Application Security Testing: An Integral Part of DevOps
Whilst creating a program, or programs, it can get quite busy. By busy, I mean that you concentrate on one part, while forgetting other small little details that can actually leave a good impression or a very bad impression, or simply no impression at all to the user. The aim of this article is to help you remember all the finer details that can quickly be forgotten in the zoo of developing a decent application.
1: Icons and Images
When using images in your applications, you have to ensure that the images you make use of are good quality. Even if it is just a little picture, it still needs to be of high quality. A PNG image gives the sharpest quality, although the file size is a bit bigger than a JPG image.
Apart from quality and file size, you need to consider the seeing impaired as well as colorblindness. Ensure that your image's function does not get lost. Do not use images that are "too busy" when you do not need to. It sometimes is easy to get carried away or overlook the actual detail of a small image, but you have to make sure that the actual image fits into with your application.
Think twice about colors, not only due to the fact colorblind people cannot distinguish between red and green or blue and yellow, for example, but the fact that some colors have certain meanings to certain cultures or religions.
2: License or Usage Agreement
The publisher grants a license to use the copies of software, but the ownership of the copies remains with the software publisher.
GNU General Public License
Open source software is licensed under this. Users can change the source code, but any improvements or refinements of the software must be made available under a GNU GPL license.
End User License Agreement (EULA)
A EULA indicates the terms under which the end user may use the software.
You are not allowed to install the software on more than one computer unless you purchase a license for each additional computer.
Concurrent Use License
You can install the software onto multiple computers as long as the number of computers using the software at the same time does not exceed the number of licenses that you have purchased.
A site license permits the use of software on any computer at a specified site.
These licenses do not have an expiration date.
These licenses lease the software for use for a specified period of time.
License with Maintenance
This type of a license agreement allows the user to purchase maintenance along with the original license fee. That entitles the user to receive new versions of the software until the maintenance agreement expires.
3: Help Files
There must be some sort of help system present in your system. This means that if the user is struggling with a certain task, he/she must be able to help themselves. You may not think about a help system because your application is not too big, and there may be a limited number of users. Still, you need a help system. Not everybody's English is good, thus potentially providing a language barrier. Not everybody is a professional computer user; for these reasons and more, you need to enable the users to help themselves. You essentially get two types of help systems in your applications:
Context-sensitive help is obtained from a specific point in the state (what the user is doing) of the software, providing specific help for the situation that is associated with that state. For example: When a user right-clicks a textbox, and then clicks 'Help,' information specific to that textbox should be supplied.
Online help is a topic-oriented form of user assistance.
4: Error Logging
It gets very difficult maintaining code, especially when one is in a hurry; everybody knows the importance of proper exception handling, but sometimes this task gets forgotten due to an obscure reason. Without proper error logging or error handling, your program will not perform as it should and it will not be used as it should.
A nice idea is to provide or create a list of possible error codes. This also goes without saying that you need to make sure that you have set up Try and Catch blocks in all your events, methods, and sub procedures. In certain instances, you may require an error log that gets saved externally.
5: Code Documentation
It is important to have well-documented code. Apart from legible code, having your code documented helps other team members understand what you were doing. Comments indicate where you were last and when did you do what. As simple as that. In the process of writing code, one tends to forget adding a comment or two so that you do not have to struggle to find a certain place to continue your new code.
6: External Resources, Such As Files and Folders
I have seen it many a time that a module inside a program crashes due to the fact that a certain file or folder or even registry doesn't exist. This is sloppy, to say the least. Before shipping, your application must ensure that you have catered for files or folders that can go missing in your code.
I cannot stress the importance of versioning information enough. Set your project to automatically increment the Build numbers LINK. This provides good guideline for the support givers so that they can see which version of a program gives which errors. At my work, we have built an in-house system that's a masterpiece (even if I say so myself). The problem is that some users neglect to update the software and once a new version is released, problems creep in mainly because they are not on a more current version.
8: Desktop Icons and Shortcuts
It helps nothing if your application gets shipped but there is no quick and easy way to access the application after being installed. It may sound stupid to say it, but you have to create at least a desktop shortcut to your application. Users do not want to waste time finding an app if it is not obvious.
Okay, I suppose it is not really a thing to remember before shipping your application, but it is still a vital part of your app. A misspelled word or two, even if it is in a help file, can leave a wrong impression. Granted, not all of us are Shakespeares or Hemmingways, but spelling properly and proper use of words is professional.