!
!
!
!
“Where&do&our&research&visitors&come&from?”&
!
!
!
A!dissertation!submitted!to!The!University!of!Manchester!for!the!degree!of!! Master!of!Science!in!the!Faculty!of!Engineering!and!Physical!Sciences!
&
!
!
2013!
!
Karl!Kerem!
!
!
!
!
!
School!of!Computer!Science!
!
!
!
! !
! ! 1! Table!of!Contents!
List&of&Figures&...... &4!
Abstract&...... &6!
Declaration&Statement&...... &7!
Intellectual&Property&Statement&...... &8!
1.! Introduction&...... &9!
2.! Background&Research&...... &13! 2.1.! Client&Side&Programming&Language&Choice&...... &13! 2.2.! Server&Side&Programming&Language&Choice&...... &13! 2.3.! Geographical&Data&Visualisation&...... &15! 2.3.1.! The!Google!Maps!API!...... !16! 2.3.2.! Existing!Online!Apps!Built!With!Google!Maps!API!...... !18! 2.4.! Software&Development&Methodologies&...... &20! 2.4.1.! Extreme!Programming!...... !21! 2.4.2.! Adopting!Extreme!Programming!...... !22! 2.5.! Web&Usability&Recommendations&...... &24! 2.6.! Usability&Evaluation&...... &27! 2.7.! Web&Security&Recommendations&...... &29! 2.7.1.! OWASP!TOP!10!...... !30! 2.8.! Security&Audit&...... &33! 2.9.! Background&Research&Summary&...... &35!
3.! Methods&...... &36! 3.1.! Agile&Development&V&User&Stories&&&Sprints&...... &36! 3.2.! Test&Data&Generator&...... &37! 3.3.! ThirdVParty&Plugins&&&Tools&...... &38!
4.! Results&...... &40! 4.1.! Development&progress&...... &40! 4.2.! System&Architecture&...... &41! 4.3.! Implementing&Test&Data&Generator&...... &44! 4.4.! Entering&The&Real&Data&...... &47! 4.5.! User&Interface&and&Design&...... &48! 4.6.! Incorporating&School&Web&Designer&Feedback&...... &54!
! 2! 4.7.! Additional&Measures&To&Strengthen&Security&...... &55!
5.! Evaluation&...... &58! 5.1.! Security&Audit&...... &58! 5.2.! Usability&Evaluation&...... &60! 5.2.1.! System!Usability!Scale!...... !64! 5.3.! Insights&About&Research&Visits&Data&...... &65! 5.4.! Insights&About&One&Person&Agile&Development&...... &68!
6.! Summary&...... &71! 6.1.! Future&Work&...... &72!
Reference&List&...... &74!
Appendix&1–&System&Usability&Scale&(SUS)&standard&questionnaire.&...... &80!
Appendix&2&V&Sprints&...... &81!
Appendix&3&–&Backlog&...... &87!
Appendix&4&–&Ethics&Approval&Form&...... &87!
!
Final!word!count:!18,870!
!
!
!
!
!
!
!
! 3! LIST!OF!FIGURES!
1.&Example!how!the!system!visualizes!visitor!data.!...... !10!
2.&Basic!Google!Maps!API!application!architecture!...... !17!
3.&UNESCO!Places!map!that!shows!how!many!points!are!in!certain!area!...... !19!
4.&Timemap!example!showing!three!eventXlocation!points!...... !19!
5.&Example!from!sprints!and!user!stories!table.!...... !37!
6.&Burn!up!chart!showing!how!many!days!are!spent.!...... !40!
7.&Table!showing!sprint!dates,!planned!and!real!working!days!...... !41!
8.&CodeIgniter!Data!Flow!...... !42!
9.&Simplified!Class!diagram!...... !43!
10.&Website!map!showing!pages,!their!connections!and!access!rights!...... !44!
11.&Data!Generator’s!Institution!search!interface..!...... !46!
12.&Data!Generator’s!Random!Visits!interface!...... !46!
13.&Home!page!with!tools!to!filter!the!data!...... !49!
14.&Google!Maps!mashXup!with!dots!for!visitors’!home!institutions.!...... !49!
15.&Visitors’!information!table!with!filter,!sorting!and!search!controls.!...... !50!
16.&New!visitor’s!entry!form.!...... !50!
17.&Example!of!dropXdown!select!box!with!search!functionality..!...... !51!
18.&Example!of!dateXpicker!calendar!widget.!...... !51!
19.&Adding!a!new!institution!is!done!through!inXpage!popXup!window!...... !52!
20.&Example!of!clientXside!form!validation.!...... !52!
21.&Example!of!hosts!overview!page!with!a!table!and!controls!...... !53!
22.&After!clicking!on!visitor’s!name!more!detailed!information!is!shown.!...... !53!
23.&Statistics!dashboard!can!be!used!to!discover!further!insights.!...... !54!
25.&Diagram!showing!how!the!two!system!installations!will!be!set!up.!...... !56!
! 4! 26.&Diagram!showing!normalized!SUS!Scores!and!their!interpretation.!...... !64!
27.&Chart!showing!how!many!visits!there!were!each!year!...... !66!
28.&Chart!showing!from!which!regions!the!visitors!come!from.!...... !66!
29.&Chart!indicating!from!which!countries!visitors!come!from.!...... !67!
30.&Chart!showing!how!visitors!are!distributed!between!research!groups.!...... !68!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
! 5! ABSTRACT!
The!competition!between!national!and!international!computer!science!research! centres!is!increasingly!fierce.!!The!School!of!Computer!Science!in!the!University! of! Manchester! has! to! constantly! search! for! new! ways! to! show! and! remind! the! science!community!its!high!standing!in!this!field.!One!idea!for!a!way!to!do!this!is! to!show!how!active!the!school!has!been!and!is!in!hosting!national!and!internaX tional!research!visitors.!
The!objective!of!this!project!is!to!present!the!historical!data!about!the!numerous! research! visits! in! visually! attractive! and! engaging! way! and! provide! convenient! means!to!keep!the!data!up!to!date.!
Based!on!the!Google!Maps!API,!the!developed!system!features!user!friendly!and! secure!means!to!browse!the!world!map!with!visits!plotted!on!it!and!enables!to! look! at! accompanying! data! tables.! The! system! gives! a! quick! overview! on! the! abundance! and! the! distribution! of! the! visits! and! offers! convenient! means! to! search!and!discover!individual!researchers!who!have!been!visiting!the!School!of! Computer!Science!from!around!the!world.!
In!the!second!phase!of!the!project!the!security!and!usability!of!the!system!was! thoroughly! evaluated.! The! results! proved! that! the! system! is! reasonably! secure! and!it!is!very!easy!and!enjoyable!to!use.!Moreover,!agile!development!methodolX ogies!were!assessed!and!used!throughout!the!project!providing!insights!how!can! they!be!applied!in!single!person!teams.!!
!
!
!
!
! 6! DECLARATION!STATEMENT!
No!portion!of!the!work!referred!to!in!the!dissertation!has!been!submitted!in!supX port!of!an!application!for!another!degree!or!qualification!of!this!or!any!other!uniX versity!or!other!institute!of!learning.!
!
!
!
!
!
!
!
!
!
!
!
!
!
! 7! INTELLECTUAL!PROPERTY!STATEMENT!
