Sprint 1: Improve Security and Reliability

-
The first sprint, which I will hopefully start tomorrow, has a goal of improving the application's overall security and reliability. Right now I have some pretty egregious security violations, such as plain-text passwords, and most errors get swallowed, so it's very difficult to tell what the problem is when something has gone wrong. So I need to start remedying that.

The sprint backlog items I have selected are:
PriorityDescriptionPoints
300Add error checking, unit testing, and integration testing using JUnit, DBUnit, FindBugs, etc.16
290Add logging and propagate exceptions instead of swallowing them.8
280Restrict access to the HSQLDB to the server on which it is running.2
270Add additional sanitization of input and other security measures8
260Change the way passwords are stored and transmitted so that they are encrypted4

The sprint will be 2 weeks long. My story points are sorta kinda "ideal man hours" but really are more relative to each other than reflective of actual man hours. This is how we estimate at work so I'm used to it, and I'm generally more used to thinking in chunks of hours than days, so I'm going with it for this project, too. I'm being probably excessively optimistic in hoping that I can get 38 story points done in this sprint.

Note that my user stories don't conform to the normal rules of scrum because I'm filling all the roles, and the main goal of the project isn't simply to have a working piece of software but also to have proper processes, conform to best practices, learn more about software engineering, etc. So for this a user story that provides value or functionality can include just changing things so that they're being done the right way. For a commercial project obviously the stories would look differently.

Comments

Post a Comment

Popular posts from this blog

"Does it get easier?" Yes, but Also No...

-
Image
Image by Arek Socha from Pixabay It's complicated... "Does it get easier?" I see some form of this question asked a lot in beginner programming groups. I always struggle with how to answer this honestly and clearly, because the truth is not that simple. In some ways it does get easier, but in other ways it is almost always going to be difficult if you are advancing in your career . If you are a programmer and your job is easy for years on end, the most likely explanation is that you're in the kind of dead-end position that people try to avoid, not the kind of position people dream about when they think of becoming a developer. Most likely you are not getting better at being a dev, not working with new tech or solving new kinds of problems, not being given more responsibility, etc. etc. etc. I've seen some pushback from other newbie programmers on the idea that it could remain difficult past the initial learning stage. Notably I have never once seen somebody who...
Read more

How to Land Your First Dev Job: Develop Yourself, Market Yourself

-
Image
Image by magnetme from Pixabay In the coding and tech groups I'm in, I see the same question asked over and over by folks who are just learning to code, finishing up a bootcamp, degree, or other training program, or who have been looking for that first job for awhile and not having any luck: "what do I need to do to get my first dev job?" There's a whole ton of info out there on this topic, but it's scattered all over, so I thought I would gather together the best resources I've come across and share them, along with a bit of context, to try and help everybody struggling with or just plain wondering about this. There are a lot  of things you can do to improve your chances of finding a job and hopefully shorten your job search. They are broadly divided into 2 categories: developing yourself and your skills, and marketing yourself and your skills. Note that you don't need to do everything on this list, nor do you need to do it all at once. This is an "...
Read more

Git. The WHAT and WHY Edition.

-
Image
Lately I've seen a lot of new/aspiring developers talk about difficulties learning git . I was confused at first, because there are approximately a zillion git tutorials out there. But then I started really looking at what people were saying AND what all those tutorials contain. The problem is most tutorials start out with "here are a ton of git commands to memorize", and this is not where people are having problems. People are having problems with "what is git, why should I learn it, and what does it look like to use it in a real-life project?", and those questions are largely not answered in all those millions of tutorials. So at the risk of redundancy, I'm going to attempt to address these questions in Yet Another Article About Git. First, I want to make it clear that if you want to be a programmer, any kind of programmer, you need to know git. You just DO. This is the short version of the answer to "why should I learn it?".  The medium length a...
Read more