ‫ﻟﮭذه‬ ‫ﺗﺻﻧﯾﻔﺎت‬ ‫ﺑﻧﺎء‬ ‫ﯾﺗم‬ ‫اﻟﻣرﺣﻠﺔ‬ ‫ھذه‬ ‫ﻓﻲ‬ ،‫اﻟﺧطورة‬ ‫ﺣﯾث‬ ‫ﻣن‬ ‫وﺗرﺗﯾﺑﮭﺎ‬ ‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻟﺗﮭدﯾدات‬ ‫ﺗﺣدﯾد‬ ‫ﯾﺗم‬ ‫ﺧﻼﻟﮭﺎ‬
.STRIDE ‫ال‬ ‫ﻣﻧﮭﺎ‬ ‫ﻧذﻛر‬ ‫ﻟذﻟك‬ ‫ﻧﻣﺎذج‬ ‫ﻋدة‬ ‫وھﻧﺎك‬ ،‫اﻟﻣﺣﺗﻣﻠﺔ‬
Spoofing, Tampering, Repudiation, Information ‫ل‬ ‫اﺧﺗﺻﺎر‬ ‫ھﻲ‬ STRIDE ‫ال‬
‫ال‬ ‫إﺣدى‬ ‫وھﻲ‬ ،Disclosure, Denial of Service (DoS), and Elevation of privilege
‫واﻵن‬ ،‫ﺧﻼﻟﮭﺎ‬ ‫ﻣن‬ ‫اﻹﺳم‬ ‫ﺑﻧﺎء‬ ‫ﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻻﺧﺗﺻﺎرات‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫اﻷﻣﻧﯾﺔ‬ ‫ﻟﻠﺗﮭدﯾدات‬ ‫ﺗﺻﻧﯾف‬ ‫ﻟﺑﻧﺎء‬ ‫اﻟﻣﺳﺗﺧدﻣﺔ‬ models
:‫اﻟﻣﺻطﻠﺣﺎت‬ ‫ﻟﮭذه‬ ‫ﺑﺳﯾط‬ ‫ﺑﺗوﺿﯾﺢ‬ ‫ﺳﻧﻘوم‬

43. Application Threat Modeling
●
‫ﺗﺣدث‬ ‫أن‬ ‫ﯾﻣﻛن‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﺧﺎطر‬ ‫أھم‬ ‫ﻣن‬ ‫واﺣدة‬ ‫وھﻲ‬ ،”Identity spoofing“ ‫ال‬ ‫ﺑﮭﺎ‬ ‫وﯾﻘﺻد‬ :Spoofing
‫ﻻ‬ ‫أﻣر‬ ‫وھذا‬ ،‫اﻟﺗطﺑﯾق‬ ‫ﻣﺳﺗوى‬ ‫ﻋﻠﻰ‬ ‫أو‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﻗواﻋد‬ ‫ﻣﺳﺗوى‬ ‫ﻋﻠﻰ‬ ‫ﯾﻛون‬ ‫ﻗد‬ ‫ھذا‬ ‫اﻟﮭوﯾﺔ‬ ‫اﻧﺗﺣﺎل‬ ،‫ﺗطﺑﯾق‬ ‫أي‬ ‫ﻓﻲ‬
‫ﯾﻣﻧﻊ‬ ‫ﻣﺎ‬ ‫ﻓﯾﮭﺎ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫أن‬ ‫ﻣن‬ ‫اﻟﺗﺣﻘق‬ ‫ﻣن‬ ‫ھﻧﺎ‬ ‫اﻟﻣراﺟﻊ‬ ‫ودور‬ ،‫ﺟدا‬ ‫ﺧطر‬ ‫وھو‬ ‫اﻟﻧظﺎم‬ ‫ﻓﻲ‬ ‫ﯾﻛون‬ ‫أن‬ ‫ﯾﺟب‬
‫ﻣﺳﻣوﺣﺔ‬ ‫أﻧﮭﺎ‬ ‫ﯾﻌﻧﻲ‬ ‫ﻓﮭذا‬ ‫ﻣوﺟودة‬ ‫ﻛﺎﻧت‬ ‫إذا‬ ‫ﺗﺄﻛﯾد‬ ‫ﺑﻛل‬- y ‫ﻣﺳﺗﺧدم‬ ‫ﻣﻌﻠوﻣﺎت‬ ‫ﺑﺗﻌدﯾل‬ x ‫ﻣﺳﺗﺧدم‬ ‫ﯾﻘوم‬ ‫أن‬ ‫ﻣن‬ ‫ﻣﺛﻼ‬
.-‫ﺑذﻟك‬ ‫ﺗﺳﻣﺢ‬ ‫واﺿﺣﺔ‬ role ‫ﺧﻼل‬ ‫ﻣن‬ ‫ﺗﺗم‬ ‫أن‬ ‫وﯾﺟب‬
●
