Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introducing a Quality Model for MVC Applications

Introducing a Quality Model for MVC Applications

Your integration, functional and non-functional testing gives you a good idea if your code will work on Production. But how do you go about measuring the quality of code that already seems to work? How do you make that measurement repeatable? How do you share it with clients in government, finance or other large enterprises who are looking for a 3-5 year shelf-life from your code? In this talk, Stuart will introduce you to SQuaRE, the international standard collection for software quality. He'll give you a tour of all of the available and upcoming standards in this area, before taking a deep dive into the Product Quality Model from ISO/IEC 25010:2011. He'll explain what a quality measurement is, how you link them to your project's quality criteria, and how you incorporate them into code reviews, QA teams and management decisions. You'll leave this talk ready to start measuring and improving the quality of your product or service, with the tools you need to not only maintain quality but also to keep increasing it over time, even when faced with staff turnover.

Talk presented at #PHPNW15 in October, 2015.

Stuart Herbert

October 03, 2015
Tweet

More Decks by Stuart Herbert

Other Decks in Programming

Transcript

  1. @GanbaroDigital You’ll leave this talk with a clear understanding of

    using a quality model and how to start building one for your MVC apps.
  2. @GanbaroDigital • Code coverage • Pass / Fail Unit Tests

    • Pass / Fail Acceptance Tests • Open bug reports • Cyclomatic Complexity • CRAP • High / low coupling • Number of responsibilities • … and so on Quality Metrics
  3. @GanbaroDigital We measure quality to prevent things going wrong and

    to detect the things that have already gone wrong.
  4. @GanbaroDigital QM-1.1 QM-1.2 QM-1.3 QM-1.4 QM-1.5 QM-2.5 QM-2.12 QM-2.6 QM-2.1

    QM-3.1 QM-2.11 QM-2.16 QM-2.4 QM-1.7 QM-2.15 QM-2.7 QM-2.13 QM-2.10 QM-2.9 QM-1.6 QM-2.8 QM-2.2 QM-2.14 QM-2.3
  5. @GanbaroDigital 0% 25% 50% 75% 100% QM-1.1 QM-1.2 QM-1.3 QM-1.4

    QM-1.5 QM-2.5 QM-2.12 QM-2.6 QM-2.1 QM-3.1 QM-2.11 QM-2.16 QM-2.4 QM-1.7 QM-2.15 QM-2.7 QM-2.13 QM-2.10 QM-2.9 QM-1.6 QM-2.8 QM-2.2 QM-2.14 QM-2.3
  6. @GanbaroDigital Quality Model Division 2501n Quality Management Division 2500n Quality

    Requirements Division 2503n Quality Measurement Division 2502n Quality
 Evaluation Division 2504n
  7. @GanbaroDigital ISO 25010:2011 Systems and software engineering - Systems and

    software Quality Requirements and Evaluation (SQuaRE) - Systems and software quality models
  8. @GanbaroDigital Quality In Use Model measures what it is like

    to live with the code that has shipped.
  9. @GanbaroDigital • Functional suitability • Performance efficiency • Compatibility •

    Usability • Reliability • Security • Maintainability • Portability Eight Main Categories
  10. @GanbaroDigital Usability • Appropriateness recognisability • Learnability • Operability •

    User error protection • User interface aesthetics • Accessibility
  11. @GanbaroDigital X = A / B where A is the

    number of times that a quality criteria is satisfied B is the total number of opportunities to satisfy that quality criteria
  12. @GanbaroDigital For example: A is the number of times that

    output is correctly escaped. B is the total number of times that output needs escaping.
  13. @GanbaroDigital X = 1 - ( A / B )

    where A is the number of times that a quality criteria is not satisfied B is the total number of opportunities to satisfy that quality criteria
  14. @GanbaroDigital For example: A is the number of application routes

    where a GET modifies the database B is the total number of routes in the application that accept GETs
  15. @GanbaroDigital If we modify the database during a GET request

    in 5 routes out of 400 X = 1 - ( 5 / 400 ) = 0.98
  16. @GanbaroDigital If we modify the database during a GET request

    in 39 routes out of 258 X = 1 - ( 39 / 258 ) = 0.84
  17. @GanbaroDigital Use X = A / B when you want

    people to do A as much as possible
  18. @GanbaroDigital Use X = 1 - ( A / B

    ) when you want people to do A as little as possible
  19. @GanbaroDigital Every quality measurement has a value between 0 and

    1. 0 is the worst score possible. 1 is the best score possible.
  20. @GanbaroDigital 3 Levels Of Importance • Essential - must not

    ship • Major - should not merge • Minor - housekeeping
  21. @GanbaroDigital Examples: Security • Validate route parameters • Validate query

    string parameters • Validate form data • Check CSRF token • Escape output correctly
  22. @GanbaroDigital 3 Levels Of Importance • Essential - must not

    ship • Major - should not merge • Minor - housekeeping
  23. @GanbaroDigital Examples: HTTP • Do not modify database on GETs

    • Return HTTP 422 when request validation fails • Return HTTP 500 when an unexpected exception occurs
  24. @GanbaroDigital 3 Levels Of Importance • Essential - must not

    ship • Major - should not ship • Minor - housekeeping
  25. @GanbaroDigital Route Parameter Verification • X = A / B,

    where • A = number of route parameters that are verified, and • B = total number of route parameters defined
  26. @GanbaroDigital CSRF Token Publishing • X = A / B,

    where • A = number of HTML forms that publish a CSRF token • B = total number of HTML forms
  27. @GanbaroDigital CSRF Token Verification • X = A / B,

    where • A = number of routes that validate the CSRF token of a HTML form • B = total number of routes that accept a HTML form as input
  28. @GanbaroDigital Verification Failure Notification • X = A / B,

    where • A = number of routes that return HTTP 422 when request verification fails • B = total number of routes that accept any form of input
  29. @GanbaroDigital Class Substitution • X = A / B, where

    • A = number of methods that accept an interface as the input type • B = total number of methods that accept objects as input
  30. @GanbaroDigital 0% 25% 50% 75% 100% QM-1.1 QM-1.2 QM-1.3 QM-1.4

    QM-1.5 QM-2.5 QM-2.12 QM-2.6 QM-2.1 QM-3.1 QM-2.11 QM-2.16 QM-2.4 QM-1.7 QM-2.15 QM-2.7 QM-2.13 QM-2.10 QM-2.9 QM-1.6 QM-2.8 QM-2.2 QM-2.14 QM-2.3
  31. @GanbaroDigital 0% 25% 50% 75% 100% Interoperability Accountability Authenticity Analysability

    Modifiability Confidentiality Modularity Non-repudiation Testability Integrity Fault Tolerance Resource Utilisation
  32. @GanbaroDigital In post-mortems, link the root cause to the relevant

    quality measurements or to any missing ones.
  33. @GanbaroDigital Quality has already been defined. That’s what your written

    quality criteria are. You just need to train new people in your quality criteria.