Secure coding

Agile Methodology—How Does it Bite?

July 12, 2012 by Adrian Stolarski

This article will provide readers with an introduction to the statistical and dynamic analysis of code. However, before proceeding to analysis, we must first understand the concept of agile methodologies for code development. To begin, we’ll start with an exploration of agile/scrum methodology and how it plays into the paradigm of extreme programming.

This article aims to provide an introduction to software engineering, but it will also be useful to anyone who has ever had to professionally manage a project. The following methodologies and paradigms can be applied to software development and to the general practices for running a company. Theoretically, before you can understand the concepts of software development, you must understand the principles of agile methodologies.

Now, in any rapidly expanding company, anyone dealing with software development must be familiar with the concept of agile programming. Agile programming is a process of software development based on the iterative programming and which functions on an incremental model. In agile programming, a series of goal-oriented teams address constantly evolving requirements to achieve a shared end-goal of producing the final software product.

Agile—How Flexible are We?

Adaptive project management (APD) is a collection of different methodologies and tools used in managing complex and innovative projects—mainly information technology (including software engineering). The dynamic development of adaptive management methods for projects started in 2001 when the Manifesto for Agile Software Development was released. This document initiated profound changes in programming environments, and then penetrated areas of project management. The rise of APD was largely developed in reaction to the Manifesto for Agile Software Development, as older methods were now considered to be too formal and not very effective.

This methodology provides for the disciplined management of the project and involves frequent inspections of requirements and solutions. Furthermore, this methodology often involves adapting both specifications and software. This methodology works perfectly with small development teams in which there are no problems with communication, and programmers do not need to create very detailed code documentation. All stages of developing the code should be enclosed in iterations where each time test is carried out generated code, requirements are re-gathered, and new solutions are planned. This method focuses on the rapid production of high quality code.

The same composition is used in reference to agile teams that are multifunctional and self-managed. This does not apply to him any corporate hierarchy. The members of each group take responsibility for all the tasks posed in each iteration. Additionally, they have free reign in deciding how to achieve these goals. This method is focused primarily on direct communication between all team members, thus minimizing the need for documentation. This is how teams who employ agile methodology do not lose time when specifying requirements.

By using agile, customer satisfaction is achieved quickly because software is produced quickly. Software can be delivered periodically over weeks or even monthly. The essential measure of progress for each team is the completion of a piece of working software. Please remember that subsequent changes in the documentation should not have a destructive impact on the software development process, either from a programming or business perspective.

What is Scrum?

The scrum effect occurs when a team works within a specified period of time (called the course) to incorporate each effect the user has requested to provide a working product. The essential feature of scrum programming is that all the changes made in one pass must be visible to users in order to serve a functional purpose. The course usually has a fixed duration, which varies from two to four weeks.

In the case of scrum programming, the first step is to create a list of user requirements that are presented as stories. Each of these “stories” then becomes a case study, which helps formulate the next step. Each case study describes one feature of the system. The owner of the product is required to present the main requirements and priorities for each feature of the system. Then, a full written record of requirements and goals for the course are recorded in a prominent place in the room. A team of programmers is then brought in to tackle the above mentioned requirements and goals.

When creating the software, a programmer first selects the highest priority tasks by looking at those that will contribute the most to achieving the end-goals of the project. The programmer will then specify the duration of each task. The list of tasks, including the estimated lead-time, is called the sprint backlog. Immediately after this stage, the project team moves on to implementing the waveforms.

During this time, the owner of the product does not interfere with the work of the team and does not change the scope of the sprint. The team is self-organizing, so there is no chance of assigning tasks to individual members of the team. Team members alone make the choice of which tasks to take on according to their skills, common understanding, and other preferences. Daily meetings are held for no more than 15- minutes each day in order to discuss the job and to discover what was accomplished the previous day, problems encountered, and what the current day’s goals will be.

Sprint ends with a sprint review, during which the team presents the results of their work by displaying a product made during the course. This meeting should involve anyone who has anything to do with the project, and any member of the team should be able to speak up and express their opinions about the product. Then the next date for another meeting is set, and planning for the next sprint begins.

A scrum team consists of 5 to 9 people. It should be interdisciplinary, and its members should have different skills. Persons participating in a scrum team should not participate in other teams. Additionally, each team should have specific members designated as the scrum master, product owner, and team member. General team members are described above—they are the development team, responsible for delivering the product to the customer. The product owner is the person representing the client. The product owner may belong to the team, but it is recommended that this person not also serve as the scrum master, who is the person responsible for removing all obstacles that prevent the panel from completing the task.

Incremental Model Writing Software

The agile method is closely related to the incremental model for writing software. The incremental model is used in cases where it is permissible to truncate the functionality of the system. The major distinction with regard to the incremental model lies in the fact that we first have to define all the requirements of an overall project, then select a subset of the functionality of the system, then develop a detailed design plan, and finally implement a system for performing certain functions. Following this execution, each fragment is tested and delivered to the customer. At the end of each stage, testing is repeated until the system is complete.

