Software development Study Guide

📖 Core Concepts Software Development – End‑to‑end process of conceiving, designing, building, testing, and maintaining software that satisfies user or business goals. Process Types – Sequential (finish one phase before the next) vs. Iterative (repeat small cycles of analysis‑design‑code‑test). Methodologies – Structured frameworks that prescribe how work is organized: Waterfall, Agile (Scrum, XP), DevOps/DevSecOps, Shift‑Left Testing. SDLC Phases – Feasibility → Analysis → Design → Programming → Testing → Production (feedback loop). Version Control – System that records every change to source files, enables branching/merging, and helps resolve conflicts. Effort Estimation – Predicting time/cost based on size, requirements count, team experience, and reuse. Intellectual‑Property (IP) Risk – Open‑source licenses may require derivative works to be open‑sourced; choose compatible licenses or write own code. --- 📌 Must Remember Waterfall: strictly linear; each stage must be complete before the next begins. Agile: embraces change, short sprints, frequent deliveries; ideal for small‑to‑medium projects. DevOps: merges development + operations → continuous integration/continuous delivery (CI/CD). DevSecOps: adds security testing early and continuously. Shift‑Left: move testing (especially security) to the earliest feasible stage to cut defect‑fix cost. Good Code: high cohesion, low coupling → easier maintenance & testing. Version‑Control Conflicts: arise when two branches edit the same lines; must be resolved before merge. Effort Estimation Factors: size, # of requirements, developer experience, reuse rate. --- 🔄 Key Processes Iterative Development Cycle Plan → Design → Implement → Test → Review → repeat. Shift‑Left Testing Workflow Identify security/quality goals → embed static analysis & unit tests during design → run automated tests each commit → remediate early. CI/CD Pipeline (DevOps) Commit → automated build → automated unit/integration tests → artifact creation → automated deployment to staging → manual/automated acceptance → production release. Version‑Control Merge Pull latest → resolve conflicts → run tests → commit merged code. --- 🔍 Key Comparisons Waterfall vs. Agile Waterfall: fixed scope, heavy upfront docs, no back‑tracking. Agile: flexible scope, evolving docs, frequent back‑tracking. DevOps vs. DevSecOps DevOps: focuses on speed & reliability of delivery. DevSecOps: adds continuous security assessments to the pipeline. Shift‑Left Testing vs. Traditional Testing Shift‑Left: tests run during design/implementation. Traditional: tests run after code is complete. --- ⚠️ Common Misunderstandings “Agile means no documentation.” – Agile still requires docs; they are just created just‑in‑time and kept lightweight. “Waterfall is always slower.” – For very well‑defined, stable requirements, a linear approach can be efficient. “DevOps eliminates the need for QA.” – QA is embedded (automated tests) but still essential for validation. “Shift‑Left only means earlier unit tests.” – It includes security reviews, static analysis, and requirement‑level checks. --- 🧠 Mental Models / Intuition “Assembly Line vs. Workshop” – Waterfall = assembly line (once a part moves forward, you don’t go back). Agile = workshop (you can re‑work a part any time. “Safety Net” – Shift‑Left is like installing a net under a high‑wire act; the earlier you catch a fall, the cheaper the rescue. “Version Control as a Time Machine” – Every commit is a snapshot you can revert to, branch from, or compare against. --- 🚩 Exceptions & Edge Cases Agile in Large Enterprises – May require scaling frameworks (SAFe, LeSS) to handle many teams. Waterfall for Regulatory Projects – When strict documentation and verification are mandated (e.g., medical devices), a hybrid waterfall‑Agile approach is common. Open‑Source Licensing – Copyleft licenses (GPL) force derivative works to be open‑source; permissive licenses (MIT, BSD) do not. --- 📍 When to Use Which Choose Waterfall when requirements are fixed, compliance demands full documentation, and the project is large with long timelines. Choose Agile for evolving requirements, rapid market feedback, and small‑to‑medium teams. Add DevSecOps if the product handles sensitive data or must meet security certifications. Apply Shift‑Left whenever defect‑fix cost is a major concern or security vulnerabilities are high‑impact. --- 👀 Patterns to Recognize “Repeated Rework” → indicates a lack of early testing (shift‑left needed). “Long Integration Bottlenecks” → suggests missing CI/CD automation (DevOps gap). “Scope Creep after Design Phase” → classic sign that a waterfall approach is being forced on a changing project. “High Merge Conflict Frequency” → team may be committing too large chunks; adopt smaller, more frequent commits. --- 🗂️ Exam Traps Distractor: “Agile eliminates all documentation.” – Wrong; Agile still requires concise, relevant docs. Distractor: “Waterfall allows revisiting earlier phases without penalty.” – Wrong; by definition each phase is completed before the next. Distractor: “DevOps only speeds up deployment, not testing.” – Misleading; DevOps includes automated testing as a core component. Distractor: “Shift‑Left testing is optional for security.” – Incorrect; the purpose is to force early security checks, not treat them as optional. ---