FULL STACK DEVELOPMENT - WEEK 2

What is Software Development?

Software development is the process of conceiving, specifying, designing,
programming, documenting, testing, and bug fixing involved in creating and maintaining
applications, frameworks, or other software components. Software development involves
writing and maintaining the source code, but in a broader sense, it includes all processes
from the conception of the desired software through to the final manifestation of the
software, typically in a planned and structured process.

What is Agile Methodology?

The Agile methodology is a way to manage a project by breaking it up into several
phases. It involves constant collaboration with stakeholders and continuous improvement
at every stage. Once the work begins, teams cycle through a process of planning, executing,
and evaluating. Continuous collaboration is vital, both with team members and project
stakeholders.
What is Scrum?
The scrum framework is heuristic; it’s based on continuous learning and adjustment
to fluctuating factors. It acknowledges that the team doesn’t know everything at the start of
a project and will evolve through experience. Scrum is structured to help teams naturally
adapt to changing conditions and user requirements, with re-prioritization built into the
process and short release cycles so your team can constantly learn and improve.

There are the three constants in a scrum team that we continue to revisit and invest in
overtime.
● Product Backlog is the primary list of work that needs to get done maintained by the
product owner or product manager. This is a dynamic list of features, requirements,
enhancements, and fixes that act as the input for the sprint backlog. It is, essentially,
the team’s “To Do” list.
● Sprint Backlog is the list of items, user stories, or bug fixes, selected by the
development team for implementation in the current sprint cycle. Before each sprint,
in the sprint planning meeting the team chooses which items it will work on for the
sprint from the product backlog.
JB PORTALS 1
 FULL STACK DEVELOPMENT - WEEK 2
● Increment (or Sprint Goal) is the usable end-product from a sprint. You may not hear
the word “increment” out in the world, as it’s often referred to as the team’s definition
of “Done”, a milestone, the sprint goal, or even a full version or a shipped epic. It just
depends on how your teams defines “Done” and how you define your sprint goals.

What is Scrum Master?

Scrum masters are the facilitators of scrum, the lightweight agile framework with a
focus on time-boxed iterations called sprints. As facilitators, scrum masters act as coaches to
the rest of the team. “Servant leaders” as the Scrum Guide puts it. Good scrum masters are
committed to the scrum foundation and values, but remain flexible and open to
opportunities for the team to improve their workflow.

What is a sprint?
In scrum and other agile software development frameworks, a sprint is a repeatable
fixed time-box during which a "Done" product of the highest possible value is created. Sprint
lies at the core of the Scrum agile methodology and can be thought of as an event which
wraps all other Scrum events like Daily Scrums, Scrum Review and Sprint Retrospective. Like
all of scrum events, Sprint also has a maximum duration. Usually, a Sprint lasts for one month
or less.
Usually, daily meetings are held to discuss the progress of the project undertaken and
any difficulty faced by any team member of the team while implementing the project. The
outcome of the sprint is a deliverable, albeit with some increments. The scrum is used for
projects like Web Technology or development of a product for the new market, i.e. the
product with many requirements or fast-changing requirement. A sprint is a short, time-
boxed period when a scrum team works to complete a set amount of work. Sprints are at the
very heart of scrum and agile methodologies, and getting sprints right will help your agile
team ship better software with fewer headaches.

JB PORTALS 2
 FULL STACK DEVELOPMENT - WEEK 2
Product Goal
Product goals represent the crucial accomplishments needed to make your vision a
reality. They highlight how the product is going to support the business and are often
stepping stones to accelerating business growth. Goals should be easy to understand,
actionable, and achievable. They should also have a fixed time frame — typically lined up
with fiscal planning cycles and spanning anywhere from three to 12 months.
As an example, consider a fictitious company called Fredwin Cycling that makes a
cycling app. A few of their product goals include:
Goal: Top-rated social fitness cycling app within 12 months
Metric: #1 rated in iOS and Android marketplaces
Goal: Double revenue year over year
Metric: +$100M revenue
Goal: Largest partner ecosystem
Metric: +100 partners

The right goals will light a spark within the team — giving you a shared target to work
towards and a sense of greater purpose. But simply setting goals is not enough. You also need
to map all of the detailed work back to the goal it supports and track progress to let everyone
see how their work reinforces success at a high level.

Create roadmap for epics

The Epic Roadmap supports portfolio management. It provides a calendar view of a
single epic and its child features. Within each epic roadmap view, you can drill down to see
details at the feature and requirements level. Use the Epic Roadmap to focus on a single epic
and to support the following tasks:
● Support roadmap planning
● View work that spans several iterations
● Produce reports at each business level to show high and low-level progress
views
● Adjust sprint assignments to child work items
● View dependencies linked to features

Cost Estimation
Cost Estimation is a statement that gives the value of the cost incurred in the
manufacturing of finished goods. Cost estimation helps in fixing the selling price of the final
product after charging appropriate overheads and allowing a certain margin for profits. Cost
estimation in project management is the process of forecasting the financial and other
resources needed to complete a project within a defined scope.

JB PORTALS 3
 FULL STACK DEVELOPMENT - WEEK 2
Elements of cost estimation in project management
There are two key types of costs addressed by the cost estimation process:
1. Direct costs: Costs associated with a single area, such as a department or the project
itself. Examples of direct costs include fixed labor, materials, and equipment.
2. Indirect costs: Costs incurred by the organization at large, such as utilities and
quality control.

Some typical elements that a cost estimation will take into account:
● Labor: The cost of team members working on the project, both in terms of wages and
time
● Materials and equipment: The cost of resources required for the project, from
physical tools to software to legal permits
● Facilities: The cost of using any working spaces not owned by the organization.
● Vendors: The cost of hiring third-party vendors or contractors.
● Risk: The cost of any contingency plans implemented to reduce risk.

Risk Management
Risk management is the process of identifying, assessing and controlling financial,
legal, strategic and security risks to an organization’s capital and earnings. These threats, or
risks, could stem from a wide variety of sources, including financial uncertainty, legal
liabilities, strategic management errors, accidents and natural disasters.
If an unforeseen event catches your organization unaware, the impact could be minor,
such as a small impact on your overhead costs. In a worst-case scenario, though, it could be
catastrophic and have serious ramifications, such as a significant financial burden or even
the closure of your business. Three important steps of the risk management process are risk
identification, risk analysis and assessment, and risk mitigation and monitoring.

1. Identifying risks
Risk identification is the process of identifying and assessing threats to an
organization, its operations and its workforce. For example, risk identification may include
assessing IT security threats such as malware and ransomware, accidents, natural disasters
and other potentially harmful events that could disrupt business operations.

2. Risk analysis and assessment

Risk analysis involves establishing the probability that a risk event might occur and
the potential outcome of each event. Risk evaluation compares the magnitude of each risk
and ranks them according to prominence and consequence.

JB PORTALS 4
 FULL STACK DEVELOPMENT - WEEK 2
3. Risk mitigation and monitoring
Risk mitigation refers to the process of planning and developing methods and options
to reduce threats to project objectives. Risk mitigation also includes the actions put into place
to deal with issues and effects of those issues regarding a project. Risk management is a
nonstop process that adapts and changes over time. Repeating and continually monitoring
the processes can help assure maximum coverage of known and unknown risks.

What are the most common responses to risk?

Risk avoidance
Avoidance is a method for mitigating risk by not participating in activities that may
negatively affect the organization. Not making an investment or starting a product line are
examples of such activities as they avoid the risk of loss.
Risk reduction
This method of risk management attempts to minimize the loss, rather than
completely eliminate it. While accepting the risk, it stays focused on keeping the loss
contained and preventing it from spreading. An example of this in health insurance is
preventative care.
Risk sharing
When risks are shared, the possibility of loss is transferred from the individual to the
group. A corporation is a good example of risk sharing — a number of investors pool their
capital and each only bears a portion of the risk that the enterprise may fail.
Transferring risk
Contractually transferring a risk to a third-party, such as, insurance to cover possible
property damage or injury shifts the risks associated with the property from the owner to
the insurance company.
Risk acceptance and retention
After all risk sharing, risk transfer and risk reduction measures have been
implemented, some risk will remain since it is virtually impossible to eliminate all risk
(except through risk avoidance). This is called residual risk.

Define EPICS
An epic is a large user story which is too big to fit into a sprint. This high-level story
is usually split into smaller ones, each of which can be completed within a sprint. In that
sense, an epic is a collection of user stories with a unified goal.
A requirement that is just too big to deliver in a single sprint. Epics need to be broken
into smaller deliverables (stories). In simple terms, Scrum Epic in Agile Methodology is a big
chunk of work which can be divided into smaller user stories. An Epic can be spread across
sprints and even across agile teams. An Epic can be a high-level description of what the client
wants, and accordingly, it has some value attached to it. As we mentioned, an Epic is a high-
level requirement, hence its scope can change over the course of time.
JB PORTALS 5
 FULL STACK DEVELOPMENT - WEEK 2

You can think of an epic in two ways:

1.) The top-down view:
An epic is a body of work that a product team devises as they break down a strategic
theme into smaller initiatives. A theme on your product roadmap might contain two or more
epics.

