< What Lurks Behind the Code:Horror Stories from the Back-End. />
Join Wayne Steedman of Hooligan Development as he unveils the hidden complexities of back-end development
“Bad Code that will haunt me until the end of my days”-Wayne Steedman What Lurks Behind the Code: Horror Stories from the Back-End
To watch the full video click here
Have you ever wondered what goes on behind the polished interfaces of the software applications you use? Wayne Steedman, lead of technical at Hooligan Development, gives us a sneak peek into the often chaotic world of back-end development. The contrast between a beautiful front-end design and the back-end code can sometimes be stark. In this article, we'll explore the challenges, nightmares and best practices for quality assurance and security in software development, with Wayne himself guiding us through the minefield.
The Illusion of Progress
"Some of the scariest bits of code... have come from a project where... a client was looking to see a form of progression" Wayne shares. He recounts the shocking discovery of a function meant to indicate progress in a critical user onboarding process but was instead programmed to generate a random number between 41 and 100. Wayne expressed his grief, “It's quite scary that somebody thinks they can get away with putting that amount of effort into their code."
The Risks of Misleading Metrics
This example is more than just a developer's nightmare; it sheds light on the potential hazards of misleading metrics, especially when tied to critical processes like Know Your Customer (KYC). The randomness of such a progress bar could inadvertently approve users without proper identification and verification, opening the door to fraud and regulatory issues.
Quality Assurance: More Than Just a Formality
Wayne insists on rigorous quality assurance (QA). He advises clients to get their hands dirty.
*** "You must software through its paces yourself, and not rely on the developer's happy path... " ***
The goal is to break the system — test it in ways that an everyday user might, unpredictably and thoroughly.When it comes to QA testing, Wayne suggests that whether it's a CTO, product manager, or a dedicated QA tester, the essential factor is that someone outside the development team should do testing to ensure objectivity. He states, "It needs to be somebody outside of the hired dev team to go through that," highlighting the importance of independent or internal team testing.
The Threats Lurking in Input Fields
A fundamental but often overlooked aspect of back-end security is data sanitisation. He explains the dangers of SQL injection, a hacking technique that can wreak havoc on an unprotected database. "Those kinds of simple things that people don't always think about can have massive, massive implications on your software and sensitive user data," Wayne cautions, underscoring the need for robust security measures.
Protecting User Data
With the prevalence of data leaks, Wayne emphasises the critical nature of secure data storage and transfer, mentioning SSL and HTTPS as essentials for safeguarding user information. He warns, "If that data isn't transported securely and properly, then there are lots of risks that can arise with that user's data." A startling confession from Wayne reveals that some companies still store user passwords in plain text, a shocking lapse in security. "It's just bad security... and it can be massively problematic," he warns, urging the adoption of encryption and other secure storage practices to protect user data and prevent breaches.
Hooligan Development's QA Testing
At Hooligan Development, QA testing is integral to the development process. Wayne describes their approach to creating stable and unstable path test cases, ensuring a thorough review before any major release. "We do not do a big release without a full suite of passing test cases," he asserts, showcasing their commitment to reliability.
Despite meticulous testing, bugs can slip through. Wayne explains Hooligan's triage system for prioritising bug fixes. He emphasises their philosophy: *"Let's get it right, then we can get it out." *He believes in fixing the root of the problem rather than applying a quick patch. Wayne advocates for unit and integration tests to prevent harmful code from reaching users. Automated tests help catch issues before manual testing, making them a critical line of defence in software development.
Conclusion
Overall, Wayne Steedman's insights from Hooligan Development highlight the complexities of back-end development and the crucial nature of thorough QA and security measures. By understanding these challenges and implementing rigorous testing and security protocols, developers and clients alike can ensure that the beauty of the front end matches a robust and secure back-end code.