Project EE/06/B/FPP-169000

Learning Materials for Information Technology Professionals (EUCIP-Mat)

SYSTEM DEVELOPMENT PROCESS AND METHODS 1. Number of study hours - 30 2. Short description of the course Module will expand upon questions and methods related to software system development. Review of the following subitems is given in this module: a) how to differentiate system software and application software; b) software system development principles, methods and resources; c) software testing methods and implementation plan; d) security methods; e) software development future directions. 3. Target groups Module target groups are first of all vocational education students, who specialize on information technology, but it is also an interest of those who simply wish to pass the respective qualifying examination. 4. Prerequisites Passing through the module does not presuppose from student any former knowledge from the field of information technology. 5. Aim of the course - learning outcomes After passing through this module student knows the difference between system software and application software; which are the principles of software development; which methods are used for software testing and which security methods need to be applied in order to ensure functional software.

6. Content of the learning materials B.1 System development process and methods) B.1.1. Software in data processing systems Aim of learning is to: 1) Describe a data processing system as a combination of hardware, firmware, operating system software, application software, system configuration data and user-defined data 2) Recognize and describe the difference between system software and application software; name some examples of both categories 3) Explain the use of application software and system software.

Data processing is any computer process that converts data into information or knowledge. The processing is usually assumed to be automated and running on a computer. Because data are most useful when well presented and actually informative, data-processing systems are often referred to as information systems to emphasize their practicality.

Computer-based data-processing system consists hardware and software. Software can be divided to system software and application software.

Computer hardware is the physical part of a computer, including its digital circuitry, as distinguished from the computer software that executes within the hardware. The hardware of a computer is infrequently changed, in comparison with software and hardware data, which are "soft" in the sense that they are readily created, modified or erased on the computer. Firmware is a special type of software that rarely, if ever, needs to be changed and so is stored on hardware devices such as read-only memory (ROM) where it is not readily changed (and is, therefore, "firm" rather than just "soft").

System software is any computer software, which manages and controls computer hardware so that application software can perform a task. Operating systems, such as Microsoft Windows, Mac OS X or Linux, are prominent examples of system software. System software contrasts with application software, which is programs that enable the end-user to perform specific, productive tasks, such as word processing or image manipulation.

System software performs tasks like transferring data from memory to disk, or rendering text onto a display device. Specific kinds of system software include loading programs, Operating systems, device drivers, programming tools, compilers, assemblers, linkers, and utility software.

Software libraries that perform generic functions also tend to be regarded as system software, although the dividing line is fuzzy; while a C runtime library is generally agreed to be part of the system, an OpenGL or database library is less obviously so.

If system software is stored on non-volatile memory such as integrated circuits, it is usually termed firmware.

Firmware is a computer program that is embedded in a hardware device, for example a microcontroller. It can also be provided on flash memory or as a binary image file that can be uploaded onto existing hardware by a user.

As its name suggests, firmware is somewhere between hardware and software. Like software, it is a computer program, which is executed by a microprocessor or a microcontroller. But it is also tightly linked to a piece of hardware, and has little meaning outside of it.

Firmware has traditionally been stored in ROM, however cost and performance requirements have driven component vendors to adopt various replacements, including non-volatile media such as EEPROM and Flash, or SRAM solutions, such as the firmware loaded by an operating system device driver, as described below

ESCD or Extended System Configuration Data is a part of nonvolatile BIOS memory (aka CMOS memory) on the motherboard of a personal computer, where information about ISA PnP devices is stored. It's used by the BIOS to allocate resources for devices like expansion cards.

The BIOS also updates the ESCD each time the hardware configuration changes, after deciding how to re-allocate resources like IRQ and memory mapping ranges. After the ESCD has been updated, the decision need not be made again, which thereafter results in faster startup without conflicts until the next hardware configuration change.

An ISA Configuration Utility (ICU) can be used to update the ESCD via PnP BIOS interfaces. The Microsoft Windows operating system Device Manager is an instance of such a utility

The Extensible Firmware Interface (EFI) is a specification that defines a software interface between an operating system and platform firmware. EFI is intended as a significantly improved replacement of the old legacy BIOS firmware interface historically used by all IBM PC-compatible personal computers

Application software is a subclass of computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform. This should be contrasted with system software, which is involved in integrating a computer's various capabilities, but typically does not directly apply them in the performance of tasks that benefit the user. In this context the term application refers to both the application software and its implementation.

An application thus differs from an operating system (which runs a computer), a utility (which performs maintenance or general-purpose chores), and a programming language (with which computer programs are created). Depending on the work for which it was designed, an application can manipulate text, numbers, graphics, or a combination of these elements. Some application packages offer considerable computing power by focusing on a single task, such as word processing; others, called integrated software, offer somewhat less power but include several applications, such as a word processor, a spreadsheet, and a database program.

Some additional examples of application software are presented below.

• Document Management software • Geographic Information System (GIS) software • Accounting software • Contact Management • Desktop publishing software • Presentation software • Computer algebra systems • Numerical computing • Collaborative software • E-mail • Wiki or Application Wiki • Financial Software • Web browser • Media players • Computer and Video Games • Computer simulators

User-written software tailors systems to meet the user's specific needs. User-written software include spreadsheet templates, word processor macros, scientific simulations, graphics and animation scripts. Even email filters are a kind of user software. Users create this software themselves and often overlook how important it is.