I. The!author!of!this!dissertation!(including!any!appendices!and/or!schedX ules!to!this!dissertation)!owns!certain!copyright!or!related!rights!in!it!(the! “Copyright”)! and! s/he! has! given! The! University! of! Manchester! certain! rights!to!use!such!Copyright,!including!for!administrative!purposes.! II. Copies!of!this!dissertation,!either!in!full!or!in!extracts!and!whether!in!hard! or!electronic!copy,!may!be!made!only!in!accordance!with!the!Copyright,! Designs!and!Patents!Act!1988!(as!amended)!and!regulations!issued!under! it!or,!where!appropriate,!in!accordance!with!licensing!agreements!which! the!University!has!entered!into.!This!page!must!form!part!of!any!such!copX ies!made.! III. The! ownership! of! certain! Copyright,! patents,! designs,! trade! marks! and! other! intellectual! property! (the! “Intellectual! Property”)! and! any! reproX ductions!of!copyright!works!in!the!dissertation,!for!example!graphs!and! tables! (“Reproductions”),! which! may! be! described! in! this! dissertation,! may!not!be!owned!by!the!author!and!may!be!owned!by!third!parties.!Such! Intellectual! Property! and! Reproductions! cannot! and! must! not! be! made! available!for!use!without!the!prior!written!permission!of!the!owner(s)!of! the!relevant!Intellectual!Property!and/or!Reproductions.! IV. Further! information! on! the! conditions! under! which! disclosure,! publicaX tion!and!commercialisation!of!this!dissertation,!the!Copyright!and!any!InX tellectual!Property!and/or!Reproductions!described!in!it!may!take!place!is! available! in! the! University! IP! Policy! (see! http://documents.manchester.ac.uk/display.aspx?DocID=487),! in! any! relevant!Dissertation!restriction!declarations!deposited!in!the!University! Library,! The! University! Library’s! regulations! (see! http://www.manchester.ac.uk/library/aboutus/regulations)! and! in! The! University’s!Guidance!for!the!Presentation!of!Dissertations.!
!
!
!
! 8! 1. INTRODUCTION!
The!University!of!Manchester!holds!a!high!international!research!standing.!In!the! latest!popular!worldwide!university!rankings!the!University!of!Manchester!has! secured! excellent! places.! The! Guardian,! Times! Higher! Education! and! Academic! Ranking! of! World! Universities! place! the! University! of! Manchester! between! 31! and! 33! positions! among! all! universities! in! the! world! in! the! technology! subject! area.!(The!Guardian,!2011)!(TSL!EDUCATION!LTD,!2012)!(ARWU,!2012)!As!a!reX sult!it!is!popular!as!a!location!for!many!research!visitors!from!institutions!both!in! the!UK!and!internationally.!
Typically,!visitors!come!to!the!school!to!establish!collaborations,!extend!existing! ties! or! conduct! onXsite! research! with! teams! based! in! Manchester.! Visitors! are! from! all! academic! levels! X! from! new! Ph.D.! students! to! renowned! professors.! Sometimes!these!are!as!a!part!of!a!sabbatical!leave,!others!as!a!part!of!a!funded! project.!Measuring!visitors!could!be!a!good!proxy!of!measuring!research!collaboX rations.!
According!to!2008!Research!Assessment!Exercise!(RAE)!the!University!of!ManX chester’s! computer! science! research! power! was! ranked! second! in! the! UK! and! first!in!England.!(RAE!2008)!In!order!to!be!able!maintain!this!standing!it!is!imX portant!to!demonstrate!it!to!internal!and!external!audiences.!The!School!of!ComX puter!Science!keeps!track!of!all!the!visits,!but!it!is!currently!not!public.!Thus,!the! attractiveness! and! the! activity! this! exhibits! in! the! School! of! Computer! Science! really!is!underXexploited!as!a!resource.!
This!project!will!address!the!problem!by!introducing!a!new!web!based!system!in! which!the!visitor!data!is!visualised!on!a!map.!It!will!make!the!data!about!research! visits!more!accessible!and!engaging.!As!a!result,!potential!new!visitors!can!see!in! the! new! webpage! from! where! people! come! to! the! School! of! Computer! Science! and!verify!if!good!scientists!are!going!to!visit!that!school.!The!system!will!have!a! comprehensive! and! modern! administrative! environment! through! which! staff! members!can!add!and!manage!the!information.!It!will!be!possible!to!control!perX sonal!data!visibility!for!each!guest,!thus!making!the!system!conform!to!the!ethical! regulations.!!Moreover,!the!tool!will!provide!data!analysis!tools!such!as!various!
! 9! filters!that!enable!segmenting!the!data!by!time,!hosting!research!group,!hosting! person!and!visitor’s!home!region!or!country.!
Figure'1.'Example(how(the(system(visualizes(visitor(data(and(provides(tools(for(fur7 ther(filtering.
An!extensive!background!research!is!needed!in!order!to!achieve!a!successful!imX plementation:!
• Suitable! technologies! have! to! be! examined! and! evaluated! in! order! to! choose!ones!for!use!in!this!project.!The!School!of!Computer!Science!and! the!University!of!Manchester!has!defined!technical!requirements!for!the! system.! Importantly,! it! has! to! work! online! and! follow! school! guidelines! that!require!the!system!to!be!built!on!openXsource!tools.! • Potential!development!methodologies!have!to!be!investigated!and!an!apX propriate!one!has!to!be!applied.!The!School!of!Computer!Science!is!teachX ing!students!the!use!of!agile!principles!and!methodologies.!These!will!be! examined!in!more!detail!as!part!of!this!project.! • Existing! map! application! programming! interfaces! (API)! have! to! be! anaX lysed!and!the!most!suitable!one!studied!in!detail!for!implementation.!
The!overall!aim!of!the!programming!process!is!to!create!a!solid!standard!based! system!that!meets!the!following!important!criteria:!
! 10! • Highly!usable.!As!it!will!be!data!intense!system,!it!is!essential!to!ensure!a! good!usability!for!the!end!user.!User!interface!has!to!be!intuitive!as!well!as! fast,!and!it!should!encourage!the!user!to!interact!and!experiment!with!the! data.! • Highly!secure.!Since!the!system!will!be!storing!ethically!sensitive!private! information,!it!is!essential!to!ensure!the!security!of!data!and!eliminate!the! possibility!of!data!alterations!by!a!third!party.!
In!order!to!verify!the!achievement!of!the!set!goals!two!system!evaluations!will!be! conducted:!!
• Usability!testing!will!evaluate!how!well!does!the!system!meet!the!usabilX ity!related!criterion.!! • Security!audit!will!evaluate!how!secure!and!tamper!proof!the!system!is.!!
Due!to!ethical!sensitivity!of!the!original!data!the!school!is!reluctant!to!disclose!it! during!the!development!and!the!testing!phase!of!the!project.!Therefore,!there!is!a! need!to!create!a!test!data!generator!that!could!be!used!to!populate!the!system! with!information!that!mimics!the!real!world!data!in!a!way!that!allows!the!author! to!make!design!decisions!during!that!time.!After!the!development!has!finished,! the!real!data!about!visits!needs!to!be!cleaned,!refined!and!entered!into!the!sysX tem.!!
In!the!end,!this!dissertation!paper!will!use!the!new!tool!to!examine!the!existing! historical! data! about! research! visitors! and! highlight! any! found! significant! pheX nomena.!Moreover,!the!author!will!reflect!how!feasible!it!is!to!use!agile!developX ment!practices!in!a!single!person!assignment.!
To!conclude,!the!aim!of!the!project!is!to!create!a!webXbased!application!to!visualX ise!research!visit!information!and!to!analyse!the!data!using!the!tool!as!the!means! to!manage!and!deliver!the!information.!
Summary!of!project!steps:!
• Identifying!suitable!development!technologies!and!methodologies! • Creating!a!tool!for!generating!test!data! • Implementing!the!application!with!chosen!tools!and!methodology! • Cleaning!and!adjusting!the!real!data!and!import!it!into!the!system!
! 11! • Using!usability!testing!and!security!auditing!to!evaluate!the!application! • Examining!and!highlighting!any!interesting!phenomena!in!research!visiX tors’!historical!data! • Reflecting!how!suitable!are!agile!development!principles!for!oneXperson! projects.!