‫اﻟﺗﻼﻋب‬ ‫ھذا‬ ،‫اﻟﺛﻐرات‬ ‫واﻛﺗﺷﺎف‬ ‫ﺑﺎﻟﺑﯾﺎﻧﺎت‬ ‫ﻟﻠﺗﻼﻋب‬ ‫اﻟطرق‬ ‫أﺷﮭر‬ ‫ﻣن‬ ‫واﺣدة‬ ‫ﺑﺎﻟﺑﯾﺎﻧﺎت‬ ‫اﻟﻌﺑث‬ :Tampering
‫ﺧﻼل‬ ‫ﻣن‬ ‫أو‬ response ‫ك‬ ‫اﻟﺳﯾرﻓر‬ ‫ﻣن‬ ‫اﻟﻘﺎدﻣﺔ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﻣﺳﺗﻐﻼ‬ client side ‫ال‬ ‫ﺟﺎﻧب‬ ‫ﻋﻠﻰ‬ ‫ﯾﺣﺻل‬
‫ودور‬ ،!‫ھدﻓﮫ‬ ‫ﻟﮫ‬ ‫ﻟﺗﺣﻘق‬ ‫ﺑﺗﻌدﯾﻠﮭﺎ‬ ‫اﻟﻣﮭﺎﺟم‬ ‫ھذا‬ ‫ﯾﻘوم‬ ‫ﺛم‬ ،‫اﻟﺦ‬..network ‫ال‬ ‫أو‬ memory ‫ال‬ ‫ﻣن‬ ‫ﺳرﻗﺗﮭﺎ‬
‫أو‬ ‫ﻣﻌﺎﻟﺟﺔ‬ ‫أي‬ ‫ﻋﻣل‬ ‫ﻗﺑل‬ ‫ﻣوﺟود‬ ‫ﻋﺑث‬ ‫أي‬ ‫ﻣن‬ ‫اﻟﺗﺣﻘق‬ ‫ﻋﻠﻰ‬ ‫ﻗﺎدر‬ server ‫ال‬ ‫أن‬ ‫ﻣن‬ ‫اﻟﺗﺣﻘق‬ ‫ﻣن‬ ‫ھﻧﺎ‬ ‫اﻟﻣراﺟﻊ‬
.auth user ‫ﻣن‬ ‫ﻗﺎدم‬ request ‫ال‬ ‫ھذه‬ ‫ﻣن‬ ‫اﻟﺗﺄﻛد‬ ‫ھﻧﺎ‬ ‫ﻟﻠﺗﺣﻘق‬ ‫ﺷرط‬ ‫وأھم‬ ،‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﻗواﻋد‬ ‫داﺧل‬ ‫ﺣﻔظﮭﺎ‬

44. Application Threat Modeling
●
‫ﻋﻠﻰ‬ ‫اﻟﺗﺣﺎﯾل‬ ‫اﻟطرق‬ ‫ھذه‬ ‫وإﺣدى‬ ،‫ﻛﺷﻔﮭم‬ ‫ﯾﺗم‬ ‫ﻻ‬ ‫ﺣﺗﻰ‬ ‫وﺟودھم‬ ‫ﺑﺈﺧﻔﺎء‬ ‫اﻟﻣﺧﺗرﻗﯾن‬ ‫ﯾﻘوم‬ ‫ﻣﺎ‬ ‫ﻋﺎدة‬ :Repudiation
.log ‫ال‬ ‫ﺗﻌدﯾل‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫أو‬ ‫اﻟﯾوزر‬ ‫ﻟﮭذا‬ ‫اﻟﺻﺣﯾﺢ‬ ‫اﻟﺗﺗﺑﻊ‬ ‫ﻣﻧﻊ‬ ‫ﺧﻼل‬ ‫ﻣن‬ log/track ‫ال‬ ‫ﻧظﺎم‬
●
‫ﻣن‬ ‫ﯾﻌد‬ ‫اﻟﻣﺳﺟﻠﯾن‬ ‫ﻟﻸﻋﺿﺎء‬ ‫واﻟﻣﮭﻣﺔ‬ ‫اﻟﺣﺳﺎﺳﺔ‬ ‫اﻟﻣﻌﻠوﻣﺎت‬ ‫ﻛﺷف‬ ‫أو‬ ‫ﺳرﻗﺔ‬ :Information Disclosure
‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺑﺄن‬ ‫اﻟﺗﺄﻛد‬ ‫ﻓﻲ‬ ‫ھﻧﺎ‬ ‫ﻟﻠﻣراﺟﻊ‬ ‫ﺟدا‬ ‫ﻣﮭم‬ ‫دور‬ ‫ھﻧﺎك‬ ‫ﻟذﻟك‬ ،‫ﻣﺎ‬ ‫ﺑﺷرﻛﺔ‬ ‫ﺗﺗﺣﻘق‬ ‫ﻗد‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣﺧﺎطر‬ ‫أﻛﺑر‬