Making use of application software, user can produce and edit user-defined data, such as text-documents, images, spreadsheets, videos and so on. B.1.2. Life cycles of system development

Aim of learning is to: 1. Name and sequence the basic phases of systems development 2. Compare the various models of systems development life-cycle (such as: waterfall, spiral, prototyping, incremental releases…) 3. Describe the life-cycle of a system in terms of analysis, development & deployment, use & maintenance, decommissioning

Expanding upon software as also expanding upon every other product, it’s possible to divide its’ life cycle into phases: 1. Product development (creation) phase; 2. Product management phase; 3. Product removal phase (and possibly changing over to new product).

Software, as product, is the output of system development. System development, as process, consists of product designing as well as product preparation. The main goal is to prepare a product, which corresponds to users’ needs and expectations.

Often the first step in attempting to design a new piece of software, whether it be an addition to an existing software, a new application, a new subsystem or a whole new system, is, what is generally referred to as "domain analysis". Assuming that the developers (including the analysts) are not sufficiently knowledgeable in the subject area of the new software, the first task is to investigate the so-called "domain" of the software. The more knowledgeable they are about the domain already, the less work required. Another objective of this work is to make the analysts, who will later try to elicit and gather the requirements from the area experts, speak with them in the domain's own terminology, facilitating a better understanding of what is being said by these experts. If the analyst does not use the proper terminology it is likely that they will not be taken seriously, thus this phase is an important prelude to extracting and gathering the requirements. The most important task in creating a software product is extracting the requirements (requirements analysis). Customers typically have an abstract idea of what they want as an end result, but not what software should do. Incomplete, ambiguous, or even contradictory requirements are recognized by skilled and experienced software engineers at this point. Frequently demonstrating live code may help reduce the risk that the requirements are incorrect. Once the general requirements are gleaned from the client, an analysis of the scope of the development should be determined and clearly stated. This is often called a scope document. Certain functionality may be out of scope of the project as a function of cost or as a result of unclear requirements at the start of development. If the development is done externally, this document can be considered a legal document so that if there are ever disputes, any ambiguity of what was promised to the client can be clarified. Specification is the task of precisely describing the software to be written, possibly in a rigorous way. In practice, most successful specifications are written to understand and fine-tune applications that were already well developed, although safety-critical software systems are often carefully specified prior to application development. Specifications are most important for external interfaces that must remain stable. A good way to determine whether the specifications are sufficiently precise is to have a third party review the documents making sure that the requirements are logically sound. The architecture of a software system refers to an abstract representation of that system. Architecture is concerned with making sure the software system will meet the requirements of the product, as well as ensuring that future requirements can be addressed. The architecture step also addresses interfaces between the software system and other software products, as well as the underlying hardware or the host operating system. The implementation is the part of the software development process where software engineers actually program the code for the project. Testing software is an integral and important part of the software development process. This part of the process ensures that bugs are recognized as early as possible After the code is appropriately tested, it is approved for release and sold or otherwise distributed into a production environment. This phase is called the deployment of the software. Documenting the internal design of software for the purpose of future maintenance and enhancement is done throughout development. This may also include the authoring of an API, be it external or internal A large percentage of software projects fail because the developers fail to realize that it doesn't matter how much time and planning a development team puts into creating software if nobody in an organization ends up using it. People are often resistant to change and avoid venturing into an unfamiliar area, so as a part of the deployment phase, it is very important to have training classes for new clients of your software. Maintaining and enhancing software to cope with newly discovered problems or new requirements could take far more time than the initial development of the software. It may be necessary to add code that does not fit the original design to correct an unforeseen problem or it may be that a customer is requesting more functionality and code can be added to accommodate their requests. It is during this phase that customer calls come in and you see whether your testing was extensive enough to uncover the problems before customers do. Sometimes software company’s stop selling or supporting their software products (e.g., not releasing new patches). At this point the product will be said to be in the status of "legacy", "vintage" or "end of life."

Due to fast changes in clients’ needs (comparing with products from other fields) it has to be granted that system development process is agile (capable to comply with all product changes and supplements).

There are many system development models through the history. Most important ones are: 1. Waterfall model; 2. Iterative development (agile development model, spiral model; incremental development) 3. prototyping.

Most important system development models are handeled following:

1. Waterfall model. Waterfall model is one of the most known and oldest system development models.

The waterfall model is a sequential software development model (a process for the creation of software) in which development is seen as flowing steadily downwards (like a waterfall) through the phases of requirements analysis, design, implementation, testing (validation), integration, and maintenance (schema 1).

System developers, who follow waterfall model, perform many steps in row: a. preliminary study - cost accounting of system development is performed; b. posing system requirements – charting the needs of users and other objects of interest and requirements posed on system; c. system requirements analysis – systematising and specifying the requirements and eliminating any conflicts in requirements; d. system architecture design i.e. designing the solution that corresponds to requirements; e. encoding i.e. programming; f. testing; g. preading i.e. implementation; h. maintenance.

Schema 1. Waterfall model

To follow the waterfall model, one proceeds from one phase to the next in a purely sequential manner. For example, one first completes requirements specification, which are set in stone. When the requirements are fully completed, one proceeds to design. The software in question is designed and a blueprint is drawn for implementers (coders) to follow — this design should be a plan for implementing the requirements given. When the design is fully completed, an implementation of that design is made by coders. Towards the later stages of this implementation phase, disparate software components produced ined to introduce new functionality and remove bugs. Thus the waterfall model maintains that one should move to a phase only when its preceding phase is completed and perfected

Waterfall model got its name from analogy of sequential waterfalls – water falls from one step to the other and never turns back.

Enterprise does not have to conduct all the steps described previously on its own – some steps can be outsourced or there is a possibility to buy a ready to use software and customize it according to its’ needs. In order to ensure systems’ conformity with enterprises’ working processes, the preliminary study, posing of system requirements and testing activities should still be conducted with significant participation of enterprises’ personel. The decision (whether to create the system on its’ own, outsource the development or buy a ready to use software and customize it) should be made based on income-cost analysis and follow up sustainability.