Summary!of!project!objectives:!
• Provide!visual!means!to!discover!who,!from!where!and!when!have!come! to!the!School!of!Computer!Science!as!research!visitors.! • Grant! administrative! employers! convenient! access! to! update! and! adjust! the!data!about!the!research!visitors.! ! !
! 12! 2. BACKGROUND!RESEARCH!
The!Following!subXchapters!will!examine!the!technical! choices! that! need! to! be! made!before!starting!with!the!development!process.!!
!
2.1. CLIENT!SIDE!PROGRAMMING!LANGUAGE!CHOICE!
The!aim!of!the!project!is!to!develop!a!web!page;!therefore,!the!frontXend!of!the! system!has!to!be!built!using!solutions!that!make!sure!all!of!the!major!browsers! would!be!able!to!display!its!content.!This!limits!the!choice!of!technology!for!the! frontXend!of!the!system.!According!to!the!World!Wide!Web!Consortium!(W3C)! the!recommended!tools!for!building!a!standards!based!web!pages!are!HTML(5),! CSS(3)! and! JavaScript.!(W3C, 2013)! A! frontXend! development! framework! BootX strap!will!be!used!to!speed!up!the!coding!process!and!to!guarantee!browser!inX dependent!design.!Bootstrap!will!be!further!introduced!in!later!chapters.!
!
2.2. SERVER!SIDE!PROGRAMMING!LANGUAGE!CHOICE!
Understandably,! there! are! many! languages! and! language! combinations! that! could!be!used!for!developing!the!proposed!system.!Choosing!between!them!is!a! challenging!task!indeed.!Reghunadh!and!Jain!from!IBM!have!published!a!set!of! factors!to!consider!when!selecting!the!optimal!programming!language!for!a!new! project.!(Reghunadh!&!Jain,!2011)!Following!is!a!list!of!those!factors!with!explaX nations!how!they!relate!to!the!project!at!hand.!
• The!targeted!platform!–!The!system!needs!to!be!able!to!run!on!a!variety!of! platforms.!The!School!of!Computer!Science!has!to!have!a!flexibility!to!miX grate!the!finished!product!either!to!Windows!or!to!any!of!the!more!popuX lar!UNIX/Linux!platforms.! • The!elasticity!of!a!language!–!Elasticity!is!a!rate!describing!how!difficult!it! is!to!add!new!functionality!to!a!system.!In!other!words,!this!means!how! many!features!are!built!into!the!language,!how!easy!it!is!to!find!and!inX clude!libraries!to!get!required!missing!features,!and!lastly,!how!easy!it!is!
! 13! to!create!needed!features!from!the!ground!up.!In!the!context!of!current! project!it!is!very!important!to!use!as!elastic!language!as!possible.!The!sysX tem!needs!to!have!relatively!many!components!and!building!them!all!up! from! nothing! can! be! very! time! consuming.! Therefore,! a! language! with! many!relevant!builtXin!features!and!libraries!should!be!preferred.!! • The!time!to!production!–!This!includes!the!time!needed!to!learn!the!nuX ances! of! a! language,! the! environment! setup! and! the! development! time.! The!system!this!project!is!going!to!create!needs!to!be!ready!just!in!about! six!months.!As!there!is!only!one!programmer,!time!to!production!is!ineviX tably!important.! • The! performance! –! The! system! is! not! expected! to! receive! high! traffic! rates.! The! performance! aspect! of! the! server! side! language! is! relatively! negligible.! • The!support!and!community!–!The!project!is!carried!out!independently!by! the! author,! therefore! the! community! offered! support! becomes! an! imX portant!source!of!help!in!situations!where!own!knowledge!is!limited.!
Unfortunately,!it!is!very!hard!to!find!statistically!significant!data!that!compares! languages!in!relation!to!these!factors.!This!means!the!decision!process!will!ineviX tably!be!subjective!and!there!is!always!going!to!be!personal!preference!involved.! After! careful! consideration,! two! strong! candidates! were! identified! –! Java! and! PHP.!Both!of!them!are!widely!used,!have!many!openXsource!tools!and!libraries,! and!are!supported!by!a!vibrant!developer!ecosystem.!In!these!situations,!where! different!options!have!no!significant!differences,!personal!experience!and!prefX erence!comes!into!play.!The!author!of!this!project!has!programmed!both!in!PHP! and!in!Java,!but!the!time!spent!with!PHP!has!been!significantly!longer.!ConsiderX ing!the!tight!developing!schedule,!it!is!advisable!to!choose!a!language!that!would! enable!to!speed!up!the!programming!as!much!as!possible.!!
Moreover,!the!School!of!Computer!Science!is!using!PHP!as!its!primary!programX ming! language! for! websites.! Most! of! the! schools! web! related! development! is! done! with! PHP.! Considering! this! and! other! significant! factors,! PHP! would! be!a! reasonable!choice!for!this!project!and!will!be!used!by!the!author.!
! 14! PHP! is! a! dynamically! typed! scripting! language! that! was! specifically! created! to! handle!server!side!programming!tasks!in!the!webXsite!development.!!(Hills, Klint, & Vinju, 2013)!As!a!result,!PHP!is!by!far!the!most!popular!language!among!web! developers.! As! of! March! 2013! 78.7%! of! all! websites,! whose! serverXside! proX gramming! language! is! recognizable,! use! PHP.! (Web Technology Surveys, 2013)! Due! to! PHPXs! specialization! on! the! web! it! has! an! abundance! of! openXsource! frameworks! and! libraries! specially! designed! for! online! systems.! For! example,! popular! open! source! software! directory! Ohloh! is! listing! 151! PHP! frameworks,! compared! to! 83! for! Java.! (Out! of! which! many! are! not! related! to! web! developX ment)!(Ohloh, 2013)!
!
2.3. GEOGRAPHICAL!DATA!VISUALISATION!
The!central!feature!of!this!project!is!projecting!information!on!a!map.!!Web!mapX ping!and!online!geographical!data!visualisation!tools!became!truly!popular!and! widely!used!in!2004!and!2005!when!OpenStreetMaps!and!Google!Maps!started! offering!a!possibility!to!create!custom!map!mashXups!by!using!their!free!APIXs.! (Schmidt! &! Weiser,! 2012)! Despite! the! first! Internet! maps! being! around! since! 1993,! they! did! not! gain! significant! endXuser! interest.! (Haklay,! Singleton,! &! Parker,!2008)!It!was!mainly!because!of!technical!limitation!posed!by!the!early! worldXwideXweb.! Three! critical! innovations! were! needed! in! order! for! custom! map!mashXups!to!become!popular.!!
Firstly,! early! map! interaction! was! handled! by! sending! a! new! http! request! for! each!visible!area!change.!This!resulted!in!refreshing!and!reXrendering!the!entire! page,! which! often! took! several! seconds,! thus! making! the! browsing! experience! slow!and!cumbersome.!The!solution!came!with!the!invention!of!AJAX!technoloX gies!that!enabled!asynchronous!data!exchange!between!the!client!and!the!server,! eliminating!pageXwide!refreshes.!(Haklay, Singleton, & Parker, 2008)!!
Secondly,!due!to!slow!dialXup!Internet!connection!speeds!the!early!online!map! services!were!trying!to!optimize!the!size!of!web!pages.!As!a!result,!most!of!the! services!chose!to!display!very!small!map!areas!at!a!time.!This!created!a!peekingX throughXkeyhole!experience.!Luckily,!the!Dot!Com!bubble!made!cheap!and!highX
! 15! speed! data! transfer! capabilities! available! for! the! masses.! (Haklay, Singleton, & Parker, 2008)!With!the!increase!in!the!average!broadband!connection!speeds!the! online!maps!became!increasingly!bigger,!significantly!enhancing!the!usability.!
