Articles tagged with: Techniques
Frames, Process, patterns & practices »
One of my earlier projects on the patterns & practices team at Microsoft was originally called Life-Cycle Practices. Later, I renamed it to Life-Cycle Templates. Finally, I settled on Engineering Practices. Engineering Practices became a key organizing theme for our work and served as the foundation for our ALM frame.
Knowledge AreasThe Engineering Practices Frame uses the following categories to organize software development knowledge.
Requirements and Analysis
Architecture and Design
Notice that the top buckets map to disciplines while the bottom buckets (Security Engineering and Performance Engineering) map to quality attributes. …
In Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle, Ian F. Alexander and Neil Maiden mention periodic design refactoring:
A variant of the Incremental model appears to be the ‘Extreme Programing (XP)’ approach put forward in Beck (2000) in which integrity of the system architecture across all increments is maintained by periodic design ‘refactoring.’
While I’m not a fan of Big Design Up Front, I am a fan leveraging the following techniques up front to help reduce risk:
System stories up front (where system stories include the ‘ilities and quality attributes, such …
One of my favorite phrases is “incrementally render the solution.” While building our end-to-end application solutions, I find it helpful to first create a skeleton and then hang the solution off of it. Below is an example of solving an Intranet security scenario for an ASP.NET Web application. Pictures are worth a 1000 words.
STRIDE is an acronym to help you think about potential software security threats and attacks. It helps you think evil (i.e. like an attacker.) I had the privilege of talking to one of the creators of STRIDE, Loren Kohnfelder. He told me that he originally created STRIDE to help people get in the right mind-set when analyzing security features.
Here’s what STRIDE stands for:
Spoofing user identity.
Tampering with data.
Denial of service.
Elevation of privilege.
You can use the STRIDE categories to ask questions related to each aspect of the architecture and …