2. Iterative and incremental development.

Iterative and incremental development is a cyclic software development process developed in response to the weaknesses of the waterfall model. It is an essential part of the Rational Unified Process, the Dynamic Systems Development Method, Extreme Programming and generally the agile software development frameworks.

Incremental development is a scheduling and staging strategy in which the various parts of the system are developed at different times or rates, and integrated as they are completed. It does not imply, require nor preclude iterative development or waterfall development - both of those are rework strategies. The alternative to incremental development is to develop the entire system with”big bang" integration

Iterative development prescribes the construction of initially small but even larger portions of a software project to help all those involved uncovering important issues early before problems or faulty assumptions can lead to disaster. Iterative processes are preferred by commercial developers because it allows a potential of reaching the design goals of a customer who does not know how to define what they want.

Iterative development foresees that only very small part of the product should be created at first and then expanded step by step. Iterative approach enables system developers and future users to learn from early iterations, get feedback as far as it is possible to make changes, f.e. change system architecture without writing over the whole code.

Schema 2. Iterative development

Each of the iterations can include one or more steps from waterfall model. Iterations’ output could be functional software, which completes only few functions needed by users. Each of the following iterations is used for correcting software faults created in preceding iterations and realizing a number of new functionalities. 3. Software prototyping, a possible activity during software development, is the creation of prototypes, i.e., incomplete versions of the software program being developed. A prototype typically simulates only a few aspects of the features of the eventual program, and may be completely different from the eventual implementation. The conventional purpose of a prototype is to allow users of the software to evaluate developers' proposals for the design of the eventual product by actually trying them out, rather than having to interpret and evaluate the design based on descriptions. Prototyping can also be used by end users to describe and prove requirements that developers have not considered, so "controlling the prototype" can be a key factor in the commercial relationship between solution providers and their clients.

Prototyping has several benefits: The software designer and implementer can obtain feedback from the users early in the project. The client and the contractor can compare if the software made matches the software specification, according to which the software program is built. It also allows the software engineer some insight into the accuracy of initial project estimates and whether the deadlines and milestones proposed can be successfully met. The degree of completeness and the techniques used in the prototyping have been in development and debate since its proposal in the early 1970s.

This process is in contrast with the 1960s and 1970s monolithic development cycle of building the entire program first and then working out any inconsistencies between design and implementation, which led to higher software costs and poor estimates of time and cost. The monolithic approach has been dubbed the "Slaying the (software) Dragon" technique, since it assumes that the software designer and developer is a single hero who has to slay the entire dragon alone. Prototyping can also avoid the great expense and difficulty of changing a finished software product.

The process of prototyping involves the following steps

1. Identify basic requirements Determine basic requirements including the input and output information desired. Details, such as security, can typically be ignored. 2. Develop Initial Prototype The initial prototype is developed that includes only user interfaces. 3. Review The customers, including end-users, examine the prototype and provide feedback on additions or changes. 4. Revise and Enhancing the Prototype Using the feedback both the specifications and the prototype can be improved. Negotiation about what is within the scope of the contract/product may be necessary. If changes are introduced then a repeat of steps #3 ands #4 may be needed.

4. The spiral model is a software development process combining elements of both design and prototyping-in-stages, in an effort to combine advantages of top-down and bottom-up concepts. Also known as the spiral lifecycle model, it is a systems development method (SDM) used in information technology (IT). This model of development combines the features of the prototyping model and the waterfall model. The spiral model is intended for large, expensive and complicated projects.

The steps in the spiral model can be generalized as follows:

The new system requirements are defined in as much detail as possible. This usually involves interviewing a number of users representing all the external or internal users and other aspects of the existing system. A preliminary design is created for the new system. A first prototype of the new system is constructed from the preliminary design. This is usually a scaled-down system, and represents an approximation of the characteristics of the final product. A second prototype is evolved by a fourfold procedure: • evaluating the first prototype in terms of its strengths, weaknesses, and risks; • defining the requirements of the second prototype; • planning and designing the second prototype; • constructing and testing the second prototype. At the customer's option, the entire project can be aborted if the risk is deemed too great. Risk factors might involve development cost overruns, operating-cost miscalculation, or any other factor that could, in the customer's judgment, result in a less-than-satisfactory final product. The existing prototype is evaluated in the same manner as was the previous prototype, and, if necessary, another prototype is developed from it according to the fourfold procedure outlined above. The preceding steps are iterated until the customer is satisfied that the refined prototype represents the final product desired. The final system is constructed, based on the refined prototype. The final system is thoroughly evaluated and tested. Routine maintenance is carried out on a continuing basis to prevent large-scale failures and to minimize downtime.

Advantages of the spiral model: Estimates (i.e. budget, schedule, etc.) become more realistic as work progresses, because important issues are discovered earlier. It is more able to cope with the changes that software development generally entails. Software engineers can get their hands in and start working on the core of a project earlier.

5. Agile developing model is a separate category from iterative model. Main difference between agile and “classical” iterative model is the fact that agile model counts mostly on data received during feedback (load testing, users’ opinion etc) and lessons, not the careful pre-planning technique.

Main attention is on people, i.e. users, and constant testing. It is said, that agile model helps to achieve better results with the same price, but it is harder to pre-plan when any of the software functions are ready to use - „Agile process will provide the most bang for the buck, but won't say exactly when that bang will be”.