2.) The bottom-up view:

An epic is a body of work representing a group of user stories sharing a common
strategic goal. Several related stories on the roadmap will often roll up to a single epic.
What is an Example of an Epic in Product Management?

Creating User Stories for the Epic

A user story is an informal, general explanation of a software feature written from the
perspective of the end user. Its purpose is to articulate how a software feature will provide
value to the customer.

JB PORTALS 6
 FULL STACK DEVELOPMENT - WEEK 2
How to write user stories
User stories are often expressed in a simple sentence, structured as follows:
“As a [persona], I [want to], [so that].”

Breaking this down:

● "As a [persona]": Who are we building this for? We’re not just after a job title, we’re
after the persona of the person.
● “Wants to”: Here we’re describing their intent — not the features they use.
● “So that”: how does their immediate desire to do something this fit into their bigger
picture? What’s the overall benefit they’re trying to achieve? What is the big problem
that needs solving?
EXAMPLE

Creating Acceptance criteria

In Agile, acceptance criteria refer to a set of predefined requirements that must be
met to mark a user story complete. Acceptance criteria are also sometimes called the
“definition of done” because they determine the scope and requirements that must be
executed by developers to consider the user story finished.
As a product manager or product owner, you may be responsible for writing
acceptance criteria for the stories in your product backlog. This article will define acceptance
criteria, look at a few examples, and explore some best practices for writing it.

As with most things agile, there are varying definitions of acceptance criteria.
● Acceptance Criteria Definition 1: “Conditions that a software product must satisfy
to be accepted by a user, customer or other stakeholder.” (via Microsoft Press)
● Acceptance Criteria Definition 2: “Pre-established standards or requirements a
product or project must meet.” (via Google)

JB PORTALS 7
 FULL STACK DEVELOPMENT - WEEK 2
Test Cases
Test cases are instructions for testers to follow to ensure programs are functioning
properly. They describe how the software should work in normal, abnormal, or error
operating conditions. Test case writing converts user requirements into a set of test conditions
and descriptions that indicate how a system is functioning. In an automated test script, more
than one test case can combine to form a test suite.
How to Write Test Cases
Test cases are designed to verify that your application is operating as expected. Test
case writers design test cases so testers can determine whether an app or software system's
feature is working correctly. Applications must be tested thoroughly to find out how the
system behaves under all possible input conditions. A clear understanding of software
functions and the testing process can make writing tests that identify defects easier.

Sprint planning
Sprint Planning initiates the Sprint by laying out the work to be performed for the
Sprint. This resulting plan is created by the collaborative work of the entire Scrum Team.
The Product Owner ensures that attendees are prepared to discuss the most important
Product Backlog items and how they map to the Product Goal. The Scrum Team may also
invite other people to attend Sprint Planning to provide advice.

Sprint Planning addresses the following topics:

Topic One: Why is this Sprint valuable?
The Product Owner proposes how the product could increase its value and utility in
the current Sprint. The whole Scrum Team then collaborates to define a Sprint Goal that
communicates why the Sprint is valuable to stakeholders. The Sprint Goal must be finalized
prior to the end of Sprint Planning.
Topic Two: What can be Done this Sprint?
Through discussion with the Product Owner, the Developers select items from the
Product Backlog to include in the current Sprint. The Scrum Team may refine these items
during this process, which increases understanding and confidence.Selecting how much can
be completed within a Sprint may be challenging. However, the more the Developers know
about their past performance, their upcoming capacity, and their Definition of Done, the
more confident they will be in their Sprint forecasts.

Topic Three: How will the chosen work get done?

For each selected Product Backlog item, the Developers plan the work necessary to
create an Increment that meets the Definition of Done. This is often done by decomposing
Product Backlog items into smaller work items of one day or less. How this is done is at the
sole discretion of the Developers. No one else tells them how to turn Product Backlog items
into Increments of value.
JB PORTALS 8
 FULL STACK DEVELOPMENT - WEEK 2
Backlog Refinement
One of the most challenging activities in Scrum is Product Backlog Refinement. During
training courses I get many questions on this activity. What do you do during Product
Backlog refinement? How do you prevent discussions going off track or in too much detail?
Who should be there? When do you estimate? In this blog series, you will get some good
practices and guidelines for having better, more effective and more vivid Product Backlog
refinement. This series will consist of three posts:
1. Before you bring an item into a meeting
2. What do you typically do during a meeting focusing on refinement?
3. Facilitating a meeting on Product Backlog refinement

‘Ready state’
The goal of Product Backlog refinement is to work with the Scrum Team and
stakeholders (when relevant), to get Product Backlog items in a ‘ready state’. What does this
mean? This basically means that the development team has the idea that an item is:
1. Clear enough, so they understand what stakeholders are asking for and why they are
asking for it.
2. Small enough, so the items should be small enough to get done within a sprint
(typically a few days of work) to comply with the definition of done.
This activity is all about interaction between the Product Owner, Development Team
and stakeholders. If you were expecting a blueprint for a ‘ready’ item you clearly need to do
some homework on agility. When an item is ready depends on many different aspects like
experience of the Scrum Team or knowledge about the product. It even differs per item when
a Development Team considers it to be ready. This activity takes time and doing this right
saves a lot of time in Sprint Planning.

JB PORTALS 9
 FULL STACK DEVELOPMENT - WEEK 2
Sprint Demo
In a traditional scrum method, the sprint demo comes at the end of a sprint. At the
start of an agile sprint, a team commits to a certain amount of work. That work is based on
input from the project's stakeholders and ideally is the most important work the team could
be doing for that sprint. Sprints vary in length. Some are two weeks. Other teams choose one
week, and I've even seen a few that went as long as a month.

It is that part of the Sprint Review meeting where participants come prepared to see
something – the demo of the last increments. It is the opportunity for the Scrum Team to
showcase to Stakeholders and the Product Owner, things that have been done in a Sprint.
The Product Owner on his part needs to showcase work that meets the predetermined
Stakeholder needs. Feedback is shared, details of the next Sprint are discussed.

How Should You Conduct a Sprint Demo?

The best demos are performed by the team as a whole. Some teams will identify a
person who actually performs the software demonstration, but this isn't ideal. When sprint
demos are at their best, they're a collaborative event where both developers and
stakeholders talk about the new software.
A developer starts by demonstrating some new feature that they've completed during
the sprint. They're the ones who worked on that software; they know how it works the best.
Additionally, this is a chance for a developer to show off what they've done. Then, once a
developer has provided a quick walk-through of all the user-facing parts of their work,
stakeholders ask questions. These questions are an opportunity for stakeholders to identify
the next development steps for the project. Successful scrum teams develop software
iteratively, building on previous work little by little and constantly improving.

JB PORTALS 10
 FULL STACK DEVELOPMENT - WEEK 2
WHAT IS A BURNDOWN CHART?
A burndown chart shows the amount of work that has been completed in an epic or
sprint, and the total work remaining. Burndown charts are used to predict your team's
likelihood of completing their work in the time available. They're also great for keeping the
team aware of any scope creep that occurs.
Burndown charts are useful because they provide insight into how the team works. For
example:
● If you notice that the team consistently finishes work early, this might be a sign that
they aren't committing to enough work during sprint planning.
● If they consistently miss their forecast, this might be a sign that they've committed to
too much work.
● If the burndown chart shows a sharp drop during the sprint, this might be a sign that
work has not been estimated accurately, or broken down properly.

This report shows the amount of work to be done in a sprint. It can be used to track
the total work remaining in the sprint, and to project the likelihood of achieving the sprint
goal. By tracking the remaining work throughout the sprint, a team can manage its progress,
and respond to trends accordingly. For example, if the burndown chart shows that the team
may not reach the sprint goal, then they can take the necessary actions to stay on track.
Understanding the sprint burndown chart

1. Estimation statistic: The vertical axis represents the estimation statistic that you've
selected.
2. Remaining values: The red line represents the total amount of work left in the sprint,
according to your team's estimates.
3. Guideline: The grey line shows an approximation of where your team should be,
assuming linear progress.

JB PORTALS 11
 FULL STACK DEVELOPMENT - WEEK 2
Sprint retrospective
The purpose of the Sprint Retrospective is to plan ways to increase quality and
effectiveness. The Scrum Team inspects how the last Sprint went with regards to individuals,
interactions, processes, tools, and their Definition of Done. Inspected elements often vary
with the domain of work. Assumptions that led them astray are identified and their origins
explored. The Scrum Team discusses what went well during the Sprint, what problems it
encountered, and how those problems were (or were not) solved.

The Scrum Team identifies the most helpful changes to improve its effectiveness. The
most impactful improvements are addressed as soon as possible. They may even be added
to the Sprint Backlog for the next Sprint. The Sprint Retrospective concludes the Sprint. It is
time boxed to a maximum of three hours for a one-month Sprint. For shorter Sprints, the
event is usually shorter.

