1 / 46

DOMAIN 3(3)

DOMAIN 3(3). Adeola Willoughby. ALTERNATIVE APPLICATIONI DEVELOPMENT APPROACHES. The need to develop business application more rapidly without going through the SDLC (traditional life cycle/ waterfall model) has given rise to some contemporary application development approaches.

denise
Download Presentation

DOMAIN 3(3)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. DOMAIN 3(3) Adeola Willoughby

  2. ALTERNATIVE APPLICATIONI DEVELOPMENT APPROACHES • The need to develop business application more rapidly without going through the SDLC (traditional life cycle/ waterfall model) has given rise to some contemporary application development approaches.

  3. NEW APPROACHES • Incremental or Progressive development: • This involves building systems in stages or releases rather than being delivered in its entirety in one implementation. The usual practice is to deliver the basic system architecture in the first release whilst subsequent releases expand the system in terms of functionality, range of users or usage location. • Iterative development • Involves building the system in iterations or increments, with feedback occurring after each increment to facilitate any necessary adjustment of project plans and software development products. Note: Diff btw Incremental & Iteration is that iteration development send feedback after each increment.

  4. Iterative development has the following variants: • Evolutionary development:Prototyping is used to build a working model that is used to elicit/verify requirements and explore design issues. Eventually, the prototype is hardened, so it can be implemented into production, or perhaps the system is recoded based on learning from the prototype. • Spiral development: A series of prototypes is used to develop a solution, to the point of detailed design,build and test. It spills out of the initial limited prototype to become more expansive and detailed. • Agile development: The project is broken down into relatively short, time-boxed iterations.

  5. AGILE DEVELOPMENT • Agile development refers to a family of similar development processes that adopts a nontraditional (SDLC) way of developing complex systems. Agile… in the sense that processes are designed to flexibly handle changes to the system being developed or the project that is performing the development

  6. FEATURES OF AGILE DEVELOPMENT • Use of small, time-boxed subprojects or iterations – each iteration forms the basis for planning the next one; • Replanning the project at the end of each iteration; • Relatively greater reliance on tacit knowledge - “knowledge in peoples’ head” (unlike SDLC) as opposed to external knowledge that is captured in project documentation – i.e. no documentation; • Pair-wise programming is encouraged – i.e. 2 people work on same project (share knowledge and quality check); • Change in Project Manager role from planner, task allocator and monitoring to facilitator and advocate. Responsibility for planning and control devolves to the team members.

  7. AGILE contd… • Agile development only plans for the next iteration of development in detail, rather than planning subsequent development phase far out in time; • Agile development is adaptive in approach to requirements and does not emphasize managing a requirements baseline; • Agile development’s focus is to quickly prove an architecture by building actual functionality vs. formally defining ‘early-on’ software and data architecture in increasingly more detailed models and descriptions.

  8. TEASER • Which of the following would be a risk specifically associated with the agile development process? A. Lack of documentationB. Lack of testingC. Poor requirements definitionD. Poor project management practices

  9. EXPLANATION • Explanation:Agile development relies on knowledge held by people within the organization, as opposed to external knowledge. The main issue is the necessity for providing compensating controls to ensure that changes and enhancements to the system can be made later on, even if the key personnel who know the implemented business logic leave the company. Lack of testing might be an issue but without formal documentation it is difficult for an auditor to gather objective evidence. Rapid response to changing requirements is one strength of the agile development processes. Replanning the project at the end of each iteration, including reprioritizing requirements, identifying any new requirements and determining in which release delivered functionality is to be implemented, is a main aspect of the agile process. Applied project management practices are slightly different than those required for traditional methods of software development. The project manager's role. This role shifts from one primarily concerned with planning the project, allocating tasks and monitoring progress, to that of a facilitator and advocate. Responsibility for planning and control shifts to the team members.