The! Third! innovation! came! with! the! introduction! of! application! programming! interfaces!(API).!The!first!online!web!maps!were!using!proprietary!Web!Mapping! Servers! like! Microsoft’s! MapServer! and! ArcIMS! that! required! significant! knowledge!in!setting!up!and!managing!them.!(Haklay, Singleton, & Parker, 2008)! APIXs!that!were!introduced!in!2005!and!2006!are!relatively!easy!to!learn!and!reX quire! no! complicated! configuring! which! simplified! the! use! of! geographic! data! and!thus!made!the!application!development!more!accessible.!!
Nowadays! the! most! popular! online! maps! API! providers! are! Google,! Microsoft! and! Yahoo.! Out! of! those! three! Google! has! indisputably! the! biggest! user! base.! (Programmable Web, 2013)! As! a! result,! Google! Maps! API! interface! is! very! well! documented!and!there!are!significant!amount!of!tutorials!and!additional!instrucX tions!available.!This!makes!it!the!most!logical!choice!for!this!project.!As!of!spring! 2013!Google!is!offering!its!Maps!API!service!free!of!charge!for!up!to!25!000!map! requests!per!day.!(Google, 2013)!According!to!worldwide!web!analytics!company! Compete!the!entire!University!of!Manchester!website!receives!in!average!125!to! 150! thousand! unique! visitors! per! month,! which! is! 4.2! to! 5! thousand! per! day.! (Compete, 2013)!Therefore,!it!is!safe!to!expect!that!abovementioned!limit!is!not! going!to!impose!problems.!In!the!unlikely!event!of!the!limit!being!exceeded,!the! university! would! have! to! pay! 0.50! USD! per! excess! 1000! map! loads! per! day. (Google, 2013)!
!
2.3.1. THE!GOOGLE!MAPS!API!
Google!has!provided!an!intuitive,!simple!to!use!Javasript!API!for!its!Maps!service.! The!API!works!by!initiating!a!clientXside!code!in!JavaScript!that!fetches!the!necX essary!map!tiles!from!Google!servers!and!displays!them!inside!the!HTML.!Below! is!an!example!how!to!initialise!the!map!and!insert!it!into!‘map_canvas’(element:!
var(mapOptions(=({( ( ( zoom:(2,( ( ( minZoom:(2,(
! 16! ( ( center:(new(google.maps.LatLng(19.642588,(17.578125),( ( ( mapTypeId:(google.maps.MapTypeId.ROADMAP,( ( ( zoomControl:(true,( ( ( panControl:(false,( ( ( mapTypeControl:(true,( ( ( scaleControl:(false,( ( ( streetViewControl:(false,( ( ( overviewMapControl:(false(};( map(=(new(google.maps.Map(document.getElementById('map_canvas'),( ( ( ( (mapOptions);( ( In!order!to!show!the!relevant!information!about!visits!on!the!map!the!JavaScript! will!make!a!new!asynchronous!AJAX!call!to!the!project!web!server!and!fetches! the!data!about!the!visits!as!JSON!object.!That!data!is!then!converted!into!Marker! points!and!inserted!onto!the!map!with!Google!Maps!API.!Any!interaction!with!the! map!such!as!zooming!or!dragging!will!trigger!a!new!asynchronous!AJAX!call!to! the!Google!Maps!servers!to!fetch!new!map!tiles.!
!
( Figure'2.'Basic(Google(Maps(API(application(architecture( (
(
(
! 17! 2.3.2. EXISTING!ONLINE!APPS!BUILT!WITH!GOOGLE!MAPS!API!
According! to! BuiltWith! Usage! Statistics,! as! of! 26th! of! April! 2013,! there! are! 146,694! websites! using! Google! Maps! API.! (BuiltWith, 2013)! This! is! an! overX whelming!number!that!makes!it!hard!to!systematically!review!them!or!choose! good! examples! to! learn! from.! The! author! had! to! resort! to! using! Google’s! own! showcase! selection! (Google, 2013)! and! an! unofficial! blog! Google! Maps! Mania! (Google Maps Mania, 2013)!that!is!dedicated!to!introduce!outstanding!and!innoX vative! websites! using! Google! Maps! API.! Both! of! them! provided! approximately! 200!websites,!resulting!in!about!400!pages!to!examine.!Browsing!through!hunX dreds! of! applications! certainly! created! awareness! about! the! possibilities! what! can!be!achieved.!!
Initially,!the!author!was!aiming!to!conduct!a!systematic!categorisation!of!found! applications,!but!due!to!API’s!flexibility!and!extensibility!the!variety!of!apps!creX ated!with!it!is!overwhelming!and!hard!to!group.!In!addition!to!issues!with!cateX gorisation,!the!author!was!unable!to!find!examples!that!would!exactly!implement! the!functionality!required!by!this!project!–!showing!from!where!are!visitors!comX ing!from!over!the!time.!Nevertheless,!by!systematically!examining!the!pages!the! author! was! able! to! locate! some! projects! that! showcased! parts! of! features! that! could!be!used!in!this!development.!
UNESCO!Places!website!is!one!of!the!best!examples!how!clusters!of!points!on!a! map!can!be!combined!into!one!with!a!number!indicating!how!many!pins!it!incorX porates.!(UNESCO, 2013)!This!feature!could!be!used!in!visitor’s!map!as!well,!as! there! are! going! to! be! situations! when! some! points! will! hide! others,! making! it! hard!to!understand!how!many!of!them!there!are.!!
! 18! !
Figure'3.'UNESCO(Places(map(that(shows(how(many(points(are(in(certain(area( !
Second! promising! website! and! tool! is! Timemap.! (timemap, 2013)! It! is! an! openX source!JavaScript!library!that!is!combining!a!SIMILE!timeline!strip!with!Google! maps.!It!enables!to!define!events!with!a!name,!start!and!end!date!and!a!location,! and!display!them!on!a!Google!map!and!a!timeline!at!the!same!time.!Researcher’s! visits!to!the!University!of!Manchester!can!be!seen!as!events,!therefore!this!tool! could!be!suitable!to!enhance!the!data!visualization!experience.!
!
Figure'4.'Timemap(example(showing(three(event7location(points(
! 19! !
2.4. SOFTWARE!DEVELOPMENT!METHODOLOGIES!
A!suitable!development!methodology!has!to!be!selected!before!starting!with!the! design!and!implementation!of!this!project’s!artefact.!Over!the!years!the!industry! has!gradually!shifted!from!waterfall!programming!methodologies!to!more!agile! ones.!In!2011!VersionOne!conducted!a!survey!of!6042!companies!which!revealed! that!over!80%!of!the!responders!have!adopted!some!kind!of!agile!methodologies! in!software!development!projects.!(VersionOne, 2011)!!This!is!understandable!as! research!is!indicating!it!is!often!possible!to!achieve!more!favourable!results!with! agile!methodologies!than!with!classical!waterfall!approach.!This!fact!is!illustrated! by!Standish!Group!Chaos!report!that!claims!28%!of!waterfall!projects!were!sucX cessful,! where! as! the! success! rate! for! agile! projects! was! 43%.! (The Standish Group, 2010)!Despite!some!recent!doubts!about!the!report’s!definition!of!successX ful!and!challenged!projects!(Eveleens & Verhoef, 2010)!it!is!still!safe!to!claim!that! the! use! of! agile! methodologies! is! raising! the! change! of! the! project! achieving! a! successful!outcome.!