During the Sprint Retrospective, the team discusses:

● What went well in the Sprint
● What could be improved
● What will we commit to improve in the next Sprint
The Scrum Master encourages the rest of the Scrum Team to improve its process and
practices to make it more effective and enjoyable for the next Sprint. During each Sprint
Retrospective, the Scrum Team plans ways to increase product quality by improving work
processes or adapting the definition of “Done” if appropriate and not in conflict with product
or organizational standards.
By the end of the Sprint Retrospective, the Scrum Team should have identified
improvements that it will implement in the next Sprint. Implementing these improvements
in the next Sprint is the adaptation to the inspection of the Scrum Team itself. Although
improvements may be implemented at any time, the Sprint Retrospective provides a formal
opportunity to focus on inspection and adaptation.

JB PORTALS 12
 FULL STACK DEVELOPMENT - WEEK 2
Software Design Principles
Software design principles are concerned with providing means to handle the
complexity of the design process effectively. Effectively managing the complexity will not
only reduce the effort needed for design but can also reduce the scope of introducing errors
during design.
Availability
Availability is defined as the probability that the system is operating properly when
it is requested for use. In other words, availability is the probability that a system is not
failing or undergoing a repair action when it needs to be used. At first glance, it might seem
that if a system has a high availability, then it should also have a high reliability. However,
this is not necessarily the case. This article will explore the relationship between availability
and reliability and will also present some of the specified classifications of availability. In
fact, availability builds upon the concept of reliability by adding the notion of recovery—that
is, when the system breaks, it repairs itself.

Performance
Performance is an indicator of how well a software system or component meets its
requirements for timeliness. Timeliness is measured in terms of response time or
throughput. The response time is the time required to respond to a request. It may be the
time required for a single transaction, or the end-to-end time for a user task. For example,
we may require that an online system provide a result within one-half second after the user
presses the "enter" key.

Consistency
Consistency in design means we produce all the elements with similarity. They should
look and work as the parts of one bigger organism. This way, we give the user a much easier
and more pleasant experience with our final product. Consistency is crucial to create
intuitive mobile apps and websites.
It really matters, when it comes to learning things – for example how to use new
software. With consistent design, finding out how it works and where to find functionalities
we are interested in is easy-peasy. Consistency just provides context that is understandable
for most of us, so we can transfer our knowledge from one product we use to another.

Scalability
Scalability is the ability of a system to continue to meet its response time or
throughput objectives as the demand for the software functions increases.The graph in
Figure 1-1 illustrates how increasing use of a system affects its response time.

JB PORTALS 13
 FULL STACK DEVELOPMENT - WEEK 2

As you can see from the curve, as long as you are below a certain threshold, increasing
the load does not have a great effect on response time. In this region, the response time
increases linearly with the load. At some point, however, a small increase in load begins to
have a great effect on response time. In this region (at the right of the curve), the response
time increases exponentially with the load.

Manageability
How efficiently and easily a software system can be monitored and maintained to
keep the system performing, secure, and running smoothly. In general, manageability is the
measure of and set of features that support the ease, speed, and competence with which a
system can be discovered, configured, modified, deployed, controlled, and supervised.
Cost
For any new software project, it is necessary to know how much it will cost to develop
and how much development time will it take. These estimates are needed before
development is initiated. Uses of Cost Estimation
1. During the planning stage, one needs to choose how many engineers are required for
the project and to develop a schedule.
2. In monitoring the project's progress, one needs to access whether the project is
progressing according to the procedure and takes corrective action, if necessary.

Software Architecture:
Software architecture is the blueprint of building software. It shows the overall
structure of the software, the collection of components in it, and how they interact with one
another while hiding the implementation. This helps the software development team to
clearly communicate how the software is going to be built as per the requirements of
customers.
Different Software Architecture Patterns:
1. Layered Pattern
2. Monolithic
3. Service oriented
4. Microservices Pattern

JB PORTALS 14
 FULL STACK DEVELOPMENT - WEEK 2
1. Layered Pattern
As the name suggests, components(code) in this pattern are separated into layers of
subtasks and they are arranged one above another. Each layer has unique tasks to do and all
the layers are independent of one another. Since each layer is independent, one can modify
the code inside a layer without affecting others. It is the most commonly used pattern for
designing the majority of software. This layer is also known as ‘N-tier architecture’. Basically,
this pattern has 4 layers.
1. Presentation layer (The user interface layer where we see and enter data into an
application.)
2. Business layer (this layer is responsible for executing business logic as per the request.)
3. Application layer (this layer acts as a medium for communication between the
‘presentation layer’ and ‘data layer’.
4. Data layer (this layer has a database for managing data.)
Ideal for: E-commerce web applications development like Amazon.

2. Monolithic
A monolithic architecture is a traditional model of a software program, which is built
as a unified unit that is self-contained and independent from other applications. The word
“monolith” is often attributed to something large and glacial, which isn’t far from the truth
of a monolith architecture for software design. A monolithic architecture is a singular, large
computing network with one code base that couples all of the business concerns together.
To make a change to this sort of application requires updating the entire stack by accessing
the code base and building and deploying an updated version of the service-side interface.
This makes updates restrictive and time-consuming.

JB PORTALS 15
 FULL STACK DEVELOPMENT - WEEK 2
3. Service Oriented Architecture
Service-oriented architecture (SOA) is a method of software development that uses
software components called services to create business applications. Each service provides
a business capability, and services can also communicate with each other across platforms
and languages. Developers use SOA to reuse services in different systems or combine several
independent services to perform complex tasks.
For example, multiple business processes in an organization require the user
authentication functionality. Instead of rewriting the authentication code for all business
processes, you can create a single authentication service and reuse it for all applications.
Similarly, almost all systems across a healthcare organization, such as patient management
systems and electronic health record (EHR) systems, need to register patients. These
systems can call a single, common service to perform the patient registration task.

4. Microservices Pattern:
The collection of small services that are combined to form the actual application is
the concept of microservices pattern. Instead of building a bigger application, small
programs are built for every service (function) of an application independently. And those
small programs are bundled together to be a full-fledged application. So, adding new features
and modifying existing microservices without affecting other microservices are no longer a
challenge when an application is built in a microservices pattern. Modules in the application
of microservices patterns are loosely coupled. So, they are easily understandable, modifiable
and scalable.
Example: Netflix is one of the most popular examples of software built-in microservices
architecture. This pattern is most suitable for websites and web apps having small
components.

Design methods for security

Security by design is an approach to software and hardware development that seeks
to make systems as free of vulnerabilities and impervious to attack as possible through such
measures as continuous testing, authentication safeguards and adherence to best
programming practices. Security by design is rapidly becoming crucial in the rapidly
developing Internet of Things (IoT) environment, in which almost any conceivable device,
object or entity can be given a unique identifier (UID) and networked to make them
addressable over the Internet.
Application Security
Application security describes security measures at the application level that aim to
prevent data or code within the app from being stolen or hijacked. It encompasses the
security considerations that happen during application development and design, but it also
involves systems and approaches to protect apps after they get deployed.

JB PORTALS 16
 FULL STACK DEVELOPMENT - WEEK 2
Authentication
It is the process of verifying the identity of a user or information. User authentication
is the process of verifying the identity of a user when that user logs in to a computer system.
Authentication is used by a server when the server needs to know exactly who is accessing
their information or site. Usually, authentication by a server entails the use of a username
and password. Other ways to authenticate can be through cards, retina scans, voice
recognition, and fingerprints.
Authorization
Is a security mechanism used to determine user/client privileges or access levels
related to system resources, including computer programs, files, services, data and
application features. Authorization is normally preceded by authentication for user identity
verification. System administrators (SA) are typically assigned permission levels covering all
system and user resources.
Authentication and Authorization Methods
1. Token- Based Authentication
A Token is a computer-generated code that acts as a digitally encoded signature of a
user. They are used to authenticate the identity of a user to access any website or application
network. Token-based authentication is a two-step authentication strategy to enhance the
security mechanism for users to access a network. The users once register their credentials,
receive a unique encrypted token that is valid for a specified session time. During this
session, users can directly access the website or application without login requirements.
Authentication process via tokens in a web application:
The user submits login credentials to the backend server. Upon the request, the server
verifies the credentials before generating an encrypted JWT with a secret key and sends it
back to the client. On the client-side, the browser stores the token locally using the local
storage, session storage, or cookie storage.
On future requests, the JWT is added to the authorization header prefixed by the
bearer, and the server will validate its signature by decoding the token before proceeding to
send a response. The content of the header would look like this: Authorization: Bearer
<token>. On the logout operation, the token on the client-side is destroyed without server
interaction.