6. Extreme programming i.e. XP is one of the most known agile development methodologies. All the steps in XP are conducted extremely (therefrom also the name of the method) short comparing to classical development models – passing through the cycle of first steps takes days or a week in case of XP compared to months and years in case of classical model. Automatized tests, that need to be passed, are written before encoding. Thereafter programming in couple takes place (i.e. two programmers are encoding the same piece of program behind one computer). The step of programming is passed in given iteration if code passes through the tests.

In conclusion, differentially from waterfall model, no such thing as comprehensive analysis document (including invariable users needs) is composed at first and signed between the customer and the producer in case of iterative model - iterative model enables you to change the system more easily, get early feedback from the users, test the suitability of systems’ architectural solution during the early phase of the development project etc.

There is no such thing as the best system development model. Decision, which model to choose, has to be made based on concrete software project: output, teams’ skills and knowledge, timescale, clarity and stability of customers’ needs. Suitable project plan has to be made originating from previous factors.

B.1.3 System development methods Aim of learning is to: 1. Describe the different scope of requirements analysis, solution design, system acceptance and maintenance 2. Describe how requirements and design must be specified 3. Define the ideal contents of user manuals and technical reference documents for future maintenance

In addition to the activities observed previously, we will now observe the output of the activities and ones who fullfill them.

System requirements’ document is the output of requirements’ gathering and analysis, and includes the compendium of system quality and constraints based on users’ needs and needs of the other concerned parties.

Examples of the requirements: • functional requirement is f.e. the fact that system must enable the user to manage customers’ data and invoices; • security requirement is f.e. the fact that system must be accessable only by the authorized persons; • technological constraint is f.e. the fact that user must be able to communicate with the system through the web browser.

System requirement’s document must cover following topics: • introduction: intent of the document, scope of the project, definitions of used terms and abbreviation (system dictionary), references to the other documents, structure description. • product description; • user profiles and profiles of concerned parties, intents, needs, experiences. Users’ description helps to understand users’ needs and skills of product handeling; • constraints: constraints originating from users or environment, f.e. associating with existing systems, development tools, legal acts; • expectancies and dependencies: product creation can presuppose fulfilling of certain conditions, f.e. legal act, which is enforced soon; third party creates interfaceable system. • availability environment – describes the platforms, where product must function, including operation systems, hardware platforms, database engines, web servers, application servers, monitoring interfaces etc. • detailed description of all the functional and technical requirements (security, usability, etc), including user cases and UML user case schemas.

Requirements’ document is composed by analyst in cooperation with future users.

Architectural design document describes systems’ construction, components and moduls, interfaces between the components and with other systems. Document also describes physical architecture (hardware) and shows which component is installed on which hardware.

Architectural design document has to cover following topics: • introduction: intent of the document, references to the other documents, description of the structure; • choise of development tools and setup, development environment; • encoding, including the standards of commenting and naming; • interfaces with other systems, data exchanging formats and methods; • internal structure of products: system division into components, impositions and roles of components, data exchange between components; • backround of architectural decisions, alternatives, choosing criterions; • efficiency requirements. Expressed with method, that enables controlling during testing; • user communication methods, fault displaying methods; • resource requirements, i.e. memoryspace (calculation power) requirements of the product; • security assuring measures; • portability, i.e. ability to start up the software on different platforms.

System requirements and architectural decisions should be cross-referenced in between, i.e. architectural solutions related to certain requirements must be changeable in case of changes in such requirements, and on the contrary – there should be the possibility to find out which concrete requirements would not be fulfilled in case of changes in architectural decisions (f.e. due to financial grounds).

Architectural design document is composed by architect based on requirements given in requirements’ document.

User manual is the document, which handles user view to the system – what can the product be used for, how can the product be used, which are the fault situations and how to solve them. User manual does not observe systems’ interior, it observes the part visible to the user.

Project documentation handles material related to project conduction.

Management manual handles product installing, data transition, product maintenance and administration, configuration, rules of introducing the changes.

Tasks. 1. Read up on some development framework, f.e. OpenUP/Basic 2. Read up on some software system documenting method, f.e. „4+1” view technique.

B.1.4 System development tools Aim of learning is to: 1. Explain the use of tools (e.g. “upper”, “lower” and integrated CASE tools) at different stages of systems development 2. Understand and describe the strengths and weaknesses of different development environments 3. Use simple development tools for editing, compiling, testing and debugging software

Previous paragraph (B.1.2. Life cycles of system development) helped us to understand, that software development process consists of multiple varied activities and that it is the composing process of data charting, analysis, visualizing and communication. Info units created during development process should be related in between – such approach enables f.e. to find components that need to be changed due to changes in functional requirements and find the modules that need to be tested due to the changes in components. Special tools, called CASE tools (Computer-Aided Software Engineering Tools), are in use for simplifying this work.

Sometimes CASE tools are divided into two categories: • „upper level” CASE-tools support the conducting of analysis engineering. Such tools are good at visualizing, composing the schemas, generating the documentation; • „bottom level” CASE-tools concentrate on the side of code, including generation of the database structure, code generation, test conduction, code versioning and configuration management.

Different CASE tools support software development processes on a different scale – staring from the concrete development step to the integrated solutions, i.e. from requirements’ gathering to the software management. Separate category of CASE tools is formed by the programs, which enable to pass software’s’ development process in reverse direction (herefrom also the name reverse engineering), f.e. generate the architecture describing the system structure from the code or generate inception code from compiled code. Such tools are often used in case of the missing, incomplete or expired software documentation.

