APPLICATION DEVELOPMENT Syllabus (1031)

BTEC Higher Nationals in Computing (RQF)
Unit 30 Application Development
Application Development i
1 PREFACE
In continuing our trend of providing high quality study support, we are proud to present this text
book to you. This text is meant to be used as a reference for the BTEC Higher National Diploma in
Computing.
It has been prepared by our experienced panel of lecturers with reference to recommended study
material and web resources taking in to consideration the content of the syllabus.
This study guide if provided only for the purpose of knowledge sharing only and is strictly not for
sale.
The panel of lecturers
HND Division
ESOFT Metro Campus
ii Application Development
Introduction
Software drives business and developers drive software the world is reliant on software, and
programming is at the heart of this. Professionalism and critical thinking, supported by an ability to
work independently and as part of a team are core skills of a developer. If you can think logically
and you enjoy exploring and dismantling problems, working with others to consider requirements
and creating ideas and possible solutions you can gain the experience and learn the skills needed
to excel as an Application Developer.
This unit introduces students to Application Development and is designed to simulate the roles and
responsibilities of a commercial developer working in a suitable business environment with access
to a small team of colleagues. Initially, students are introduced to a business-related problem and
will need to adopt and use appropriate methods and practices to analyses, break down and discuss
the issues then, decide, design, create and test a possible solution. Students should be free to
debate, evaluate and select different design and development methodologies depending on their
own judgement and consideration.
On completion, students will be expected to formally evaluate their final application against their
design plans and initial requirements. Among the topics included in this unit are: design and
developer documentation; problem analysis; research, system and user requirements; design
methodologies and principles; security considerations; development methodologies; Unified
Modelling Language (UML), software development lifecycles; teamwork, peer reviews,
development tools and techniques; integrated development environments; debugging, testing,
software versions and quality assurance.
On successful completion of this unit students will be able to produce a Software Design Document
by analyzing a business-related problem and deduce an appropriate solution, including a set of
initial requirements, select and use design and development methodologies with tools and
techniques associated with the creation of a business application, work individually and as part of a
team to plan, prepare and produce a functional business application with support documentation
and assess and plan improvements to a business application by evaluating its performance against
its Software Design Document and initial requirements.
As a result, they will develop skills such as communication literacy, critical thinking, analysis,
reasoning and interpretation, which are crucial for gaining employment and developing academic
competence.
Learning Outcomes
By the end of this unit students will be able to:

LO1. Produce a Software Design Document by analyzing a business-related problem and deduce an
appropriate solution including a set of initial requirements.
LO2. Use design and development methodologies with tools and techniques associated with the
creation of a business application.
LO3. Work individually and as part of a team to plan and produce a functional business application
with support documentation.
LO4. Evaluate the performance of a business application against its Software Design Document and
initial requirements.
Application Development iii

2 Recommended Resources
Textbooks
Carmen, T. et al. (2009) Introduction to Algorithms. USA: MIT Press. Martin, R.C. (2011) The Clean
Coder: A Code of Conduct for Professional Programmers. USA: Prentice Hall.
McConnell, S. (2004) Code Complete: A Practical Handbook of Software Construction. USA:
Microsoft Press.
Links
This unit links to the following related units:
Unit 6: Managing a Successful Computing Project
Unit 9: Software Development Lifecycles
iv Application Development
Application Development v
Contents
1 Introduction .................................................................................................................................i
2 Recommended Resources .......................................................................................................... iv
3 Textbooks ................................................................................................................................... iv
4 ..........................................................................................................................................................1
1.0 Application Development........................................................................................................1
1.1 What is Systems Analysis? ...................................................................................................1
1.2 What is System Design ........................................................................................................1
1.3 THE SYSTEMS DEVELOPMENT LIFE CYCLE ...........................................................................1
1.3.1 How SDLC Works .........................................................................................................1
1.3.2 Benefits of SDLC ..........................................................................................................1
1.3.3 Preliminary study ........................................................................................................3
1.3.4 Feasibility study ...........................................................................................................3
1.3.5 System analysis ...........................................................................................................5
1.3.6 System Design .............................................................................................................5
1.3.7 Implementation / Coding ............................................................................................5
1.3.8 Testing .........................................................................................................................6
1.3.9 Deployment .................................................................................................................7
1.3.10 Maintenance ...............................................................................................................7
2.0 Analyze a business-related problem and assess possible solutions: .......................................8
2.1 Problem definition statement ............................................................................................8
2.2 Produce a Software Design Document: ...............................................................................9
4.2 ...................................................................................................................................................9
2.3 Software Design Documents ...............................................................................................9
3.0 Software Development Methodologies ................................................................................10
4.3 3.1 Waterfall Model: .........................................................................................................10
4.4 3.2 Prototype Methodology ..............................................................................................11
4.5 3.3 Agile Software Development Methodology: ...............................................................12
4.6 3.4 Rapid Application Development: .................................................................................13
4.7 3.5 Spiral Model: ...............................................................................................................14
4.8 3.6 Joint Application Development Methodology: ............................................................15
4.9 3.7 Lean Development Methodology ................................................................................16
4.10 3.8 Scrum Development Methodology .............................................................................17
4.11 3.9 WHY A SOFTWARE DEVELOPMENT METHODOLOGY IS IMPORTANT ..........................18
4.0 Tools & Techniques to Apply To Strategic Analysis & Planning .............................................20
4.12 4.1 Common analysis tools and techniques include ..........................................................20
vi Application Development
4.12.1 4.1.1 VMOST: ............................................................................................................ 20
4.13 What is a VMOST Analysis? ............................................................................................. 20
4.13.1 1. Vision .................................................................................................................... 21
4.13.2 2. Mission ................................................................................................................. 21
4.13.3 3. Objectives ............................................................................................................. 22
4.13.4 4. Strategy ................................................................................................................ 22
4.13.5 5. Tactics ................................................................................................................... 22
4.14 What makes VMOST analysis effective? ......................................................................... 22
4.14.1 4.1.2 SWOT: .............................................................................................................. 23
4.15 What is a SWOT Analysis? ............................................................................................... 23
4.16 Internal and external factors ........................................................................................... 23
4.16.1 Strengths .................................................................................................................. 24
4.16.2 Weakness ................................................................................................................. 24
4.16.3 Opportunities ........................................................................................................... 24
4.16.4 Threats ..................................................................................................................... 25
4.17 Practical SWOT tips .......................................................................................................... 25
4.17.1 4.1.3 PEST: ................................................................................................................ 26
4.18 What is the PEST Analysis? .............................................................................................. 26
4.18.1 Political factors ........................................................................................................ 27
4.18.2 Economic factors ...................................................................................................... 27
4.18.3 Social factors ............................................................................................................ 28
4.18.4 Technological factors ............................................................................................... 28
4.19 Applicability ..................................................................................................................... 28
4.19.1 4.1.4 SOAR: ............................................................................................................... 29
4.20 What is SOAR analysis? .......................................................................................................... 29
4.21 Why do a SOAR analysis? ...................................................................................................... 29
4.22 Who can use a SOAR analysis?................................................................................................ 29
4.23 ............................................................................................................................................... 30
4.24 SOAR analysis template......................................................................................................... 30
4.24.1 Strengths .................................................................................................................. 31
4.24.2 Opportunities ........................................................................................................... 31
4.24.3 Aspirations ............................................................................................................... 31
4.24.4 Results ...................................................................................................................... 31
4.24.5 4.1.5 Boston Matrix .................................................................................................. 31
4.24.6 4.1.6 Porter’s Five Forces ......................................................................................... 33
4.24.7 4.1.7 Maturity Models: ............................................................................................. 34
Application Development vii