The!more!challenging!question!is!what!kind!of!agile!methodology!should!be!used.! Pekka!Abrahamsson!et.!al.!concluded!in!their!comparative!review!that!empirical! evidence! on! the! effectiveness! of! different! agile! methodologies! is! very! scarce.! (Abrahamsson, Oza, & Siponen, 2010)!Moreover,!Dybå!and!Dingsøyr!found!in!their! systematic!review!that!the!soundness!of!the!evidence!regarding!the!choice!of!agX ile!methodology!is!very!low.!(Dybå & Dingsøyr, 2008)!Therefore,!deciding!on!the! basis!of!effectiveness!of!the!methodology!is!hard.!One!of!the!few!applicable!criteX ria!is!the!amount!of!works!published!about!certain!method.!More!references!and! research!means!it!is!more!widely!used!and!documented.!Both!Abrahamsson!et!al.! and! Dybå! et! al.! works! are! pointing! out! that! existing! research! and! attention! of! most! of! the! industry! is! on! Extreme! Programming! (XP).! Thus,! considering! the! importance! of! the! availability! of! examples! and! supportive! documents! it! is! reasonable!to!resort!to!the!most!popular!and!well!researched!choice!–!the!XP.!
!
!
! 20! 2.4.1. EXTREME!PROGRAMMING!
Kent!Beck!introduced!extreme!Programming!in!1999.!(Beck, 1999)!It!is!a!selecX tion! of! known! and! popular! software! engineering! practices.! The! feature! that! makes!XP!peculiar!is!the!way!different!routines!are!organized!together!to!supX plement!each!other.!(Abrahamsson, Oza, & Siponen, 2010)!!
The!set!of!practices!Beck!introduced!is!as!follows:!(Beck, 1999)!
Planning(game(–(The!process!of!planning!starts!with!writing!user!stories!–!these! are!short!explanatory!sentences!that!explain!a!piece!of!functionality!that!the!cusX tomer!wants!to!have!in!the!system.!An!example!would!be!“As!a!User!I!want!to!see! a! list! of! today’s! flights! from! the! nearest! airport”.! Next,! programmers! will! estiX mate!the!development!time!for!each!story.!As!a!result,!the!customer!will!be!able! to!group!the!stories!together!into!releases!or!iterations.!Only!these!stories!will!be! implemented!that!are!in!the!current!iteration.!
Small(releases!–!There!should!be!a!piece!of!new!working!functionality!released! every!couple!of!weeks.!The!length!of!iteration!should!be!between!couple!of!days! to!a!maximum!of!a!month.!!
Metaphor!–!The!communication!between!stakeholders!about!the!system!design! should!be!done!by!using!metaphors.!This!enables!having!a!common!understandX ing!how!the!artefact!should!function.!Using!metaphors!also!helps!in!choosing!the! design!as!it!forces!the!team!to!use!as!simple!solution!as!possible.!
Simple(design!–!At!any!moment!the!system!should!have!exactly!as!few!lines!of! code!as!needed.!The!code!should!be!easy!to!understand!and!contain!no!duplicate! code.!All!tests!should!be!successful.!
Tests!–!Programmers!have!to!write!their!own!unit!tests!before!writing!the!funcX tional!code.!Unit!testing!needs!to!be!automated!and!at!all!times!the!tests!should! run!correctly.!Customers!write!functional!tests!for!each!user!story!in!the!iteraX tion.!These!tests!should!also!pass!before!the!customer!accepts!the!story.!
Refactoring!–!As!the!entire!system!is!covered!with!automated!unit!tests!it!is!posX sible! to! do! constant! refactoring! without! the! fear! of! accidentally! introducing! a! new!bug!in!another!part!of!the!system.!!
! 21! Pair(programming!–!Two!persons!working!with!one!computer!write!all!producX tion!code.!With!this,!all!design!decisions!have!to!be!understandable!and!explainX able!to!both!programmers,!thus!reducing!the!risk!of!overly!complicated!design.!
Continuous(integration!–!New!code!is!added!to!the!current!system!after!every!few! hours.!The!new!complete!system!has!to!pass!all!the!tests!or!the!changes!will!be! reversed!and!fixes!will!be!made.!
Collective(ownership!–!All!programmers!are!allowed!to!make!changes!in!any!part! of!the!system.!There!should!not!be!a!division!of!ownerships!between!functional! areas!or!system!layers.!!
On7site(customer!–!A!customer!representative!should!always!be!together!with!the! development!team.!This!way!any!adXhoc!clarifying!questions!could!be!asked!faceX toXface.!
407hour(weeks!–!No!excessive!overtime!is!tolerated.!It!is!allowed!to!have!some! during!one!week,!but!not!for!a!second!consecutive!week.!Constant!overtime!is!a! sign!of!deeper!problems!in!the!project!and!usually!leads!to!rushed,!lowXquality! solutions.!
Open(workspace!–!Big!open!rooms!should!be!used!for!entire!development!team.! This!fosters!open!and!efficient!communication!between!all!members.!
Just(rules!–!The!entire!team!should!follow!and!agree!on!the!rules!together.!Yet,! they!are!just!the!rules.!If!needed,!they!can!be!changed,!provided!everybody!will! be!aware!of!adjustments’!consequences.!
!
2.4.2. ADOPTING!EXTREME!PROGRAMMING!
As!the!last!practice!implies,!every!team!can!make!necessary!adjustments!to!the! XP!methodology!in!order!to!get!it!working!in!their!unique!situation.!Any!kind!of! agile! methodology! is! inherently! team! based,! but! this! dissertation! project’s! “team”!consists!of!one!person.!Therefore,!it!is!understandable!that!the!project’s! author!will!not!be!truly!agile!and!agile!techniques!in!XP!can!be!adopted!only!parX tially.!The!practices!that!will!be!followed!are:!
! 22! Planning( game! –! The! specifications! will! be! documented! in! user! story! format.! Created!stories!will!be!estimated!in!user!story!points!that!will!be!valued!as!one! ideal!programming!day.!All!stories!will!be!divided!up!into!iterations!that!will!be! up!to!three!story!points!long.!
Small(releases!–!At!the!end!of!each!iteration!the!completed!functionality!will!be! uploaded! online! for! everybody! to! see.! Iterations! will! be! approximately! two! weeks!long.!
!Metaphor!–!The!project!will!use!as!few!technical!domain!specific!terms!as!possiX ble.! Instead,! common! and! universally! understandable! metaphors! will! be! used! both!in!the!code!namespace!and!in!the!user!stories.!
Simple(design!–!Throughout!the!development!process!the!simplest!possible!deX sign!solution!is!preferred.!This!practice!is!unfortunately!going!to!be!challenged! by!the!relative!inexperience!of!the!developer.!Nevertheless,!simple!design!is!one! of!the!most!important!code!quality!measures!that!the!author!is!thriving!for.!!
Tests!–!The!solution!will!have!extensive!unit!tests,!making!sure!that!the!entire! system! works! as! expected.! Due! to! the! inevitably! challenging! mindXset! adjustX ments!all!tests!are!not!going!to!be!written!before!the!corresponding!functional! code.!!
Refactoring!–!The!author!will!be!refactoring!the!code!base!throughout!the!develX opment!process.!
Continuous(integration!–!The!development!will!be!done!in!PHP,!which!is!an!inX terpreted!language,!meaning!the!code!does!not!require!preXcompiling.!(Gillmore & Treat, 2006)!As!a!result,!it!will!be!possible!to!apply!code!changes!to!live!system! and!to!run!unit!tests!very!frequently,!without!spending!time!on!compiling.!
407hour(weeks!–!The!project!will!be!planned!with!reasonable!workload!in!mind.! At!any!stage!no!more!than!40!hours!per!week!will!be!spent!on!the!development.!
Just(rules!–!The!project!will!be!using!Extreme!Programming!flexibly,!as!this!prinX ciple!suggests.!
Because!of!various!reasons!other!practices!are!not!followed!in!this!project.!Pair! programming,!collective!ownership!and!open!workspace!are!not!possible!to!imX
! 23! plement!because!the!development!team!has!only!one!member.!OneXsite!customX er!practice!is!not!feasible!due!to!main!customer’s!busy!work!schedule!during!the! project’s!development!time.!Despite!that,!the!project!will!have!broad!collaboraX tion!between!the!developer!and!the!customer.!This!is!achieved!through!weekly! meetings,!adXhoc!consultations!and!extensive!eXmail!exchanging.!!
