Software Engineering

[Link] Karima
[Link]@[Link]
2025/2026-S1
2 Plan
 Module 1: Introduction to Software Engineering
 Module 2: Object-Oriented Design and Reasoning
 Module 3: Design Patterns & Software Architecture
 Module 4: Writing Reliable, Maintainable, Secure Code
 Module 5: Testing and Debugging
 Module 6: Code Style and Layout Conventions
 Module 7: Development Processes (Agile and Traditional)
 Module 8: Software Project Management
 Module 9: Evaluating S222oftware Quality
 Module 10: Introduction to DevOps
 Module 11: Version Control and Collaboration
 Module 12: CI/CD Pipeline Basics

Software Engineering Course_KMO 23/09/2025

3

 Module 3: Design Patterns & Software Architecture

Software Engineering Course_KMO 23/09/2025

4 Why patterns? Why architecture?

 “Without design patterns, every team reinvents the wheel”

Software Engineering Course_KMO 23/09/2025

[Link]
square-wheel-the-daily-software-anti-pattern/
5 What are Design Patterns?

 Definition: “Reusable solutions to common software problems.”

 Origin: Gang of Four (GoF) book.

[Link]

Software Engineering Course_KMO 23/09/2025

6 Categories of Patterns
 Creational: how to create objects (e.g., Singleton, Prototype)
 Structural: how to compose objects/classes (e.g., Proxy)
 Behavioral: how objects communicate (e.g., Strategy, Observer)

Software Engineering Course_KMO 23/09/2025

7 Simple Examples: Singleton
 Definition: Ensures only one instance of a class exists and provides a global access point to it.
 Example: One shared database connection across an application

Software Engineering Course_KMO [Link] 23/09/2025

 8 Simple Examples: Strategy
 Definition: Defines a family of algorithms, encapsulates each one, and makes them interchangeable.
 Example: Different payment methods (CreditCard, PayPal, ApplePay) in an e-commerce app.

•Strategy (SortStrategy)
•declares an interface common to all supported
algorithms.
•Context uses this interface to call the algorithm
defined by a ConcreteStrategy
•ConcreteStrategy (QuickSort, ShellSort, MergeSort)
•implements the algorithm using the Strategy interface
•Context (SortedList)
•is configured with a ConcreteStrategy object
•maintains a reference to a Strategy object
•may define an interface that lets Strategy access its
data.
Software Engineering Course_KMO 23/09/2025

[Link]
 9 Simple Examples: Prototype
 Definition: Creates new objects by cloning existing ones instead of creating from scratch.
 Example: Cloning a game character with the same attributes.

•Client - creates a new object by asking a prototype to

clone itself.
•Prototype - declares an interface for cloning itself.
•ConcretePrototype - implements the operation for
cloning itself

[Link]

Software Engineering Course_KMO 23/09/2025

 10 Architecture Patterns
 Layered (n-tier): Presentation → Business → Data.
 MVC: Model, View, Controller.
 Microservices: small independent services.

Pattern Structure / Idea Pros Cons Example Use

Organizes system into

Easy to understand, Can become rigid & slow Enterprise apps (banking,
Layered (n-tier) layers: Presentation →
separation of concerns across layers ERP)
Business → Data

Splits app into Model

Clear separation UI vs. Tightly coupled between
MVC (data), View (UI), Controller Web apps, GUIs
logic, easy to test MVC parts
(logic)

System split into small

Scalable, deploy Complexity (deployment, Netflix, Amazon, modern
Microservices independent services
independently, resilient communication) cloud apps
communicating via APIs
11 Tutorial

 Strategy Design Pattern Demo with Eclipse IDE

Software Engineering Course_KMO 23/09/2025

12

 Module 4: Writing Reliable, Maintainable, Secure Code

“Good code = long life. Bad code = technical debt”

Software Engineering Course_KMO 23/09/2025

 13 Why Code Quality Matters

 Reliable → fewer bugs.