5.0 Business Applications ............................................................................................................35
4.25 5.1 Business to Customer (B2C) Applications ....................................................................35
4.26 5.2 Business to Business (B2B) Applications ......................................................................37
4.27 5.3 Internal Applications ...................................................................................................38
4.28 5.4 Strategies for improving business productivity ...........................................................38
4.28.1 5.4.1 Use technology to improve your operations ....................................................38
4.28.2 5.4.2 Review your existing setup ...............................................................................39
4.28.3 5.4.3 Implement a continuous improvement approach ............................................39
6.0 Secure Software Requirement ..............................................................................................41
4.29 6.1 Requirement analysis stage .........................................................................................41
4.30 6.2 Design stage ................................................................................................................42
4.31 6.3 Development stage .....................................................................................................42
4.31.1 Code review...............................................................................................................42
4.32 6.4 Testing stage. Penetration testing ...............................................................................43
4.33 6.5 Production and post-production stages ......................................................................43
4.34 6.6 Security cost ................................................................................................................44
4.35 6.7 Categories of Security Requirements ..........................................................................44
4.35.1 6.7.1 Functional Security Requirements ...................................................................44
4.35.2 6.7.2 Non-Functional Security Requirements ............................................................44
4.35.3 6.7.3 Security Property Requirements ......................................................................44
4.35.4 6.7.4 Constraint/Negative Requirements ..................................................................45
4.35.5 6.7.5 Security Assurance Requirements ....................................................................45
4.36 6.8 Core Security Requirement .........................................................................................45
4.37 6.9 General (Application) Security Requirements .............................................................46
4.38 6.10 Operational Security Requirements ..........................................................................46
viii Application Development

1.0 Application Development
Application development is the process of creating a computer program or a set of programs
to perform the different tasks that a business requires. From calculating monthly expenses to
scheduling sales reports, applications help businesses automate processes and increase
efficiency. Application developers have a computer programming background.
As you might imagine, the reason it's called application development instead of just computer
programming is because there are many more steps involved before and after the actual writing
of the computer program.
All of those steps are very typical and are collectively called a systems development lifecycle.
Every app-building process follows the same steps of SDLC.
1.1 What is Systems Analysis?

It is a process of collecting and interpreting facts, identifying the problems, and decomposition of
a system into its components. It is a problem-solving technique that improves the system and
ensures that all the components of the system work efficiently to accomplish their purpose.
Analysis specifies what the system should do.
1.2 What is System Design

It is a process of planning a new business system or replacing an existing system by defining its
components or modules to satisfy the specific requirements. Before planning, you need to
understand the old system thoroughly and determine how computers can best be used in order
to operate efficiently.
1.3 THE SYSTEMS DEVELOPMENT LIFE CYCLE

SDLC or the Software Development Life Cycle is a process that produces software with the
highest quality and lowest cost in the shortest time. SDLC includes a detailed plan for how to
develop, alter, maintain, and replace a software system. SDLC involves several distinct stages,
including planning, design, building, testing, and deployment. Popular SDLC models include
the waterfall model, spiral model, and Agile model.
1.3.1 How SDLC Works

SDLC works by lowering the cost of software development while simultaneously improving quality
and shortening production time. SDLC achieves these apparently divergent goals by following a
plan that removes the typical pitfalls to software development projects. That plan starts by
evaluating existing systems for deficiencies. Next, it defines the requirements of the new system. It
then creates the software through the stages of design, development, testing, and deployment. By
anticipating costly mistakes like failing to ask the end user for suggestions, SLDC can eliminate
redundant rework and after-the-fact fixes.
1.3.2 Benefits of SDLC

SDLC done right can allow the highest level of management control and documentation.
Developers understand what they should build and why. All parties agree on the goal up front and
see a clear plan for arriving at that goal. Everyone understands the costs and resources required.
Several pitfalls can turn an SDLC implementation into more of a roadblock to development than a
tool that helps us. Failure to take into account the needs of customers and all users and
stakeholders can result in a poor understanding of the system requirements at the outset. The
benefits of SDLC only exist if the plan is followed faithfully.
Aplication Development 1
There are following eight phases in every Software development life cycle
model:
1. Preliminary study
2. Feasibility study
3. System analysis
4. System design
5. Coding
6. Testing
7. Implementation
8. Maintenance
Figure 1 . SDLC
2 Application Development
1.3.3 Preliminary study
The first stage of SDLC is preliminary system study. In here briefly investigation of the system
under consideration and gives a clear picture of what actually the physical system is.
In this stage, the system proposal comes out which list of the problem definition, objective of
study, terms of reference for study, constraints, and expected benefits of the new system.
In summery we would say that system that system study face passes through following steps
1. Problem identification and project initiation
2. Background analysis
3. Finding
1.3.4 Feasibility study

When system proposal is accepted by the management the next stage is to examine the feasibility
of the system.
Feasibility study is basically the test of the purpose system in the workability.
The main goal of the feasibility study is not to solve the problems but to achieve the scope. In this
feasibility study the cost and benefits are estimated with greater accuracy to find the Return on
Investment
In this stage, feasibility report / Output - Cost Benefit Analysis Report are produced.
It is not merely an investigation but at the same time a plan or a framework on how the operation
of a business project shall be accomplished. A feasibility study contains 4 major components
namely:
1. Technical feasibility
2. Organizational feasibility
3. Economic feasibility
4. Schedule feasibility
The first technique in the feasibility analysis is to assess the technical feasibility of the project, the
extent to which the system can be successfully designed, developed, and installed by the IT group.
When analysts are unfamiliar with the business application area, they have a greater chance of
misunderstanding the users or missing opportunities for improvement.
The risks increase dramatically when the users themselves are less familiar with an application,
such as with the development of a system to support a new business innovation
The final technique used for feasibility analysis is to assess the organizational feasibility of the
system:
How well the system ultimately will be accepted by its users and incorporated into the ongoing
operations of the organization.
There are many organizational factors that can have an impact on the project, and seasoned
developers know that organizational feasibility can be the most difficult feasibility dimension to
assess.
The next element of a feasibility analysis is to perform an economic feasibility analysis (also called
a cost–benefit analysis).
Economic feasibility is determined by identifying costs and benefits associated with the system,
assigning values to them, calculating future cash flows, and measuring the financial worthiness of
the project.
As a result of this analysis, the financial opportunities and risks of the project can be under- stood.
Economic feasibility means that the projected benefits of the proposed system outweigh the
estimated cost usually considered the total cost of ownership
◦ People including IT staff and users
◦ Hardware and equipment
◦ Software, including in house development as well as purchase from
vendors.
Formal or informal user training, - Because when we moving to manual system to computerized
system, we have to train employees
A project will fail if it takes too long to be completed before it is useful.
Typically, this means estimating how long the system will take to develop, and if it can be
completed in a given time period using some methods like payback period.
A feasibility study not only collects the entire requirement and estimates the cost, but also
calculate the total time for the completion of any project.
Sometimes customer gives the timeline of the completion of the project, that time you have to
set all the development according to the timelines. And then helps the schedule feasibility
study.
1.3.5 System analysis
The analysis phase answers the questions of who will use the system, what the system will do,
and where and when it will be used.
During this phase, the project team investigates any current system(s), identifies improvement
opportunities, and develops a concept for the new system. This phase has three steps:
1. An analysis strategy is developed to guide the project team’s efforts.

2. The next step is requirements gathering
3. The analyses, system concept, and models are combined into a
document called the system proposal
1.3.6 System Design
The design phase decides how the system will operate in terms of the hardware, software, and
network infrastructure that will be in place; the user interface, forms, and reports that will be
used; and the specific programs, databases, and files that will be needed.
The design phase has two steps
1. The design strategy must be determined.
2. The interface design specifies how the users will move through the system
1.3.7 Implementation / Coding
The next phase in the SDLC is the implementation phase, during which the system is actually built
This is the phase that usually gets the most attention, because for most systems it is the longest
and most expensive single part of the development process.
This phase has three steps:
1. System construction is the first step.

2. The system is built and tested to ensure that it performs as designed.
3. The system is installed. Installation is the process by which the old system is turned off
and the new one is turned on.
4. The analyst team establishes a support plan for the system.
1.3.8 Testing
Testing is to check for errors, bugs and interoperability before implementing the new system into
operational a test run of system is done for removing the errors.
There are different forms of testing
◦ 1. Program test
◦ 2. System test
2.1.1.1 1.3.8.1 Program test
When the programs have been coded complied and brought to working consideration. They
must be individually tested with the prepared test data. Any undesirable happening must be noted
and debugged
2.1.1.2 1.3.8.2 System test
After carryout be program test for each of the programs of the system and errors removed
then system test is done. As this stage the test id done on actual data.
The complete system is executed on the actual data. When it is ensured that the system is running
error-free, the user is called with their own actual data so that the system could be shown running
as per their requirements. In this testing phase, there are some another testing forms
1. Unit testing- testing the smallest program units. This is usually carried out by the programmer.
2. Integrated testing this is carried out when these logically independent units are integrating.
3. System testing – this testing is performed considering the total system.
4. Acceptance Testing -conducted to determine if the requirements of a specification or contract

are met. It may involve chemical tests, physical tests, or performance tests.
2.1.1.3 1.3.8.3 System test
After carryout be program test for each of the programs of the system and errors removed then
system test is done. As this stage the test id done on actual data.
1.3.9 Deployment
In this stage new system is installed on the real business environment. This is the most
expensive activity in the system life cycle.
There is 3 major steps involve at this stage.
◦ 1. Gaining & installing of hardware and software - Before we implementing hardware and
software for running the system must be fully operational.
◦ 2. Conversion - Here we move the all old data with security and recovery procedures fully
defined.
◦ 3.User training - After we implementing the new system to company, users who operate that
system must to be trained.
1.3.10 Maintenance
After implementing the system, we have to maintain that system.