‫وذﻟك‬ ،SQL Injection ‫ﻛﺎل‬ ‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻟﺛﻐرات‬ ‫ﻣن‬ ‫ﺧﻠوھﺎ‬ ‫ﻣن‬ ‫اﻟﺗﺄﻛد‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ھذه‬ ‫ﺣﻣﺎﯾﺔ‬ ‫ﺗﺿﻣن‬
‫اﻟﺦ‬...query ‫وال‬ ،‫ﺻﺣﯾﺢ‬ ‫ﺑﺷﻛل‬ ‫وﺿﻌت‬ ‫أﻧﮭﺎ‬ ‫اﻟﺑﯾﺎﻧﺎت‬ ‫ﻗواﻋد‬ ‫ﺻﻼﺣﯾﺎت‬ ‫ﻣن‬ ‫اﻟﺗﺣﻘق‬ ‫أﯾﺿﺎ‬ ‫ﯾﺷﻣل‬

45. Application Threat Modeling
●
‫أﺷد‬ ‫ﺣذرا‬ ‫ﯾﻛون‬ ‫أن‬ ‫ﯾﺟب‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫وﻣﺻﻣم‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻣراﺟﻊ‬ :Denial of Service (DoS)
‫ﻷي‬ request ‫أي‬ ‫ﻣﻧﻊ‬ ‫ھﻲ‬ ‫اﻟﮭﺟﻣﺎت‬ ‫ھذه‬ ‫ﺣدة‬ ‫ﺗﻘﻠﯾل‬ ‫أو‬ ‫ﻟﺗﺟﻧب‬ ‫اﻟﻘواﻋد‬ ‫وأھم‬ ،Dos ‫ال‬ ‫ھﺟﻣﺎت‬ ‫ﻣن‬ ‫اﻟﺣذر‬
…‫ﻟﻠﺗﻧﻔﯾذ‬ ‫ﻋﺎﻟﯾﺔ‬ resource ‫و‬ ‫ﻟوﻗت‬ ‫ﯾﺣﺗﺎج‬ api/function ‫أي‬ ‫ﻋﻠﻰ‬ non-auth user
●
‫ﻋﻠﻰ‬ ‫ﺑﺗﻌدﯾل‬ ‫ﯾﻘوم‬ ‫أن‬ ‫ﯾﻣﻛن‬ ‫ﻻ‬ ‫ﺑﺎﻷﺳﻔل‬ ‫اﻟذي‬ ‫ﺑﺄن‬ ‫واﻟﺗﺣﻘق‬ ‫اﻟﺻﻼﺣﯾﺎت‬ ‫ﻧظﺎم‬ ‫ﺗﻘﯾﯾم‬ :Elevation of privilege
.‫واﺿﺣﺔ‬ ‫ﺗﺻﻧﯾﻔﺎت‬ ‫وﺿﻣن‬ ‫ﺑﺣذر‬ ‫اﻟﺻﻼﺣﯾﺎت‬ ‫ﺗﻘﺳﯾم‬ ‫وﯾﺟب‬ ،‫ﺻﻼﺣﯾﺔ‬ ‫ﻣﻧﮫ‬ ‫أﻋﻠﻰ‬ ‫ھو‬ ‫ﻣن‬

46. Application Threat Modeling
●
:Microsoft DREAD threat-risk ranking model
‫اﻟﻧﻣوذج‬ ‫ھذا‬ ‫ﯾﺳﺗﺧدم‬
‫ﺣﺳﺎب‬ ‫أو‬ ‫ﻟﺗﺣدﯾد‬
‫اﻟﺗﺄﺛﯾر‬ ‫ﻣﻌﺎﻣل‬
‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫واﻟﺧطورة‬
‫اﺳﺗﻐﻼل‬ ‫ﺳﮭوﻟﺔ‬
‫اﻛﺗﺷﺎﻓﮭﺎ‬ ‫أو‬ ‫اﻟﺛﻐرات‬
‫اﻟﺿرر‬ ‫وﻛﻣﯾﺔ‬
…‫ﻋﻠﯾﮭﺎ‬ ‫اﻟﻣﺗرﺗﺑﺔ‬

47. Application Threat Modeling
Determine countermeasures and mitigation :‫اﻟﺛﺎﻟﺛﺔ‬ ‫اﻟﺧطوة‬
‫اﻷﻣور‬ ‫ﻣن‬ ‫اﻟﻣﺷﺎﻛل‬ ‫ھذه‬ ‫ﻣﺛل‬ ‫ﺣدوث‬ ‫ﻟﻣﻧﻊ‬ ‫اﻟﻼزﻣﺔ‬ ‫اﻟﺗداﺑﯾر‬ ‫اﺗﺧﺎذ‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫اﻟﻣﺗوﻗﻌﺔ‬ ‫اﻟﺗﻘﻧﯾﺔ‬ ‫أو‬ ‫اﻷﻣﻧﯾﺔ‬ ‫اﻟﻣﺧﺎطر‬ ‫ﺗﺣدﯾد‬ ‫ﯾﻌد‬