Advantages of token-based authentication approach

● Token authentication approach is stateless. The web server will not need to
keep a record of tokens as each is self-contained, including the data required
to check its validity and convey the user information through claims.
● The server only needs to sign tokens on successful login and verify that
incoming tokens in the requests are valid.
● A token-based authentication approach with CORS enabled makes it easy to
expose APIs to different services and domains.
JB PORTALS 17
 FULL STACK DEVELOPMENT - WEEK 2
2. Cookie based
A cookie is a small piece of data created by a server and sent to your browser when
you visit a website. Browsers often need to store and send it back to the server to tell that
the request is coming from the same browser, to keep the user authenticated. We read the
browser cookies as “key-value” pairs. A Cookie-based authentication uses the HTTP cookies
to authenticate the client requests and maintain session information on the server over the
stateless HTTP protocol.

Here is a logical flow of the cookie-based authentication process:

1. The client sends a login request with credentials to the backend server.
2. The server then validates the credentials. If the login is successful, the web server will
create a session in the database and include a Set-Cookie header on the response
containing a unique ID in the cookie object.
3. The browser saves the cookie locally. As long as the user stays logged in, the client
needs to send the cookie in all the subsequent requests to the server. The server then
compares the session ID stored in the cookie against the one in the database to verify
the validity.
4. During the logout operation, the server will make the cookie expire by deleting it from
the database.
Advantages of cookie-based authentication
• Using cookies in authentication makes your application stateful. This will be efficient in
tracking and personalizing the state of a user.
• Cookies are small in size thus making them efficient to store on the client-side.
• Cookies can be “HTTP-only” making them impossible to read on the client-side. This
improves protection against any Cross-site scripting (XSS) attacks.
• Cookies will be added to the request automatically, so the developer will not have to
implement them manually and therefore requires less code.

3. Open ID
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It
allows Clients to verify the identity of the End-User based on the authentication performed
by an Authorization Server, as well as to obtain basic profile information about the End-User
in an interoperable and REST-like manner.
OpenID Connect allows clients of all types, including Web-based, mobile, and
JavaScript clients, to request and receive information about authenticated sessions and end-
users. The specification suite is extensible, allowing participants to use optional features
such as encryption of identity data, discovery of OpenID Providers, and logout, when it makes
sense for them.

JB PORTALS 18
 FULL STACK DEVELOPMENT - WEEK 2
4. Third party access
Third-party access refers to the process of an organization granting external vendors
and service providers secure access to corporate IT assets for maintenance, administration
and management purposes. Many organizations rely on third-party vendors and managed
service providers to support their internal IT systems, applications and infrastructure.
Outside vendors and service organizations often require privileged access to on-premises
and cloud-based IT systems and business applications to perform routine support and
administrative functions.
Conventional enterprise security solutions and practices, designed to safeguard
traditional corporate teleworkers and nomadic users, aren’t easily extended to third-party
vendors. Many organizations use:
● Enterprise directory services like Microsoft Active Directory to maintain information
about users and resources
● Access management solutions or virtual private network (VPN) solutions to
authenticate and authorize employees accessing corporate applications and IT
services from outside the enterprise network.

Third-party authentication has three main advantages.

First, the authentication process is facilitated. You do not have to worry about
authenticating individual users but just about interacting with a trusted external service.

Secondly, it reduces password fatigue and the stress associated with having too many
accounts and entering passwords frequently. Some people use LastPass and feel frustrated
when understanding that they have a lot of saved passwords, which number can be even
400! For instance, an area technology specialist will probably have more passwords than an
average Internet user, but even a regular Internet user has dozens, or even hundreds of
accounts.
And thirdly, third-party authentication is done “without noise and dust, and danger”:
it allows your site to run faster, with the use of existing credentials. If users see that they
need to create another pair of “username and password”, they often simply leave the web
page.

5. SAML
SAML is an XML based framework that stands for Security Assertion Markup
Language. Let us see how SAML is used to enable SSO (Single-Sign-On). SSO is a term used
for a type of login method where a company configures all of its web apps in such a way that
the user can log in to all of these apps by just signing in once.

JB PORTALS 19
 FULL STACK DEVELOPMENT - WEEK 2
Example:
When one logs in on gmail.com, they can visit YouTube, Google Drive, and other
Google services without having to sign in to each service separately. The SAML
authentication flow is based on two entities –
1. Service Providers (SP) – The SP receives the authentication from the IdP and
grants the authorisation to the user.
2. Identity Providers (IdP) – The IdP authenticates a user and sends their
credentials along with their access rights for the service to the SP.
In the example given above, SP will be Gmail and IdP will be Google. SAML enabled
SSO, and as it is explained above, a user can log in once and the same credentials will be used
to log into other SPs.
SAML Authentication Workflow –

1. A user tries to log in to Gmail.

2. Gmail generates a SAML request.
3. The SAML request is sent to Google by the browser, which parses this request,
authenticates the user and creates a SAML response. This SAML response is encoded and
sent back to the browser.
4. The browser sends this SAML response back to Gmail for verification.
5. If the user is successfully verified, they are logged in to Gmail.

In the example below, the government is the identity provider, and the airline is the
service provider. Your government-issued identification is the SAML assertion. When you
apply for a government ID, you usually need to complete a form, have your picture taken,
and in some circumstances, your fingerprints as well. The government (identity provider)
then stores these identifying attributes in their database and issues you with a physical ID
associated with your identity. In the airline example, when you arrive at the gate, the airline
(service provider) checks your ID (SAML) assertion. The airline accepts your ID as it contains
your details, and the identity card or passport passes scrutiny as a valid document. After
successful authentication, the airline then allows you to board the aircraft.

JB PORTALS 20
 FULL STACK DEVELOPMENT - WEEK 2

SAML Request
Some of the important terms in the SAML request are defined below –
1. ID – Identifier for a particular SAML request.
2. Issuer – The name of the service provider (SP).
3. NameID – The username/email address or phone number which is used to
identify a user.
4. AssertionConsumerServiceURL – The SAML URL interface of the SP where the
IP sends the auth token.
SAML Response
A SAML response consists of two parts:
1. Assertion
It is an XML document that has the details of the user. This contains the
timestamp of the user login event and the method of authentication used (eg. 2
Factor Authentication, Kerberos, etc.)
2. Signature
It is a Base64 encoded string which protects the integrity of the assertion. (If
an attacker tries to change the username in the assertion to the victim’s username,
the signature will prevent the hacker from logging in as the user).

6. Multi-factor authentication
Multi-Factor authentication (MFA) is a security technology that requires multiple
methods of authentication from independent categories of credentials to verify a user's
identity for a login or other transaction. Multifactor authentication combines two or more
independent credentials: what the user knows, such as a password that the user has, such as
a security token; and what the user is, by using biometric verification methods.
The goal of MFA is to create a layered defense that makes it more difficult for an
unauthorized person to access a target, such as a physical location, computing device,
network or database. If one factor is compromised or broken, the attacker still has at least
one or more barriers to breach before successfully breaking into the target.

JB PORTALS 21
 FULL STACK DEVELOPMENT - WEEK 2

Encryption
Encryption in cryptography is a process by which a plain text or a piece of information
is converted into cipher text or a text which can only be decoded by the receiver for whom
the information was intended. The algorithm that is used for the process of encryption is
known as cipher. It helps in protecting consumer information, emails and other sensitive
data from unauthorized access to it as well as secures communication networks.
Importance of Data Encryption:
The significance of encryption cannot be overstated in any way. Even though your data is
stored in a standard infrastructure, it is still possible for it to be hacked. There’s always the
chance that data will be compromised, but with data encryption, your information will be
much more secure.
Types of Data Encryption:
1. Symmetric Encryption
2. Asymmetric Encryption
Encryption is frequently used in one of two ways i.e. with a symmetric key or with an
asymmetric key.
Symmetric Key Encryption:

There are a few strategies used in cryptography algorithms. For encryption and
decryption processes, some algorithms employ a unique key. In such operations, the unique
key must be secured since the system or person who knows the key has complete
authentication to decode the message for reading. This approach is known as “symmetric
encryption” in the field of network encryption.
JB PORTALS 22
 FULL STACK DEVELOPMENT - WEEK 2

Asymmetric Key Encryption:

Some cryptography methods employ one key for data encryption and another key for
data decryption. As a result, anyone who has access to such a public communication will be
unable to decode or read it. This type of cryptography, known as “public-key” encryption, is
used in the majority of internet security protocols. The term “asymmetric encryption” is used
to describe this type of encryption.

Advantages of Data Encryption:

1. Encryption is a low-cost solution.
2. Data encryption keeps information distinct from the security of the device on
which it is stored. Encryption provides security by allowing administrators to
store and send data via insecure channels.
3. Regulatory Fines Can Be Avoided With Encryption
4. Remote Workers Can Benefit from Encryption
5. If the password or key is lost, the user will be unable to open the encrypted file.
Using simpler keys in data encryption, on the other hand, makes the data insecure,
and anybody may access it at any time.
6. Encryption improves the security of our information.
7. Consumer Trust Can Be Boosted by Encryption

DATA STORES
A Data Store is a connection to a store of data, whether the data is stored in a database
or in one or more files. The data store may be used as the source of data for a process, or
you may export the written Staged Data results of a process to a data store, or both.
It is normally recommended to connect to the data store via the server. When
connecting to files, this means that the files must exist in the server landing area to ensure
that the server will be able to access them. However, it is also possible to pull the data onto
the server using a client connection. See Client-side data stores for more details.