We must consider about system performance, what are the required changes, knowing the full
capability of the system etc.…
If there are some errors or bugs in the system that must be noted and want to correct it as soon
as possible. By the other hand if a major change to system is needed new project must have to
be setup to carry out the change.
2.0 Analyze a business-related problem and assess possible
solutions:
Discuss and produce a problem definition statement to highlight and describe the issues that
need to be addressed. Research and consider possible solutions and predict the overall success of
the application.
2.1 Problem definition statement

How to: Write a Problem Statement –
What? A problem statement is usually one or two sentences to explain the problem your process
improvement project will address. In general, a problem statement will outline the negative points
of the current situation and explain why this matter. It also serves as a great communication tool,
helping to get buying and support from others.
Why? One of the most important goals of any problem statement is to define the problem being
addressed in a way that's clear and precise. Its aim is focusing the process improvement team’s
activities and steer the scope of the project.
How? Creation of a problem statement is an activity that is best completed in a small group (46
people). It is helpful to have a couple of people who are involved in the process and a process
owner involved in the activity.
◦ 1. Get each person to write his or her own problem statement without conferring.
Compare each of the sentences/ looking for common themes and wording.
◦ 2. Start to write an improved statement using the common themes.
◦ 3. Ensure that the problems include the customer’s perspective
◦ 4. Ensure that the statement focuses on existing problems.
◦ 5. Try to include the time frame over which the problem has been occurring.
◦ 6. Try to quantify the problem. If you do not have the data to hand, defer writing the
final problem statement until you have been able to quantify the problem.
You should be able to apply the 5 'W's (Who, What, Where, When and Why) to the problem
statement. A problem statement can be refined as you start to further investigate root cause.
Finally, review your new problem statement against the following criteria:
● It should focus on only one problem.
● It should be one or two sentences long.
● It should not suggest a solution.
2.2 Produce a Software Design Document:
Review and discuss the value of Software Design Documents with regards to application
development. Evaluate your possible solutions and synthesize the ideas into a single document
that identifies and attempts to solve the business-related problem. Research and use information
relating to software testing to create a suitable test plan for your business application.
2.3 Software Design Documents

A design doc — also known as a technical spec — is a description of how you plan to solve a
problem.
A design doc is the most useful tool for making sure the right work gets done.
The main goal of a design doc is to make you more effective by forcing you to think through the
design and gather feedback from others. People often think the point of a design doc is to teach
others about some system or serve as documentation later on.
What to include in a design document?

A software design document describes the solution to a problem. So naturally, since every
problem is different, there can be no one-fits-all template. While your project may require a
custom design document structure, you might want to consider including some of the following
commonly used sections:
◦ Title and people - The title of your design document and the list of people planning to work
on the project.
◦ Overview - A high-level summary that every engineer at the company should be able to
understand.
◦ Context - An explanation of why this project is necessary and how it fits into the overall
strategy.
◦ Goals (and non-goals) - A description of the expected impact and the metrics that will be used
to measure success.
◦ Milestones - A breakdown of the project into a list of measurable and timed checkpoints.
◦ Current solution - A description of the current implementation, e.g. with a user story.
◦ Proposed solution - A specific, detailed proposal for a new technical architecture.
◦ Alternative solutions - The pros and cons of the alternatives, e.g. 3rd-party or open source
solutions.
◦ Discussion - Any open issues that you need input on or aren’t sure about.
◦ Scope and timeline - The breakdown of how and when you plan on executing each part of the
project.
3.0 Software Development Methodologies
To manage a project efficiently, the manager or dev team must examine many software
development methodologies to choose the one that will work best for the project at hand.
All methodologies have different strengths and weaknesses and exist for different reasons.
Here’s an overview of the most commonly used software development methodologies and
why different methodologies exist.
3.1 Waterfall Model:

Considered as the traditional method of explaining the software development process in
software engineering, waterfall model happens to clarify the process into a linear flow with
a specified sequence to let the users understand that further level is made progressive on
completion of the previous one.
Moreover, this methodology also talks about the fact that going back to deal with the
changes is not possible.
Figure 2 Waterfall Methodology
2.1.1.4 Pros:
1. Easy to understand and functional

2. Simple enough to handle as model is rigid
3. Saves significant amount of time
4. Allows for easy testing and analysis
2.1.1.5 Cons:
1. Only matches precise needs

2. Not applicable for maintenance projects
3. No option to know possible outcome of a project
4. Not excellent for long and ongoing projects
2.2 3.2 Prototype Methodology

What is Software Prototyping?
◦ Prototype is a working model of software with some limited functionality.
◦ The prototype does not always hold the exact logic used in the actual software
application and is an extra effort to be considered under effort estimation.
◦ Prototyping is used to allow the users evaluate developer proposals and try them
out before implementation.
◦ It also helps understand the requirements which are user specific and may not
have been considered by the developer during product design.
It is a specialized software development procedure that initiates developers towards

making only the sample of the resolution to validate its functional essence to the
customers and make essential changes before creating the authentic final solution.
In fact, the best part of this methodology is that it tends to resolve a set of diversifying
issues occurring with the waterfall method.
Figure 3 Prototype Methodology
2.2.1.1 Pros:
1. Gives clear idea about the functional process of the software
2. Reduces the risk of failure in a software functionality
3. Assists well in requirement gathering and the overall analysis
2.2.1.2 Cons:
1. Chances of extension in management cost
2. Excessive involvement of client can affect processing
3. Too many changes affect the workflow of the software
2.3 3.3 Agile Software Development Methodology:

Agile software development is more than frameworks such as Scrum, Extreme
Programming or Feature-Driven Development (FDD).
Agile software development is more than practices such as pair programming, test-driven
development, stand-ups, planning sessions and sprints.
Agile software development is an umbrella term for a set of frameworks and practices
based on the values and principles expressed in the Manifesto for Agile Software
Development.
Figure 4Agile Methodology
2.3.1.1 Pros:
1. Adaptive approach that responds to changes favorably
2. Allows for direct communication to maintain transparency
3. Improved quality by finding and fixing defects quickly and identifying expectation
mismatches early.
2.3.1.2 Cons:
1. Focuses on working with software and lacks documentation efficiency
2. Chances of getting off-track as outcome are not clear
2.4 3.4 Rapid Application Development:

Rapid application development is a form of Agile software development methodology.
Unlike Waterfall methods, RAD emphasizes working software and user feedback over strict
planning and requirements recording.
Rapid Application Development is a development model prioritizes rapid prototyping and

quick feedback over long drawn out development and testing cycles.
With rapid application development, developers can make multiple iterations and updates
to a software rapidly without needing to start a development schedule from scratch each
time.
RAD is a development model that came into existence once developers realized the
traditional waterfall model of development wasn’t very effective.
Figure 5 Rapid Application Development
2.4.1.1 Pros:
1. Makes the entire development process effortless
2. Assists client in taking quick reviews
3. Encourages feedback from customers for improvement
2.4.1.2 Cons:
1. Dependent on the team for performance
2. Works on modularized system confined on this methodology
3. Requires extremely skilled personnel to handle complexities
4. Not applicable for the small budgeted projects
2.5 3.5 Spiral Model:

Being a highly sophisticated design, it is meant to reduce the early risks in the project.
As per the process going by, the developers initiate on a smaller level and explore the
included risks in it.
Further to this, the developers are intended towards crafting a plan for iterating of the
spiral.
The accomplishment of any Spiral Lifecycle model is based on consistent, observant, and
conversant management of the project.
Figure 6 Spiral Model
2.5.1.1 Pros:
1. Risk factors are considerably reduced
2. Excellent for large and complex projects
3. Allows for additional functionality later
4. Suitable for highly risky projects with varied business needs
2.5.1.2 Cons:
1. Costly model in software development
2. Failure in risk analysis phase may damage the whole project
3. Not appropriate for low-risk projects
4. Might get continued and never finish
2.6 3.6 Joint Application Development Methodology:

The Joint Application Development Methodology is a requirements-classification and user-
interface expansion approach that necessitates for the end-users, clients and developers
attend a powerful off-site conference to accentuate and confirm software system.
This methodology serves towards including the client in the design and expansion of an
application.
This is effortlessly proficient through a sequence of concerted workshops known as JAD
sessions.
It tends to lay emphasis on the business difficulty rather than methodical details.
Figure 7 Joint Application Development Methodology
2.6.1.1 Pros:
1. Allows for simultaneous congregation and alliance of excessive information.
2. Produces huge amount of valuable information in short period
3. Immediate resolving of differences with suitable assistance
4. Provides forum to explore multiple points
2.6.1.2 Cons:
1. Takes excessive amount of time for planning and scheduling
2. Requires significant investment of time and effort
3. Calls for highly trained experts, which is tough to find
2.7 3.7 Lean Development Methodology

As a technical advancement, Lean Development model lays emphasis on the formation of
effortlessly manageable software.
This exquisitely designed development technique is more deliberately engrossed than any
other form of agile methodology.
The objective of this procedure is to improve the software in one-third of the time, with very
restricted budget, and very fewer amount of essential workflow
Figure 8 Lean Development Methodology
2.7.1.1 Pros:
1. Lower budget & time requirements
2. Allows for delivery of product early
2.7.1.2 Cons:
1. The workability of the team decides success of software development process
2. Unsuitable business analyst can be severely problematic
3. Excessive flexibility leads developer to lose focus
3.8 Scrum Development Methodology

Basically, this excellent development is suitable for those development projects that are
constantly altering or extremely developing requirements.
The Scrum Software development model initiates with an ephemeral planning, conference
and completes with a concluding review.
This growth methodology is used for prompt development of software that happens to
include a series of iterations to generate required software.
It is a perfect approach because it effortlessly brings on track the deliberate progressing
projects.
The best part of this methodology is that the scrum software development team focuses
on the desired outcome or result, rather than providing detailed descriptions of how things
need to be done.
Entry criteria, Task definitions, Validation criteria and Exit criteria (ETVX) are not discussed
during sprint meetings but a set of features that needs to be developed in the next sprint
and the desired result are described.
Figure 9 Scrum Development Methodology
2.7.1.3 Pros:
1. Decision making lies in the hands of the team
2. Business requirement document is considered insignificant
3. Lightly controlled method empathizing with constant updating
2.7.1.4 Cons:
1. The processing method suffers because of wavering costs
2. Not suitable for big sized projects
3. Requires highly expert team, which has no place for novices
3.9 WHY A SOFTWARE DEVELOPMENT METHODOLOGY IS IMPORTANT

A software development methodology is similar to a cooking recipe. The same way that a
recipe teaches one how to cook a meal, a software development method teaches how to
build a software product. Methodologies boost efforts to improve the quality of products
by enhancing processes that product the products. A formally defined standard or method
is required to control the development processes.
The different software development methodologies have strengths and weaknesses. The
choice of which method to use really depends on the goals that a business wants to
achieve
Software Development Methodology is important since it determines all ingredients

that lead to fail/success, in a software project.
 All the roles within the project and their collaboration is defined by the
methodology of your SDLC, briefly your project management is dependent on it.
 Your project management technique is dependent on the methodology of your
SDLC
 Your requirement management and change management are defined by the
methodology of your SDLC. For instance, if you are doing waterfall, you have to
freeze them in order to mitigate the risk of project fail. But if the changes are too
frequent and cannot be frozen then you can go with agile.
 The quality of your software is dependent on the methodology of your SDLC. If
your methodology does not cover the required quality tests like unit, functional,
performance, robustness. then your software will be suffering from poor quality.
But if it covers them especially with a test-driven approach then you saved the
project
4.0 Tools & Techniques to Apply To Strategic Analysis &
Planning
There are many definitions, tools, and techniques that can be applied to strategy analysis.
If you do an internet search you will find all sorts of options available. The challenge is
selecting the best approach, tools, and techniques to use given the business problem or
opportunity.
Preparation for planning through the identification and review of information relevant for
strategy analysis
Performing high-level environmental scan looking at the internal and external business
environment with consideration for mission, vision, stakeholders, structure, existing plans,
people profiles, and question responses.
Applying a choice of different tools and techniques to analyze the present state of a
business environment and mapping out its future.
4.1 Common analysis tools and techniques include
4.1.1 VMOST:
What is a VMOST Analysis?
The VMOST Analysis, also known as the MOST Analysis, is a framework and evaluation technique
for strategic planning in an organization. The analysis ensures stakeholders in an organization gain
reliable insight into the desired changes in their organization. After carefully performing this
analysis, it will present various options on how to bring about change while keeping sight of the
strategic and long-term vision of the organization. The framework connects both the vision and
tactics to pursue this vision. In addition to the vision (V) and mission (M) elements, the
components of the acronym VMOST are: objectives, strategies and tactics.
For example, the analysis may increase the effectiveness of investments in a company by
stimulating how value is added to help a company move forward in the right direction. The main
benefit of this structured method is that it enables team members to set goals at every level of the
organization. As the analysis works top down, it ensures that the focus remains on the most
important goals.
Figure 10 VMOST
2.7.2 1. Vision
The set of ideas that describes what the future should look like is called a vision. As it
concerns the future, vision statements often use terms like ‘will’ or ‘shall’ and will often
contain visual descriptions such as a location where the plans should be implemented. In
addition, the vision also often contains an idea on how and which products should be
offered. A good vision has a long-term character, though due to the high level of dynamics in
organizational life, these might need to be changed along the way. A Big Hairy Audacious
Goal (BGAG) is ambitious and can therefore be incorporated in the vision.
2.7.3 2. Mission
Once the vision has been created, missions are concise actions of changes to help the
company accomplish its vision. Missions are action-oriented and contain specific, feasible
plans, often at a high level. Depending on the vision, one or more missions might be needed
to help the company get to where it wants to be, and these may take weeks, months and
sometimes even years. Similar to a mission in military context, missions often require
multiple people to achieve the goal in question. The same applies in the corporate world.
Therefore, it is often a complicated task, in which planning and resource management are
combined at the very least, to form missions and incorporate them in the vision.
2.7.4 3. Objectives
After the missions have been established, goals are linked to them, in order to help the user
measure their success rate. Goals are checkpoints that let the user know whether an
individual mission has been completed or not. Measuring success is often done with Key
Performance Indicators (KPIs). The SMART acronym is a convenient tool to formulate realistic
goals. If a goal has been defined in a SMART way, this means that it is specific, measurable,
achievable, and relevant and time bound.
2.7.5 4. Strategy
To achieve one’s goals, a strategy must be linked to a least one mission goal. A consequence
of this is that a strategy often results in being a complicated and comprehensive idea about
how a company should be managed. Often a strategy supersedes a theme, for example the
focus on new innovations or the improvement of user-friendliness of devices or apps.
2.7.6 5. Tactics
Tactics are actions that need to be completed in order to fulfil the strategy. Every strategy
contains a number of tactics that can be carried out by various business units. The easiest
way to think about tactics is the use of the ‘Verb-Noun’ format. For example: design CRM,
expand website or recruit employees. Tactics encompass multiple units and therefore are
often part of multiple groups such as product, human resources, processes, technology or
marketing.
2.8 What makes VMOST analysis effective?
The VMOST Analysis method is most suitable to guarantee the consistency of the strategy of
the various components. Aligning the strategy with the various aforementioned elements
enables the user to determine whether the strategy is logical and effective and to reach the
desired goals.
The VMOST Analysis is performed after determining the organizational environment, using
the PESTEL model and the techniques of Porter’s Diamond and Five Forces model. In addition
to these tools, the SWOT Analysis can also be used to determine the organization’s options.
Subsequently, the result of these techniques can be used to determine whether the current
strategy fits the present situation of the organization.
4.1.2 SWOT:
The standard analysis tool, defined as Strengths, Weaknesses, Opportunities, and Threats.
Strengths and weaknesses are internal to the organization, opportunities and threats are
external. SWOT requires you to be truthful and provide an honest assessment of the state
of things. It forces you to create a dialogue with stakeholders to get different viewpoints.
Eventually, you focus in on the key issues.
2.9 What is a SWOT Analysis?
SWOT Analysis, also known as the SWOT matrix, is an acronym for:
 Strengths: positive characteristics that give an advantage in it’s being;