:‫أﺳﺎﺳﯾﺔ‬ ‫طرق‬ 3 ‫ﺧﻼل‬ ‫ﻣن‬ ‫ھذه‬ ‫اﻟﺿﻌف‬ ‫ﻧﻘﺎط‬ ‫ﻣﻊ‬ ‫اﻟﺗﻌﺎﻣل‬ ‫وﯾﻣﻛن‬ ،‫اﻟﻣﺷروع‬ ‫ﻋﻠﻰ‬ ‫ﺗﺄﻛﯾد‬ ‫ﺑﻛل‬ ‫ﺳﺗؤﺛر‬ ‫واﻟﺗﻲ‬ ‫اﻟﻣﮭﻣﺔ‬
.1
.‫ﺧطورة‬ ‫اﻷﻗل‬ ‫إﻟﻰ‬ ‫اﻷﺧطر‬ ‫ﻣن‬ ‫وﺗرﺗﯾﺑﮭﺎ‬ ‫واﻟﻘوة‬ ‫اﻟﺿﻌف‬ ‫ﻧﻘﺎط‬ ‫ﺗﺣدد‬ ‫ﺧرﯾطﺔ‬ ‫ﺑﻧﺎء‬
.2
‫ﺗﺣﻣﻠﮭﺎ‬ ‫ﯾﻣﻛن‬ ‫ھذه‬ ‫اﻟﺧطورة‬ ‫ﻧﺳﺑﺔ‬ ‫ﺑﺎﻋﺗﺑﺎر‬ ‫ﻣﺎ‬ ‫ﻣﻛﺎن‬ ‫ﻓﻲ‬ ‫اﻟﻛﺎﺋن‬ ‫اﻟﺿﻌف‬ ‫ﻗﺑول‬ ‫ﻋﻠﻰ‬ ‫اﻟﻣؤﺳﺳﺎت‬ ‫ﺑﻌض‬ ‫ﺗﺗﻌﺎﻣل‬
‫ﺣﺎل‬ ‫ﻓﻲ‬ ‫ﻣﻌﮫ‬ ‫اﻟﺗﻌﺎﻣل‬ ‫وطرق‬ ‫ﺑﮭذا‬ ‫اﻟﻣﺳﺗﺧدﻣﯾن‬ ‫ﺗﻌﻠم‬ ‫ﺿواﺑط‬ ‫وﺿﻊ‬ ‫ﻣﻊ‬ ‫اﻟﻣﺷروع‬ ‫طﺑﯾﻌﺔ‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫ﻣﻌﮭﺎ‬ ‫واﻟﺗﻌﺎﻣل‬
.‫ﺣدوﺛﮫ‬
.3
‫اﻟﺧطورة‬ ‫ﻛﺎﻧت‬ ‫إذا‬ ‫اﻟﺣﺎﻟﺔ‬ ‫ھذه‬ ‫وﻓﻲ‬ ،‫اﺣﺗراز‬ ‫أي‬ ‫وﺑدون‬ ‫ﺗﻣﺎﻣﺎ‬ ‫اﻟﺿﻌف‬ ‫ﻧﻘﺎط‬ ‫ﺗﺟﺎھل‬ ‫ﻋﻠﻰ‬ ‫اﻟﻣؤﺳﺳﺎت‬ ‫ﺑﻌض‬ ‫ﺗﺗﻌﺎﻣل‬
‫اﻟﺗطﺑﯾق‬ ‫إﻏﻼق‬ ‫ﻓﺳﯾﺗم‬ ‫اﻟﺗطﺑﯾق‬ ‫ﻣن‬ ‫اﻟﻣرﺟوة‬ ‫اﻟﻣﻧﻔﻌﺔ‬ ‫ﻣن‬ ‫أﻛﺑر‬ ‫واﻟﺿرر‬

48. :‫اﻟﻔﺘﺢ‬ ‫ﺳﻮرة‬ ‫ﻓﻲ‬ ‫ﺗﻌﺎﻟﻰ‬ ‫ﻗﺎل‬
ُ
‫وه‬ ُ
‫ر‬ ِّ
‫ﺰ‬ َ
‫ﻌ‬ ُ
‫ﺗ‬ َ
‫و‬ ِ
‫ﻪ‬ ِ‫ﻮﻟ‬ ُ
‫ﺳ‬ َ
‫ر‬ َ
‫و‬ ِ
‫ﻪ‬ َّ‫ﺎﻟﻠ‬ ِ
‫ﺑ‬ ‫ﻮا‬ ُ
‫ﻨ‬ ِ
‫ﻣ‬ ْ
‫ﺆ‬ ُ
‫ﺘ‬ ِّ‫ﻟ‬ (8) ‫ا‬ ً
‫ﻳﺮ‬ ِ
‫ﺬ‬ َ
‫ﻧ‬ َ
‫و‬ ‫ا‬ ً
‫ﺮ‬ ِّ
‫ﺸ‬ َ
‫ﺒ‬ ُ
‫ﻣ‬ َ
‫و‬ ‫ا‬ ً‫ﺪ‬ ِ
‫ﺎﻫ‬ َ
‫ﺷ‬ َ
‫ﺎك‬ َ
‫ﻨ‬ ْ‫ﻠ‬ َ
‫ﺳ‬ ْ
‫ر‬َ‫أ‬ ‫ﺎ‬ َّ
‫ﻧ‬ِ‫"إ‬
" ً
‫ﻴﻼ‬ ِ
‫ﺻ‬َ‫أ‬ َ
‫و‬ ً
‫ة‬ َ
‫ﺮ‬ْ‫ﻜ‬ ُ
‫ﺑ‬ ُ
‫ﻮه‬ ُ
‫ﺤ‬ ِّ
‫ﺒ‬ َ
‫ﺴ‬ ُ
‫ﺗ‬ َ
‫و‬ ُ
‫وه‬ ُ
‫ﺮ‬ ِّ
‫ﻗ‬ َ
‫ﻮ‬ ُ
‫ﺗ‬ َ
‫و‬
‫ﻣﺴﻠﻢ‬ ‫ﻛﻞ‬ ‫ﻋﻠﻰ‬ ‫واﺟﺒﺔ‬ ‫وﺳﻠﻢ‬ ‫ﻋﻠﻴﻪ‬ ‫ﷲ‬ ‫ﺻﻠﻰ‬ ‫اﻟﺮﺳﻮل‬ ‫ﻧﺼﺮة‬ ‫أن‬ ‫أﺧﻲ‬ ‫ﻳﺎ‬ ‫ﻓﻠﺘﻌﻠﻢ‬
‫وﻏﻄﺮﺳﺘﻬﺎ‬ ‫ﻓﺮﻧﺴﺎ‬ ‫ﻧﺬاﻟﺔ‬ ‫أﻣﺎم‬ ‫اﻵن‬ ‫ﻋﻠﻴﻪ‬ ‫ﻧﻘﺪر‬ ‫ﻣﺎ‬ ‫وأﺑﺴﻂ‬ ،‫ﻋﻠﻴﻪ‬ ‫ﻳﻘﺪر‬ ‫وﻓﻴﻤﺎ‬
