THIS WORK IS PROPERTY OF THE ACADEMIC PAPERS UK,
https://www.theacademicpapers.co.uk/
LEE SIMPSON IS NOT THE FIRST OWNER
1.1 Explain the aim of the 5 key SOLID principles and the many ways code can be evaluated to ensure compliance with design patterns Pass 1.2 Define the four pillars of Object-Oriented Programming with a coded example for each Pass 1.3 Design and implement a solution for a complex problem which uses all four pillars of OOP Merit 1.4 Design and Implement a solution for a complex problem which requires two or more SOLID principles applied Distinction 2.1 Explain the importance of implementing Shift Left as a DevSecOps best practice Pass 2.2 Explain the problems DevSecOps aims to solve during the development lifecycle Pass 2.3 Design suitable SCA, SAST and DAST stages using appropriate tools and configuration Merit 2.4 Implement a DevSecOps CI/CD pipeline using an open- source automation server Distinction 3.1 Demonstrate designing and building a large dataset to a client\’s requirement Pass 3.2 Describe examples of SOLID principles and clean coding techniques applied as part of the solution Pass 3.3 Build an automated test to a set specification Pass 3.4 Explain the benefits of automated testing over manual testing Pass 3.5 Demonstrate the utilisation of automated testing tools
Assignment
[Student name]
[Student ID]
Table of Contents
2.1 Overview of OOP Paradigm.. 3
2.2 Four Pillars of OOP with Code Snippets. 3
2.3 SOLID Principles Overview.. 4
2.4 How to Evaluate Code Quality. 5
3.1 What is DevSecOps & Why It Matters. 6
3.2 Shift Left Best Practice. 6
3.3 Problems Solved by DevSecOps. 7
3.4 Overview of SCA, SAST, DAST. 7
4.2 Client Requirement Defined (e.g., sentiment analysis, fraud detection) 8
4.3 How SOLID Principles and Clean Coding Are Applied. 8
5.1 Automated Test Design (e.g., PyTest or JUnit) 12
5.2 Benefits of Automated Testing Over Manual Testing. 14
5.3 Mention of SCA/SAST/DAST Integration into Testing Stage. 15
1. Introduction
This report is meant to teach new recruits key programming and security practices while being an Assistant Software Developer at Modern Day Tech. It addresses basic ideas like Object-Oriented Programming (OOP), SOLID design principles, DevSecOps approach, development of large dataset applications, and software testing procedures. These topics apply well in the development of secure, scalable and maintainable software in the real world environments. By knowing and using these concepts, junior developers will be able to be useful in enterprise level projects, follow best practices in industry, and work cross functionally. The intent of the report is to present a pragmatic, organized outline that serves as a basis for technical understanding as well as practice.
2. Object-Oriented Programming & SOLID Principles (Task 1)
2.1 Overview of OOP Paradigm
Object-Oriented Programming (OOP) is a paradigm that structures the software design through objects which are objects, the instances of classes. These objects are encapsulation of data (attributes) and behaviour (methods) making the software modular and reusable and easier to manage. OOP is vital to modern software development because it emulates real life and systems; it allows for abstraction and code scalability as well as code maintenance (Nwokoro et al. 2021). Languages like Python, Java and C++ have a strong dependence on OOP concepts to organize complex system logically and efficiently.
2.2 Four Pillars of OOP with Code Snippets
- Encapsulation: Bundles data and methods into a single unit. Access to internal state is restricted.
- Abstraction: Hides unnecessary implementation details, exposing only the essentials.
- Inheritance: Allows a new class to inherit attributes and behaviors from an existing class.
- Polymorphism: Enables objects to take many forms through method overriding or overloading.
2.3 SOLID Principles Overview
The SOLID principles guide software design for maintainability and scalability:
- S – Single Responsibility Principle: A class should only have one reason to change.
- O – Open/Closed Principle: Software entities should be open for extension but closed for modification.
- L – Liskov Substitution Principle: Derived classes must be substitutable for base classes.
- I – Interface Segregation Principle: Clients shouldn’t depend on interfaces they don’t use.
- D – Dependency Inversion Principle: Depend on abstractions, not concrete implementations.
SOLID principles make five guidelines to apply to object-orientated designs to make them robust, maintainable, and scalable. The SRP, says each class has only one purpose and this enhances modularity. The Open/Closed Principle encourages increasing the behaviour of the code without altering the existing code. The Liskov Substitution Principle means subclasses can be substituted by their superclasses without causing failures in the program. The Interface Segregation principle promotes creating specific interfaces that will be tailored to the clients’ needs (Mannan, 2024). Last but not least, Dependency Inversion Principle supports the use of abstraction not concrete classes therefore facilitating flexibility and testability. The use of SOLID enhances the readability and re-usability of code and long term health of software.
