Application Security vs Application Simpleness

Let me get back to my right track that is IT world first. Huf, such a hard time to share something if u don’t have enough experience ><

I get this idea to bring out the topic about Application simpleness vs Application security. Why should we tandem these two different things? Because these two are rival which influence each other. How come? Let’s get started to the main topic then~

Should get to the understanding of each terms first to compare them, so you’ll get the reasons why these things above is head to head in an application.

Application simpleness often comes along with the term usability. It’s the usability of the application, the simpleness of user interface of an application which makes common people can use the application easily. Its simpleness makes it possible for common people not to undergo any training in using the application. I choose the term common people here to describe people who not related at all to the application, or people who don’t know much about the application, or people who don’t have any or only have less knowledge in the ability and usability of the application. As the additional, I believe that the simpleness of an application can’t be significant enough if the application’s complexity is still low. You know, you can’t get the simpleness of the application only by using search engine, email, messenger, word processor, etc. You’ll know the meaning of application simpleness when using complicated applications such as ERP modules like financial, human resource, asset management, etc. You’ll realize that without having enough knowledge about the application, you can’t use the application to the fullest. I wish this explanation is good enough to make you all understand the meaning of application simpleness.

Move on to the next topic, application security. You should have understood the terms well because  almost all of us had used the application at least once. Usually, term application security gets tightly related with application data. Imagine when we have really important data to be saved in an application, unfortunately the application can be accessed worldwide through the internet. How can the application ensures that our really important data won’t be taken by some irresponsible parties? Or how can our important data not to be exchanged between another user? This is what application security all about.

So, how can application security be compared to application simpleness? You see, when using a simple application, you don’t have to go through many procedure to insert your data to the application. But of course, for the application to ensure your data security, there should be some procedures for you to insert the data. The easy example where simpleness is go head to head with the security is, when you insert many types of data to an application. Simple application will take whatever data you’ve inserted, while secure application ensures that the data you’ve inserted is correct. For example for phone number, to make it easy for the user (in relation with application simpleness), an application can take whatever value you’ll insert, but a secure application should ensure that the application should only accept number value. For higher example, we can take user’s phone number field. For simple application, whatever phone number inserted shouldn’t be processed longer, application should only save it to the database. For secure application, phone number inserted will be processed longer to the provider of phone number to check the availability and validity of inserted phone number.

Building a simple application is really important, as we can’t avoid common people who will use our application, while building a secure application is other story which like a wall that should be broken by all applications. That’s why building a simple application is good enough, but you shouldn’t forget about the security of the application. Go back to your original purpose to know which one should be higher priority, because as I described before, these two things can’t stand in the same terms.

I hope this description can be useful as usual~

Read Full Post »

Stakeholder of an application

Stakeholder in a project means the parties which are included in developing a project. As we know there are many stakeholders here, like project owner, PM, analyst, developer, tester, management, etc. Each stakeholder has their own role in the project. I’ll try explaining things here. See, I try to explaining things based on my own experience, and this article also one of them. If you see anything wrong about this article, please let me know so I can fix it. Thanks before~

Okay, let me divide stakeholder of IT project like following:

1. Developer team

     As the name, developer team is the stakeholder team which build the project to be an existing application. Developer team usually consists of PM, analyst, developer, tester, and support. Not all developer team has complete member, it will depend on the scale of the project and also depend on the budget of the project. We can call the developer team as the bottom line of the stakeholder, because they will build the application using programming language and etc.

2. Bridge team

     Bridge team usually consist of consultant and a representation from organization to manage the project, This representation will have role to be the bridge between the managerial and client team. While consultant will be the bridge between client team and developer team. Bridge team will fully responsible in opening and closing project phase.

3. Client team

      Client team usually consist of PIC of client who represents the client as a whole. Client team can have more than one person to conduct the communication with developer team and bridge team.

4. Managerial team

        Managerial team consists of managerial people from developer team and from client team. These managerial people mostly will only involved in the opening and closing of the project. In the middle of developing the application, managerial team will be the one who monitor the development.

