Home » Archive

Articles tagged with: Techniques

Frames, patterns & practices, Process »

[16 Sep 2008 | One Comment | ]

One of my earlier projects on the patterns & practices team at Microsoft was originally called Life-Cycle Practices.  Later, I renamed it to Life-Cycle Templates.  Finally, I settled on Engineering Practices.   Engineering Practices became a key organizing theme for our work and served as the foundation for our ALM frame.
Knowledge AreasThe Engineering Practices Frame uses the following categories to organize software development knowledge.

Requirements and Analysis
Architecture and Design
Security Engineering
Performance Engineering

Notice that the top buckets map to disciplines while the bottom buckets (Security Engineering and Performance Engineering) map to quality attributes.  …

Architecture »

[23 Jun 2008 | 4 Comments | ]

In Scenarios, Stories, Use Cases: Through the Systems Development Life-Cycle, Ian F. Alexander and Neil Maiden mention periodic design refactoring:
A variant of the Incremental model appears to be the ‘Extreme Programing (XP)’ approach put forward in Beck (2000) in which integrity of the system architecture across all increments is maintained by periodic design ‘refactoring.’

While I’m not a fan of Big Design Up Front, I am a fan leveraging the following techniques up front to help reduce risk:

System stories up front (where system stories include the ‘ilities and quality attributes, such …

Architecture »

[2 Jun 2008 | Comments Off on Incrementally Render the Solution | ]

One of my favorite phrases is “incrementally render the solution.”   While building our end-to-end application solutions, I find it helpful to first create a skeleton and then hang the solution off of it.  Below is an example of solving an Intranet security scenario for an ASP.NET Web application.  Pictures are worth a 1000 words.

Architecture »

[12 May 2008 | 5 Comments | ]

I find it’s always helpful to think in terms of user, business and tech.  For example, whenever I see a product design or requirements, I walk through the user perspective, the business perspective and the technical perspective.  A lot of times, the business or technical perspective ends up winning because the customer didn’t have a voice.  Mistakes like that give software a bad rap.  After all, the software is for the user, isn’t it.   If your software doesn’t make the user more effective and more efficient, or worse, makes them …

Security »

[30 Mar 2008 | One Comment | ]

STRIDE is an acronym to help you think about potential software security threats and attacks.  It helps you think evil (i.e. like an attacker.)  I had the privilege of talking to one of the creators of STRIDE, Loren Kohnfelder.  He told me that he originally created STRIDE to help people get in the right mind-set when analyzing security features.
STRIDE Categories
Here’s what STRIDE stands for:

Spoofing user identity.
Tampering with data.
Information disclosure.
Denial of service.
Elevation of privilege.

You can use the STRIDE categories to ask questions related to each aspect of the architecture and …