During!the!development!process!additional!practical!tips!for!using!Extreme!ProX gramming!are!taken!from!following!books:!!
Mike!Cohn!–!User!Stories!Applied:!For!Agile!Software!Development!(Cohn, 2004)!! Henrik!Kniberg!–!Scrum!and!XP!from!the!Trenches!(Kniberg, 2007)!
!
2.5. WEB!USABILITY!RECOMMENDATIONS!
One!of!the!main!goals!for!the!project!is!to!develop!highly!usable!system.!ThereX fore,!relevant!recommendations!and!research!has!to!be!reviewed.!The!classical! usability! heuristics! created! by! Jakob! Nielsen! are! now! more! than! 20! years! old.! (Nielsen, 1994)!One!might!think!that!since!then!the!technology!and!design!princiX ples!have!changed!so!much!that!these!heuristics!are!not!applicable!for!modern! web!sites.!But!it!turns!out!that!they!have!still!stood!the!test!of!time.!Theresa!Neil,! author!of!several!successful!interface!design!books,!has!shown!that!all!of!NielX sen’s!original!principles!are!still!valid.!(Neil, 2009)!
Ten! Nielsen’s! usability! heuristics! with! further! website! related! comments! are! listed!below:!(Nielsen, 1994)!
1. Visibility! of! system! status! (Feedback)! –! “The( system( should( always( keep( users(informed(about(what(is(going(on,(through(appropriate(feedback(with7 in(reasonable(time.”!! Throughout! the! website! it! should! be! clear! where! the! user! is.! This! is! achieved!by!using!clear!page!branding!and!indications!into!which!section! it!belongs!to.!Page!URLXs!should!be!easy!to!read!and!logically!constructed.!! It!is!also!necessary!to!give!immediate!visual!feedback!if!something!is!loadX ing!in!the!background,!or!if!a!task!was!a!success!or!a!failure.!
! 24! 2. Match! between! system! and! the! real! world! (Metaphor)! –! “The( system( should(speak(the(users'(language,(with(words,(phrases(and(concepts(familiar( to(the(user,(rather(than(system7oriented(terms.(Follow(real7world(conven7 tions,(making(information(appear(in(a(natural(and(logical(order.”! Website!should!use!familiar!and!common!visual!artefacts!that!are!recogX nizable!by!users!with!diverse!backgrounds.!All!text!has!to!be!written!in! user’s!terminology.! 3. User!control!and!freedom!(Navigation)!–!“Users(often(choose(system(func7 tions(by(mistake(and(will(need(a(clearly(marked(‘emergency(exit’(to(leave( the( unwanted( state( without( having( to( go( through( an( extended( dialogue.( Support(undo(and(redo.”! Even!though!all!browsers!have!a!builtXin!functionality!to!go!back!to!previX ous!page,!the!system!can!still!provide!additional!interface!tools!to!cancel! the!task!at!hand.!For!example,!all!forms!should!have!a!clear!cancel!button! to!make!sure!that!partially!filled!form!is!not!used!by!the!system.! 4. Consistency!and!standards!(Consistency)!–!“Users(should(not(have(to(won7 der( whether( different( words,( situations,( or( actions( mean( the( same( thing.( Follow(platform(conventions.”! Throughout!the!site!the!wording!of!the!content!and!interface’s!visual!repX resentation!should!be!consistent.!For!example,!the!page!names!should!be! the!same!in!the!menu!and!in!the!header!of!the!corresponding!page.!Also,! all!graphically!intense!features,!such!as!forms,!buttons,!icons!etc.!should! look!and!feel!the!same!everywhere.!All!HTML!and!other!W3C!web!standX ards!should!be!obeyed!to!make!sure!that!the!site!is!accessible!and!underX standable!for!all!users.! 5. Error!prevention!(Prevention)!–!“Even(better(than(good(error(messages(is( a( careful( design,( which( prevents( a( problem( from( occurring( in( the( first( place.”! The!user!should!not!be!able!to!submit!a!form!that!would!cause!an!error.! Thorough! and! dynamic! clientXside! checking! with! autoXfill! features! will! minimize!errors.! 6. Recognition! rather! than! recall! (Memory)! –(“Minimize(the(user’s(memory( load.(Make(objects,(actions,(and(options(visible.(The(user(should(not(have(to(
! 25! remember( information( from( one( part( of( the( dialogue( to( another.( Instruc7 tions(for(use(of(the(system(should(be(visible(or(easily(retrievable(whenever( appropriate.! The!user!should!not!enter!any!information!that!is!possible!to!derive!or!reX trieve!automatically.!It!should!be!clear!on!which!page!the!user!currently!is! by!recognizing!the!headlines.! 7. Flexibility! and! efficiency! of! use! (Efficiency)! –! “Accelerators(—(unseen(by( the( novice( user( —( may( often( speed( up( the( interaction( for( the( expert( user( such(that(the(system(can(cater(to(both(inexperienced(and(experienced(users.( Allow(users(to(tailor(frequent(actions.”! The!website!should!be!easy!to!bookmark.!Therefore,!iFrames!and!tempoX rary! links! should! be! avoided.! Potentially! it! should! be! possible! to! see! a! personalised!easy!to!access!list!of!more!frequently!used!features.! 8. Aesthetic!and!minimalist!design!(Design)!–!“Dialogues(should(not(contain( information,(which(is(irrelevant(or(rarely(needed.(Every(extra(unit(of(infor7 mation(in(a(dialogue(competes(with(the(relevant(units(of(information(and( diminishes( their( relative( visibility.( Visual( layout( should( respect( the( princi7 ples(of(contrast,(repetition,(alignment,(and(proximity.”! Avoid!unnecessary!information!throughout!website.!Only!useful!explanaX tions!and!relative!data!should!be!displayed.!To!avoid!clutter,!rarely!or!ocX casionally!needed!information!should!be!hidden!behind!a!link.!Each!page! needs!to!be!broken!into!reasonable!size,!thus!avoiding!information!overX load.!! 9. Help!users!recognize,!diagnose,!and!recover!from!errors!(Recovery)!–!“Er7 ror(messages(should(be(expressed(in(plain(language((no(codes),(precisely(in7 dicate(the(problem,(and(constructively(suggest(a(solution.”! All! forms! should! provide! immediate! errors! if! something! is! wrong! and! suggest!clearly!what!user!should!alter.!! 10. Help!and!documentation!(Help)!–!“Even(though(it(is(better(if(the(system(can( be( used( without( documentation,( it( may( be( necessary( to( provide( help( and( documentation.(Any(such(information(should(be(easy(to(search,(focused(on( the(user’s(task,(list(concrete(steps(to(be(carried(out,(and(not(be(too(large.”!
! 26! The!website!should!not!have!a!separate!help!page!–!it!has!to!be!integrated! into!pages.!For!example,!if!there!is!a!risk!that!some!feature!might!not!be! immediately! understandable! a! link! next! to! it! should! provide! quick! and! precise!explanation.!
Besides!following!Nielsen’s!heuristics,!two!influential!and!popular!books!will!be! used!for!more!detailed!usability!design!recommendations:! Steve!Krug!X!Don't!Make!Me!Think:!A!Common!Sense!Approach!to!Web!Usability! (Krug, 2005)! Jenifer!Tidwell!X!Designing!Interfaces!(Tidwell, 2011)!
!