‫واﻟﻌﻤﻞ‬ ،‫اﻟﺴﺒﻞ‬ ‫ﺑﻜﻞ‬ ‫ﻣﻘﺎﻃﻌﺘﻬﺎ‬ ‫ﻫﻮ‬ ‫واﻟﻤﺴﻠﻤﻴﻦ‬ ‫اﻹﺳﻼم‬ ‫ﻋﻠﻰ‬ ‫وﺣﺮﺑﻬﺎ‬
‫إﻻ‬ ‫ﻗﻮة‬ ‫وﻻ‬ ‫ﺣﻮل‬ ‫وﻻ‬ ،‫ﻗﻮة‬ ‫ﻣﻦ‬ ‫أوﺗﻴﻨﺎ‬ ‫ﻣﺎ‬ ‫ﺑﻜﻞ‬ ‫اﻟﻘﺮن‬ ‫ﻫﺬا‬ ‫ﻋﺒﻮدﻳﺔ‬ ‫ﻣﻦ‬ ‫ﻟﻠﺨﺮوج‬
…‫ﺑﺎﻟﻠﻪ‬
:‫اﻟﺘﻮﺑﺔ‬ ‫ﺳﻮرة‬ ‫ﻓﻲ‬ ‫ﺗﻌﺎﻟﻰ‬ ‫ﻗﺎل‬
ُ
‫ه‬ َ
‫ﺮ‬ َ
‫ﺼ‬ َ
‫ﻧ‬ ْ‫ﺪ‬ َ
‫ﻘ‬ َ
‫ﻓ‬ ُ
‫وه‬ ُ
‫ﺮ‬ ُ
‫ﺼ‬ ْ
‫ﻨ‬ َ
‫ﺗ‬ َّ
‫ﻻ‬ِ‫إ‬ "
" ِ‫ﺎر‬ َ
‫ﻐ‬ ْ‫اﻟ‬ ‫ﻲ‬ ِ
‫ﻓ‬ ‫ﺎ‬ َ
‫ﻤ‬ ُ
‫ﻫ‬ ْ‫ذ‬ِ‫إ‬ ِ
‫ﻦ‬ ْ
‫ﻴ‬ َ
‫ﻨ‬ ْ
‫اﺛ‬ َ‫ﻲ‬ ِ
‫ﺎﻧ‬ َ
‫ﺛ‬ ‫وا‬ ُ
‫ﺮ‬ َ
‫ﻔ‬ َ‫ﻛ‬ َ
‫ﻳﻦ‬ ِ
‫ﺬ‬ َّ‫اﻟ‬ ُ
‫ﻪ‬ َ
‫ﺟ‬ َ
‫ﺮ‬ ْ
‫ﺧ‬َ‫أ‬ ْ‫ذ‬ِ‫إ‬ َُّ‫ﷲ‬

49. Metri and Code Review
‫اﻟﺷﯾﻔرة‬ ‫ﻓﻲ‬ ‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﻌدل‬ ‫ﺣﺳﺎب‬ ‫ﺧﻼﻟﮭﺎ‬ ‫ﻣن‬ ‫ﯾﻣﻛن‬ ‫واﺿﺣﺔ‬ ‫طرﯾﻘﺔ‬ ‫ھﻧﺎك‬ ‫ﺗﻛون‬ ‫أن‬ ‫ﻓﯾﺟب‬ ‫ﺳﺎﺑﻘﺎ‬ ‫ذﻛرﻧﺎه‬ ‫ﻣﺎ‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬
‫اﻟﺧﺻﺎﺋص‬ ‫ﻣن‬ ‫واﻟﻌدﯾد‬ ‫إﺳﺗﺧداﻣﮭﺎ‬ ‫وإﻋﺎدة‬ ‫وﻧﻘﻠﮭﺎ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ھذه‬ ‫ﺗﻌدﯾل‬ ‫ﻋﻠﻰ‬ ‫واﻟﻘدرة‬ ‫اﻟﺟودة‬ ‫وﻣﺳﺗوى‬ ‫اﻟﺑرﻣﺟﯾﺔ‬
:‫وھﻲ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﻣراﺟﻌﺔ‬ ‫ﻋﻧد‬ ‫ﻣﻧﮭﺎ‬ ‫اﻻﻧطﻼق‬ ‫ﯾﻣﻛن‬ ‫اﻟﺗﻲ‬ ‫اﻟﺧﺻﺎﺋص‬ ‫أھم‬ ‫ھﻧﺎ‬ ‫ﺳﻧذﻛر‬ ‫ﻟذﻟك‬ ،‫اﻷﺧرى‬
●
(‫ﻻﺗﺣﺳب‬ comments ‫ال‬ ‫وأﺳطر‬ ‫اﻟﻔﺎرﻏﺔ‬ ‫)اﻷﺳطر‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻷﺳطر‬ ‫ﻋدد‬ :LOC
●
‫وﺗﺧﺗﻠف‬ ،‫اﻟﻣﺷروع‬ ‫ﻓﻲ‬ ‫ﻣﺣددة‬ ‫ﻣﮭﻣﺔ‬ ‫ﺑﺗﻧﻔﯾذ‬ ‫ﺗﻘوم‬ ‫اﻟﺗﻲ‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻷﺳطر‬ ‫ﻣﺟﻣوﻋﺔ‬ ‫وھﻲ‬ :Function Point