Advantages of the incremental model include: frequent contact with the client, no need to define all requirements in advance, a very fast response time from the client system, and the flexibility to respond to any delays in the implementation of the application—enough to accelerate work on another part of the project. While the disadvantages of this solution are mainly: the additional cost associated with implementation of the independent parts of the system, the potential difficulty of cutting a subset of a fully independent function, additional work, and the risk of undetected errors in all stages of software testing.

Or Something Extreme?

Extreme Programming (XP) is a programming paradigm and methodology that is very efficient for taking on small and medium-risk projects. The concept of XP developed after observing other similar projects like those discussed above. XP works with virtually all agile programming practices, which themselves have many advantages but can be difficult to apply. By combining both agile methodologies and XP in a single organism, we are able to eliminate the individual drawbacks of each method.

Each code in XP is created using iterations, but there are differences when compared to agile. With XP, a programmer will plan just the single next iteration, and then write the code that it meets, and then to plan the next step. The XP system derives from the principles of open source software: “Release early, release often.” Remember, XP cannot predict in advance what solutions and application architecture will function best. Therefore, the architecture is created as the program expands. At the beginning of the planning iteration, all types of unit tests are performed before they even start to write code . Then the code is created that can solve all these tests. Such tests are designed to ensure the important functionality of our application, but it’s equally important to not waste time. Remember also that the application architecture can be modified. We can adjust the default system architecture as long as we do not spoil the results of the previous tests. You must realize that this principle allows us to delete all the known bugs for the extension application .

Now it’s time to examine the social aspects of XP programming. When exploring XP, two primary questions arise. The first stems from the fact that programmers write in pairs and are in constant contact with the customer. When working in pairs, who writes what? Well, one person works the keyboard and acts as the lead developer, while the other person observes the first, and every now and then submits amendments and asks questions about the code. Both developers exchange roles every few minutes every day.

This technique has two advantages: first of all, developers learn from each other; and second, it catches the most errors as programmers type. Remember that over time one person’s code can become completely incomprehensible to anyone other than the original author, so adding a second set of eyes increases the quality of the resulting code. The optimal solution actually employees three individuals: two developers and a quality engineer. Google works in precisely this way using sets of three.

A second aspect of programming addressed by the XP method is the issue of specifications. All kinds of specifications are almost always ambiguous, incomplete, or contradictory. So it’s important to have constant contact with the primary customer for whom the software is being created. If this contact is really effective, a programmer can create usable software even without proper specifications.

Extreme Prince, which is under the control of extreme programming

Prince is an agile software development methodology that falls somewhere between agility and discipline. It stands for extreme programming in controlled environments and, in fact, is based on three other methodologies: XP, PRINCE2, and Rational Unified Process. Its task is to achieve a balance between adaptability and maintaining discipline within a the project.

We must remember that in the process of software development, there is no golden method. Each approach has its own advantages and disadvantages, and in all methods, programmers must adapt and be disciplined. The disadvantage of traditional methodologies is that it is not flexible, programs often have large amounts of code, they are not conducive to fast decision-making processes, and they are not able to adapt to changes during the project.

Of course, extreme programming also has its drawbacks. The first is that the client must work closely with the team, and busy clients can often find themselves struggling to find time to give their heart and soul to a project. Another obstacle in the implementation of projects based on XP is the lack of paper documentation. Of course, oral communication is very effective, but for more complex systems, there will be difficulty in making changes over time. Furthermore, oral communication can sometimes lead to short-sighted planning when working on applications.

XPrince eliminates all the drawbacks from both traditional methodologies and agile development. It successfully accomplished it aim of getting rid of the problems associated with XP, and maintaining full adaptability.


This is not a typical article about the hacking, but instead focuses on software engineering. On some level, every hacker is an amateur programmer, so it’s important to raise our general level of knowledge regarding programming updates and methods. In addition, I am convinced that this article will be useful to anyone who runs their own businesses because agile development provides principles of effective management technique for not only developers, but also for advertising, marketing, and human resources. I wish you success implementing agile management techniques in your organizations. And remember, this article certainly does not exhaust the subject; it only provides a loose introduction.

Posted: July 12, 2012
Adrian Stolarski
View Profile

Adrian Stolarski is a freelance security tech blogger, specializing in Java, PHP, and JQuery. In his own words, he does the hard work of training the unemployed. Currently, he handles Evaluation Visualization for real-time systems with XWT and Eclipse RAP. If he sees that something works, he asks how it works and why it works, then sets out to make it work better. A researcher for InfoSec Institute, he currently lives in Poland, but plans to move to London.