2.6. USABILITY!EVALUATION!
A!proper!usability!evaluation!is!needed!in!order!to!verify!that!the!goal!of!designX ing!highly!usable!system!is!met.!It!also!helps!to!locate!any!left!interface!issues! that! could! be! fixed! or! changed! before! the! website! is! made! publicly! available.! There!are!two!fundamentally!different!approaches!to!usability!testing.!!
Firstly,!one!of!the!most!traditional!and!popular!ways!is!to!do!heuristic!evaluation.! (Barnum, 2002)!In!this!method!several!experts!are!analysing!the!system!accordX ing!to!predefined!usability!criteria!and!control!questions.!Later,!the!results!are! discussed! together! and! a! common! position! is! agreed.! (Barnum, 2002)! UnfortuX nately,!this!project!does!not!have!means!to!hire!several!experts!to!do!this!kind!of! heuristic!evaluation.!
Therefore,!a!cheaper!method!should!be!used.!Usability!testing!with!real!users!is! popular! alternative! that! could! provide! enough! data! and! feedback.! One! of! the! most! acknowledged! experts! in! this! field! Jakob! Nielsen! highlights! that! even! a! “cheap!and!dirty”!usability!testing!with!few!subjects!can!provide!significant!and! useful! feedback! on! design.! (Nielsen, 1994)! The! goal! of! usability! testing! can! be! broadly!divided!into!two:!Formative!testing!in!which!the!purpose!is!to!diagnose! and!locate!problems!and!summative!testing!in!which!the!aim!is!to!create!a!set!of! metrics! to! evaluate! if! the! product! meets! the! usability! requirements.! (Barnum, 2011)!A!custom!mixed!usability!evaluation!methodology!can!be!used!in!order!to! achieve!both!of!these!two!goals.!!
! 27! Firstly,!taskXbased!scenarios!with!thinkXaloud!process!will!be!used!to!get!qualitaX tive/formative!feedback!and!discover!specific!interface!weaknesses.!TaskXbased! scenarios!make!sure!that!subjects!are!not!aimlessly!wondering!around!in!the!inX terface,!which!would!make!hard!to!spot!patterns!of!usage!and!repetitive!probX lems.! User! stories! and! acceptance! tests! will! be! used! as! a! base! of! creating! test! scenarios!and!tasks.!This!makes!sure!that!relative!parts!of!the!system!are!covX ered!in!the!test.!ThinkXaloud!method!forces!the!testers!to!explain!their!thoughts! and!assumptions!about!the!system,!thus!making!more!transparent!why!users!are! taking! certain! steps.! (Barnum, 2011)! The! qualitative! data! will! be! collected! in! a! form!of!notes!during!the!testing!process.!
Secondly,!at!the!end!of!the!test!each!subject!will!fill!out!a!System!Usability!Scale! (SUS)! questionnaire.! SUS! was! designed! in! 1986! by! John! Brooke! to! be! a! “quick! and!simple”!usability!scale.!(Brooke, 1996)!But!due!to!its!convenient!format!and! flexibility!to!be!useful!in!many!technology!domains!it!has!stand!the!test!of!time! and! is! still! one! of! the! most! popular! standardized! usability! surveys.! (Bangor, Kortum, & Miller, 2008)!SUS!supplies!quantitative!data,!which!enables!to!calcuX late!a!single!score!that!can!be!used!to!conclude!if!the!system!meets!the!needed! requirements.!!
Nielsen!and!Laundauer!claim!that!even!with!five!testers!about!85%!of!all!usabilX ity!problems!are!revealed.!(Nielse & Landauer, 1993)!Many!have!since!questioned! this!number.!Spool!and!Schroeder!are!directly!opposing!Nielsen!et!al.,!claiming! that!the!minimum!amount!of!subjects!to!capture!just!about!half!of!the!problems! is!18.!(Spool & Schroeder, 2001)!Hudson!explains!this!contradiction!with!differX ences!in!systems!and!tasks!these!papers!were!examining.!If!the!system!is!relaX tively!simple!and!the!tasks!are!descriptive,!then!five!testers!might!be!enough.!On! the!other!hand,!if!the!system!is!bigger!and!the!tasks!are!more!ambiguous!signifiX cantly!more!subjects!are!needed!in!order!to!get!estimable!results.!(Hudson, 2001)! Tullis!et!al.!have!concluded!in!their!usability!questionnaire!comparison!that!for! most! of! the! time! 12X14! subjects! are! needed! to! get! reasonably! reliable! results. (Tullis & Stetson, 2004)! Therefore,! as! this! project’s! artefact! is! not! significantly! complex!a!sample!size!of!12X14!should!be!sufficient!to!reveal!most!of!the!probX lems!and!produce!trustworthy!SUS!score.!!
! 28! In!order!to!calculate!the!SUS!score!a!test!subject!is!asked!to!rate!each!question!in! a!fiveXpoint!scale!in!which!one!is!“strongly!disagree”!and!five!is!“strongly!agree”.! Each!question’s!score!contribution!is!then!summed.!For!odd!questions!the!score! contribution!is!calculated!by!deducting!1!from!tester’s!score.!For!even!questions! the!score!contribution!is!calculated!by!deducting!the!tester’s!score!from!5.!To!obX tain! the! overall! SUS! score! the! summed! score! contribution! is! multiplied! by! 2.5.! The!range!of!SUS!score!is!between!0!and!100.!(Brooke, 1996)!Bangor!et!al.!have! concluded!in!their!empirical!evaluation!of!SUS!that!in!general,!passable!products! will!receive!above!70!points,!better!products!above!80!and!truly!superior!ones! above!90.!(Bangor, Kortum, & Miller, 2008)!Therefore,!as!one!of!the!goals!of!this! project!is!to!create!a!highly!usable!product!the!expected!SUS!score!should!be!80! or!more.!The!questionnaire!is!included!in!this!report!as!Appendix!1.!!
(
2.7. WEB!SECURITY!RECOMMENDATIONS!
The!second!main!goal!for!the!project!is!to!develop!a!highly!secure!system.!ToX day’s!Internet!is!often!described!as!a!modern!“wild!west”!where!everybody!is!poX tentially!subject!to!harmful!attacks.!There!are!various!motivations!for!people!to! act!maliciously!–!from!justXforXfun!curiosity!to!manipulating!the!content!of!the! subject!site!and!present!demands!to!the!victim.!(Jordan & Taylor, 1998)!No!matter! what!is!the!catalyst,!potential!consequences!for!the!victim!could!be!devastating.! This! project’s! web! site! is! going! to! store! sensitive! data! and! letting! that! inforX mation! to! be! accessible! or! modifiable! by! unauthorised! parties! is! unacceptable.! Therefore,!all!reasonable!measures!need!to!be!considered!in!order!to!ensure!the! security!of!the!system.!!Thankfully,!there!are!several!organisations!such!as!ComX mon!Weakness!Enumeration!(CWE),!SANS!Institution!and!The!Open!Web!AppliX cation! Security! Project! (OWASP)! that! have! published! multiple! guidelines! and! lists!of!most!common!programming!errors!resulting!in!web!site!vulnerabilities.! (Martin, Brown, Paller, & Kirby, 2011)! (SANS Institution, 2009)! (OWASP, 2013)! Out!of!those!many!web!security!recommendations!OWASP’s!“TOP!10!X!The!Ten! Most!Critical!Web!Application!Security!Risks!2013!–!RC1”!is!considered!to!be!one!
! 29! of! the! most! authoritative! sources! for! identifying! risks! and! getting! guidance! on! how!to!mitigate!them.!!(Fonseca, Vieira, & Madeira, 2010)!
!