.Function Point ‫ال‬ Class ‫ال‬ ‫ﯾﻣﺛل‬ OOP ‫ﺑﺎل‬ ‫ﻓﻣﺛﻼ‬ ،‫اﻟﺑرﻣﺟﺔ‬ ‫ﻟﻐﺔ‬ ‫اﺧﺗﻼف‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫ھذه‬

50. Metri and Code Review
●
‫أﺣد‬ ‫أو‬ ‫اﻟﺑرﻧﺎﻣﺞ‬ ‫ﻓﻲ‬ ‫اﻛﺗﺷﺎﻓﮭﺎ‬ ‫ﺗم‬ ‫اﻟﺗﻲ‬ ‫اﻟﻣؤﻛدة‬ ‫اﻟﻌﯾوب‬ ‫ﻋدد‬ ‫إﻟﻰ‬ ‫اﻟﻣﺻطﻠﺢ‬ ‫ھذا‬ ‫ﯾﺷﯾر‬ :Defect Density
‫ﻣﺳﺗوى‬ ‫وﻟﺣﺳﺎب‬ ،(LOC) ‫اﻟﺑرﻧﺎﻣﺞ‬ ‫ﺣﺟم‬ ‫ﻋﻠﻰ‬ ‫ًﺎ‬‫ﻣ‬‫ﻣﻘﺳو‬ ،‫اﻟﺗﺷﻐﯾل‬ ‫أو‬ ‫اﻟﺗطوﯾر‬ ‫ﻣن‬ ‫ﻣﺣددة‬ ‫ﻓﺗرة‬ ‫ﺧﻼل‬ ‫اﻟﻣﻛوﻧﺎت‬
:(‫اﻟﺷرﯾﺣﺔ‬ ‫ھذه‬ ‫ﺑﻌد‬ ‫ﻣﺛﺎﻻ‬ ‫)ﺳﻧذﻛر‬ ‫اﻟﻣﻌﺎدﻟﺔ‬ ‫ھذه‬ ‫ﺗﻧﻔﯾذ‬ ‫ﯾﻣﻛن‬ ‫اﻟﺗطﺑﯾق‬ ‫ﻓﻲ‬ (‫واﻟﻣﺷﺎﻛل‬ ‫اﻟﻌﯾوب)اﻟﺧﻠل‬ ‫ﻛﺛﺎﻓﺔ‬
Defect Density = Defect count/size of the release
●
‫إﻟﻰ‬ ‫وﺗﻘﺳم‬ ‫اﻟﺳﺎﺑﻘﺔ‬ ‫اﻟﻧﻘﺎط‬ ‫ﺿﻣن‬ ‫اﻟﻣﺗﺣﻘﻘﺔ‬ ‫اﻟﻣﺧﺎطر‬ ‫ﻛﺛﺎﻓﺔ‬ ‫ﻣﻘدار‬ ‫إﻟﻰ‬ ‫ﯾﺷﯾر‬ ‫ﻣﺻطﻠﺢ‬ ‫وھو‬ :Risk Density
:‫ﺑﺎﻵﺗﻲ‬ ‫ﺗﻣﺛﯾﻠﮭﺎ‬ ‫وﯾﻣﻛن‬ Low, Medium and High
Risk Level / LOC OR Risk Level / Function Point
Example:
4 High Risk Defects per 1000 (Lines of Code)
2 Medium Risk Defects per 3 Function Points

51. Metri and Code Review
:‫ﻣﺛﺎل‬
:‫ﺑﺎﻵﺗﻲ‬ release ‫ال‬ ‫ﻟﮭذه‬ ‫اﻷﺧطﺎء‬ ‫ﻛﺛﺎﻓﺔ‬ ‫ﺣﺳﺎب‬ ‫ﯾﻣﻛﻧﻧﺎ‬ ‫اﻟﺳﺎﺑق‬ ‫اﻟﺟدول‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬
Defect Density = 40 / 6000= 0.00666666667=> ‫ﻟل‬ ‫اﻟﻛﺛﺎﻓﺔ‬ ‫ﻣﺳﺗوى‬ ‫ھذه‬ release
‫ﻓﻘط‬ ‫وھذا‬ ،‫ﻣﻣﺗﺎز‬ ‫رﻗم‬ ‫وھذا‬ release 0.00666 ‫ال‬ ‫ﻟﮭذه‬ ‫اﻷﺳطر‬ ‫ﻟﻣﺟﻣوع‬ ‫ﺑﺎﻟﻧﺳﺑﺔ‬ ‫اﻷﺧطﺎء‬ ‫ﻛﺛﺎﻓﺔ‬ ‫أن‬ ‫ﯾﻌﻧﻲ‬ ‫وھذا‬
.‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫ﺟودة‬ ‫ﻋن‬ ‫ﻋﺎﻣﺎ‬ ‫اﻧطﺑﺎﻋﺎ‬ ‫ﯾﻌطﻲ‬ ‫ﻣؤﺷر‬
