Table of Contents
Module Reflection
Reflection on the Secure Software Development Module
What?
When I began my career in Software Development, I started as a Coding Mentor/Lecturer teaching bootcamp students programming. 3 years later, and a career change to Full Stack development, I realized something: Security or secure software is a rarely covered topic, yet it is so important. How am I supposed to build secure products if I don’t know what vulnerabilities to look for? This module made me realize some of the gaps in my knowledge, and it laid down the gauntlet for me to learn.
Another challenge I was looking forward to in the module was working in a team experience. Having worked in a team before, I was interested in seeing how we would navigate issues, contribute ideas, and collaborate effectively. Starting with the first assignment, we had to come together as a team for the Design Proposal. We conducted research and also compromised on which ideas we would progress with. Finally, we worked on the Coding Output project where the team tackled the Dutch Forensics Domain while utilizing the Django Framework.
So What?
Throughout this module, I gained valuable theoretical knowledge that I will seek to implement in my practical programming applications. To begin the module, the working groups were chosen and assigned, and the team had to draft a working contract. Initially, we had planned for rotational team leads, but from the second meeting onwards, I consistently took on the role. As the Team Lead, it was my responsibility to assign tasks to team members, ensure proper allocation of work, and offer assistance where needed.
The first assignment was the Design Proposal. The proposal was to develop a secure repository that identified security risks from the OWASP Top 10 list (OWASP, 2021) and provide the appropriate mitigations. The team chose to focus on the Dutch Forensics Domain, and I agreed with this choice as it had the clearest objectives that we could complete. While working on the proposal research, I was exposed more and more to the security domain of software. Looking back at some of my previous projects, I could easily identify security flaws that could be easily avoided with the knowledge I had acquired so far. For example, input validation and sanitization, something so “simple” in terms of implementation, yet it’s missing from all of my software projects.
While the Design Proposal assignment was progressing, I noticed that the team often fell into a passive approach, simply accepting suggestions without critically evaluating or providing constructive feedback. This lack of proactive engagement became frustrating for me, as I desired a more intellectually stimulating collaboration where ideas could be openly critiqued and evaluated. In the final task to wrap up the proposal, we had to implement UML diagrams (Architecture Diagram, Use Case Diagram, State Diagram, and Activity Diagram). With feedback from the tutor, I had the chance to implement the architecture diagram. It was my first time working with such a diagram, so I was quite happy with the final output. The final score from this task was not ideal; I was expecting a higher score. However, the feedback and pointers from the tutor about where we went wrong were detailed and constructive.
The next team task was the Coding Output. Working on this project was a fascinating experience. One of the most fascinating aspects was the team’s decision to use the Django Framework, a popular Python web framework, which none of us had prior experience with. This presented a valuable learning opportunity for everyone involved. Translating our design proposal into actual code required careful planning and consideration. We divided the initial tasks among team members, and I took on the responsibility of implementing the base project, the Admin View and CRUD functionality, event monitoring, and caching, including setting up the database and deployment pipelines. We chose GitHub to store our repository and Git for source control.
However, it became evident that there was an overreliance on Ales and me to ship and build features. I acknowledge that my failure to address these issues within the team may have exacerbated the problem. Nonetheless, I did offer assistance to any team members who were struggling, especially with understanding how to utilize Git/GitHub, setting up their local environments, and using Django. Despite these challenges, we managed to deliver the project on time. I’m content with how the project turned out. I believe that we went above and beyond in delivering a functional product that stayed true to the design proposal and also implemented new functionality such as caching and multithreaded emails.
Overall, this project served as a valuable learning experience, particularly regarding adopting new technologies and collaborating effectively within a team. It highlighted the importance of proactive distribution of tasks, equal participation, and addressing issues early on to ensure a more balanced workload and successful project completion. In future projects, I will strive to address any imbalances in responsibilities promptly and foster an environment where all team members can actively contribute their skills and expertise.
Now What?
This was my last module. If all goes well, I will graduate with the Postgraduate Certificate. I plan on returning at some point in the near future to complete the full master’s program. But for now, I will use the knowledge and skills I have gained to continue delivering quality and secure work in my job. I want to be a game developer, so I will continue learning and diving deeper into computer science to discover new and important topics, like security, and pass this knowledge on to either fellow employees or, if I ever return to being a Lecturer, my students.
References
OWASP (2021). OWASP Top Ten. Owasp.org. Available at: https://owasp.org/www-project-top-ten/