Software development phases demand different support from system development tools: • Project management: o Composing and observing of the project plan; o Resource management; • Requirements’ gathering and analysis: o Data gathering: analysis based on feedback lists; o Business process modeling; o Prototyping, i.e. creating the solution with limited functionalities and getting feedback based on that; o Requirements’ management: documenting the requirements, referring, providing requirements with attributes (requirements’ clarity, sources etc) setting priorities of the requirements, version management of the requirements (related with change applicants and reasons) etc; o Tool that supports requirements’ gathering and analysis should enable teamwork, including concurrent changes in requirements by different users, different rights to different user roles (project manager, analyst, architect, user); o Composing the data model and dictionary, which helps to avoid differences in comprehensions and data quality problems (incl. duplication); o reverse engineering (automatic documentation generation based on existing undocumented code); • evolving of architectural design: o enables to visualize architectural solution, support methodics and notation, i.e. schema composing language, f.e. UML; o describing software components and relations in between, interfaces; o version management, associate architectural decisions with requirements and change applications; • creating the program code, testing: o automatic code generation based on architectural design, including display forms, raports; o executing and testing the debugger code step by step; o test executing, including describing and executing tests, result analysis and documenting; o code commenting and documenting; o code version management; • product configuration management: o code version management.

IT-history tells, that person called Albert F. Case was related to creation of the first CASE tool. Gossip about the fact that he has changed his family name is not true.

Tasks. 1. Read up on some CASE tool. One possible inception list can be found at: 2. Go through the low capacity software development project (as teamwork). Divide following roles in team: project manager, user, analyst-tester, architect-programmer. 3. Read up on basics of object-oriented analysis, engineering and programming.

B.1.5 Software and system testing and executing Aim of learning is to:

1. Describe the different types of testing and review applied during the system lifecycle (e.g. as defined in the V-model); 2. Explain the main issues in system implementation phase (alias “deployment”, i.e. release of software to users, data migration, user training and initial support) 3. Understand and describe the strengths and weaknesses of different implementation approaches (such as: “big bang”, “step by step”, “core model + roll-outs”...)

Product quality depends foremost on the quality of product preparation process (software developing process in case of software) and the knowledge, skills and motivation of the product developers-preparators (analysts, architects, programmers, project managers etc).

Herewith, one possibility to raise software’s’ quality is to enhance the processes, train people etc. The other possibility is to test the output – i.e. execute the code.

Testing is used in multiple different fields of human activities: observations and experiments are used for testing hypothesis and theories in science; students are tested during the studies; outputs are tested in production.

Software and system i.e. product testing is directly related to product quality. Product is with high quality if it fulfills the needs that were motivators for creating the product. Herewith, it is necessary to conduct the tests in order to ascertain, that the product is completely correspondant to customers’ requirements. In addition to that, tests also show the lack of faults in product. Still, in reality it is impossible to achieve absolute certainity that the product does not include any faults – mathematically it is possible to show codes’ „validness” in case of simple cases. Reliability is pragmatically expected from software producers, i.e. it is expected that software functions as requested at the conditions feeded in. Functioning method and operation conditions must be posed during the first pahases of product development and specified during the whole development cycle. In practice it is impossible to test the system with all possible combinations of input parameters and compare software output with expected output. Herewith, it is very important to choose effective set of testing data combined with testing types. Automatic tests are also used nowadays. It is not possible to automize all the tests, f.e. practicable tests.

Controlling activities are known as testing essences and those are used for showing that all the requirements posed on software are fulfilled. During testing it is also necessary to ascertain that all the defects posed for correcting are corrected and that made corrections does not cause new faults in turn.

As the quality of the software product depends greatly on the type of executable tests, it is necessary to make careful choice and agree on them with the customer that witches to buy the product. • Module tests – tests are used for testing concrete software modul – one subsystem of the system is tested. Testing is usually executed by the developer who realizes the modul. Modul has to be tested before it is integrated to the rest of the system. During modul testing it is necessary to assure, that modul corresponds to all the requirements posed in analysis. Moduls are tested based on data: correct, incorrect and faulty data. Modul testing is typically like testing of the „white box”, i.e. tester knows the software’s’ internal structure and functional logics. • Integration tests – tests are used for testing the cooperation between moduls – the purpose of integration tests is to control if pieced out moduls function in between and if moduls that functioned correctly independently generate faults while functioning together with other moduls or not. An independent tester is usually used for testing, i.e. tester, who has not developed moduls that need to be tested. Example of integration testing is quotinoctian compiling in order to control products’ execution; • System tests – tests are used for testing the functionality of the whole system. Such testing is done based on “black box” method, where the parts visible to users (user interfaces) are observed without going into code (herefrom also the name „black box”). Testing tasks are composed by the tester (mainly based on user cases), who also conducts the tests. Testers must be both on customers’ side and producers’ side. • Regression tests – tests are used for testing if testing has resulted in changing the code. Those tests are used for testing changed moduls and moduls related those. Integration and system tests are also conducted if needed; • Usability tests – tests are used for testing systems’ usability comfort etc from the point of view of the user; • Efficiency and load tests - tests are used for testing systems’ conformity to technical requirements. Efficiency tests can be conducted multiple ways – by measuring the efficiency of each separate component or by testing the common use of the system that is filled with amount of testing data. The purpose of efficiency tests is to identify more critical spots with overloading possibilities and spend time for optimizing such spots. • Validation - purpose is to assure that outputs of software functionalities are suitable for specified usage; • Verifation - purpose is to assure that each output of the process or project corresponds to specified requirements; • Accepting test – test is made by the client in order to estimate and accept ready to use outputs. Testing cases of the accepting tests describe project delivery and accepting criterions. Testing cases must be concrete and measurable and agreed upon between the customer and producer prior to the realization of the project. • Code walk-through – differentially from all testing types handled before the code is not executed during this test, code is inspected by the tester.