 Weaknesses: critical characteristics that give an disadvantage in it’s being;
 Opportunities: a set of circumstances that makes it possible to do something in
advantage;
 Threats: a set of circumstances that could have a negative influence on the desired
goal.
It is a strategy method that can be used to evaluate these focus areas involved in a project or
organization for strategic planning.
2.10 Internal and external factors
This powerful strategy tool identifies the internal and external factors. The internal factors are the
strengths and weakness of the evaluation. Some examples of internal factors are financial
resources, company’s location, employees, and software systems, legal elements like patents and
copyrights and business processes. A useful management tool that help you to identify the internal
factors is the Framework by McKinsey, a powerful organization analysis tool. The external factors
are the opportunities and threats, mostly environmental. Examples of external factors are market,
demographic and economic trends, relationships with suppliers and business partners and
regulations.
Two useful management tools that we can recommend are the PEST Analysis and DESTEP Analysis.
Both are great to provide an inside on the external factors. The general results are often presented
in a SWOT Matrix.
Tip:
The SWOT Matrix can give a good overall view. Take note that there are pitfalls by using this way of
presenting. Lists and bullets of key findings can have a deeper agenda.
2.10.1 Strengths
These are the strengths of a project or organization that can contribute to achieving the intended
objectives. To determine what they are, the following questions could be asked:
 What advantages do you offer your customers?

 What do you do better than your competitors?
 Why do customers choose you over your competitors?
 What are our Unique Selling Points (USPs)?
 Which factors have a significant influence on the buying behavior of your customers?
When formulating the strengths, it is important to approach these from an internal perspective as
well as from the perspectives of the customer and the market. It is necessary to remain realistic in
order to prevent that the organization or the project from being positioned too highly with respect
to the market and the competition. For example, if your competitor delivers a high-quality product
to the market, good ingredients and sound workmanship are of the utmost importance.
2.10.2 Weakness
These are weaknesses of a project or organization that may have a negative effect on achieving the
intended objectives.
To determine what these weaknesses are, the following questions could be asked:
 What could be improved by the organization?

 What should especially be avoided within the organization or project?
 What are customers likely to see as our weaknesses?
 What factors make us lose customers or market share?
These are difficult questions to answer and the answers may be quite confronting. Have especially
other and external people assessed your weaknesses so that you can work on these.
2.10.3 Opportunities
These are the opportunities that present themselves for the organization or project. To determine
what these opportunities are, the following questions could be asked:
 What interesting trends could the organization or project respond to?

 What are the opportunities for the organization or project?
To answer the questions above, the following matters might be of influence: technological
developments, policy developments from the government, changes within the target group, new
suppliers, etcetera.
2.10.4 Threats
These could be possible obstacles that can negatively influence the project or organization from
the market. To determine what these threats are, the following questions could be asked:
 What possible obstacles or external risk can be identified for the organization or
project?
 What is the financial situation of the project or organization?
 Can new technologies pose a threat to the organization or project?
 Do the identified weaknesses pose a threat for the project or organization?
 How can we meet the quality requirements of the market and how can we compete
with other suppliers?
2.11 Practical SWOT tips
The SWOT Analysis is a serious method. Make sure that when you get to work on this, there is
commitment from the interested parties, the decision makers and the influencers. This is crucial to
the follow-up of the development of the strategic planning. See to it that the intended objectives
are realistic and achievable so that people can still support them afterwards in terms of decisions
and policies.
In addition, the SWOT Analysis is also often used to identify areas for development, which can be
useful when it concerns an exploration of opportunities such as, for example, feasibility study. It is
wise not to eliminate an inventory SWOT item too quickly. The importance of the individual SWOT
Analysis can be found in the value of the strategies it could possibly generate. A SWOT item that
produces valuable strategies is important by definition. A SWOT item that does not produce
valuable strategies is therefore not important. A SWOT Analysis can contribute to decision-making
when a desired final situation (objective) has been defined. Examples are: non-profit organizations,
governmental units and individuals. SWOT analyses can also be used in pre-crisis planning and
crisis prevention management.
Figure 11 SWOT
4.1.3 PEST:
This is a great tool to use in cycle with SWOT. The short form stands for Political, Economic,
Social and Technology.
PEST reveals opportunities and threats better than SWOT, the direction of business
change, projects that will fail beyond your control, and country, region and market issues
through helping you create an objective view.
2.12 What is the PEST Analysis?
The PEST Analysis is an external analysis in which “P” represents Politics, ‘E’ for Economic, ‘S’ for
social and ‘T’ for Technology. The PEST Analysis describes a framework of macro environmental
factors that are important for strategic management. It is a useful strategic tool for understanding
market growth or decline, business position, opportunities and direction for the possibly required
actions.
Founder of the PEST Analysis is Francis J. Aguilar, a Harvard University management professor. He
developed this macro environmental analyze tool for scanning the business environment (1967).
Figure 12 PEST
2.12.1 Political factors
Political factors indicate to what extent the Government influences in the economy. These factors
are of crucial importance for strategic management. Political factors include areas such as fiscal
policy, labor law, environmental law, trade restrictions, rates and political stability. Political factors
may also include goods and services the Government wants to provide or does not want to provide
or be provided (for instance subsidies). The Government also has great influence on the
healthcare, education and infrastructure of a country or nation.
2.12.2 Economic factors
Economic factors include growth, interest rates and the inflation rate of an economy. These factors
have a major impact on how businesses operate and make decisions. For example, interest rates
may influence an enterprise’s cost of capital and therefore they may influence to what extent a
company grows and expands. Exchange rates may affect the costs of export goods and the supply
and prices of imported goods.
2.12.3 Social factors
Social factors are, among other things, cultural aspects and include health consciousness,
population growth, age structure, careers and an emphasis on safety. These social factors influence
the demand for the products and services of an organization and how this organization responds to
this demand. An ageing population, for example, may imply a smaller and less flexible staff
resulting in higher labor costs. Based on social factors, organizations may change their
management strategies to adapt to these developments for example by recruiting older staff on
account of a shortage of knowledge workers.
2.12.4 Technological factors
Technological factors include ecological and environmental aspects as well as aspects of research
and development (R&D) and automation. Technological factors influence entry barriers, minimum
efficient production levels and in-sourcing and outsourcing considerations. In addition,
technological factors affect the costs and the quality of products and services and often lead to
innovation.
2.13 Applicability
The factors of the PEST Analysis will vary in importance to a company based on its industry and the
products and services it supplies.
For example, consumers and B2B companies tend to be more affected by the social factors,
whereas an organization with a specific service provision to the Government would be more
affected by political factors. Factors that are more likely to change in the future or more relevant
to an organization will carry greater importance. For example, an organization that has to borrow
external capital will find that the economic factors (especially interest rates) are becoming more
important than the political or social factors.
2.13.1 4.1.4 SOAR:
2.14 What is SOAR analysis?
SOAR analysis is a strategic planning technique which helps organizations focus on their current
strengths and opportunities, and create a vision of future aspirations and the result they will
bring.
In contrast to SWOT analysis, the SOAR model uses appreciative inquiry to focus the business on
what is known to work, rather than internal weaknesses or perceived threats that might not
eventuate.
The output from a SOAR analysis is a set of actions that leverage strengths and opportunities to
strive for shared aspirations with measurable results. It provides a basis for further in-depth
analysis using other business tools.
2.15 Why do a SOAR analysis?