 Maintainable → easy to update.
 Secure → protects data.

Reliability Maintenability
 Works as expected with minimal errors.  Clean, structured, and documented code.
 Well-tested (unit + integration tests).  Easy to fix bugs or add features without breaking the system.
 Example: A banking app must always  Example: Adding a new payment method in an e-commerce
calculate balances correctly app without rewriting everything.

Security
 Safeguards user information (passwords, personal data).
 Uses best practices: encryption, access control, input validation.
 Example: Preventing hackers from stealing data through SQL
injection.

Software Engineering Course_KMO 23/09/2025

 14 Code Readability
 Use clear names, comments, and consistent formatting.
 “Code is read more than it is written.”

[Link]
[Link]

Software Engineering Course_KMO 23/09/2025

 15 Code Readability

 Clean Code (Readable, Encapsulated, Extensible)

 Messy Code (Hard to Read, Duplicated, No Structure)

Software Engineering Course_KMO 23/09/2025

16 Documentation
 Inline comments (why, not what).
 External docs (README, API docs).

Software Engineering Course_KMO 23/09/2025

17 Secure Coding Basics
 Input validation (never trust user input).
 Avoid hardcoded passwords.
 Use parameterized queries (SQL injection prevention).

How can an attacker abuse it?

Software Engineering Course_KMO 23/09/2025

 18 Secure Coding Basics

Fixed code (use PreparedStatement / parameter binding)

Why this is safe:

 PreparedStatement sends the SQL separately
from the data.
 The DB treats username and password only as
values
 ORM (Object-Relational Mapping)
JPA/Hibernate
  injected SQL becomes plain text, not
executable code.

Software Engineering Course_KMO 23/09/2025

 19 Secure Coding Basics

[Link]

Software Engineering Course_KMO 23/09/2025

20 Secure Coding Basics

Software Engineering Course_KMO 23/09/2025

 21 Secure Coding Basics
List of Tools to Automate Code Review and Security Checks
Tool Name Description Pros Cons Price
Continuous inspection of Comprehensive Free Community
Can be complex to set
SonarQube code quality to detect bugs analysis, supports Edition; Paid plans
up.
and vulnerabilities. multiple languages. available.
Pluggable JavaScript linter
Highly configurable, Mainly for JavaScript;
ESLint that identifies and reports on Free.
great for JavaScript. requires configuration.
patterns.
Wide language
Automated security testing Can be costly for small
Veracode support, integrates with Pricing upon request.
for application codebases. teams.
CI/CD.
Static Application Security Comprehensive SAST
Expensive for smaller
Checkmarx Testing (SAST) tool for security tool, good CI Pricing upon request.
projects.
vulnerability scanning. integration.
Robust feature set,
Static and dynamic security High cost and
Fortify supports a wide range Pricing upon request.
testing of applications. complexity.
of languages.
Analyzes source code for
Easy to integrate, good Free for open source;
performance issues,
Software Engineering Course_KMO
May lack depth in 23/09/2025
CodeClimate for code quality Paid plans for private
vulnerabilities, and complex security analysis.
tracking. repos.
22 Maintainability Principles

 DRY (Don’t Repeat Yourself). Definition: Don’t duplicate the same code in multiple places.
 SRP (Single Responsibility Principle). Definition: Each class should do only one thing.
 Small, testable functions. Definition: Write short methods that are easy to test independently.

Software Engineering Course_KMO 23/09/2025

 23 Maintainability Principles

Problems:
 One class does too many things
(validation, persistence, reporting). Benefits:
 Hard to test each part.  SRP: Each class has only one job.
 Code repeated if you add
Software more
Engineering features.
Course_KMO  DRY: No code duplication. 23/09/2025

 Small, testable functions: Easy unit testing.

24 Lab

 Refactor legacy code snippet (messy → clean).

 Identify and fix insecure patterns (SQL query example).
 Share results quickly.

Software Engineering Course_KMO 23/09/2025