  10. PROTOTYPING • Prototyping (also known as Heuristic or Evolutionary Development)is the process of developing a system through the rapid development and testing of code. This process uses controlled trial and error procedures to reduce the level of risks in developing the system. In general, prototyping reduces the time required to deploy applications through iterative development and testing. • The developers create high-level code (mostly 4G languages) based on the design requirements and then provide them to the end users for review and testing. The end users can then see a high-level view of the system (generally screens and reports) and provide input on changes or gaps between the code and requirements.

  11. Two Approaches To Prototyping • Build the model to create the design (i.e. The mechanism for defining requirements). Based on that model, develop the system design with all the performance, quality and maintenance features needed. • Gradually, build the actual system that will operate in production using a 4GL that has been determined to be appropriate for the system being built. Main challenge with first approach is that there will be great pressure to implement an early prototype. The second approach works with small application using 4GL Tools.

  12. PROTOTYPING contd… • A couple of major challenges are associated with prototyping: • ➤ The use of prototyping to develop applications systems often results in overly optimistic expectations of project timelines. • ➤ Change control becomes much more complicated because changes in design and requirements happen so quickly that they are seldom documented or approved. • ➤ Because of the iterative process, end users might define functions or extras that were not originally defined during the requirements phase. If not properly managed through a review and approval process, it can extend the cost and time required for the project.

  13. PROTOTYPING contd… • The IS auditor should be aware of risks associated with prototyping and ensure that the organization has implemented the proper controls to ensure that the project continues to meet the needs of the organization while providing a return on investment. These controls should be found in the project-management process as well as the change - control process. Both processes should have controls for the regular review and approval of changes in requirements, schedule, or cost.

  14. RAPID APPLICATION DEVELOPMENT (RAD) • Rapid application development (RAD) is used to develop strategically important systems faster, reduce development costs, and still maintain high quality. • This is achieved by using a series of proven application development techniques within a well-defined methodology. These techniques include the use of the followings:

  15. RAD INCLUDES THE USE OF • Small, well-trained development teams • Evolutionary prototypes • Integrated power tools that support modeling, prototyping, and component reusability • A central repository • Interactive requirements and design workshops • Rigid limits on development time frames See P.196, 3rd paragraph

  16. RAPID APPLICATION DEVELOPMENT • RAD has four major stages: • concept definition stage:defines the business function and data subject areas that the system will support and determine system scope; • functional design stage:uses workshop to model the system’s data and processes and build a working prototype of critical system components; • development stage:completes the construction of physical database and application system, build the conversion system, and develop user aids and deployment work plans. • deployment stage:User acceptance testing, training, data conversion and implementation of the system [Note: RAD uses prototyping as its core development tool irrespective of the underlying technology]

  17. TEASER • Which of the following represents a typical prototype of an interactive application? • Screens and process programs • Screens, interactive edits and sample reports • Interactive edits , process programs and sample reports • Screens, interactive edits, process programs and sample reports

  18. TEASER • B • Process programs are not produced by prototyping tool. This often leads to confusion for the end user who expects quick implementation of programs that accomplish the results that these tools produce.

  19. ALTERNATIVE DEVELOPMENT METHODS We have different techniques of understanding, designing and constructing a software system. Selected method will be driven by considerations such as organizational policy, developer knowledge and preference and the technology used. Note: The selection of any method is generally independent of the selection of a project organization model.

  20. ALTERNATIVE DEVELOPMENT METHODS • Data Oriented System Development (DOSD) • Object Oriented System Development (OOSD) • Component Based Development (CBD) • Web Based Application Development (WBAD) • Reengineering • Reverse Reengineering

  21. Data Oriented System Development • This is a method of representing software requirements by focusing on dataand their structure. • We have institutions that provide time-dependent data to their subscribers (e.g. airline to their travel agencies) in pre-known or pre-specified formats. User organisation then develop its own application to use the data directly. • The major advantage of this data oriented system development approach is that it eliminates data transformation errors such as porting, conversion, transcription and transposition. • It is generally combined with another development technique that considers processing issues to develop a suitable business application.