2.4 How to Evaluate Code Quality
Code quality can be evaluated through:
- Code reviews to ensure readability and SOLID compliance.
- Static analysis tools like SonarQube for detecting anti-patterns.
- Unit testing to verify functionality and catch bugs early.
- Adherence to design patterns such as Factory or Observer.
Together, OOP and SOLID principles lay the foundation for robust and scalable software development.
It is essential to connect code quality evaluation with the development of maintainable and reliable software. Such techniques include code reviews: when peers scrutinize each other’s work for clarity/y accuracy (to the design patterns) and for logical consistence. Tools for static analysis of code such as SonarQube can automatically detect code smells, complexity and duplication. Unit testing provides individual components operationally and supports the continuous integration practices. Also, adherence to SOLID principles, and implementation of proven design patterns promote clean design architecture (Mosulet, 2021). Such quantitative insight is provided by metrics, for instance, cyclomatic complexity, and code coverage and maintainability index. Regular assessment aids in the early assessment of technical debt and hence minimizes future development and maintenance costs.
3. Introduction to DevSecOps (Task 2)
3.1 What is DevSecOps & Why It Matters
DevSecOps is a software development methodology that positions security practices in the DevOps pipeline. Conventionally, security was regarded as the last step preceding deployment and led to delays and vulnerabilities. DevSecOps changes this by putting security as a shared responsibility of development, operations and security teams’ right from the start. This provides quicker releases with built in protection. It guarantees that the code is not only functional and scalable, but also secure, which meets the important demands of the cyber resilience today (Abiona et al. 2024). In the wake of increasing sophistication of cyber threats, DevSecOps enables organizations to embrace a “security-as-code” culture without compromising on delivery cycles.
3.2 Shift Left Best Practice
The Shift Left principle within DevSecOps is also an attempt to conduct some kind of security check earlier in the software development pipeline (SDLC). This proactive strategy recognizes vulnerabilities found in the design, code, or dependency, before they develop into greater risk. For instance instead of waiting until testing or deployment for the scanning of flaws, Shift Left encourages incorporating static analysis tools during the coding phase. This makes it more economical and less time consuming for fixing bugs similar to how one would correct a typo in a sentence before printing the book. Teams stand to deliver safer software at a lower cost and faster pace by moving security left (Tortoriello, 2022).
3.3 Problems Solved by DevSecOps
DevSecOps solves multiple pain points when it comes to the way traditional software delivery proceeds. To begin with, first – it minimizes the detection of late-stage bugs, which by itself causes expensive rewrites. It also removes bottlenecks from isolated security reviews. Automating security scans and integrating them into CI/CD pipeline achieves continuous security compliance in DevSecOps. It allows teams to actively control risks such as dependency vulnerabilities, insecure APIs and misconfigurations (Rajapakse et al. 2022). In addition it enhances regulatory compliance by creating security reports during development process. In the end, DevSecOps fills the gap between speed and safety, enabling organizations to innovate without being at threat to their security.
3.4 Overview of SCA, SAST, DAST
Three core types of security testing in DevSecOps are:
- SCA (Software Composition Analysis) scans third-party libraries and dependencies for known vulnerabilities.
- SAST (Static Application Security Testing) analyzes source code for logic errors and security flaws before execution.
- DAST (Dynamic Application Security Testing) tests the running application to detect vulnerabilities during runtime.
Together, SCA, SAST, and DAST ensure holistic security coverage from development to deployment. Integrating them in automated CI/CD pipelines forms the backbone of an effective DevSecOps strategy.
4. Large Dataset Application Design (Task 3)
4.1 Sample Dataset Chosen
The selected dataset for this project is IMDb Movie Reviews Dataset found in Kaggle: https://www.kaggle.com/datasets/lakshmi25npathi/imdb-dataset-of-50k-movie-reviews. This set contains 50,000 IMDb movie reviews, grouped into positive or negative ones, and is perfect for sentiment analysing with the help of machine learning. The dataset is complete, non-commercial, and ideal for developing a scalable application that will process and classify text-based data..
4.2 Client Requirement Defined (e.g., sentiment analysis, fraud detection)
The fictional client is a media analytics company that is looking for a tool to mine customer sentiment from the reviews which are written for movies. It is the intention to develop a machine learning-based application without human approval that automatically classifies reviews into positive or negative category with the aim of supporting marketing strategy and also the production decisions. The client wants the system to be modular, maintainable, and scalable, with clear documentation and reusable components for long term adaptive capacity as new data is added.