JB PORTALS 23
 FULL STACK DEVELOPMENT - WEEK 2
Design methods for Datastores
1. Structured
2. Semi Structured
3. Unstructured

1. Structured data
Structured data is the data which conforms to a data model, has a well define
structure, follows a consistent order and can be easily accessed and used by a person or a
computer program.
Structured data is usually stored in well-defined schemas such as Databases. It is
generally tabular with columns and rows that clearly define its attributes.
SQL (Structured Query language) is often used to manage structured data stored in
databases.
Advantages of Structured Data:
● Structured data have a well-defined structure that helps in easy storage and access of
data
● Data can be indexed based on text string as well as attributes. This makes search
operation hassle-free
● Data mining is easy i.e knowledge can be easily extracted from data
● Operations such as Updating and deleting is easy due to well-structured form of data
● Business Intelligence operations such as Data warehousing can be easily undertaken
● Easily scalable in case there is an increment of data
● Ensuring security to data is easy
Disadvantages
● Limited usage: Data with a predefined structure can only be used for its intended
purpose, which limits its flexibility and usability.
● Limited storage options: Structured data is generally stored in data storage systems with
rigid schemas (e.g., “data warehouses”). Therefore, changes in data requirements
necessitate an update of all structured data, which leads to a massive expenditure of time
and resources.

Structured data tools

● OLAP: Performs high-speed, multidimensional data analysis from unified, centralized
data stores.
● SQLite: Implements a self-contained, serverless, zero-configuration, transactional
relational database engine.
● MySQL: Embeds data into mass-deployed software, particularly mission-critical, heavy-
load production system.
● PostgreSQL: Supports SQL and JSON querying as well as high-tier programming
languages (C/C+, Java, Python, etc.).

JB PORTALS 24
 FULL STACK DEVELOPMENT - WEEK 2
Example
Google Sheets and Microsoft Office Excel files are the first things that spring to mind
concerning structured data examples. This data can comprise both text and numbers, such
as employee names, contacts, ZIP codes, addresses, credit card numbers, etc.

2. Semi structured
Semi-structured data refers to data that is not captured or formatted in conventional
ways. Semi-structured data does not follow the format of a tabular data model or relational
databases because it does not have a fixed schema. However, the data is not completely raw
or unstructured, and does contain some structural elements such as tags and organizational
metadata that make it easier to analyze..
Semi-structured data (e.g., JSON, CSV, XML) is the “bridge” between structured and
unstructured data. It does not have a predefined data model and is more complex than
structured data, yet easier to store than unstructured data.
Semi-structured data uses “metadata” (e.g., tags and semantic markers) to identify specific
data characteristics and scale data into records and preset fields. Metadata ultimately
enables semi-structured data to be better cataloged, searched and analyzed than
unstructured data.
HTML code, graphs and tables, e-mails, XML documents are examples of semi-
structured data, which are often found in object-oriented databases.

Semi-structured data has the following advantages and disadvantages, such as:
● Semi-structured data is indeed not limited to a single architecture. So, for instance, a
NoSQL database could even hold any format of data and can be easily scaled to store
massive amounts of data. The downside is that this makes analyzing the data much
more difficult. It must be manually processed (which takes hundreds of human hours)
or first structured into a format that computers can comprehend.
● Semi-structured data is far more storable and mobile than entirely unstructured data,
but the storage cost is typically much higher than structured data.
● Semi-structured data is versatile in that it allows you to start changing the schema.
Still, the schema and data are frequently too tightly linked, so when conducting
queries, you primarily have to know already what data you're looking for.

JB PORTALS 25
 FULL STACK DEVELOPMENT - WEEK 2
3. Unstructured
Unstructured data, typically categorized as qualitative data, cannot be processed and
analyzed via conventional data tools and methods. Since unstructured data does not have a
predefined data model, it is best managed in non-relational (NoSQL) databases. Another way
to manage unstructured data is to use data lakes to preserve it in raw form.
The importance of unstructured data is rapidly increasing. Recent projections indicate that
unstructured data is over 80% of all enterprise data, while 95% of businesses prioritize
unstructured data management.
Pros
● Native format: Unstructured data, stored in its native format, remains undefined until
needed.
● Fast accumulation rates: Since there is no need to predefine the data, it can be
collected quickly and easily.
● Data lake storage: Allows for massive storage and pay-as-you-use pricing, which cuts
costs and eases scalability.
Cons
● Requires expertise: Due to its undefined/non-formatted nature, data science
expertise is required to prepare and analyze unstructured data. This is beneficial to
data analysts but alienates unspecialized business users who may not fully
understand specialized data topics or how to utilize their data.
● Specialized tools: Specialized tools are required to manipulate unstructured data,
which limits product choices for data managers.
Unstructured data tools
● MongoDB: Uses flexible documents to process data for cross-platform applications
and services.
● DynamoDB: Delivers single-digit millisecond performance at any scale via built-in
security, in-memory caching and backup and restore.
● Hadoop: Provides distributed processing of large data sets using simple
programming models and no formatting requirements.
● Azure: Enables agile cloud computing for creating and managing apps through
Microsoft’s data centers.

JB PORTALS 26
 FULL STACK DEVELOPMENT - WEEK 2
UI & UX
UI refers to the screens, buttons, toggles, icons, and other visual elements that you
interact with when using a website, app, or other electronic device. UX refers to the entire
interaction you have with a product, including how you feel about the interaction. While UI
can certainly have an impact on UX, the two are distinct, as are the roles that designers play.
Developing a product that people love often requires both good UI and good UX. For
example, you could have a banking app that looks great and has intuitive navigation (UI). But
if the app loads slowly or makes you click through numerous screens to transfer money (UX

UX designers focus their work on the experience a user has with a product. The goal
is to make products that are functional, accessible, and enjoyable to use. While the term UX
often applies to digital products, it can also be applied to non-digital products and services
(like a coffee pot or a transportation system). Common tasks for a UX designer might include:
● Conducting user research to identify any goals, needs, behaviors, and pain points
involved with a product interaction
● Developing user personas based on target customers
● Creating user journey maps to analyze how a customer interacts with a product
● Building wireframes and prototypes to hone in on what the final product will look like
● Performing user testing to validate design decisions and identify problems
● Collaborating with stakeholders, UI designers, and developers

Skills
UI and UX designers have some skills in common, but each role also requires its own
unique skill set.

JB PORTALS 27
 FULL STACK DEVELOPMENT - WEEK 2
Design principles for – UI / UX

Create UI/UX design - for created user stories (wireframing)

Wireframing
Wireframing is a way to design a website service at the structural level. A wireframe
is commonly used to layout content and functionality on a page which takes into account
user needs and user journeys. Wireframes are used early in the development process to
establish the basic structure of a page before visual design and content is added.

When to use a wireframe

There’s almost no wrong time to use a wireframe, but there are some instances when
they can be extra helpful. Whether you’re trying to explain your idea to someone, get all the
stakeholders on the same page, force a group decision, or validate your plan, a wireframe
presents a simple visual representation that everyone can point to.
Get stakeholders to focus — Because the magic of a wireframe lies in the simplicity, your
clients, colleagues, and execs won’t get hung up on downstream details like colors and
images. Instead, they’ll be forced to zero in on important structural elements.
Catch problems early — Though they don’t present the actual functionality of a page,
wireframes allow you to map out how all the elements will look and interact once the design
is put into a working prototype. It’s way easier to re-work part of a wireframe than it is to
rebuild a prototype or web application.
Cut down on revision time — Related to catching problems early, putting an idea in front
of the team or a client in a wireframe gives everyone the opportunity to chime in at a time
when it’s relatively easy to adjust and revise. By getting collective feedback early, you’ll cut
down on revision time later.

Decide content prioritization — Wireframes naturally reveal space constraints and the
hierarchy of elements on the page, without relying on the content itself. Seeing the elements
laid out anonymously will help everyone decide if the right weight is given to the most
important content.

Test usability with users — When you’re testing out a new idea with someone, they don’t
need to see every little detail for you to determine if the idea is going to work. Wireframes
give you just enough to work with so that you can validate your approach or pinpoint where
adjustments are needed.

