Maticsworks Quality Processes

We pride ourselves on creating quality, robust, and maintainable software. Learn about our software quality processes, techniques and tools we use throughout the software life-cycle.

Introduction

We believe that software quality is critical to the success of your product. And, quality software does not come by accident; it is engineered and requires a disciplined approach.

But we find that quality is one of the first things sacrificed under the pressures of project deadlines. The question we always ask is, if you don't have the time to do it right, when will you have the time to do it over? That's why we have quality checks embedded throughout our product development processes to ensure that we deliver the highest quality software to our clients.

UX Quality

In today’s industry, it’s no longer enough that your software solves a compelling business problem, it also needs to engage your user with an experience they will love. That’s why we practice user-centered design. By doing so, we greatly increase the probability that your software will help users do their jobs better, and in doing so, enable the desired business outcomes.

User-centered design is an approach in which the needs, wants, and constraints of the users are given extensive attention in the design process. We follow a dual-track Agile process where the team first focuses on the product's usability and then delves into engineering details. Here are the steps we take to ensure that your software is highly usable:

  1. User Research: Using techniques like task analysis, observation, and journey-mapping we ensure that we have a deep understanding of your users before we design a solution for them. This allows us to see the inefficiencies and pain-points in the current process and helps us come up with solutions to overcome them

  2. Prototyping: It’s a known fact that people respond better to pictures rather than words. Based on user research findings, we develop high-fidelity prototypes to design solutions for your users.

  3. Usability Testing: Armed with high-fidelity prototypes, we conduct usability tests to gain insights into the effectiveness of our design in helping users achieve their goals. Then we refine our prototypes to remove any user-software frictions.

  4. Responsive Design: We develop software products with responsive design, which is an approach aimed to provide an optimal viewing and interaction experience across a wide range of devices. When the situation demands a completely different mobile experience, we develop hybrid applications.

This continued focus on customers and users ensures that you’re building the right product. Learn more about our Product Management Methodology.

Functional Quality

Functional testing is a way to ensure that the product behaves the way a user expects it to. Once the various code modules are integrated, the product is tested by providing inputs and validating outputs based on feature specifications.

  1. Specifications: We use a combination of story mapping and Behavior-Driven Development (BDD) to ensure shared understanding between users, product managers, engineers, and QA. We've developed a proprietary specifications tool where you can annotate your prototypes with interaction and business rules

  2. UI Testing: Once the engineers have developed the user interface, our designers run UI testing to ensure that the code conforms to the style guide and implements the key interactions designed in the prototypes

  3. Manual and Automated Testing: This phase is supported by both manual testing from subject-matter experts and automated testing. As the stability of the product increases, automated testing plays an increasing role in regression tests.

Code Quality

Ensuring high-quality code is critical to the success of software products. In our experience, we find that relying on peer-to-peer code reviews alone is neither sustainable nor scalable for most organizations. That’s why we augment peer-to-peer code reviews with automated tools and techniques.

  1. Static Code Analysis: Static program analysis is the analysis of computer software that is performed on the source code, without actually executing programs. We use third-party tools like Re-sharper, HTML Lint, JS Lint, CSS Lint, etc. to ensure that the source code follows framework best practices and coding conventions, which leads to more maintainable code.

  2. Measuring Code Coverage: Code coverage indicates what proportion of your code is being tested by automated tests. The higher the code coverage, the faster you can test the product. This is a key requirement if you aim to release software frequently. In our projects, we aim for no less than 70% code coverage.

  3. Architecture Analysis: Architecture analysis allows an architect to ensure that the engineers have followed the architectural principles and are not creating “spaghetti code.” This feature is available in Visual Studio and is applicable only for code written in .NET framework.

Security Testing

Most developers have not been trained to write secure code. As a result, they unknowingly cause security vulnerabilities in web applications, which can be exploited by hackers. Here are some of the ways we protect your software:

  1. Support for Out-of-Band and Multi-Factor Authentication: Multifactor authentication combines multiple credentials to authenticate the users: what the user knows (password), what the user has (security token) and what the user is (biometric verification). These advanced techniques can provide layers of security and protect your software from being hacked.

  2. Secured API Endpoints: In modern web products, the client-side code cannot be trusted. Therefore, it is crucial to protect your APIs against malicious attacks. At Maticsworks, we ensure that all API calls are authenticated as well as authorized before accepting or returning data from a client.

  3. Protection against Cross-Site Scripting (XSS): XSS is a client-side code injection attack where an attacker executes malicious scripts into a web application. To protect against XSS, we ensure that all user inputs are encoded.

  4. Protection against Cross-Site Request Forgery (CSRF):: CSRF or XSRF attacks involve a user who sends malicious requests to a trusting web application, without the user’s consent. To prevent such attacks, we use anti-forgery tokens (which work because of same-origin policies).

  5. Protection against Insecure Direct Object References: Anytime your web application exposes database keys like a customer ID in the URL, a malicious user may manipulate the key value to access unauthorized data. We ensure that all API calls are authorized to protect against this threat. In addition, you also have the option to use an encrypted key.

  6. Protection against SQL Injection:: SQL Injection is a code injection technique where malicious SQL code is injected into web forms. For protection, we ensure that we use parameterized SQL queries.

Non-Functional testing

Non-functional requirements testing refers to product testing from an operational perspective rather than testing specific functionalities. We take these steps to ensure that your product is operationally ready:

  1. Cross-browser Testing: We test the software on modern versions of all major browsers and platforms including Internet Explorer, Chrome, Edge, Firefox and Safari on Windows and Mac. We also test it on tablets and phones based on the specific project requirements.

  2. Accessibility Testing: We develop the product so that it can be used by people with disabilities. Our testing can ensure that your product conforms to Section 508 and WCAG 2.0 requirements.

  3. Performance Testing: Performance testing ensures that the product performs to meet the expected response times. Our performance testing is divided into two separate components. Client performance to ensure that the client-side code (such as HTML, CSS and JavaScript) is performant. This includes techniques like minification, bundling, image sprites, etc. API performance to ensure that the server-side code is optimized for performance. This includes lightweight API design, database tuning, and data access optimization.

Technical Documentation

Technical documentation is one of the development team's least liked activities and is seldom done well. However, rich technical documents can be important for many purposes such as compliance, ramp-up of new team members, and in an increasingly API-driven world, ensuring that other developers can access your APIs easily.

At Maticsworks the following documents are created as part of our software quality assurance approach:

  1. Logical Architecture and Architectural Principles

  2. Feature Specifications

  3. Wireframes

  4. API

  5. Domain Model

  6. Data Dictionary