DEV Community

Arpit Mohan
Arpit Mohan

Posted on • Originally published at insnippets.appsmith.com

Security, meet Agile; Reviewing code you dislike; and Web Performance KPIs

My TL;DR style notes from articles I read today.

Integrating Security With Agile Development

  • Create an up to date threat model and data flow diagram. Focus on one security story in each development sprint.
  • Teach your team basic threat modeling. Get them to think about it in each sprint cycle.
  • Integrate a static analysis tool into IDE & Dependency / Open source security checks into local build processes whenever possible.
  • Integrate both of these into a CI/CD pipeline, and break the build on issue thresholds. 
  • Configure dynamic test tools into the CI/CD pipeline on deploys.

Full post here, 6 mins read


10 tips for reviewing code you don’t like

  • Discuss. Don’t critique. Don’t argue.
  • Talk facts. Talk respectfully. No snarky remarks.
  • Don’t say something is obvious just because it is obvious to you.
  • Ask questions. Ask for clarifications. Ask why someone did what they did.
  • Share what you expect and set time aside for reviews in advance.

Full post here, 5 mins read


The Importance of Web Performance Benchmarking

Focus on these web performance benchmarking KPIs for online applications:

  • Page load time
  • Application availability
  • Webpage size & content
  • Third-party services performance
  • User engagement &/or transactions


Full post here, 5 mins read


I share these TL;DR versions of articles on software engineering that I read every weekday through my newsletter - in.snippets(). Sign up here if you liked what you just read.

Top comments (0)