Application Security Testing: An Integral Part of DevOps
Microsoft continues to express an interest in moving into the enterprise with their databases and development tools. More importantly, they are striving to be taken seriously.
Today, Microsoft expressed how serious they are with the announcement of Microsoft Visual Studio 2005 Team System. Books will be written on this product; however, I'll mention a few of the features here.
The Audience of VSTS
Unlike other versions of Visual Studio, Microsoft Visual Studio Team System is aimed at more than just developers. Enterprise-level application development is much more complex and thus requires a much more robust tool. With designing, architecting, coding, and testing, along with the need for project management and team development, the standard development tool just doesn't cut it by itself. This is why many enterprises invest in additional tools such as IBM Rational's XDE or Compuware's DevPartner.
There are gaps and disconnections within an organization that directly relate to gaps that can occur in building a project. These are gaps between roles and gaps between phases. An integrated project has to shrink these gaps.
When you have different people in different roles, you have to communicate and interact. This is standard in enterprise applications; however, because of the number of people in different roles, it is not surprising that gaps occur in the communication, which in turn can lead to gaps in a project.
The same is true with the tools used. If a team is using different tools, the tools must work perfectly together or there can be gaps caused there as well. These gaps have been standard in the development of enterprise applications, and the projects simply adapt. When you are building an application, it is not unusual to need to make changes due to the requirements changing. This is not uncommon in enterprise applications. Enterprise development requires that these issues of communication, interactivity, and extensibility all be handled. Additionally, there is a desire to handle them with predictability.
This extensibility, interoperability, and predictability result in a huge challenge. This is a challenge that Microsoft goes through in developing their own enterprise applications as well as a challenge that corporations face.
Visual Studio Team System works to address these challenges.
What Is Visual Studio Team System?
As stated earlier, books will be written to describe all the details of VSTS. I'll mention a few of the pieces in this article.
This tool is aimed at a number of areas. Architects, designers, developers, and testers will all be able to use this project, meaning this is not your standard Visual Studio. The tools needed by each of these roles are incorporated into the product and integrated with the tools used by the other roles. This integration helps to provide an enterprise with an integrated tool to build end-to-end solutions.
The core of VSTS includes features such as item tracking (more than just tasks), enterprise source control (something serious—not Source Safe), powerful reporting, and many robust tools.
Some of the tools and features included are:
Microsoft Distributed System Designers—Tools that provide architects and developers the ability to design service-oriented applications and operations infrastructures at the same time. These tools provide integration among operations, developers, and the business teams by using drag-and-drop designs and connections to XML Web services. Results are validated and more. These tools have actually been presented before under the code name "Whitehorse."
Tracking—Tools for tracking work items. VSTS will track tasks, requirements, and much more.
Source Control System—A new enterprise-level source control system is included. This will be used instead of Source Safe, which did not scale to larger applications. Additionally, it includes features such as "shelving," which allows source to be placed on the server without being checked into the team repository, thus providing the safety of backups without corrupting shared source with incomplete changes.
Code Profiling—The ability to profile code in managed, native, or mixed mode.
Testing tools—Tools are included for unit and regression testing. These tools provide functionality that helps prevent code from breaking existing builds. Tracking allows for tests to be run before check-in to the source control system and more. Also included are load testing tools that can be used to develop and run simulations of browsers in a number of different production conditions and loads.
Project Manager tools—Envisioning, planning, tracking, reporting, and methodology tools are all included.
Equally important to all of these tools and features is the fact that they are all integrated together. This integration helps to eliminate many of the errors that can be caused by the gaps in communication and tools that the standard enterprise team uses. Figure 1 provides a better idea of the tools and functionality in Visual Studio Team System.
Figure 1. Visual Studio Team System. (Picture © Microsoft Corporation)
Not Just a First Effort
The concept of VSTS was initiated in June of 1999, making the development on this project nearly five years old. Many of the tools within VSTS, however, actually are even more mature—good portions of the tools within this product have been in use internally at Microsoft even before VSTS was initiated. As an example, the profiler used in VSTS was originally written in 1994 and has been used by Microsoft internally. It is a tool that has been built up over time.
The individual tools, however, are not the big news about this product. Where VSTS is expected to shine is in the integration. The real story is that the VSTS tools shown in Figure 1 are fully integrated.
Tools Are Not Enough
It may seem ironic to say that when talking about a new took; however, tools by themselves are not enough. Rather, for enterprise development, you also often need a methodology.
VSTS is expected to have at least two methodologies supported when it ships. One of these methodologies will support a lot of different roles. The other will be an agile methodology. These methodologies are expected to be extensible. In fact, there are companies already adding extensions.
Teams have different members who work in different roles. Each has done different things with different tools. With Visual Studio 2005 Team System, Microsoft is going from a developer focus to a development focus. With a focus on facilitating communication as well as improvements to the tools to provide reliability and predictability, Microsoft is making a serious attempt to provide a solution for enterprises.
Look for a sneak peak of some of the features of Microsoft Visual Studio 2005 Team System in The May Community Technical Preview of Visual Studio 2005.