auditing in an agile environment
DESCRIPTION
Auditing in an Agile Environment. Andres Camacho August 2012. Agenda. Intro to Agile Software Development Highlight practices Things to look for in an audit Questions. Manilla. S ecure, one-stop “Digital Life Management Dashboard” that gives consumers simple, instant, direct - PowerPoint PPT PresentationTRANSCRIPT
Auditing in an Agile Environment
Andres CamachoAugust 2012
Agenda
• Intro to Agile Software Development
• Highlight practices
• Things to look for in an audit
• Questions
Manilla
Secure, one-stop “Digital Life Management Dashboard” that gives consumers simple, instant, direct
access to all of their expenses and online accounts
Waterfall
What happens when things change?
Agile Software Development
• Iterative
• Working software over comprehensive documentation
• Collaboration over contract negotiation
• Responding to change
• Early visibility
How does Agile reconcile with IT audits and secure software development?
Agile Software Development• User stories
• Velocity
• Whole team
• Test driven development
• Estimation session
• Sustainable pace
• Backlog
• Daily standups
• Early visibility
• Automated tests
• Simple designs
• Fast iterations
• Planning game
• Continuous integration
• Refactoring
• Pair programming
• Collaboration over contract negotiation
• User stories
• Whole team
• Backlog
• Early visibility
• Automated tests
• Fast iterations
• Continuous integration
• Pair programming
• User stories
• Whole team
• Backlog
• Early visibility
• Automated tests
• Fast iterations
• Continuous integration
• Pair programming
User Story
• Unit of work
• Small, stands on its own two feet
• Estimable
• Placeholder for a conversation
As a … I can … so that …
User Story
Story Workflow
Backlog
• User stories that are ready to be implemented
• Developers work next story in queue
• No P’s
• We use Pivotal Tracker
Pivotal Tracker
Git
• Standard source code control software for Ruby community
• Github, social coding
• Rigorous commit workflow
Is GitHub secure?
Commit Workflow
feature branch
• All work done using feature branches
• Format:
feature-3274744-Add_custom_reminders
Iteration
• Stories and bugs that are released to production
• Stories labeled (tagged) by release date
W TH F MT W TH F
Staging branch merged
End of Iteration
relea
se br
anch
bug fixes
tag a
nd re
lease
to
prod
uctio
n
Release
feature branch
bug fixes
Master
Staging
Production
Whole Team
• Hire generalists
• Everyone gets to work on everything
• Automatic cross training
• Small teams
• Product/QA are part of the team
Pair Programming
• 2 developers 1 story
• Built in code review
• Built in cross training
• Collaboration
Collaboration
Pull Request
• Request by a contributor to pull code changes into a codebase
• Used extensively by open source projects
• Adopted as a code review tool
Pull Request
Automated Tests
• “pay me now or pay me more later”
• Critical, especially with dynamic languages (Ruby, Python)
• Unit tests, acceptance tests
• Test Driven Development
• At Manilla 3 lines of test code for every 1 line of code
Continuous Integration
• Check in early and often
• Automated builds and deployments
• Keep the build fast
• Everyone can see the results
Continuous Integration
Early Visibility
Documentation
Where is the documentation?
Documentation
Documentation
Resources
• Manilla – http://www.manilla.com
• Pivotal Tracker – http://www.pivotaltracker.com
• Github – http://www.github.com
• Relish - https://www.relishapp.com/
My Background
• Degree in Finance, many courses in Accounting
• Auditor for Price Waterhouse in San Jose, CA
• Computer Science courses at San Francisco State
• Positions at Price Waterhouse, NextCard, QRS, Yaga, Vinfolio, and Manilla