Software development: Proof of concept
Before proceeding with a project, the first and foremost thing we must do is clearly define ideas and product orientation. If the initial idea is poorly tested or the core values are not seen through, the project will inevitably have problems with the wrong values; From there, hinder the later stages and sometimes the final result. To avoid this situation, we should use the Proof of Concept (or POC) method for software development – a term that is familiar but not less important. Although Proof of Concept does not produce a product, it does provide certain visions and assessments of the project’s advantages and disadvantages; thus, we can come up with clear solutions that the team can go in the right direction, with the right spirit and product style.
In the following topic on Proof of Concept, Brugu Software solutions will show you the importance of Proof of Concept and outline 5 critical factors to success.
What is a proof of concept in software development?
A proof of concept in the context of custom software development comes to be the validation of a functional or non-functional aspect of an information system or part of it, either by the technical area or by the user area.
We could say, for example, that acceptance tests are a specific type of proof of concept.
Proof of Concept Example
During the establishment and implementation of the project, Proof of Concept was highly appreciated, playing an indispensable role. Thanks to the Proof of Concept Guideline, Project Managers can see suspicious factors and potential risks that can hinder the success of the project. Proof of Concept helps both the client and the developer team to agree on the value and general direction of the project; On the other hand, it also helps developers easily identify ways to carry out the project to achieve the highest efficiency.
At Brugu, we will take an example of good Proof of Concept, with thorough steps we take to create a successful Proof of Concept for our software product:
Step 1: Define customer requirements
The first and also the most important step, is clearly defining the requirements of the client. Determining the requirements of the client to help us understand the feasibility of the project, understand the nature, and at the same time understand the capabilities of our human resources, thereby identifying and selecting personnel suitability to join the project.
Step 2: Action Planning
Next, the Developer team will analyze and consider the specific project requirements, thereby providing specific scenarios, timeline,s, and guidelines, as well as selecting the appropriate staff to pursue the project. Each stage of implementation, each step is streamlined with the client’s time and the Developers’s team.
Step 3: Implementation
Based on the established Action Plan, the project will be conducted in a 6-stage loop to ensure effectiveness.
The implementation will start a new process of analyzing customer requirements once more thoroughly to proceed to the Design step. Then, the product will be formed and developed with Development, preliminary completion and to the Testing step. In this step, Tester will carefully check and find out the wrong points of the product, so that the Developers can see and correct it more appropriately. By the fifth stage, the product is nearly completed and deployed soon, the Developers will conduct product testing operations with customers and move to the 6th stage – Review, listen to feedback from customers and edit to please customers, and make products more complete.
Step 4: Delivery
The product is now completely complete in accordance with the requirements and spirit of customers. We carry out the delivery of the product, and at the same time provide general information on how to use it, along with some necessary information to ensure smoothness during the operation of the product.
It can be considered as a useful tool in the development process. However, it is convenient to adequately manage your expectations and objectives in the current context of the project and the information system, that is, what is intended to validate? What are the minimum thresholds required? Does the validation meet qualitative, quantitative or both criteria? What are the consequences of not exceeding them? Are the limits well calibrated concerning the effects on the Current status of the project and the current phase of its life cycle? Who will participate in the proofs of a concept and know in advance what aspects are not going to have the expected behavior?
In a formal testing process, test levels are often very easily confused with test types, and although they are intimately related, they have different connotations in the process. To understand a little more, let’s start from the fact that the tests can be executed at any point of the software development process, and this is where the test levels allow us to understand the different aspects or stages where specific tests can be executed. Because of the above, it is common for some people to refer to the levels of evidence or try to classify them as developer tests, functional tests, and end-user tests.
Nevertheless, the appropriate terminology to apply to the different levels corresponds to the following four (4) classifications that are: unit tests, integration tests, system tests and acceptance tests. In each of these test levels, different types of tests may be executed, such as functional, non-functional, architectural tests and the change of the products associated.
Here is a brief description of each level of evidence:
- Unit or Component Tests: These types of tests are typically executed by the development team. They consist of the execution of activities that allow the developer to verify that the unitary components are coded under robust conditions, that is, supporting the entry of erroneous or unexpected data and demonstrating, thus the ability to deal with errors in a controlled manner. Additionally, the tests on unitary components, usually denominated tests of modules or tests of classes, being the convention defined by the programming language, the one that influences the term to use. Finally, it is essential that all the functionality of each unit component be covered by at least two test cases, which should focus on testing at least one positive and one contrary feature
- Integration tests: It is as well executed by the development team and consists of checking those elements of the software that interact with each other, work correctly
- System Tests: This type of test should be executed ideally by a test team outside the development team, a good practice in this point corresponds to the outsourcing of this responsibility. The obligation of this equipment consists in the execution of test activities where it must be verified that the total functionality of a system was implemented according to the specification documents defined in the project. The test cases to be designed in this level of tests must cover the functional and non-functional aspects of the system. For the design of test cases at this level, the team must use deliverable test bases such as initial requirements, use cases, user histories, designs, technical and end-user manuals, etc…
- Acceptance Tests: Independently of the fact that the testing process has been outsourced and that the firm responsible for these activities has issued a quality certificate on the system under test. It is essential that the client appoint personnel to be part of the business processes for the execution of acceptance tests, it is even recommended that the end users participating in this process be independent of the personnel that supported the development process. When the acceptance tests are executed in facilities or environments provided by the developer, they are called Alpha tests, when they are performed from the clients’ infrastructure, they are called Beta tests. In cases where the acceptance tests of the product have been executed in the supplier’s environment.
On the other hand, the security of a system or application does not depend on the use of SSL protocols, firewalls or compliance with an ISO 27000 standard. The form of security tests (penetration testing) at the end of the software development cycle is not enough either. Security is a factor that must be taken into account in each phase of development since the production of software is a process in which it is necessary to identify and correct vulnerabilities continuously.
The key, therefore, is in the following question;
Are we building secure software?
At our site we propose the following tools that help develop secure software:
Checkmarx, which is a source code tool used for security analysis, can be integrated with the most common SW development environments (Eclipse, MS-Visual Studio, Jira, Jenkins …) that will alert programmers to the vulnerabilities they enter in their code.
Blackduck, a tool for analyzing the security, licensing, and operation of third-party open-source libraries used in the developments themselves. Also integrable with the usual development environments.
In contrast, a security analysis tool for the running application based on IAST (Interactive Application Security Testing), or what are the same gray box tests.
We help our clients in the implementation of the Secure SW Life Cycle, an essential practice:
- Analyzing the situation of SW processes and the SW development tools used.
- Propose the most appropriate security tools in each case.
- Performing concept tests for the proposed tools and their use in customer processes validity.
- Forming and supporting development engineers.
From a practical point of view, the number of possibilities to exhaustively test a system is merely unmanageable; it is then necessary to use adequate techniques to maximize the number of essential failures found with the allocated resources. Each method used to detect defects leaves a residue of more subtle abnormalities against which this technique is ineffective.
The software test implies, therefore, the application of appropriate techniques and tools in the framework of a well-defined process, determined by the type of software development projects that are addressed.