Sprint 2 Retrospective
So I finished sprint 2 today. Yet again my biggest problem is finding enough time to put in as much work as I'd like. I suspect this will be an ongoing problem. I am mostly pleased with how much I accomplished though. I finished 3 backlog items: Fix fake data insertion code (1 hour), Add additional sanitization of input and other security measures (6 hours), and Add logging statements throughout the code (3).
The only somewhat troubling aspect is that I'm still not 100% sure I've considered all the possible security issues. I've done a LOT of googling, but this information is extremely scattered. There's no comprehensive "Java web app security guide" that I've been able to find (though the OWASP stuff is very good and somewhat close). Mostly I've gone searching for one thing, and a random link or post will lead me to other things. It seems like you have to know what all the issues are in advance and then start searching for solutions to those issues. This doesn't help when you're starting from square one... At any rate I'll continue to do the occasional search and keep my eyes open for issues I've not yet considered.
As for the issues I have already considered (and hopefully solved) they are securing passwords in the database and in transit, SQL injection, and XSS. I'm not sure what else there is to consider... Though probably there's something. 100% security is obviously impossible, and even more so for a 1 person software development team, but I would like to come as close as I can.
As for the final unfinished backlog item, Add error checking, unit testing, and integration testing using JUnit, DBUnit, FindBugs, etc., I'm going to re-write this to focus on just FindBugs and similar tools, and leave unit testing until I've finished the Test Driven Development book.
Here's my burndown chart:
The first week I had issues finding time. The days where there's no dot are days where I didn't do any work. I'm really hoping I can change this trend and get in at least a little work nearly every day. Always strive to improve and all that. Anyway, that was sprint 2.
The only somewhat troubling aspect is that I'm still not 100% sure I've considered all the possible security issues. I've done a LOT of googling, but this information is extremely scattered. There's no comprehensive "Java web app security guide" that I've been able to find (though the OWASP stuff is very good and somewhat close). Mostly I've gone searching for one thing, and a random link or post will lead me to other things. It seems like you have to know what all the issues are in advance and then start searching for solutions to those issues. This doesn't help when you're starting from square one... At any rate I'll continue to do the occasional search and keep my eyes open for issues I've not yet considered.
As for the issues I have already considered (and hopefully solved) they are securing passwords in the database and in transit, SQL injection, and XSS. I'm not sure what else there is to consider... Though probably there's something. 100% security is obviously impossible, and even more so for a 1 person software development team, but I would like to come as close as I can.
As for the final unfinished backlog item, Add error checking, unit testing, and integration testing using JUnit, DBUnit, FindBugs, etc., I'm going to re-write this to focus on just FindBugs and similar tools, and leave unit testing until I've finished the Test Driven Development book.
Here's my burndown chart:
Comments
Post a Comment