Techniques mentioned before must be combined with attributes of the product under testing. There is a whole set of attributes that need to be tested, but it should be considered that testing is only possible if requirements were posed (for each attribute that needs to be tested) during the respective phase. Requirement must be posed the way that enables to control i.e. measure product conformity to requirements.

Most important requirements are listed below: • Functionality – attribute for expressing functionality’s’ suitability for fulfilling conditioned tasks; • security – attribute for limiting access to business logics/data by unauthorized persons; • failsafity – attribute for expressing the ability to assure certain level of efficiency and functionality in case of fault situation or missuse of the interface; • recurrency – attribute for expressing the ability to restore normal functioning mode and efficiency after fault situation; • restorability – attribute for expressing the complexity and set of work and time needed for restoring basic functionality of the system in case of fault situation; • effectivity, efficency –attribute for expressing the set of time under load, which is needed for reacting and data processing; • usability: o comprehensibility – attribute for expressing the set of time needed for the users to understand logical conception and applicability of the system; o learnability – attribute for expressing the set of time needed for users to learn how to use the system (f.e. data insertion/issuing etc); o applicability – attribute for expressing flexibility of the system and complexity for the user to make the system user-friendly for him/herself; o atractivity – attribute for expressing end users content with services offered by the product, presentation and behavior; • stability – attribute for expressing the risk level of unexpected errors following the introduced changes. • reusability – attribute for expressing the possibility toe reuse parts of the product in other software projects; • portability – attribute for expressing the scale of time and work needed for customizing the project into other environments and platforms.

Conformity of different types of tests and development phases is illustrated on following schema. Continued arrows are showing the passage of time needed for steps of software product development process. Dotted lines show relations between test types and development phases: f.e. module test controls finished moduls’ conformity to moduls’ specification, which is born during the step of detailed engineering. System test conforms to the step of posing software requirements. It also answers to the question, whether the system as whole conforms to posed requirements or not. Accepting test answers the question, whether the software product conforms to the needs of the user or not, i.e. is the product ready for putting to use and/or sale or not.

Schema 1. V-model for testing software product. Model is partly inspired from waterfall model. (compare left branch of V-model with the schema of waterfall model above) Faults found during testing must be documented, but it does not neseccarily have to mean forming of the paper document – special CASE tools as Mantis and Bugzilla can be used. Inspection is related to product quality as well as testing. Inspection is the activity, which is conducted as teamwork. Software products’ status and risks are discussed and evaluated during the inspection. Decisions about the conduction of the resources and product requirements-solutions are also made during inspection. Decisions and persons, responsible for putting them into practice in time, must be fixed in protocols.

Separate categories of inspection are: • technical meetings, where the participators are: product architects, analysts, projects, clients. Meetings involve analysis of the product structure and respective decisions; • code inspections (code-walkthroughs); • audits, which are usually conducted by independent representatives from the outside of the enterprise. Product and/or development process conformity to requirements, formal procedures, agreements etc is evaluated. One of the most known enterprises of IT-audits in world is ISACA ( Auditors certified by ISACA carry the title of CISA (Certified Information System Auditor).

Tasks. 1. Conduct the following process as teamwork: Each team specifies the requirements of some simple task (software). Then the specification is given to the other team, who has to realize the task. 3rd and 4th teams’ task is to test the software independently. Thereafter all the teams discuss about the faults that were found and also about the faults that were found by one team but were not found by the other. 2. Discuss why it is easier to test software system, which has modular structure. Discuss about the following arguments: a. Testing enables to show the concurrence of the faults in software, but it is not possible show the lack of faults with testing. b. Effective way of testing is to use the software in working situation. c. Alert! Software might include faults – software conforms to specification, but it has not been tested in working situation.

Tested software product has to be implemented. System implementation subsumes following topics from the whole software process: introduction, data transmition from the old system, training of the users and system administrators, system support for users and software corrections in order to debug the faults occurred after the introduction.

Implementation of the software product includes: • Distribution of the software product, i.e. installing to hardware. UML distribution schemas are helpful in case of more complexed and distributed systems. UML distribution schemas describe the software location on in different hardware nodes; • Conduction of the data transmition from the old system. Creation of the automatic transmition tool is often needed. Such tool is started only once in order to transmit data from old system to the new one. Transmition mechanism might be rather complexed, especially if data structures of the old and new system are rather different. It is also possible to transmit the data manualy, in case if the amount of data is small and/or it is too complex to evolve the algorithm for automatic transmition. In case of manual data transmition there might be the need for reports in order to extract data from the old system and insertion forms or some other tools for inserting data manualy to the new system. • Amendments to the other application functioning together and/or is used together with software product under development. • Prepare and conduct the training for the persons that are in contact with the software product, including to following roles: o Every day users; o Product administrators; o Product user support providers. Training must subsume both theoretical and practical part. Practical part should be conducted in test environment (both software and data) that is specially created for testing and training. Testing should not be done in real work environment. This is important for avoiding the risks on behalf of confidentiality, availability and integrity of real data; • Creating preparedness for conducting the situation of crises and acting in situation of crises. Possible criseses in case of software product implementations are: o program does not function in work environment; o fault detection in programm; o loss of data. Fault in software product might cause the discontinuance of the business processes and loss of economy and reputation in case of both private and public enterprises. It is necessary to agree on roles, processes and conduction during the phase of preparing the situation of crises. Agreements in roles, processes and management must be done during preparations of crisis situation: agreement should be made on how to behave in the situation of crisis, how should the regulators of crisis communicate with users, how should the publicity be informed, how is it possible get started the earlier version of software (if needed) etc. • Evolution following to the software product implementation. Software product needs to be updated due to the changes in business environment, legislation and business functioning, but also due to the fact that all the faults detected in software product need to be repaired. Agreed rules and special CASE tools are helpful for conducting the software product modification management. CASE tools enable to notify about the faults in product or about the needs of changes; to set the priorities for modification requirements by importance, criticalness and other bases; guide modifications to realization, manage software versions etc.