SOAR analysis is a powerful tool to bring stakeholders together to recognize the potential of the
organization and create a shared vision of the future. Building on strengths requires less effort and
resources than trying to correct weaknesses. The technique is more action oriented than a SWOT
analysis and is focused on outcomes. Use the SOAR model to:
 To explore new initiatives
 To develop a strategic plan and during annual strategy reviews
 To focus and redirect efforts and resources
 As part of a leadership development program
 To plan an individual’s career or develop their performance plan
2.16 Who can use a SOAR analysis?
A SOAR analysis is a good option for new, less developed organizations. It works for everyone, no
matter what position or level they hold and can include both employees and external stakeholders.
It applies to:
 All industries
 All levels of an organization
 Existing and new businesses
 Companies striving for breakthroughs rather than gradual improvement
 Individuals as part of their development plans
Related templates
 SWOT analysis
 TOWS analysis
 Business Model Canvas
Tips for facilitating an effective SOAR analysis
 Carefully select participants to provide expert knowledge but also a fresh perspective.
 Use technology to involve critical people in different locations rather than miss their
contribution.
 Minimize Groupthink by brainstorming ideas individually then combining issues to get the
overall picture.
 Be specific rather than broad when defining ideas.
 Use quantitative data where possible to focus on the crux of issue.
 Provide adequate time in the session to rank and prioritize ideas.
 Communicate outcomes to stakeholders and regularly update progress on actions.
2.17
2.18 SOAR analysis template
A SOAR analysis template is structured as a simple 2 x 2 matrix, resulting in four quadrants
highlighting Strengths, Opportunities, Aspirations, and Results.
2.18.1 Strengths 2.18.2 Opportunities
What the organization does well, along with Circumstances that your team could leverage
its key assets, resources, capabilities, and for success, eg. to improve profitability,
accomplishments. market share, or competitive edge.
Example questions: Example questions:
 What do we excel at?  What partnerships would lead to greater success?

 What are our greatest accomplishments?  What changes and trends in the market align with
 What are we most proud of? our strengths?
 What makes us unique?  What threats do we see that we could reframe as
 What do we provide that is world class? opportunities?
 What strengths are most valuable in our  What needs and wants are we currently not fulfilling
marketplace? for our internal and external stakeholders?
 What do we do or have that’s better than anyone  Are there gaps in the market that we could fill?
else?
2.18.3 Aspirations 2.18.4 Results

An expression of what you want to be and Tangible outcomes and measures that
achieve in the future. A vision to build on demonstrate you’ve achieved your goals and
current strengths, provide inspiration, and aspirations.
challenge the current situation. Example questions:
Example questions:
 What measures will tell us we are on track to achieve
 What do we want to achieve in the future? success?
 What should our future business look like?  How do we translate our vision of success into
tangible outcomes?
 How can we make a difference?
 What are we passionate about?  How do we know when we’ve achieved our goals?
 What strategies and actions support our perfect
future self?
Figure 13 SOAR
4.1.5 Boston Matrix

The BCG Matrix is a simple grid with Market Growth on one axis, and Market Share on the
other.
◦ Market growth: Is the market in which the product is being sold growing quickly,
slowly, or not at all?
◦ Market share: Does the product have a high or a low share of the current market?
Figure 14 BCG
Cash Cows
◦ These are products with a high-market-share in a slow-growing market. They are

profitable, generating good margins, and throwing off excess cash without the
need for significant investment. Cash Cows need to be milked for profits but given
minimum investment. In a nutshell, we want to milk these products without killing
the cow!
2. Stars
◦ These are products with a high-market-share in a growth market. These stars have
the potential to provide a high amount of the future profits of the business. It is
thus advisable for a business to invest in these products to maintain market
leadership, thus securing future profits as the market continues to grow.
3. Dogs
◦ These are products with a low market share in low-growth markets. If these
products are not profitable you may wish to separate them or consider a red ocean
strategy. If a dog is profitable you should invest as little as possible into it, or even
consider separating it.
4. Question Marks
◦ These are products with a low market share in a high-growth market. Because of
this their growth-rate going forward is unclear and further investigation is needed
to decide what to do with these products. These products might become stars, but
equally, they might crash and burn as it’s not easy to spot a future star.
4.1.6 Porter’s Five Forces

Porter's Five Forces is a simple but powerful tool for understanding the competitiveness of
your business environment, and for identifying your strategy's potential profitability.
This is useful, because, when you understand the forces in your environment or industry
that can affect your profitability, you'll be able to adjust your strategy accordingly.
◦ For example, you could take fair advantage of a strong position or improve a weak
one, and avoid taking wrong steps in future.
4.1.7 Maturity Models:
There are many maturity models that can be applied to a business. From the evolution
model, the technology model, to the team model.
The idea is that every business or department goes through a maturity cycle. The standard
cycle is chaotic, reactive, proactive, service, and value.
If you were looking at processes in a department, you would look to see where that
process is on the continuum. Then you would determine where you need to be and what it
would take to get to that point of maturity. This is a simple explanation. When using a
maturity model, it is important that you have a clear problem definition and solution
context.\
5.0 Business Applications
Business software (or a business application) is any software or set of computer programs
used by business users to perform various business functions. These business applications are
used to increase productivity, to measure productivity and to perform other business
functions accurately.
By and large, business software is likely to be developed to meet the needs of a specific
business, and therefore is not easily transferable to a different business environment, unless
its nature and operation is identical. Due to the unique requirements of each business, off-
the-shelf software is unlikely to completely address a company's needs. However, where an
on-the-shelf solution is necessary, due to time or monetary considerations, some level of
customization is likely to be required. Exceptions do exist, depending on the business in
question, and thorough research is always required before committing to bespoke or off-the-
shelf solutions.
Some business applications are interactive, i.e., they have a graphical user interface or user
interface and users can query/modify/input data and view results instantaneously. They can
also run reports instantaneously. Some business applications run in batch mode: they are set
up to run based on a predetermined event/time and a business user does not need to
initiate them or monitor them.
Applications can be categorized by the business functionality from an enterprise perspective
and it can also be categorized based on how and where they run.
5.1 Business to Customer (B2C) Applications

Business to consumer, or B2C, marketing is a common term companies use when referring
to the type of business they operate. B2C companies focus on selling to individuals and
market their products for personal use. They also offer packaging options that are
appropriate for individual consumption.
While many companies sell to both businesses and consumers, the focus of selling to
consumers alone is drastically different than selling to other companies. Let's look at grocery
stores, for instance. You probably go to the grocery store to stock up on food and items for
your house. These stores package food in small containers that are appropriate to take
home. Promotions and sales are targeted to you, the individual consumer. For example, your
local grocery store may offer a small price discount or free product when several other
similar items are purchased. They are acting like a B2C company.
But let's say you're not just an individual consumer looking to cook dinner for your family.
Let's say you own your own business, a restaurant, and you want to purchase food. Going to
the grocery store and purchasing four or five small cans of corn will not go very far to feed
your restaurant full of hungry customers. It wouldn't make sense to purchase all of your food
at a regular grocery store because they don't have the bulk quantities you need to stock your
restaurant. There are stores that focus on business to business sales and offer food in large
quantities, a more appropriate option for purchasing food for your restaurant.
These are in general customer facing applications. Most of these are web/browser-based
applications. It includes dynamic content-based web sites. Some of these applications can be
client-based application that needs to be installed on customer's computing device
(laptop/desktop).
Figure 15 online order system
Examples
 Ordering System: - Simply Ordering System is a website or mobile application through which
users can order food online from a food cooperative or even a native restaurant.
Ordering food online is similar to online shopping – buying goods online. So, once user places
an online order, restaurant receives the order, starts processing it and delivers food to the
user. In case of a food cooperative or food delivery company – receives/executes the order,
collects food from the restaurant as mentioned by the user while placing the order and
delivers it to the user.
 Customer Support System: - Customer support is generally defined as service efforts from
technology vendors and providers that focus on helping customers to use products and
services correctly, efficiently and effectively. Many see this specific type of support as part of
a larger category of customer service, but while customer support is often provided in
response to customer demand, it is also part of intelligent planning for a wide variety of IT
companies.
 Web sites providing product information
 Applets/Active-X lightweight clients
 Clients that gets installed on customer devices
5.2 Business to Business (B2B) Applications

Business-to-business (B2B) is an Internet business model that involves businesses that
perform services or provide products for other businesses. Business information may also be
shared. B2B is a form of e-commerce and it can involve businesses that manufacture a
product, service or merchandise component that that is sold to another business, which then
advertises or markets the product on its website for sale to consumers.
B2B is sometimes referred to as business or industrial marketing.
B2B may include outsourcing, which occurs when a business hires a contractor with
knowledge and experience in that business's industry. The term B2B, however, is better
known within the commercial trading realm, where wholesalers sell products to retailers, or
a commercial original equipment manufacturer sells its products to wholesalers. Contained
within a common supply chain execution are various business transactions. For instance, a
home manufacturer will make purchases from lumber yards, window manufacturers,
concrete businesses, etc. Each one of these transactions is considered to be a form of B2B.
These applications are used between business partners like suppliers, resellers etc.
Traditionally these applications are accessed using dedicated lines between business
partners. Lately many of these applications directly use Internet with security features such
as VPNs. Many of these applications are based on SOA (Service oriented architecture) and
leverage web-services.
Figure 16 B2B
Examples:
 Parts ordering and status system