5. User team

         User team is team who will use the application in the end, also called by end user. Usually user team is involved in gathering the requirement and testing the application.

I think that’s all for now about stakeholder. Share your thought here~?

Thanks~

Read Full Post »

Software Testing

As we know before that there are many kind of tests related with software application. Well, I’ll try to share some kind of tests here, based on my knowledge and my experience of course.

Below are some kind of software / application tests:

• Functional / requirements based testing

Personally I think this test can be done both by white box testing and black box testing. As you may know that functional or requirement testing is the most important test to do in an application. Why? An application is made to fulfill a purpose, that is to make the operational work for the users easier. This can only be ensured if the requirements of an application are met.

White box testing is a test that is done by the user who doesn’t know the application detail that well. These users just do the test based on how the application can be operated by them. I think it will be good if the users who do the test come from the same field as the application background purpose so the user know well what are they expected from the application. We’ll get good feedback from them, either for functional purpose or usability purpose.

Black box testing is a test that is done generally by the development team of the application. The tester should know about the application whole well. This can be done either by code testing or by the tester who only check for bug/error in the application by using the beta application directly.

• Security testing

There are many kind of security testing that can be done to an application. Some of them are:

1. SQL injection test

This test can be done by directly inserting some SQL syntax to a form or to web address. You can also use SQL InjectMe add ons in Mozilla Firefox browser. This test is done to make sure that there isn’t any important data can be retrieved from unauthorized user without using the right method to retrieve them.

2.  Javascript injection test

This test can be done b directly inserting a javascript syntax to a form or using XSS add ons for Mozilla Firefox browser. This test is done to make sure there isn’t any damage can be done by inserting some simple javascript syntax which can cause the application to crush or not functioning properly.

3. Authentication test

Authentication means right person can have access to the application well. So basically only those users whose data is registered in the application can access it. We can simply insert random user account data to make sure that only users who have right who can access the application.

4. Authorization test

Authorization means the right users can access the right data. To put it simpler, manager can only see the summary data of all operational activities, while low level officer can only manage the data which is related to their activities only. We can simply make some user level with some roles, assign some users to user level, and check whether the user with the right role have right access.

• Front end testing

Front end testing check the visual display of the application which influence in application performance. For web based application, some example of this testing is to check whether the image has been compressed, javascript file has been minimized, etc. We can use YSlow add ons of Mozilla Firefox to make the checking process easier.

• Back end testing

Back end testing check how many time is needed to load the application fully and how many sql script that is used in one page. For web application which use ruby or php scripting language, we can use new relic to help us check the application.

• Load testing

Load testing is used to make sure that the application can still perform well even if there are many users access the application simultaneously. There are many tools out there which can help us do this test.

• Usability testing

Usability testing is used to make sure that the application can be used well by the user regardless the different condition (color blind, javascript degradable, screen resolution). It also includes how easy the application can be used by the user.

• Regression testing

Regression testing actually concludes of all above testing. The only difference here is that regression testing will only be done if the bug that previously encountered has been fixed, then regression testing will be automatically done to make sure the bug has been fixed.

Each application has its own rule what test needs to be done in the application. So there won’t be any need to do all of the test above.  There are many kind of test that isn’t explained here yet so I’ll update this post as soon as I can. Comments, suggestions, critics are loved~.

Thanks~

Read Full Post »

A Related Reading from Being Methodical about Test Design by James A. Whittaker

Hello everyone..

Well actually I’m just trying not to waste my time by doing nothing, so I try to write a post about QA. Just as a reminder, I really am still a novice, so I read many articles in QA. One of the most interesting articles I’ve read is written by James A. Whittaker n’ the title is Being Methodical about Test Design.