JB PORTALS 28
 FULL STACK DEVELOPMENT - WEEK 2
Technology, tools and frameworks for application development
A software development tool is a computer program that is used by programmers to
create or build other software. They enable programmers to develop stable software as per
the needs or goals of a customer.
A framework, on the other hand, is like a blueprint with pre-built components which
makes it fast and convenient to build production-ready applications.
Front-End Frameworks
1. Bootstrap

Bootstrap is an open-source CSS framework that is used to develop responsive and

mobile-first websites. It is the world’s most popular front-end toolkit for developing highly-
responsive projects with HTML, CSS, and JavaScript. It comes in two variants, one is
precompiled while the other is based on a source code version and uses less CSS.
Bootstrap can be divided into the following components:
• bootstrap.css – a CSS framework
• bootstrap.js – a JavaScript/jQuery framework
• glyphicons – a font
Bootstrap Features
• It focuses on simplifying the development of informative web pages
• Bootstrap features Sass variables and mixins and powerful JavaScript plugins
• It offers an extensive prebuilt list of components for all types of scenarios
• Bootstrap prevent useless repetition
• It adapts to different requirements without making drastic changes
• Bootstrap ensures consistency
• Bootstrap enables the utilization of ready-made blocks of code
• It ensures consistency irrespective of who’s working on the project
Top Websites using Bootstrap
• Apple Maps Connect
• Forbes India
• Fox News
• Reuters

JB PORTALS 29
 FULL STACK DEVELOPMENT - WEEK 2
Web Application Frameworks
2. Node.js

Node.js is an open-source, cross-platform, and JavaScript run-time environment that

is used to create web applications, web servers, and networking tools. It is built on Google
Chrome’s JavaScript Engine (V8 Engine).
Node.js Features:
• Node.js is used to write server-side applications in JavaScript
• It is fast and asynchronous
• Node.js runs on various platforms, such as Windows, Linux, Unix, and Mac OS X
• It uses JavaScript on the server and offers a rich library of various JavaScript modules
• Node.js is used for building fast and scalable network applications
• It is efficient and lightweight as it uses a non-blocking and event-driven I/O model
• It is used by various IT Companies, software developers as well as small and large
business organizations to develop web and network server applications
Top Websites using Node.js
• Netflix
• Linkedin
• Walmart
• Trello
• Paypal
• Uber
• eBay

3. Django
Django is a free, open-source, and high-level Python framework that promotes rapid
development and pragmatic software design. The framework is developed by experienced
developers and takes care of all the hassles related to web development, allowing developers
to focus on creating the app.
It is considered as one of the most secure web frameworks as it is one of the fastest to react
to new vulnerabilities.

JB PORTALS 30
 FULL STACK DEVELOPMENT - WEEK 2
Django Features
• It uses Python – one of the most popular programming languages
• Django offers high security
• It is very simple and easy to use
• Django offers high Scalability
• Provides Rapid Development
• It suits any web application project
Top Websites using Django
• Instagram
• Spotify
• YouTube
• DropBox
• Pinterest

4. Angular JS
AngularJS is an open-source and JavaScript-based framework that is used by
developers to design web applications dynamically. Maintained by Google and by a
community of individuals and corporations, it is aimed at addressing the challenges
encountered in developing single-page applications.
Angular.js Features:
• It is fully expandable and works easily with other libraries.
• Enables you to replace or edit each feature as per project needs
• It works well with data-driven applications
• It offers some of the advanced features, such as directive, form validation, localization,
deep linking, dependency injection, reusable components, data binding.
• AngularJS works on both mobile and desktop browsers, such as Chrome, Safari,
Internet Explorer, and Firefox.
• It offers built-in protection against basic security holes
Top Websites using Angular.js
• PayPal
• Netflix
• Upwork
• Lego
• The Guardian

JB PORTALS 31
 FULL STACK DEVELOPMENT - WEEK 2
5. React JS
React JS, also known as just React, is an open-source JavaScript library. It allows you
to develop front-end or GUI of web applications. It is used for building web apps, creating
dynamic libraries, and for building UI’s that are perfectly equipped to render large datasets.
React JS combines the speed of JavaScript and uses a new approach of rendering web pages
to make them dynamic and responsive.

Popular React Component Libraries:

• Redux
• Reflux
• Tailwind UI
• Flummox
• MobX

React JS Features:
• It is SEO-friendly
• React JS is a powerful tool that allows you to easily break down complex UI’s
• It uses JSX that allows you to write HTML within JavaScript
• It enables you to store everything that changes in a single place
• Ensures the unidirectional flow of data
• It is used by giants like Uber, Airbnb, Facebook, Instagram, Netflix, Udemy, and Twitter
• React JS has a fully component-based architecture
• It allows developers to reuse the code
• It is faster as compared to other libraries
• Makes it easier to learn React Native and mobile app development

Top Websites using React JS

• Facebook
• DropBox
• Tesla
• Airbnb
• Netflix
• Reddit

JB PORTALS 32
 FULL STACK DEVELOPMENT - WEEK 2
7. GitHub
GitHub is one of the best software development frameworks and tools to learn. It is a
powerful collaboration tool and a website of repositories that enables developers to build
applications and software, review code, manage projects, and host the code. This tool offers
the right tool for different development jobs.It allows developers to share their work without
any effort or cost associated with maintaining their own website. With this tool, developers
can simply upload their project to GitHub and anyone will be able to download and
contribute to it.
GitHub Features:
• GitHub’s project management tools enable you to coordinate easily and stay aligned
• It runs on Windows and Mac OS.
• It allows developers to do all coding in a single place
• Developers can host their documentation directly from repositories
• It enables developers to easily document their code and can host the same from the
repositories
• Some of its unique features include code security, access control, and integration with
other tools
• It is used by some developers for experimenting with new programming languages in
their projects
• It can be hosted on servers and cloud platform

Comparison of various enterprise application development

technology stacks
A technology stack will allow you to build, test, deploy and maintain consistency of
software experience. So, there is no denying that you need the right tech stack for your
software development projects. However, what to choose can be a challenging task.
Fortunately, we have a comprehensive guide to choosing the right tech stack!

Common Software Technology Stacks

MERN stack
MERN stack, the most commonly used stack for web apps, includes four technologies:
MongoDB, ExpressJS, React, and NodeJS. NodeJS and ExpressJS provide backend excellence,
with React offering frontend development capabilities. In addition, MongoDB acts as a NoSQL
database for the MERN stack.

JB PORTALS 33
 FULL STACK DEVELOPMENT - WEEK 2
MEAN stack
MEAN stack also comprises four different technologies – MongoDB, ExpressJS,
Angular, and NodeJS. It follows a three-tier architecture where Node and Express handle the
backend. Angular allows organizations to develop web app frontend along with MongoDB’s
database excellence and is popular for developing dynamic web applications.

MEVN stack
MEVN stack is simply MEAN stack with Angular replaced by VueJs. VueJs is a
lightweight and flexible framework for frontend development that enables the full-stack
capabilities of MEVN. Further, VueJS comes with pre-built additive APIs, which help with
flexibility for component logic in the application.

LAMP stack
LAMP stack is different from other tech stacks at its core with no Javascript. It is a
tech stack with four major components- Linux, Apache HTTP server, MySQL, and Python.
However, the P part of LAMP encapsulates three different scripting languages- PHP, Perl, and
Python.

It is a four-tier architecture with a scripting, web server, database, and operating

system layer. PHP/Perl/Python acts as a scripting layer. Further, MySQL acts as a database
layer, with Apache being the web server software. Finally, all of these components are in the
Linux operating system.

JB PORTALS 34
 FULL STACK DEVELOPMENT - WEEK 2
EXTRA QUESTIONS FROM PREVIOUS YEAR QUESTION PAPERS
1. BookMyShow is an online movie ticket booking application that helps its user to
book movie tickets by logging in. Users can find their movie from the listings. After
booking is confirm, the details are sent to user. Identify and write the user stories
for this application. (12 MARKS)
1. Sign-up:
As an unauthorized user, I want to sign up for the BookMyShow application through a sign-
up form, so that I can access to movies list.
Acceptance Criteria:
1. While signing up-Use Name, Username, Email, and Password and Confirm Password.
2. If sign up is successful, it will get automatically logged in.
3. If I sign up with an incorrect detail which are specified in step1, I will receive an error
Message for incorrect information.
4. If we are trying to sign up with an existing email address, we will receive an error
Message saying "email exists."
2. Login
As an authorized user, I want to log in for BookMyShow application, so that I can have
the application.
Acceptance Criteria:
1.While logging in, Username and password are required.
2.After successful log in, it will be redirected to the main page.
3.If we are trying to login with incorrect username or password, then error message will be
displayed as "invalid login".

3. Searching a movie
As an authorized user, I want to search for a movie in BookMyShow application, so that I can
book a movie ticket in a specific theater.
Acceptance Criteria:
1. While searching, Valid theater should be specified.
2. Checking for availability of a movie ticket on specific date always should be current date
and ahead of the current date.

4. Booking ticket
As an authorized user, I want to book a ticket in BookMyShow application, so that I can
reserve the seat in a specific theater and date.
Acceptance Criteria:
1. While booking, accommodation should be allotted according to the room size.
2. One should select the valid payment method based on the price of reserved room.
3. After successful payment one should get the booking details to registered mobile Number
and E-mail id.

JB PORTALS 35
 FULL STACK DEVELOPMENT - WEEK 2
5. Logout
As an authorized user, I want to log out of application, so that I can prevent unauthorized
access of my profile.
Acceptance Criteria:
1. When I log out of my account, I will be redirected to the log-in page.