 Bulk Order submission web service
5.3 Internal Applications

These applications are used within the organization (Intranet) and are not exposed/available
outside the enterprise. These include web-based applications as well as desktop applications
such as email/IM.
Examples:
 HR Systems
 Internal Financial and ERP System
 IT Desktop support system
 Email clients
5.4 Strategies for improving business productivity
5.4.1 Use technology to improve your operations

Web-based technologies enable you to dramatically improve how you run your
business. You're a good candidate if you're looking to increase market share,
aggressively pursue cost reduction or greater efficiency, or prevent customer-service
problems. Production management tools range from spreadsheets to off-the-
shelf software solutions or business-specific, custom-developed applications. Here are
some examples:
 E-purchasing (online buying) is an alternative vehicle you can use to get your materials from
suppliers. This technology enables you to get more competitive pricing as you are no longer
limited to local merchants. Generally, the cost of transaction processing is reduced and there is
less paperwork.
 Smart inventory control systems can help you reduce inventory levels, improve profitability
and speed up customer response time. Online and order management systems integrate
inventory information with your organization's purchasing, accounting and e-business systems,
so you can easily track order status and the movement of inventory within your company. You
will also be able to identify peak and low periods, allowing you to adjust supply purchases
and better manage working capital.
It also helps to keep abreast of technological developments and ensure that your
business is taking advantage of the latest innovations to improve productivity. You can
use the web or attend trade shows to stay on top of new technology. Trade shows are
a great resource as software vendors often make their information available to
attendees. You can also network with other organizations in your industry that may
have already tried and tested new innovations. Finding out what your competitors are
doing can narrow your search down for solutions that are specific to your industry. BDC
Advisory Services can help you establish selection criteria and identify potential
software suppliers.
5.4.2 Review your existing setup

Look at your processes from the point of view of a potential investor. Keep in mind the
overall objective and vision of the business, and ensure the processes meet those goals
and add value. Draw an accurate map of each process in your material and information
flow. By doing this, you can better understand the links between various elements of
your production, and you will be better equipped to identify and eliminate waste
throughout your company.
5.4.3 Implement a continuous improvement approach

Improving productivity is an ongoing activity. Here are some suggestions for setting up
a continuous improvement plan:
 Start by assessing the competition and the best practices in your industry, also known as
benchmarking. But don't copy plans of other businesses—develop one that works for your
company.
 Get external help to assess your business weaknesses and strengths. This gives you an
objective viewpoint from which you can improve productivity and redesign processes.
 Take a step-by-step approach rather than tackling everything at once. Focusing on a few
priorities will enable you to see results faster.
 Assign specific teams to specific problems or processes for redesign.
 Put a formal suggestion system in place for employees.
 Look for breakthrough accomplishments. Small improvements can transform into major
increases in productivity.
 Measure your results. Ideally, this should be done by an objective outside party.
Outsourcing can be a cost-effective way to focus your efforts on what you do best as a
business and make productivity gains. But whether you choose to outsource logistics,
accounting, payroll, public relations or IT, it's vital to first grasp what drives costs and
profits in your company. Before you get started, it's important to assess your current
production and costs such as location, shipment and client proximity. You need to
know exactly which core functions increase revenues and which noncore functions
increase your expenses and affect your productivity.
Many entrepreneurs don't tap into outsourcing opportunities because they fear they
might lose control of their business or are concerned about expenses. And although
these may be valid concerns, outsourcing works if you take the right steps. BDC
Advisory Services can provide direction in determining your best outsourcing strategy.
Strategic alliances allow you to grow your organization without necessarily expanding
its size and incurring more costs. For example, the right alliance could improve your
production processes by increasing your economies of scale and broadening your
distribution market. An alliance could help your company negotiate better supply
deals, share costs such as advertising or take advantage of costly technology.
Increasing your productivity could also mean getting into new markets with new
products and services, extending your market reach or accelerating research and
development by sharing costs and resources.
6.0 Secure Software Requirement
It’s a common practice among companies providing custom software development to disregard
security issues at the early phases of software development lifecycle (SDLC). With such an
approach, every succeeding phase inherits vulnerabilities of the previous one, and the final product
cumulates multiple security breaches. As a result, your company will have to pay through the nose
to close these breaches and enhance the software security in the future.
Best practices of secure software development suggest integrating security aspect into each phase
of SDLC, from the requirement analysis to the maintenance, regardless of the project
methodology, waterfall or agile.
A golden rule here is the earlier custom software providers integrate security aspect into an SDLC,
the less money will be spent on fixing security vulnerabilities later on.
With this in mind, we’ve created a ready-to-go guide to secure software development stage by
stage.
6.1 Requirement analysis stage

Requirements set a general guidance to the whole development process, so security control starts
that early. The two points to keep in mind to ensure secure software development while working
with customers’ requirements are:
 Employ a combination of use and misuse cases.

The security consultants should foresee possible threats to the software and express them in
misuse cases. Simultaneously, such cases should be covered by mitigation actions described in
use cases.
Example:
A misuse case: An unauthorized user attempts to gain access to a customer’s application.
The corresponding use case: All such attempts should be logged and analyzed by a SIEM
system.
 Conduct security risk assessment and create a risk profile

When measuring security risks, follow the security guidelines from relevant authoritative
sources, such as HIPAA and SOX In these, you’ll find additional requirements specific to your
business domain to be addressed.
At requirement analysis stage, security specialists should provide business analysts, who create
the project requirements, with the application’s risk profile. This document contains
application surfaces that are sensitive to malicious attacks and security risks categorized by the
severity level.
6.2 Design stage
Secure design stage involves six security principles to follow:
 Least privilege. Software architecture should allow minimal user privileges for normal
functioning.
 Privilege separation. Specific actions in software (e.g., create, delete or modify certain
properties) should be allowed to a limited number of users with higher privileges.
 Complete mediation. Every user access to the software should be checked for authority.
That decreases the chances of privilege escalation for a user with limited rights.
 Multiple security layers. Applying this principle, you’ll eliminate the threat of a single point
of security failure that will compromise the entire software. It’s simple math: the more
defense layers your software has, the less are chances for a hacker to exploit its
vulnerabilities.
 Secure failure. In case your software ceases to operate, it should fail to a secure state.
Although the software is not available anymore, still it should preserve confidentiality and
integrity. So, make sure you’ve designed secure defaults that deny access, undo all the
changes and restore the system to a secure state in case of emergency.
 User-friendly security. Custom software design should incorporate security aspects in a way
that doesn’t hinder UX. If security mechanisms in the software are obtrusive, users are likely
to turn them off.
6.3 Development stage

Best practices of secure development defend software against high-risk vulnerabilities,
including OWASP (Open Web Application Security Project) top 10. As a result, there will be no need
in fixing such vulnerabilities later in the software life cycle, which decreases customer’s overhead
and remediation costs.
OWASP, one of the most authoritative organizations in software security, provides

a comprehensive checklist for secure coding practices. Use this source if you’re looking for exact
requirements for secure software development, rather than for the descriptions of exploits.
2.18.5 Code review
Although secure coding practices mentioned above substantially decrease the number of software
vulnerabilities, an additional layer of defense won’t go amiss. The code review stage should ensure
the software security before it enters the production stage, where fixing vulnerabilities will cost a
bundle.
Check OWASP’s security code review guide to understand the mechanics of reviewing code for
certain vulnerabilities, and get the guidance on how to structure and execute the effort.
6.4 Testing stage. Penetration testing
Generally, the testing stage is focused on finding errors that don’t allow the application to work
according to the customer’s requirements. It’s high time to check whether the developed product
can handle possible security attacks by employing application penetration testing. This is the case
when plenty is no plague. The operation should be performed in every build. Here, to drive down
the cost, opt for automated penetration tests that will scan each build according to the same
scenario to fish out the most critical vulnerabilities.
In addition, exploratory pretesting should be performed in every iteration of secure software

development lifecycle when the application enters the release stage. It’s worth mentioning, that
the personnel performing the testing should be trained on software attack methods and have the
understanding of the software being developed.
6.5 Production and post-production stages