  22. OBJECT ORIENTED SYSTEM DEVELOPMENT • This is the process of solution specification and modeling where dataand procedures(A set sequence of steps) can be grouped into an entity known as an object. • An object’s data are referred to as its attributes(characteristic of an entity), and its functionality is referred to as its method. • OOSD is unlike SDLC approach that considers data separately from the procedures that act on them

  23. OOSD contd… • OOSD is a programming technique and not a software development methodology itself. • One can do OOSD while following any of the widely diverse set of software methodologies: waterfall, iterative, agile, prototype e.t.c • Use of a particular programming technique, does not imply or require use of a particular software development methodology

  24. PRINCIPLES OF OOSD • Objects • Class • Inheritance • Encapsulation • Polymorphism

  25. Note:Principles of OOSD • Objects- grouping of data and functions. Its encapsulation of data and functions. Objects include data and define its status, its methods of operation and how it interacts with other objects • A class is a collection of objects with similar characteristics. Classes are the basis for most design work in objects. • Inheritance – is an attempt to avoid redundant definition of similar characteristic that can be embodied at a higher level in the system. (e.g. in superclasses/ subclasses) • Encapsulation - conceals how a class works from object that uses its codes and send messages to it. It is the characteristic of objects that prevent access to the attributes (data) and methods (function) that has not been previously describe as public. • Polymorphism – see p.198 (3rd paragraph). Same code can result in different action appropriate to each class so that a controlling code can issue the same instruction to series of objects and get different results appropriate to each class. DATA OBJECT CLASS

  26. ADVANTAGES OF OOSD • The ability to manage an unrestricted variety of data types. • Provision of a means to model complex relationships • The capacity to meet the demands of a changing environments. Examples of applications using object-oriented technology are: Web applications, E-business applications, Artificial Intelligence (AI), CASE for software development, Computer Aided Manufacturing (CAM)

  27. TEASER Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data? A. InheritanceB. Dynamic warehousingC. EncapsulationD. Polymorphism

  28. TEASER • C • Encapsulation is a property of objects, and it prevents accessing either properties or methods that have not been previously defined as public. This means that any implementation of the behavior of an object is not accessible. An object defines a communication interface with the exterior and only that which belongs to that interface can be accessed.

  29. COMPONENT BASED DEVELOPMENT • This is the assemblage of applications from cooperating packages of executable software that make their services available through defined interfaces • it enables pieces of programs, called objects, to communicate with one another regardless of what programming language they were written in or what operating system they are running.

  30. COMPONENT BASED DEVELOPMENT contd… • Component-based software development (CBSD) focuses on building large software systems by integrating previously-existing software components. • By enhancing the flexibility and maintainabilityof systems, this approach can potentially be used to reduce software development costs, assemble systems rapidly, and reduce the spiraling maintenance burden associated with the support and upgrade of large systems.

  31. COMPONENT BASED DEVELOPMENT contd… • At the foundation of this approach is the assumption that certain parts of large software systems reappear with sufficient regularity that common parts should be written once, rather than many times, and that common systems should be assembled through reuse rather than rewritten over and over. • CBSD embodies the "buy, don't build" philosophy. Modularity: small units that can easily be removed & repaired and make up a bigger program

  32. MERITS OF COMPONENT BASED DEVELOPMENT Components play an important role in web-based Applications. • Reduces development time; • Improves quality. Using prewritten components means a significant percentage of the system code has been tested and therefore ready; • Allows developers to focus more strongly on business functionality – lower level programming are removed; • Promote modularity: develop in modules; • Simplifies reuse; • Reduces development cost; • Support multiple development environment; • Allows a happy compromise between build & buy option

  33. COMPONENT BASED DEVELOPMENT NOTE • Considering the advantages, attention should be given to software integration early and continuously during the development process. Poorly defined system requirement leads to project failure.