‫ﻣن‬ ‫اﻟرﻗم‬ ‫اﻗﺗرب‬ ‫وﻛﻠﻣﺎ‬ ،‫أﺳوأ‬ ‫ﻛﺎن‬ ‫ﻛﻠﻣﺎ‬ ‫اﻟرﻗم‬ ‫ﻛﺑر‬ ‫ﻛﻠﻣﺎ‬ ‫ﻟﻛن‬ ،‫اﻷﺳوأ‬ ‫أو‬ ‫اﻷﻓﺿل‬ ‫ﻟﺗﺣدﯾد‬ ‫ﻣﺣدد‬ ‫رﻗم‬ ‫ﯾوﺟد‬ ‫ﻻ‬ :‫ﻣﻼﺣظﺔ‬
.‫أﻓﺿل‬ ‫ﻛﺎن‬ ‫ﻛﻠﻣﺎ‬ ‫اﻟﺻﻔر‬
Module LOC Number of Detected Bugs
A 1000 5
B 3000 25
C 2000 10
Totals 6000 40

52. Metri and Code Review
:‫ﯾﻌﻧﻲ‬ KLOC ‫وال‬ ،KLOC ‫ال‬ ‫ﺧﻼل‬ ‫ﻣن‬ ‫وذﻟك‬ ‫اﻷﺧطﺎء‬ ‫ﻛﺛﺎﻓﺔ‬ ‫ﺑﻣﺳﺗوى‬ ‫اﻟﺧﺎص‬ avg ‫ال‬ ‫ﺣﺳﺎب‬ ‫ﯾﻣﻛن‬ ‫ﻛﻣﺎ‬
Short for thousands (kilo) of lines of code. KLOC is a measure of the size of a
computer program
:‫ھﻲ‬ ‫ﻓﺎﻟﻧﺗﯾﺟﺔ‬ ‫اﻟﺳﺎﺑق‬ ‫ﻟﻠﻣﺛﺎل‬ ‫وﺑﺎﻟﻧﺳﺑﺔ‬
KLOC = 40 / 6 = 6.6666 for Every 1KLOC

53. Metri and Code Review
:Cyclomatic complexity (CC)
‫وﻗﺎﺑﻠﯾﺗﮫ‬ ‫واﻟﻔﮭم‬ ‫ﻟﻼﺧﺗﺑﺎر‬ ‫اﻟﺑرﻧﺎﻣﺞ‬ ‫ﻗﺎﺑﻠﯾﺔ‬ ‫إﻟﻰ‬ ‫ﻟﻺﺷﺎرة‬ McCabe ‫ﻣن‬ (CC) ‫اﻟﺳﯾﻛﻠوﻣﻲ‬ ‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﻘﯾﺎس‬ ‫ﺗﺻﻣﯾم‬ ‫ﺗم‬
‫ﻣن‬ ‫اﻟﺳﯾﻛﻠوﻣﻲ‬ ‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﺳﺗوى‬ ‫ﺣﺳﺎب‬ ‫وﯾﻣﻛن‬ ،‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﺳﺗوى‬ ‫ﻟﺣﺳﺎب‬ ‫واﻟﺑﺳﯾطﺔ‬ ‫اﻟﺳﮭﻠﺔ‬ ‫اﻟﻣﻘﺎﯾﯾس‬ ‫ﻣن‬ ‫وھو‬ ،‫ﻟﻠﺻﯾﺎﻧﺔ‬
:‫اﻟﻣﻌﺎدﻟﺔ‬ ‫ھذه‬ ‫ﺧﻼل‬
CC = Number of decisions +1
if/else, switch, case, catch, while, do, templated ‫ﺗﻣﺛل‬ Number of decisions ‫ال‬ ‫ﺑﺣﯾث‬
‫آﺧره‬ ‫إﻟﻰ‬...class calls
:‫اﻟﺟدول‬ ‫ھذا‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬ ‫ﺗﺻﻧﯾﻔﮭﺎ‬ ‫ﯾﻣﻛن‬ ‫اﻟﺳﺎﺑﻘﺔ‬ ‫اﻟﻣﻌﺎدﻟﺔ‬ ‫ﻧﺗﯾﺟﺔ‬
Value Range Description
0-10 Stable code, acceptable complexity
11-15 Medium Risk, more complex
16-20 High Risk code, too many decisions for a unit of code.