I won’t discuss this article too much here, just some part of it because I believe that you all will prefer read the article yourself (hehehe). Some part of the articles discuss about how important the existing of QA and QA’s job is to ensure the code quality of the developer. Simple says, the quality of the code made is owned by the developer, not testers. It must be a happy thing for the developer to build a good quality code. So, if each developer maintains his / her own quality of code, then it shouldn’t be a big deal to avoid as many as bug as he / she can, right? The answer is of course it will be easy. But, does a program only consist of a code that is made by one developer? The answer is, of course, not. The program always comes in integration of many modules built by many developers. And here QA comes with responsibility to ensure the quality of whole code or program. And again, the jobs of QA are to ensure that the program meets the requirements specification of a user, the program executes well, and minimize as many bug as it can ( If a QA finds any bugs, it’s not his / her job to fix the code, the developer does ). The most difficult thing to do by a QA is how to have an aligned mind with the client, while QA is part of the program building team. But again, a person who has assigned to be a QA, often has a good quality in communicating with others. It won’t be a problem, I think..

Back to the test that will be main job of a QA, there are so many kinds of test that can be done.  A QA will work concurrently with developer and test every single code that has been finished by a developer. It of course will reduce the work of both developer and tester at the end of the project, because bug will be found when the code is still simple enough to be maintained. A QA will also have to do black box test, where a QA pretends not to know anything about the program and do the test as the end-user of the program. Above all the test that will be done by a QA, the most important test that have to be done is when the project will be launched to the client. Here, a QA must make sure that the program can be executed well and make the end-user convenience by the existing of the program. Don’t forget when a QA test a program, there are many environments that have to be applied to the program. It will ensure the quality of the program. For example for web-based program, we need to check it through four or more browsers, for desktop-based program, we need to check it through two or more operating system.

The next thing to be remembered by a QA is don’t forget to maximize the use of test-plan. Use the test-plan as a guide to test your program. Test-plan will help QA ensuring the test details and making sure that every single thing you need to test would have been tested and there will be a report about the defect appeared.

Be a good QA is not only be a person who follow all the guidelines exist, but also be a person who wants to know everything clearly, detailed, and have many annoyance thought. QA will test a program in every single way to do. You absolutely will be a good QA when you can find more and more about how to find bugs in a program. So, in order to be a good QA, you have to improve your annoyance skill in taking a program apart ( not a thing that will be liked by the developer of course). Just remember that you do this improvement skill not to break someone else program, but to ensure your team has made a good quality program.

Read Full Post »

Steps to be done in QA

I am actually only a novice here in IT field. I graduate just now by holding certificate in diploma. It doesn’t take a long time ‘till I get hired in an IT company. Alhamdulillah, I think I have many opportunities to grow. My first position is QA position. I know QA of course from my previous school. For the first time I get this lesson, I feel like something opens my eyes widely, “HELLO, U R ONLY A LITTLE FISH PLAYING IN AN OCEAN, ang”. The only thing I know when the first time I enter IT is programmer. A programmer who makes the code.  The whole thing about IT is only programmer. I don’t really know that IT has so many fields like QA, Analyst, DBA, ITPM, and developer or popular known as programmer. Thanks to QA lesson there, I get my knowledge more and more. An application is built by analyzing, designing, building, testing, and maintaining the program when it has been installed. While getting some free times in my work, looks like I want to share some of my knowledge here.

QA is the abbreviation from Quality Assurance. In this field, people who hold QA position usually called tester. As I know, testing is not a whole thing in QA. People in QA should ensure that the application built has met user requirement, free of bugs, make the end user convenience and easier in doing their job by the existing of application, etc. So, QA people job’s is to help the team build a good application. Ensuring the quality of application actually can be done by some works to do. QA people should know the requirements of the user clearly, ensure that SDLC is obeyed very well by the team, discus the application with PM, etc. A good QA must act as the project owner and end user who uses the program. QA, because of the obligation, need to test the program. They will of course, find bugs from the program. So sometimes, a QA will have difficult times to assemble with his / her group. Just don’t worry about it, because I believe that a person who has asked to be a QA has excellent communication skill. A QA just need to be so careful and thorough about the project he/ she has assigned in, studies the requirement carefully, and improve his / her annoyance skill in playing with the program.