The software is ready to be installed on the production system, but the process of secure software
development isn’t finished yet. Microsoft offers a set of practices to stick to after the product has
finally seen the light:
 Create an incidence response plan to address new threats. Identify appropriate security
emergency contacts, establish security servicing plans for the third-party code and the code
inherited from other groups within the organization.
 Conduct ultimate security review. It may uncover vulnerabilities missed during the previous
checks. The final review should verify that all misuse cases and security risks defined at the
requirement analysis stage were addressed.
 Certify and Archive the final product. Certifying helps to make sure that all the requirements to
the software are met. Archiving, in its turn, helps to perform further maintenance operations.
 Be prepared to execute incidence response plan. Of course, all custom software vendors hope
that the moment of incidence response will never come. Still, to uphold their good name,
software development companies should be ready to swiftly implement the incidence response
plan, should the product experience any security breach.
6.6 Security cost
Undoubtedly, proper secure software development requires additional expenses and intensive
involvement of security specialists. Still, it’s not rocket science, if implemented consistently, stage
by stage. The additional cost of security in custom software development is not so high. Its integral
parts are security aspect awareness of each team’s member and additional testing throughout the
software development process.
6.7 Categories of Security Requirements
6.7.1 Functional Security Requirements
The software’s functional security requirements specify a security function that the software must
be able to deliver. Obviously, the functional security requirements are a subset of the overall
functional requirements.
Examples:
 The software must validate all user input to ensure it does not exceed the size specified for
that type of input
 The server must authenticate every request accessing the restricted Web pages.
 After authenticating the browser, the server must determine whether that browser is
authorized (i.e., has necessary privileges) to access the requested restricted Web pages.
 The system must have security controls to protect against denial-of-service attacks.
 The system must encrypt sensitive data transmitted over the Internet between the server
and the browser.
6.7.2 Non-Functional Security Requirements
The non-functional security requirements specify a security quality or attribute that the software
must possess.
There are 3 types of non-functional security requirements:
6.7.3 Security Property Requirements
The security property requirements specify the properties that software must exhibit.
Examples:
 The software must remain resilient in the face of attacks.

 The behavior of the software must be correct and predictable.
 The software must be available and behave reliably even under DOS attacks.
 The software must ensure the integrity of the customer account information.
6.7.4 Constraint/Negative Requirements
Constraint/Negative requirements place constraints on software functions in order to minimize the

likelihood of non-secure software behaviors, usually in terms of things to be avoided or prevented.
Constraint/negative requirements exist because software’s functionality must not be allowed to

behave in a way that could lead to the software failing in an insecure state, or otherwise becoming
vulnerable to exploitation or compromise.
Examples:
 The server must not return a restricted web page to any browser that it cannot
authenticate.
 The server must not return a restricted web page to a user who is not authorized to access
it.
 The software must not accept overlong input data.
 The application must not accept invalid URLs.
6.7.5 Security Assurance Requirements
The security assurance requirements are rules, best practices, and processes by which the software
security functions will be built, deployed, and operated.
Security assurance requirements will not be translated into elements of the software’s design, but
into standards, guidelines, or procedures for its development and operation processes.
Examples:
 The software must be built following SOA web service security standards.
 The development processes must comply with SSE-CMM capability level 3 or above.
6.8 Core Security Requirement

C.I.A. Triad [Confidentiality, Integrity and Availability] & A.A.A. [Authentication,
Authorization and Accountability] are the core Security areas around which every
product/software Security controls are defined.
Confidentiality:
◦ Confidentiality Requirements address protection against Disclosure of Sensitive
Data to Unauthorized Individuals. We need to consider controls to ensure
confidentiality is ensured when Data is at Rest, In-Transit and also when it is
processed.
Integrity:
◦ Integrity requirements is needed to ensure Reliability and Accuracy of the
information. Reliability can be ensured by checking software functionality and
Accuracy can be ensured by checking that the data is modified by authorized
person in authorized manner and by Ensuring that handled data is Complete and
consistent.
Availability:
◦ Availability Requirements ensures protection against unwanted destruction or
disruption of Service
Authentication:
◦ We know, Authentication is all about ensuring llegitimacy and validity of the
Identity.
Authorization:
◦ Authorization defines permissions to be assigned to All Authenticated entities.
Accountability:
◦ Accountability is all about building record of user action and act as Detective
Control
6.9 General (Application) Security Requirements

From Application/Software Security prospect, General security requirements should
capture proper Session, Error and Configuration management needs.
Session Management:
◦ Sessions are used to maintain state. In usual Application communication, on
successful user/process Authentication, Session Identified (ID) is issued to Track
authenticated state.
Error Management:
◦ In Application, providing Errors and Traces are the part of usual process, when any
un-wanted or un-scoped condition is encountered.
Configuration management:
◦ Configurations drive application features and functionality. Specific practices and
measures should be defined to avoid any Sensitive Data leakage and Security of
these.
6.10 Operational Security Requirements

Once Application/Software is developed and deployed, Security should also be considered
when it is Operational in environment to avoid any unwanted disclosure or leakage.
Deployment Environment:
◦ Security Requirement list should capture information about environment in which
Software will be deployed and who will be using same.
Archiving:
◦ Archiving is required to ensure Business Continuity, Regulatory Requirements and
Organizational (Retention) Policy. It is important to capture archiving requirements
to comply with organization’s policy and regulations.
Anti-Piracy:
◦ It is a part of Commercial off-the-shelf (COTS) requirement. It includes Code
Obfuscation, Signing, Anti Tampering, Licensing, IP Protection mechanism.

APPLICATION DEVELOPMENT Syllabus (1031)

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

APPLICATION DEVELOPMENT Syllabus (1031)

Transféré par

Droits d'auteur :

Formats disponibles

BTEC Higher Nationals in Computing (RQF)

Unit 30 Application Development

The panel of lecturers

ESOFT Metro Campus

By the end of this unit students will be able to:

Application Development iii

Application Development vii

viii Application Development

1.1 What is Systems Analysis?

1.2 What is System Design

1.3 THE SYSTEMS DEVELOPMENT LIFE CYCLE

1.3.1 How SDLC Works

1.3.2 Benefits of SDLC

1.3.4 Feasibility study

A project will fail if it takes too long to be completed before it is useful.

1. An analysis strategy is developed to guide the project team’s efforts.

1.3.6 System Design

1. The design strategy must be determined.

1.3.7 Implementation / Coding

1. System construction is the ﬁrst step.

2.1.1.1 1.3.8.1 Program test

2.1.1.2 1.3.8.2 System test

3. System testing – this testing is performed considering the total system.

4. Acceptance Testing -conducted to determine if the requirements of a specification or contract

2.1.1.3 1.3.8.3 System test

After implementing the system, we have to maintain that system.

2.1 Problem definition statement

2.3 Software Design Documents

What to include in a design document?

3.0 Software Development Methodologies

3.1 Waterfall Model:

Figure 2 Waterfall Methodology

1. Easy to understand and functional

1. Only matches precise needs

2.2 3.2 Prototype Methodology

◦ Prototype is a working model of software with some limited functionality.

It is a specialized software development procedure that initiates developers towards

2.3 3.3 Agile Software Development Methodology:

2.4 3.4 Rapid Application Development:

Rapid Application Development is a development model prioritizes rapid prototyping and

Figure 5 Rapid Application Development

2.5 3.5 Spiral Model:

Figure 6 Spiral Model

2.6 3.6 Joint Application Development Methodology:

Figure 7 Joint Application Development Methodology

2.7 3.7 Lean Development Methodology

Figure 8 Lean Development Methodology

3.8 Scrum Development Methodology

Figure 9 Scrum Development Methodology

3.9 WHY A SOFTWARE DEVELOPMENT METHODOLOGY IS IMPORTANT

Software Development Methodology is important since it determines all ingredients

4.1 Common analysis tools and techniques include

What is a VMOST Analysis?

2.8 What makes VMOST analysis effective?

2.9 What is a SWOT Analysis?

SWOT Analysis, also known as the SWOT matrix, is an acronym for:

 Strengths: positive characteristics that give an advantage in it’s being;

2.10 Internal and external factors

 What advantages do you offer your customers?

 What could be improved by the organization?

 What interesting trends could the organization or project respond to?

2.11 Practical SWOT tips

2.12 What is the PEST Analysis?