Tasks. 1. Study some software producers’ public rules of processes used for product implementation. 2. Think about what could be done during the different steps of software product development process in order to reduce the risk of faults coming up after implementation.

B.1.6. Control and security in system Aim of learning is to:

1. Distinguish between development/test/“production” environments and explain the importance of a structured approach to system releases (version control systems, software distribution procedures…) 2. Analyse risks related to system failures and point out measures to protect company-sensitive data at various levels (e.g. physical, procedural) 3. Describe the day-to-day security routines in a distributed system (e.g. back-up procedures, access control)

All the information stored or transmitted as data, including the code of the software product, is a value for the user (human being or technical system). This is why data security is needed – it has to assure the preservation of data value.

Data security has traditionally been foremost the confidentiality of data. Data security is often likened with data confidentiality also nowadays, even if the scope of the data security is much wider now. Data security as general purpose is multidimensional and consists of partial purposes. The bases of multiple data security methodics can be different security models, which subsume 3-6 partial purposes. Most common is the security model that is based on 3 partial purposes and which assures 3 attributes of data – availability, integrity and confidentiality.

Data availability is timely and convenient access (meaning - exactly when required and during the required time scale) to usable data by the authorized consumers (persons or technical tools) during the working hours agreed on beforehand. Availability is the primary requirement for all the data and other data assets of datasystems; all the system is useless in case of availability loss.

Data integrity is assuring that data is correct, absolute, timely and authentical to origin and without unauthorized changes. One expectancy of enterprises’ normal work is that it should be possible to get the information about the ones who created each set of data (document, fail, archive, entry of registry etc) and also when it was created. Same expectancy involves also the need to be sure that the set of data has not been changed due to the spontaneous factors or someone’s actions. All the data must always be associable with its creator, creating time, context and other facts, because violation of such relations, also loss or variation of data, bring along consequences that have negative influence to work.

Data confidentiality is data accessibility to the authorized users (persons or technical systems) and inaccessibility to all the others.

Availability and integrity must be assured in case of public data security.

None of the practical systems has a complete data security, i.e. complete availability, integrity and confidentiality. Which data security aspects should be paid attention to, in case of concrete data, depends on concrete data system and its purpose, i.e. the value of the data. Mostly, all three security components must be considered, but with different scale. Required level of data security in enterprise depends on tasks of the enterprise, legal acts and regulation, internal organizing of enterprises’ business, security level provided or required by data systems and service givers, also cooperation – or agreement partners etc. Thus, data security means that three goals are achieved: information availability, integrity and confidentiality.

System security aspects should be considered as from the first steps of the development process – as from posing user needs, system vision and system requirements. It is more effective and economical to engineer and realize all the needed security measures during engineering and realizing systems’ business functionality. Security should not be handled as to understand that security is not achievable with technical tools only, or even more narrowly, only by writing a secure code. Significant part of security should be set apart to the same level as organisational, procedural, user educative training, motivation, physical security measures etc.

Raising the security is based on charting any possible system weaknesses and dangers (both internal and external). Concurring probability and severity of the consequences is defined for combinations of weaknesses and dangers. Most important risks are collated and needed preventive or palliative measures are planned with the help of such products.

B.1.7. System development progress features

Aim of learning is to:

1. Describe standard and innovative approaches to systems development (such as: ISO12207, SEI/CMM, agile methodologies…) 2. Discuss the impact of technical architectures (e.g. two or three-tier client server variants, “n” tier web-based, legacy mainframe extension and integration) on systems development.

Standards. Role of software development in enterprises has changed during time. Software has initially been one element in enhancing the innovation and products/services offered by enterprises. Software has turned into independent product with time.

Software development and management process has changed and is more complicated now. Complexity of software functionality and software dependency has grown. Software development tools (CASE-tools) have changed and are more complex by now. Software systems are interfaced in between. Understandably it has incured greater attention to software development process, to make it more effective.

Interest in enhancing the software development process has been historically in such fields as military, cosmos and industry, but also such fields, where leading of critical processes was entrusted to software. Previously handled waterfall model has accrued from those fields. At first each field tried to create it’s own software development methodology. Later they realised that it is reasonable to use same principes and process frameworks for developing the software in different fields.

Following we handle one software development and software products as an example. Example handles also the quality of handeled standard.

ISO9000. ISO 9000 is the part of ISO (the International Organization for Standardization), which reglements product acquiring, purveying, evolving and maintenance. The serial of ISO 9000 quality standards is also validated as Estonian standards. Approach of ISO9000 is not prescriptive. ISO 9000 requires that the enterprise, who implements the standards, would identify its’ key processes and choose methodologies and techniques in order to conduct those processes effectively. Attention is given to constant enhancing of the processes and indicators, which are used for controlling the quality of processes and products.

Software development is also handeled by multiple standards, f.e. IEEE, SEI/CMM, ISO12207.