Because the work flow of a QA is affected by the management in his / her workplace, I believe that each QA has their own strategy in listing his / her to do list. Here I’ll try to write my plan list before doing my job as QA in real project:

1. Ask the project specification from PM.
2. Make a list of test-plan created by analyzing the specification, and discuss it with PM.
3. Make a documentation template for each of test-plan made. Make sure that there will be a versioning in test-plan.
4. When I have to test the program (this list of course will be related to my job as I work in a company who major in developing web application):

• Open the project in four web browsers. Check:

–          Whether the user interface design has been similar.

–          Whether the component of a web page stays in its place when the page is being zoom in or zoom out.

–          Whether the user interface is user-friendly enough to use by the end-user.

–          Whether all the requirements needed by the client have been appeared in web.

–          Whether all java script functions exist in web can be executed well in all web browsers.

• Test whether all the links exist are not broken link. Check:

–          All the links exist in web are not broken.

–          All the links exist in web can be searched and be seen easily.

–          If  URL in address bar that can accept parameter won’t cause any error to the system when user enter data to it.

–          Error messages are user-friendly enough for the user.

• Test the authentication of user. Check:

–          Input invalid login data. Make user that there will be error message and error message is user-friendly enough for the user.

–          Input valid login data. Make sure that the user can access the system.

–          Whether authority given to some users has met the specification.

–          Copy the URL when you have entered system by doing login to another web browser. Test whether you still can access the system without doing login anymore.

–          Whether the user can logout from the system easily. If the user has been logged out, make sure that the user can’t access the system without doing login first.

• Test all the pages that can accept user’s input. Check:

–          Make sure that this web page can’t be injected by SQL injection or java script injection or make the possibility of injection minimal.

–           Input valid data to the web page, and make sure that the system has responses well to the data.

–          Input invalid data to the web page, and make sure that the system will reject the data and give appropriate error message to the system.

–          Input syntax in SQL or java script, make sure that the system will response well in those input.

• Review all the steps and retest in from the first step if you have enough time.

1. Make sure that every error has been listed in your defect documentation. Take it to the developer who responsible in building the code, and give some suggestion if you can. That will of course improve your close-work relationship with your team.
2. You have to help PM to ensure that timeliness for the project still in green area. If the timeliness has entered yellow area, you must discuss it immediately with your PM, it will help your team avoiding the chaos that might be exist later when the project would have been delivered to the client.

I think it’s long story enough for you to read my first post but still, I hope that you really enjoy my sharing and give feed back if you feel like need to give it to me. Hope that my share can be useful for you..

See you all at my next post~

Read Full Post »

Assuring Quality of Application

Most IT people neglected this part when building an application. I think neglected is kind of harsh word, maybe forgetting will be wiser ^^. Hmm, let’s see.. When quality is mentioned, what will cross your mind? I believe most people will definitely think about bugs or error. Well, quality actually can have big meaning, but what I’m going to share below is quality of IT application (either web application, desktop application, mobile application, etc.). Then, what are consist as quality of IT application?

Quality can be measured by usability, performance, defect, etc. So to ensure the quality of an application, you should follow this step:

1. Make sure that the application is built based on SDLC, where every phase should be done well and there is clear output. When this step has been done, then this can make sure that the quality of an application has been ensured 50%. This because if every phase in SDLC has been followed well, then in each phase there will be clear result. The result of each phase which has been ensured well before should be the source for the beginning of next phase, which then will be ensured again and will have another clear result. It’s not easy to ensure the quality of an application, but it will be if we could follow each phase in SDLC well with clear result in each phase.
2. Every stakeholder of the application should participate actively based on their own rule when building the application. For example for the first phase in SDLC is requirement gathering. The stakeholder of this phase mainly is PM, analyst, product owner. Here, these stakeholders communicate and result in the description of application requirements which is agreed by all stakeholders. If the requirements are ensured from the beginning, then the following steps should only follow which of course needs the participation of every stakeholder as well. So later there won’t be any miss about requirements of the application.
3. Build a reliable design for the application first before entering coding stage. A reliable design will make the development of the application easier and later, the maintenance also will become easier. Application design will make the developer/programmer focus more on coding the application rather than thinking the architecture of the application.
4. Make sure the developer follow the design of the application. This step can be done by checking the code that has been built by developer.
5. Do the interaction as many as possible while the application is being built. This can avoid any miss understanding between each stakeholders so every one in this project should have only one purpose, that is to reach the purpose of why the application should be built.
6. Making file test for white box testing is better than later waiting for tester to do all the functionality test.
7. Use as many testing tools as possible to help doing the test in testing phase. As we may know that there are so many tests that can be done to the application. First of all, don’t forget that the main important thing to ensure the quality of the application is to make sure that the requirements of the application has been reached. Well, this means that the purpose of building specific application has been reached. How can we ensure this? We need to use the application and check whether the purpose of the application is reached, this can either be done by testing main functionality or by testing application as a whole. You can find out more about software tests here.
8. UAT (User Acceptance Test). This phase will be done together by product owner and end user. Product owner represent the development team whether end user is the user who will use this application for his/her operational management. Actually this phase should be done in testing phase but here we’ll get the approval from end user. End user will state that the requirements have been achieved well.
9. Maintenance phase. If every phase of software life cycle has been reached then the final phase is maintenance. An IT application always needs to be maintained so later if we find any bug or error we can fix them easily. Maintenance isn’t always done by the development team because we don’t need as much effort as when the application is still being built. Either way, maintenance is important because we never know what will happen later to the application.