2. Write test cases for the above application. ( 8 MARKS )

Test Cases for the Login Page:
• Verify that the login page loads correctly and is accessible from the website's
homepage.
• Check that the login credentials are case sensitive and the appropriate message is
displayed if the user enters incorrect information.
• Verify that the "Forgot Password" option works as intended, allowing users to reset
their password in case they forget it.
• Ensure that the system limits the number of unsuccessful login attempts to prevent
brute-force attacks.

Test Cases for the Registration Page:

• Verify that the registration page is accessible from the website's homepage and loads
correctly
• Check that the system validates the user's information, such as email address, phone
number and password complexity.
• Ensure that the system does not allow duplicate email addresses or phone numbers.
• Verify that the user receives an email or SMS confirmation after registering.

Test Cases for the Ticket Booking Page:

• Ensure that the ticket booking page displays accurate information about the event
date, time, and venue.
• Check that the system limits the number of tickets a user can purchase to prevent
scalping.
• Verify that the system displays the total cost of the ticket purchase, including any
taxes and fees.
• Ensure that the system accepts multiple payment options, such as credit/debit cards,
PayPal, and mobile wallets.

JB PORTALS 36
 FULL STACK DEVELOPMENT - WEEK 2
Test Cases for the Payment Gateway:
• Verify that the payment gateway is secure and encrypts user information to prevent
fraud.
• Check that the payment gateway accepts different currencies and displays the correct
conversion rates.
• Ensure that the payment gateway sends a confirmation email or SMS to the user after
the transaction is complete.
By following these test cases, you can ensure that your online ticket booking system is
reliable and user-friendly. Thorough testing will help you identify and fix any issues before
your system goes live, ensuring a positive experience for your customers.

3. Swiggy is an online food ordering application that helps its users to buy variety of
authentic food items. This application allows users to log in for ordering food. Users
can search for their favorite food based on rating or price. Users can select the items
and add to the cart. Once the selection made go to payment page and make payment,
write the user stories for this application. ( 12 MARKS )

1. Registration Sign-up:
As a foodie, I want to sign up for Swiggy application through a New user form, so that I can
get access to order food of my favorite.
Acceptance Criteria:
• While signing up-Valid Phone Number/Email Id and OTP/Password.
• If sign up is successful, it will get automatically logged in.
• If I am trying to sign up with an invalid phone number/Email Id, I will receive an error
message to enter a valid information.
• If we are trying to sign up with an existing phone number/Email Id, we will receive
an error message saying "you are already registered."

2. Login:
As an authorized customer, I want to login for application, so that I can have access to the
application for searching and ordering food.
Acceptance Criteria:
• While logging in, Phone number/Email Id and OTP/Password are required.
• After successful log in, it will be redirected to the main page.
• If we are trying to login with incorrect mobile number/Email Id or OTP/Password, then
error message will be displayed as "invalid credentials".

JB PORTALS 37
 FULL STACK DEVELOPMENT - WEEK 2
3. Order Creation
As a customer, I should be able to browse through the menu and look at various food
restaurants and along with their price.
As a customer, I should be able to select items from the menu and add them to cart.
As a customer, I should have cart containing all the chosen items.
As a customer, I should be able to remove items from my cart or increase item count.
As a customer, I should be able to cancel my entire order.
As a customer, I should be able to view the items bill for my order along with price of each
item.
As a customer, I should be able to see the listing of restaurants selling food items.
Acceptance Criteria:
• Categorized menu with prices is visible and enabled with selection choices as soon as the
customer chooses items, the order is created in the database and is visible to the
customer.
• See a thumbnail image for each product
• Click to view details for product
• Add to cart from detail page
• Search for a item View food item by category

4. Order completion
As a customer, I should be able to provide feedback for service and the food.
Acceptance Criteria
All the feedbacks are recorded in database for further improvement.

5. Logout
As a customer, I want to log out of application, so that I can prevent unauthorized access
profile.
Acceptance Criteria:
When I log out of my account, I will be redirected to the log-in

4. Write test cases for the above application.

Test Cases for Swiggy application Login Page
• Verify that when user open online food ordering application then it should be asked for
the user's location.
• Verify that user is able to login in the application without registration or not.
• Verify that user is able to sign up or login with mobile number or not.
• Verify that user is able to sign up or login with email address or not. Verify that user is
able to redirect on home page screen without login or not.
• Verify that logo of the online food ordering application on the login screen.
• Verify that application name is displayed on the login page or not.
JB PORTALS 38
 FULL STACK DEVELOPMENT - WEEK 2
• Verify that user is able to login with invalid credentials or not. Verify that user is able to
skip login screen or not.
• Verify that links on the login page should be working properly or not.

Test Cases For Online Food Ordering System Search Functionality

• Verify that if user enters valid food name, then search result should be displayed.
• Verify that if user enters valid restaurant name, then search result should be displayed.
• Verify that if user search by valid food name, then relevant food search result should be
displayed on the screen.
• Verify that if user search by valid restaurant name, then relevant food search result
should be displayed on the screen.

Test Cases for Ordering Page

• Verify that the restaurant name with rating should be displayed clearly.
• Verify that list of the cuisines should be displayed under the restaurant names.
• Verify that user should be able to see veg and non veg category on the ordering page or
not.
• Verify that user is able to see billing discount on the order page or not.
• Verify that user is able to see total numbers of reviews on the ordering page or not.
• Verify that approximately time of the delivery food is displayed as per expected or not.
• Verify that user is able to add food item into the cart or not.
• Verify that add on food items option is displayed on the page or not.
• Verify that user is able to see items with its price or not.

Test Cases for Cart Checkout Page

• Verify that user should be able to see added items into the cart.
• Verify that user is able to increase the quantity of the food items from the cart page or
not.
• Verify that user should be able to delete food items from the cart page.
• Verify that food price is displayed for the food items or not.
• Verify that user is able to edit delivery address or not.
• Verify that user is able to change delivery address or not.
• Verify that user is able to select payment method on cart checkout page.
• Verify that user is able to place order from the cart checkout page or not.

JB PORTALS 39
 FULL STACK DEVELOPMENT - WEEK 2
5. Hotel Booking is an online Hotel room booking application that helps the users to
book a room for staying at particular place across Karnataka. This application allows
users to log in for booking a room. Users can search for the room at a hotel for a
specific location. Once found, user can check the availability of a room for specific
dates. Users can book a hotel for required date. Once booked, user can get the booking
details. Identify and write the user stories for this application. (12 MARKS)
1. Registration Sign-up:
As an unauthorized user, I want to sign up for the HotelBooking application through a sign-
up form, so that I can access to book a room.
Acceptance Criteria:
• While signing up-Use Name, Username, Email, and Password and Confirm Password.
• If sign up is successful, it will get automatically logged in.
• If I sign up with an incorrect detail which are specified in step1, I will receive an error
message for incorrect information.
• If we are trying to sign up with an existing email address, we will receive an error
message saying "email exists."
2. Login
As an authorized user, I want to log in for HotelBooking application, so that I can have access
to the application
Acceptance Criteria:
• While logging in, Username and password are required. After successful log in, it will
be redirected to the main page.
• If we are trying to login with incorrect username or password, then error message
will be displayed as "invalid login".
3. Searching a Room
As an authorized user, I want to search for a room in Hotel Booking application, so that I can
book a room in a specific location
Acceptance Criteria:
• While searching. Valid location should be specified.
• Checking for a room at specific date always should be current date and ahead of the
current date.

4. Booking Room
As an authorized user, I want to book a room in Hotel Booking application, so that I can
reserve the room in a specific location and date.
Acceptance Criteria:
• While Booking, accommodation should be allotted according to the room size.
• One should select the valid payment method based on the price of reserved room.
• After successful payment one should get the booking details to registered mobile
number and E-Mail id.
JB PORTALS 40
 FULL STACK DEVELOPMENT - WEEK 2
5. Logout
As an authorized user, I want to log out of Hotel Booking application, so that I can prevent
unauthorized access of my profile.
Acceptance Criteria:
• When I log out of my account, I will be redirected to the log-in page.

6. Write test cases for the above application. (8 MARKS)

1. User is able to access the Hotel Booking Home page.
2. Validate the hotel booking Home page is rendered correctly for desktop as per the design
specifications.
3. Validate the hotel booking Home page is rendered correctly for tablet as per the design
specifications.
4. Validate the hotel booking Home page is rendered correctly for a mobile device as per
the design specifications.
5. Validate hotel search fields are visible on screen.
6. User searches for a holiday to any place across Karnataka for a family of 2 adults and
2children and makes a payment (End to End Test).
7. User makes a successful payment for their hotel booking.
8. User makes an unsuccessful payment of their hotel booking.
9. Hotel Room Unavailability User searches for dates that are unavailable and system
recommends alternative dates or room types.
10. User wants to Amend an existing booking by adding an additional feature (e.g. increase
length of stay/adding breakfast).
11. User wants to Verify the itinerary and print a Paper version.
12. User cancels their booking and system refunds money-Test Refund Conditions
13. User cancels their booking and system does NOT refund money Test Refund Conditions
14. User wants to make a group booking
15. User wants to Validate Booking Page displays correct booking data- Visual check
16. Confirm Payment Page is displayed when user selects "Make Payment".
17. End to End Test of Hotel Booking Engine.