IT architecture. Yet, it was only some years ago, when one of the most common ways was to structure applications into two components: client and server. Such approach is also known as two-level architecture. Client is the component that exchanges information between the user and server. Server offers services to one or more clients. Central database and one part of business logics have been typically located in server. Business logics and user interface is located in the component of client. The deficiency of such architecture is that in case of changes in business logic the software needs to be refreshed and often in hundreds or even furthermore client computers. It also demands for transfering huge amounts of data between the client and server, and rather high computer capacity on the side of client. Three-level architecture was offered to solve the problem mentioned before – one extra level (called business logic level) accrued to server and the level of client got a bit thinner.

Three-level (also called three-tier) is a client-server architecture in which the user interface, functional process logic ("business rules"), computer data storage and data access are developed and maintained as independent modules, most often on separate platforms.

The three-tier architecture has the following three tiers:

Presentation Tier This is the topmost level of the application. The presentation tier displays information related to such services as browsing merchandise, purchasing, and shopping cart contents. It communicates with other tiers by outputting results to the browser/client tier and all other tiers in the network.

Application Tier (Business Logic/Logic Tier) The logic tier is pulled out from the presentation tier and, as its own layer; it controls an application’s functionality by performing detailed processing.

Data Tier This tier consists of Database Servers. Here information is stored and retrieved. This tier keeps data neutral and independent from application servers or business logic. Giving data its own tier also improves scalability and performance.

In the Web development field, three-tier is often used to refer to Websites, commonly Electronic commerce websites, which are built using three tiers:

1) A front-end Web server serving static content, 2) A middle dynamic content processing and generation level application server, for example Java EE platform, 3) A back end database, comprising both data sets and the database management system or RDBMS software that manages and provides access to the data.

In situation where more value is given to data systems that are capable to cooperate (instead of single applications or databases), the bottleneck has moved to system interfacing-integration. It is important to use tested practices (f.e. patterns to solve the problems), service oriented architecture, semantic description of data systems.

Tasks: 1) Read up on possibilities of using UML schemas (including user case schema, activity schema, class schema, distribution schema, status schema, sequence schema).

7. Test questions

Question 1 Which is more important from the point of PC usability – system software or application software? A) System software B) Application software

Question 2 Widely distributed office software „Microsoft Office” belongs to A) System software; B) Application software; C) System software and application software (partly to both).

Question 3 Which phase queues are correct for system development waterfall model: A) 1. System architecture creation 2. System requirements analysis 3. Testing B) 1. Encoding; 2. Testing 3. Implementation and maintenance C) 1. Preliminary study; 2. System requirements analysis; 3. System architecture creation

Question 4 Extreme programming method belongs to: A) Iterative development methods; B) Methods derived from waterfall model; C) Agile development methods.

Question 5 Product description must be part of: A) User manual; B) Architecture design document; C) System requirements (document).

Question 6 CASE-tools functions are: A) Software product configuration management; B) Test conducting C) Automatic program code creation.

Question 7 Testing purpose of developing software product is: A) Enhancing of product architecture; B) Detecting possible code faults; C) Controlling the completion of system efficiency requirements.

Question 8 Implementation of new software product includes: A) Data transmission from old to new one, B) Conclusion of the agreement on buying/selling the software, C) Composition of the act on software product delivery, D) Training new software product users.

Question 9 Security models’ purposes are: A) Elaboration of data enciphering algorithms; B) Data integrity; D) User ID management; C) Data confidentiality; E) Data availability.

Question 10 Software products’ two-level architecture is understood as: A) Dividing the program into moduls – where main program is the upper level, and subordinate programs are the bottom level; B) Structuring the application into client and server; C) Software division into system software and application software.

7.1. Answers (correct and falses)

Question 1 Correct: Answer A) System software False: Answer B) Application software

Question 2 False: A) System software; Correct: B) Application software; False: C) System software and application software (partly to both)

Question 3 False: A) Correct B) Correct C)

Question 4 Correct: A) False B) Correct C)

Question 5 False: A) False B) Correct C)

Question 6 Correct: A) Correct B) Correct C)

Question 7 False: A) Correct B) Correct C)

Question 8 Correct A) False B) False C) Correct D)

Question 9 False A) Correct B) False D) Correct C) Correct E)

Question 10 False A) Correct B) False C)

7.2. Feedback for answering

Question 1 Answer A) Correct! Application software does not function without functional system software. Answer B) False, application software is based on system software, not the opposite!

Question 2 Answer A) False! Office software is part of application software. Answer B) Correct! All office software programs are part of application software; Answer C) False! All office software components are part of application software.

Question 3 Answer A) False! System requirements analysis is prior to architecture creation. Answer B) Correct! Answer C) Correct!

Question 4 Answer A) Correct! Answer B) False! Extreme programming is a special case of agile methods, which in turn is part of iterative methods. Answer C) Correct!

Question 5 Answer A) False! Product description must be part of system requirements; Answer B) False! Product description must be part of system requirements; Answer C) Correct!

Question 6 Answer A: Correct! Answer B: Correct! Answer C: Correct!

Question 7 Answer A: False! Architecture creation is prior to encoding and testing; therefore it is not possible to repair faulty architecture with testing. Answer B: Correct! Answer C: Correct!

Question 8 A) Correct!

B) False! Software emption is prior to software implementation, but it is not part of it; 

C) False! Legal acts are not the part of software implementation; D) Correct!

Question 9 A) False! Securing purpose is data integrity, availability and confidentiality; B) Correct! D) False! Securing purpose is data integrity, availability and confidentiality; User ID management fills confidentiality requirements partly, but it does not exhaust it. C) Correct! E) Correct!

Question 10 A) False! Dividing the program into moduls describes programs’ structure, not the architecture of it. B) Correct! C) False! Dividing the whole software in two (system software and application software) does not specify the architecture of the concrete application.