I think that’s all for this sharing. I’ll edit the post when I find something to be added or modified here.

Comments and suggestions or critics are loved. Thanks~

Read Full Post »

Building a good user interface for IT application

Building a good user interface for IT application is easy-hard task to do. Well, for some people who is technical minded, it’s sure a hard task. For people who use the application/end-user, it’s an easy task. I’m sure that almost all of us are technical minded people since we build the application, don’t we? ^^

Build a good user interface is an important task actually, I just realized this recently. A good user interface determines the easiness of an application to use. What components are included in a user interface? Here are the list:

1. UI form component. This means the field used for each attributes in a user interface, like a textfield, combo box, radio button etc. Which field used for which component can help both the developer to ensure the possible value for each attributes. A simple guideline for choosing the best field for components for example:
   • Use textfield if an attribute can accept one simple value without limitation of possible answers (ex: name, phone number, email, etc).
   • Use text area field if an attribute can accept one long value without limitation of possible answers (ex: description, address, etc).
   • Use radio button if an attribute can accept only one value from some possible answers (ex: gender, religion, etc).
   • Use combo box if an attribute can accept some values from some possible answers (ex: hobby, specialization, etc).
2. Label of an attributes. This represents the label which will be followed by field where user can enter/choose the value of its attribute. From label, user will know what value they should enter in a field (example: name, address, phone number, email, etc). This also represent what text should be displayed in a button (save button, cancel button, print button, etc.) Deciding what text should be used to represent a field is an easy-hard task to do if the label is kind of hard to explain in short term (ex: how to represent whether a premium is added to payroll or not, whether leave will affect in leave ration or not, etc.) The easy thing to do if we find this situation is, ask others who doesn’t really know/understand what kind of application you are building. They’ll surely give nice input to you.. ^^
3. Title and description of a page. There aren’t many applications which use description to describe the functionality anymore, but either way there is still few applications which use it. In case a page doesn’t have any description, then we should choose a wise title to represent what kind of information will a user get/give in related page. Once user read the title, they’ll understand directly what kind of information they should get/give. In case a page has description, we can use it to help describing what page it is.
4. Positioning. This represent the overall layout of a page.
5. Color. This represent the overall color used in a page. We should be wise to choose what color can be used in order to make sure a page is displayed nicely and easy to use.
6. Consistency of word used. This represent choosing exact same word to describe the same thing, and also what language is used in a page. We shouldn’t use different word in displaying the same thing. We also shouldn’t use different languages in an application.

Above are some components consisting a user interface of application. Below are some best practices in making a good user interface design:

1. Make sure user interface is simple and easy to use.
2. Make it as interesting as possible without losing the functionality meaning.
3. Make sure user understand the information given/needed by the application. You can test this by asking beta user’s opinion and feedback.

I think that’s it my share about making a good user interface.

Comments, questions, feedback, critics are welcomed.. ^^

Read Full Post »