  34. WEB BASED APPLICATION DEVELOPMENT • This is a development method that aims at further facilitating and standardizing code module and program integration. • Historically, software written in one language on a particular platform uses a dedicated API (Application Programming Interface). The use of specialized APIs has caused difficulties in integrating software modules across platforms. • Web based application development and associated XML (Extensible Markup Language) – (also known as Simple Object Access Protocol SOAP) technologies are recent developments designed to further facilitate and standardize code module and program integration.

  35. WEB BASED APPLICATION DEVELOPMENT contd… • In the past, technologies, such as CORBA and COM that use RPCs were developed to allow real-time integration of code across platforms. Using RPC (remote procedure call) approach for different APIs still remained complex. • Now, with Web based application development, an XML language, known as Simple Object Access Protocol (SOAP) is used to define APIs. • SOAP will work with any operating system and programming language that understands XML. • SOAP is simpler than using an RPC based approach.

  36. KEY COMPONENTS OF WEB DEVELOPMENT • Key components of web development include: • SOAP – used to define APIs. It is programming language and platform independent. • Web Services Description Language (WSDL) – used to identify SOAP specification, the format of SOAP messages used as input and output to the code module, and also to identify the particular web service accessible via intranet or internet by publishing same to a relevant intranet or internet web server. • Universal Description, Discovery and Integration (UDDI) – is used to make an entry in a UDDI directory, which acts as electronic directory of all available web services by allowing interested parties to learn of the existence of web services.

  37. WEB-BASED APPLICATION DEVELOPMENT contd… • Its primary purpose is to facilitate the sharing of data across different information systems, particularly systems connected via the Internet. • Web based application also seeks to avoid the performance of redundant computing tasks with the inherent need for redundant code.

  38. WEB-BASED APPLICATION DEVELOPMENT contd… • An obvious example is a change of address notification from a customer. Instead of having to update details separately in multiple database e.g. contact management, account receivables and credit control; it is preferable that a common update process, executed to update the address, includes details in the multiple places required. Web services are intended to make this relatively easy to achieve

  39. BUFFER OVERFLOW • This is a consequence of poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques.

  40. TEASER • During the review of a web-based software development project, the IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful: A. buffer overflow.B. brute force attack.C. distributed denial-of-service attack.D. war dialing attack

  41. Explanation • Explanation:Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques. A brute-force attack is used to crack passwords. A distributed denial-of-service (DOS) attack floods its target with numerous packets, to prevent it from responding to legitimate requests. War dialing uses modem-scanning tools to hack PBXs.

  42. REENGINEERING • Reengineering is a process of updating an existing system by extracting and reusing design and program components. • This process is used to support major changes in the way an organization operates. • It eliminate redundancy. It also increases profitability and reduce cost.

  43. REVERSE ENGINEERING • This is the process of taking apart an application, a software application or a product to see how it functions and to use that information to develop a similar system. This process can be carried out in several ways: • decompiling object or executable code (machine code) into source code and using it to analyze the program; • Utilizing the reverse-engineered application as a black box test and unveiling its functionality using test data

  44. Major Merits of Reverse Engineering • Major merits of Reverse Engineering include: • Faster development and reduced SDLC duration • The creation of an improved system using the reverse-engineering drawbacks. • Major risks/limitation of Reverse Engineering include: • Software license agreement often include reverse engineering prohibiting clauses; • De-compilers are relatively new tools with functions that depends on specific computers, operating systems and programming language. Any change in one of these components will require developing or purchasing a new compiler

  45. TEASER • An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering.B. prototyping.C. software reuse.D. reengineering.

  46. TEASER • D • Old (legacy) systems that have been corrected, adapted and enhanced extensively require reengineering to remain maintainable. Reengineering is a rebuilding activity to incorporate new technologies into existing systems. Using program language statements, reverse engineering involves reversing a program's machine code into the source code in which it was written to identify malicious content in a program, such as a virus, or to adapt a program written for use with one processor for use with a differently designed processor. Prototyping is the development of a system through controlled trial and error. Software reuse is the process of planning, analyzing and using previously developed software components. The reusable components are integrated into the current software product systematically.

More Related