7. Flipkart is an online shopping application that helps its users to buy variety of
authentic products. This application allows users to log in for buying products. Users
can search for a product, sort the product list based on rating or price. Users can select
the items and add them to the cart. Once the selection is done, users can go to the cart
page for payment. Identify and write the user stories for this application. (12 MARKS)

1. Registration Sign-up:
As a shopper, I want to sign up for the Flipkart application through a new user form, so that
I can get access to buy a variety of products.

JB PORTALS 41
 FULL STACK DEVELOPMENT - WEEK 2
Acceptance Criteria:
• While signing up-Valid Phone Number/Email Id and OTP/Password.
• If sign up is successful, it will get automatically logged in.
• If I am trying to sign up with an invalid phone number/Email Id, I will receive an error
message to enter a valid information.
• If we are trying to sign up with an existing phone number/Email Id, we will receive
an error message saying "you are already registered."

2. Login
As an authorized shopper, I want to log in for Flipkart application, so that I can have access
to the application for searching and buying products.
Acceptance Criteria:
• While logging in, Phone number/Email Id and OTP/Password are required.
• After successful log in, it will be redirected to the main page.
• If we are trying to login with incorrect mobile number/Email Id or OTP/Password,
then error message will be displayed as "invalid credentials".

3. View a List of Products

As a Shopper I want to view a list of products so I can select some items to purchase.
Acceptance Criteria:
• See a thumbnail image for each product
• Click to view details for product
• Add to cart from detail page
• Search for a product
• View products by category

4. Review a Cart
As a Shopper I want to review my cart so I can make adjustments prior to checkout
Acceptance Criteria:
• View quantities and items in the cart
• See a total cost before tax and shipping
• Remove items
• Adjust quantity of items
• Click to navigate to a product detail page

JB PORTALS 42
 FULL STACK DEVELOPMENT - WEEK 2
5. Check out
As a Shopper I want to check out so I can get my products shipped to me.
Acceptance Criteria:
• Trigger checkout from any page, if there are items in the cart
• Enter a shipping address
• Enter a billing address
• Enter a credit card number
• Show total including tax and shipping before finalizing
• Show Confirmation message after finalizing
• Verify payment through our payment processor

6. Review Orders
As a Shopper I want to review my orders so I can see what I have purchased in the past.
Acceptance Criteria:
• View a list of open and completed orders
• See the status of the order
• Navigate to the details of the order
• Include a tracking number if the order is shipped but not delivered
• Contact customer service about an order from the details page

7. Logout
As a Shopper, I want to log out of Flipkart application, so that I can prevent unauthorized
access of my profile.
Acceptance Criteria:
• When I log out of my account, I will be redirected to the log-in page.

8. Write test cases for the above application. ( 8 MARKS )

Test Cases for Flipkart Website Login Page

• Check that there are proper validations on Login Page Check for an error message if the
Email, password, or any required field is left blank.
• Check the validations on the Email and password.
• When you log in, check that you stay logged in as you browse products. Also, you need to
test the behavior.
• When the user doesn't interact with the site for some time, then the user has been logged
out after the session times out.
• When you are logged in, log out and make sure you are logged out and that you cannot
access any of the account's pages.

JB PORTALS 43
 FULL STACK DEVELOPMENT - WEEK 2
Test Cases for Flipkart Website Search Page
• Check that the products displayed are related to what was searched for.
• Check that the products should display an image, name, price, and maybe customer
ratings and number of reviews.
• Check the more relevant product for the search term is displayed on the top for a
particular search term.
• Check that all items on the next page are different from the previous page, Le., no
duplicates.
• Check that when both sorts and filters have been applied, they remain as we paginate or
more products are loaded.
• Check that count of products is correctly displayed on the search result page for a
particular search term.
• Check that filtering functionality correctly filters products based on the filter applied.
• Check that filtering works correctly on category pages.
• Check that filtering works correctly on the search result page.
• Check that the correct count of total products is displayed after a filter is applied.
• Check that all the sort options work correctly - correctly sort the products based on the
sort option chosen.
• Check that sorting works correctly on the category pages. Check that sorting works
correctly on the search result page.
• Check that sorting works correctly on the pages containing the filtered result, after
applying filters.
• Check that the product count remains intact irrespective of the sorting option applied.

Test Cases for Flipkart Website Shopping Cart

• Users should be able to add a product to the cart.
• Item count should be incremented when the user adds the same product again.
• Taxes should be applied according to the delivery location.
• Users should be able to add items to the cart.
• Users should be able to update items in the cart.
• Checkout should happen successfully for the items added to the cart.
• Shipping costs for different products are added to the cart.
• Coupons should be applied successfully to the cart.
• The cart should retain the items even when the app is closed.

JB PORTALS 44
 FULL STACK DEVELOPMENT - WEEK 2
Payment Page Test Cases
• Check that After fill the shipping address and payment, the product is purchased
successfully.
• Check that Different payment types should be present, e.g., Credit Card, PayPal, Bank
Transfers, Installments, etc.
• Check the security of the client's card details when entered for payment.

Test Case for Flipkart Website - Post Order Page

• Email and order id should be sent after placement of order.
• Users should be able to cancel the order.
• There should be a facility for users to track the order.
• Users should be able to return/replace the product post-delivery.

9. Passwords alone fail to provide protection because they can be guessed and
phished. How to strengthen authentication for a banking portal?
Digital banking (online and mobile banking) makes managing finances easy. With
digital banking technology, you can pay bills, deposit checks and transfer money from
wherever you’re located.
Banks utilize various security measures to protect customer information. Those measures
can include:
• 128-bit or 256-bit data encryption
• Encrypted email messaging
• Automatic logout functionality for online and mobile banking
• Two-factor authentication
• Continuous account monitoring
• Electronic signature verification

Some of the most commonly used data security measures include:

• Multi-factor authentication
• Encryption
• Privacy policies and training
• Fraud prevention monitoring

Customers can take some steps on their own to keep their financial and personal details out
of the hands of hackers:
• Choose Strong and Unique Passwords: Update your online banking passwords
regularly. Change them every three to six months to lower the odds of your password being
stolen or decoded by hackers.

JB PORTALS 45
 FULL STACK DEVELOPMENT - WEEK 2
• Enable Two-Factor Authentication: Two-factor, or multifactor, authentication can
add a second layer of security verification when logging in to your online or mobile banking
account. First, you enter your login name and password and then you have to pass a second
security test.
• Steer Clear of Public Wi-Fi: It’s best to avoid using online or mobile banking when
you’re on a public Wi-Fi network.
• Sign Up for Banking Alerts: Banking alerts notify you when certain actions occur.
You receive near-instant notifications of any potentially fraudulent or suspicious activity.
• Be Wary of Phishing Scams: Phishing is one of the most common methods identity
thieves use to gain access to personal and financial information. This kind of scam usually
involves tricking you into giving up your information.
• Choose Trustworthy Financial Apps: If you plan to use your bank’s mobile app,
make certain you’re using its official app. The best way to do that is to download the app
from your bank’s website.

10. How to convert monolithic application to microservice architecture? Explain with

an example. (10 MARKS)
A typical process to migrate from a monolithic system to a microservices based
system involves the following steps:
1. Identify logical components.
2. Flatten and refactor components.
3. Identify component dependencies.
4. Identify component groups.
5. Create an API for remote user interface.
6. Migrate component groups to macroservices (move component groups to separate
projects and make separate deployments).
7. Migrate macroservices to microservices
8. Repeat steps 6-7 until complete.

1. Identify Logical Components

There are three main information components with the data used in the system:
• data objects
• data actions
• job to perform and use cases
The data objects are the logical constructs representing the data being used. The data
actions are the commands that are used on one or more data objects, possibly on different
types of data, to perform a task. The job to perform represents the function the users are
calling to fulfill their organizational roles. The jobs to perform may be captured as use cases,
user stories, or other documentation involving user input.

JB PORTALS 46
 FULL STACK DEVELOPMENT - WEEK 2
Example: Movie application
Monolith Architecture
The salient features of monolith applications are:
• Released, or taken to production, once every few weeks or months or years
• Generally, have a wide range of features and functionality
• Have a development team of over 50 people working on them
• Debugging problems that arise in them, is a huge challenge

It is almost impossible to bring in new technologies and technical processes, midway

through the lifetime of such an application. Monolith applications are typically huge, with
them having a million lines of code on average. A monolithic application looks as follows:

Movie Application

LARGEDB

We have a large application talking to a large database.

Microservices Architecture
In microservices architectures, instead of building a large application, we build a
number of smaller microservices. This is how we would split up the monolith
MovieApplication into microservice application

As we can see the databases are also separated out. Microservices architecture involves a
number of small, well-designed microservices, that exchange messages among themselves.

Microservice Microservice Microservice Microservice

Microservice
1 3 4 5
2

JB PORTALS 47