Hugh Wood from Rencore: Development best practices for a new development world (ESPC 2017, Dublin)

24 Nov 2017

Contenu connexe

Similaire à Hugh Wood from Rencore: Development best practices for a new development world (ESPC 2017, Dublin)(20)


Hugh Wood from Rencore: Development best practices for a new development world (ESPC 2017, Dublin)

  1. Development Best Practices for a New Development World Hugh Wood Rencore GmbH, United Kingdom
  2. ISO-25010 System/Software Product Quality #ESPC17 TH19 - Development Best Practices for a New Development World
  3. Portability Performance efficiency Compatibility Maintainability Security Reliability Usability Software Quality #ESPC17 TH19
  4. Functional Suitability Completeness Correctness Appropriateness Ensure the solution covers all the user required tasks Ensure the solution provides correct results, with the correct degree of precision Ensure the user can fulfil their goal without too many unnecessary steps #ESPC17 TH19
  5. Out of the box Custom solution vs COMPLETENESS #ESPC17 TH19
  6. CORRECTNESS / APPROPIATENESS Is SharePoint the solution? Are all functional points going to be covered? Can you deliver with the new technologies restrictions? #ESPC17 TH19
  7. Response and throughput rate of the system What resources and how much of the resources will be used during operation and installation Check the maximum storage or users, and the maximum limits of the proposed solution Performance efficiency Time behaviour Resource utilisation Capacity #ESPC17 TH19
  8. TIME BEHAVIOUR • Server dependency on requests / second • End user machines, including mobile • Network speed and latency #ESPC17 TH19
  9. RESOURCE UTILISATION • Device Memory • Network Bandwidth • Browser Used #ESPC17 TH19
  11. TIME BEHAVIOUR • Brower Cache TTL • CDN round trip with SSL • External CDNs are insecure (More on security later…) #ESPC17 TH19
  12. CAPACITY • Max List size • Site Collection quota • Network bandwidth • Possibility of multiple solutions per page #ESPC17 TH19
  13. Compatibility Co-existence Interoperability Ensure smooth operation without interrupting other functionality Degree to which information can be exchanged with other systems #ESPC17 TH19
  14. CO-EXISTENCE • Multiple framework versions on a single page - Namespace React/Redux instances - Global variables are always in a Namespace • API tokens - Multiple parts using the same remote API • External connections - Connections aren’t greedy #ESPC17 TH19
  15. INTEROPTABILITY • Sharing information / data • Sharing states • Centralised processing • Stay self contained with only controlled interaction #ESPC17 TH19
  16. Degree user can recognise the system is appropriate for their needs Degree of simplicity to learn how to use the system Usability Learnability Appropriateness recognisability Operability Error tolerance, Simplicity of use #ESPC17 TH19
  17. Usability User Interface aesthetics User error protection Accessibility Pleasing and easy to use design Protection against making errors Accessibility based on policy and system required, including access for disabled users #ESPC17 TH19
  18. APPROPIATENESS / RECOGNISABILITY / LEARNABILITY • Interface design • Simplify UX • Branding #ESPC17 TH19
  19. OPERABILITY / USER ERROR PROTECTION • Error tolerance / Protection • Simplicity of use #ESPC17 TH19
  20. USER INTERFACE AESTHETICS • Branding • Simplicity #ESPC17 TH19
  22. ACCESSIBILITY • Use colour and shapes • Contrast • Use CSS focus with keyboard • Pay extra attention to forms • Make a components purpose clear • Don’t use hover states #ESPC17 TH19
  23. Reliability Maturity Availability Fault tolerance Recoverability Reliability under normal operation Availability when required for use Tolerance to hardware or software failure How recoverable a system is in case of a failure #ESPC17 TH19
  24. RELIABILITY • Partial states where possible • Robust execute of remote calls • Remote servers • Cross browser testing • Functional point testing #ESPC17 TH19
  25. Security Confidentiality Integrity Non- Repudiation Accountability Authenticity Only authorised users have access Prevention from external intrusion from unauthorised access Ability to audit intrusion in order to repudiate further attempts in the future How easily actions can be traced to a unique entity How easily authentication proves the identity of an entity #ESPC17 TH19
  26. DATA BREACH > 23% £3.11 Million #ESPC17 TH19
  27. CONFIDENTIALITY / AUTHENTICITY • Ensure proper token handling • Limit external connections • Third party libraries #ESPC17 TH19
  28. INTEGRITY • Ensure external connection authenticity • CDNs… #ESPC17 TH19
  29. CDNs TH19
  30. NON-REPUDIATION / ACCOUNTABILITY • Not all interactions are logged by SharePoint • Track in order to close intrusions quickly • Include external API access in logging #ESPC17 TH19
  31. Maintainability Modularity Reusability Analysability Modifiability Testability Discrete design that allows modular replacement of components, with minimal impact on other systems Degree assets can be used in multiple systems Degree system can be analysed to diagnose deficiencies or causes of failures Ease of modifiability without degrading product quality or introducing defects Effectiveness and efficiency of test criteria, being able to determine test criteria have been met #ESPC17 TH19
  32. MODULARITY / REUSABILITY / MODIFIABILITY • Build components from the smallest part up #ESPC17 TH19
  33. #ESPC17 TH19
  34. MODULARITY Main app Label Current page Button List box List items Current sub page Summary view Add new button2 #ESPC17 TH19
  35. ANALYSABILITY / TESTABILITY • Build test strategy around function points • Keep code refactored • Automated or manual code review #ESPC17 TH19
  36. Portability Adaptability Installability Replaceability Ease of transfer from one environment to another How easily the system can be deployed and redeployed Degree in which the software can replace another specified software in the same system #ESPC17 TH19
  37. ADAPTABILITY / INSTABILITY/ REPLACEABILITY • Follow Office Dev PnP in all the things #ESPC17 TH19
  38. Portability Performance efficiency Compatibility Maintainability Security Reliability Usability Software Quality #ESPC17 TH19
  39. THEEND Twitter: @HughAJWood Email: #ESPC17 TH19

Notes de l'éditeur

  1. This is the Pre-Title Screen. Please do not place any content on this screen.
  2. To add your image, first delete the place holder image as shown in the white box. Then insert your picture and scale it to be bigger than the size of the white box shown. Finally, right click on your image and select ‘Send to back’ – your image should now be framed correctly. Please add co-speaker image directly below, if applicable
  3. Cost of a databreach up by 23% now at an average of £3.11
  4. “covert channel communication attack” which exploits a cdn to covertly transmit information from source that can be intercepted, creating a backdoor into the system “edge server bypass” when incorrect certificates are used the attacker can redirect requests away from cache servers to a selected server to upload a script of their choosing “amplify” a denial of service attack which prevents access to edge servers overloading the main source bypassing cdn protection “end-to-end” this attack combines the previous two attacks to gain control over the target site “burst attack” burst attack a system and intervals to prevent metric flood detection of cdn security