54. Metri and Code Review
‫وﻓﺻﻠﮭﺎ‬ ‫أﻓﺿل‬ ‫ﺑﺷﻛل‬ ‫ﻛﺗﺎﺑﺗﮭﺎ‬ ‫وإﻋﺎدة‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫أﺟزاء‬ ‫ﺑﻔﺻل‬ ‫اﻟﻘرار‬ ‫اﺗﺧﺎذ‬ ‫ﯾﺗم‬ ‫اﻟﺳﺎﺑق‬ ‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﺳﺗوى‬ ‫ﻋﻠﻰ‬ ‫ﺑﻧﺎءا‬
!‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﺳﺗوى‬ ‫ﻣن‬ ‫ﻟﻠﺗﻘﻠﯾل‬ ‫ﻣﺳﺗﻘﻠﺔ‬ method ‫إﻟﻰ‬
:‫اﻟﺳﺎﺑﻘﺔ‬ ‫اﻟﻌﻣﻠﯾﺔ‬ ‫ﻟﺣﺳﺎب‬ 1 ‫ﻣﺛﺎل‬
:‫ھو‬ ‫اﻟﻧﺎﺗﺞ‬ ‫ﯾﻛون‬ ‫اﻟﺳﺎﺑﻘﺔ‬ ‫اﻟﻣﻌﺎدﻟﺔ‬ ‫ﻋﻠﻰ‬ ‫وﺑﻧﺎءا‬ ‫اﻟﻣﺛﺎل‬ ‫ھذا‬ ‫ﻓﻲ‬
CC = 2 + 1 = 3
.‫ﻣﻌﻘدة‬ ‫ﻏﯾر‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫و‬ ‫ﺟﯾد‬ ‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﺳﺗوى‬ ‫إذا‬ ،10 ‫ﻣن‬ ‫أﻗل‬ 3 ‫ال‬
IF A = 10 THEN
IF B > C THEN
A = B
ELSE
A = C
ENDIF
ENDIF
Print A
Print B
Print C

55. Metri and Code Review
:2 ‫ﻣﺛﺎل‬
CC = 2 + 1 = 3
‫ﺟﯾد‬ ‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﺳﺗوى‬ ‫إذا‬ ،10 ‫ﻣن‬ ‫أﻗل‬ 3 ‫ال‬
.‫ﻣﻌﻘدة‬ ‫ﻏﯾر‬ ‫اﻟﺑرﻣﺟﯾﺔ‬ ‫اﻟﺷﯾﻔرة‬ ‫و‬
‫ﻟذﻟك‬ ‫اﻟﺗﻌﻘﯾد‬ ‫ﻣﺳﺗوى‬ ‫ﻣن‬ ‫ﯾزﯾد‬ ‫ﻣﺳﺗﻘل‬ ‫ﺷرط‬ ‫ﺗﻌﺗﺑر‬ else if ‫ﻛل‬ :‫ﻣﻼﺣظﺔ‬
if/else = 1 + else if = 1 then = 2
‫وﻟك‬...‫ذﻛرﻧﺎه‬ ‫ﻣﺎ‬ ‫اﻋﺗﻣدﻧﺎ‬ ‫ﻟﻛﻧﻧﺎ‬ CC = E - N + 2 ‫اﻟﺗﻣﺛﯾل‬ ‫ھذا‬ ‫ﻣﺛﺎل‬ ‫اﻟﺗﻌﻘﯾد‬ ‫ﻟﺣﺳﺎب‬ ‫ﺗﻣﺛﯾل‬ ‫ﻣن‬ ‫أﻛﺛر‬ ‫ﺗﺟد‬ ‫ﻗد‬ :‫ﻣﻼﺣظﺔ‬
...‫ﻟك‬ ‫ﻣﻧﺎﺳﺑﺔ‬ method ‫أي‬ ‫ﻋن‬ ‫اﻟﺑﺣث‬ ‫ﻓﻲ‬ ‫اﻟﺣرﯾﺔ‬
Function doSomething ()
{
if (condition1){
// statements
} else if (condition2){
// statements
} else {
// statements
}
}