4.3 How SOLID Principles and Clean Coding Are Applied
The application was built using Python with a modular architecture that adheres to SOLID principles and clean coding practices:
- Single Responsibility Principle: Each class or function handles a specific task—for instance, DataCleaner, ModelTrainer, and SentimentAnalyzer.
- Open/Closed Principle: New models or data preprocessing techniques can be added without modifying existing components.
- Liskov Substitution Principle: Inherited models like LogisticRegressionModel and RandomForestModel can be substituted without breaking the pipeline.
- Interface Segregation Principle: Components only expose the methods they need, promoting focused interfaces.
- Dependency Inversion Principle: Abstract base classes define interfaces for model training and prediction, with concrete implementations injected at runtime.
Clean coding practices, such as meaningful naming conventions, proper documentation, and clear separation of concerns, ensure that the application is easy to understand, test, and maintain.
Figure 1: Kaggle API setup and model file generation in Google Colab
Figure 2: Model training and predictor class creation with successful Kaggle dataset integration and file generation.
Figure 3: Sample predictions showing correct sentiment output after model training
Figure 4: Evaluation module with confusion matrix and classification report logic in Colab
Figure 5: Model performance showing 88.89% accuracy and confusion matrix visualization
5. Automated Testing (Task 4)
5.1 Automated Test Design (e.g., PyTest or JUnit)
Automated-testing is described as technology of running test cases through a software tool and check whether an application runs according to specifications or not. In this work, PyTest was employed to create automated unit tests for the sentiment analysis application. The scripts of the test include preprocessing, training and prediction parts to always verify that systems work as expected under various input conditions. These tests were incorporated into a CI/CD pipeline to enable the continuous assessment during development. Every single time some code is pushed to the repository the automated tests are run instantly, which helps to find problems as early as possible during the development process.
Figure 6: test code
Figure 7: output
5.2 Benefits of Automated Testing Over Manual Testing
Modern software development environments will give the benefits of automated testing priority over the benefits of manual testing. Automated tests are far more efficient and reliable than are manual executions. They remove the possibility of errors from human factor, provide repeatability, and furnish identical results, no matter how often they are run. Further, after the test suite is developed, it is reusable across various phases of development, which saves on the long term cost of the testing. This functionality is invaluable in agile environments where constant code changes mean rapid validation is absolutely necessary (Nama et al. 2021).
5.3 Mention of SCA/SAST/DAST Integration into Testing Stage
To improve security, automated test stages introduced were SCA, SAST, and DAST actions. Software Composition Analysis (SCA) was employed for the scanning of vulnerabilities in third-party libraries. For detecting possible flaws in the source code of an application before runtime, Static Application Security Testing (SAST) was utilized, and during execution, Dynamic Application Security Testing (DAST) was used to test the running application for vulnerabilities. By incorporating these techniques into the pipeline we were able to achieve both functional correctness and robust security throughout the life cycle of the software.
6. Conclusion
Conclusively, this report has presented the necessary core competencies that every new developer should develop in the today’s changing software world. Including learning the structure and reuse advantages of OOP and SOLID principles to the integration of security early via DevSecOps, every topic is significant in modern development workflows. To increase the reliability and efficiency of applications, they are designed to suit large datasets and automatic testing is integrated. These interrelated skills enhance the quality of the code not only but also make sure of the secure as well as maintainable solutions of the software. New developers are prompted to try these concepts out through practical application and code play as well as excursions into secure software development cycles.
7. Reference
Abiona, O.O., Oladapo, O.J., Modupe, O.T., Oyeniran, O.C., Adewusi, A.O. and Komolafe, A.M., 2024. The emergence and importance of DevSecOps: Integrating and reviewing security practices within the DevOps pipeline. World Journal of Advanced Engineering Technology and Sciences, 11(2), pp.127-133.
Mannan, S., 2024. Development of an Angular Plugin for Creating and Visualizing Metabolic Pathway Maps (Doctoral dissertation, University of Magdeburg).
Mosulet, P.P., 2021. An Analysis of the Usage and Impact of Static Code Analysis Tools.
Nama, P., Meka, N.H.S. and Pattanayak, N.S., 2021. Leveraging machine learning for intelligent test automation: Enhancing efficiency and accuracy in software testing. International Journal of Science and Research Archive, 3(01), pp.152-162.
Nwokoro, I., Okonkwo, O., Alo, U. and Nwatu, A., 2021. Object-Oriented Programming and Software Development Paradigm. Academia Letters.
Rajapakse, R.N., Zahedi, M., Babar, M.A. and Shen, H., 2022. Challenges and solutions when adopting DevSecOps: A systematic review. Information and software technology, 141, p.106700.
Tortoriello, V., 2022. Definition of a DevSecOps Operating Model for software development in a large Enterprise (Doctoral dissertation, Politecnico di Torino).