2.7.1. OWASP!TOP!10!
The!new!OWASP!TOP!10!document!released!in!2013!is!fifth!in!the!series.!The!aim! of!the!paper!is!to!make!people!involved!in!the!web!industry!more!aware!of!comX mon!security!risks.!It!is!widely!cited!by!many!books,!standards,!tools!and!organiX sations.! (OWASP, 2013)! This! project’s! web! application! will! be! built! with! these! security!risks!in!mind.!The!goal!is!to!have!the!listed!dangers!mitigated!by!sysX tematically!avoiding!identified!problems.!Understandably,!there!are!hundreds!of! issues! that! could! threaten! the! security! of! a! system,! but! by! removing! 10! of! the! most!common!problems!we!can!already!have!considerably!secure!system.!Recent! research! has! shown! that! hackers! are! mainly! using! a! small! amount! of! popular! vulnerabilities!to!conduct!an!attack.!(Fonseca, Vieira, & Madeira, 2010)!Following! is!a!summary!of!these!OWASP!TOP!10!security!risks!together!with!short!examX ples!how!they!relate!to!this!project!and!how!to!avoid!them:!!
1. (SQL)&Injection&–!“Injection(flaws,(such(as(SQL,(OS,(and(LDAP(injection(oc7 cur(when(untrusted(data(is(sent(to(an(interpreter(as(part(of(a(command(or( query.( The( attacker’s( hostile( data( can( trick( the( interpreter( into( executing( unintended(commands(or(accessing(unauthorized(data.”& To!mitigate!the!risk!of!injection!none!of!the!database!queries!can!directly! contain!data!from!user!input.!All!queries!need!to!be!cleaned!with!potenX tially! dangerous! characters,! symbols! and! scripts.! A! database! access! abX straction!layer!can!be!used!to!enforce!global!special!characters!escaping.!! 2. Broken&Authentication&and&Session&Management&!–!“Application(func7 tions(related(to(authentication(and(session(management(are(often(not(im7 plemented( correctly,( allowing( attackers( to( compromise( passwords,( keys,( session(tokens,(or(exploit(other(implementation(flaws(to(assume(other(users’( identities.”& Instead! of! building! authentication! and! session! management! on! my! own! by! trying! to! follow! all! of! the! OWASP’s! Application! Security! Verification! Standards,! as! is! recommended! in! the! Top! 10! document,! we! can! impleX
! 30! ment!an!existing!authentication!system!in!which!known!risks!are!already! taken!into!consideration.!Abovementioned!standards!can!be!used!to!idenX tify!if!potential!systems!are!secure!and!properly!configured.! 3. CrossVSite& Scripting& (XSS)& –! “XSS( flaws( occur( whenever( an( application( takes(untrusted(data(and(sends(it(to(a(web(browser(without(proper(valida7 tion( or( escaping.( XSS( allows( attackers( to( execute( scripts( in( the( victim’s( browser(which(can(hijack(user(sessions,(deface(web(sites,(or(redirect(the(user( to(malicious(sites.”& All! untrusted! data! that! is! inserted! into! the! website! either! by! server,! or! dynamically!on!the!client!side!by!JavaScript,!needs!to!be!properly!escaped.! Untrusted!data!is!anything!that!any!user!could!potentially!input!through!a! form!or!URL.! 4. &Insecure& Direct& Object& References& –! “A(direct(object(reference(occurs( when(a(developer(exposes(a(reference(to(an(internal(implementation(object,( such(as(a(file,(directory,(or(database(key.(Without(an(access(control(check(or( other(protection,(attackers(can(manipulate(these(references(to(access(unau7 thorized(data.”& An!access!control!check!has!to!be!done!always!prior!to!a!call!to!a!database! for!data!that!is!meant!only!for!authorised!users.!This!way,!if!malicious!usX er! tries! to! fetch! the! data! directly! without! being! properly! authenticated,! she!would!be!automatically!redirected!and!the!database!query!would!not! be! executed.! For! example,! if! following! link! would! be! accessed:! “http://example.com/app/editVisitorData?id=101”! ,! then! the! database! would! be! queried! with! id! 101! only! if! the! user! has! access! to! editVisiX torData!page.! 5. Security&Misconfiguration&–!“Good(security(requires(having(a(secure(con7 figuration( defined( and( deployed( for( the( application,( frameworks,( applica7 tion( server,( web( server,( database( server,( and( platform.( All( these( settings( should(be(defined,(implemented,(and(maintained,(as(many(are(not(shipped( with(secure(defaults.(This(includes(keeping(all(software(up(to(date.”' The!project!will!be!initially!deployed!in!GoDaddy!hosting!company’s!virX tual!server!that!is!maintained!and!configured!by!experts.!It!is!reasonable! to!assume!that!the!default!environment!in!a!shared!virtual!server!is!set!up!
! 31! securely.! All! other! application! and! frameworks! related! configurations! need!to!be!systematically!checked!and!set!in!the!safest!possible!way.! 6. Sensitive& Data& Exposure!–!“Many(web(applications(do(not(properly(pro7 tect(sensitive(data,(such(as(credit(cards,(tax(ids,(and(authentication(creden7 tials.(Attackers(may(steal(or(modify(such(weakly(protected(data(to(conduct( identity(theft,(credit(card(fraud,(or(other(crimes.(Sensitive(data(deserves(ex7 tra(protection(such(as(encryption(at(rest(or(in(transit,(as(well(as(special(pre7 cautions(when(exchanged(with(the(browser.”& The!only!truly!sensitive!data!this!project!is!going!to!store!is!users’!passX words.!That!needs!to!be!saved!in!the!database!in!a!hashed!format!that!is! created! by! algorithms! specifically! meant! for! passwords,! such! as! bcrypt,! PBKDF2,!or!scrypt.!This!ensures!that!even!if!the!database!is!compromised,! the!passwords!cannot!be!reversed!to!plainXtext!format.!!Also,!SSL!encrypX tion!is!needed!in!order!to!prevent!hackers!from!using!manXinXtheXmiddle! attack.!The!decision!whether!to!have!the!encryption!depends!if!the!UniX versity!of!Manchester!is!interested!in!buying!the!SSL!certificate.! 7. Missing&Function&Level&Access&Control!–!“Virtually(all(web(applications( verify(function(level(access(rights(before(making(that(functionality(visible(in( the( UI.( However,( applications( need( to( perform( the( same( access( control( checks(on(the(server(when(each(function(is(accessed.(If(requests(are(not(veri7 fied,(attackers(will(be(able(to(forge(requests(in(order(to(access(unauthorized( functionality.”& If!the!user!is!not!logged!in!the!system!will!not!show!any!links!or!navigaX tion! buttons! to! pages! that! require! authentication.! Also,! whenever! a! reX stricted!resource!or!a!page!is!requested,!an!access!control!is!performed.! For!example,!if!an!unauthenticated!user!tries!to!access!a!page!with!direct! link! http://example.com/app/admin,! then! she! would! be! redirected! to! home!page!as!she!does!not!have!necessary!access!rights!for!admin!page.! 8. CrossVSite& Request& Forgery& (CSRF)!–!“A(CSRF(attack(forces(a(logged7on( victim’s(browser(to(send(a(forged(HTTP(request,(including(the(victim’s(ses7 sion( cookie( and( any( other( automatically( included( authentication( infor7 mation,(to(a(vulnerable(web(application.(This(allows(the(attacker(to(force(
! 32! the(victim’s(browser(to(generate(requests(the(vulnerable(application(thinks( are(legitimate(requests(from(the(victim.”& In!order!to!mitigate!the!risk!a!unique!token!in!a!hidden!field!needs!to!be! included!in!all!forms.!When!the!form!is!submitted,!the!token!needs!to!be! checked!and!if!it!is!missing!or!not!valid,!the!form!should!be!discarded.!! 9. Using& Components& with& Known& Vulnerabilities!–!“Vulnerable(compo7 nents,( such( as( libraries,( frameworks,( and( other( software( modules( almost( always(run(with(full(privilege.(So,(if(exploited,(they(can(cause(serious(data( loss( or( server( takeover.( Applications( using( these( vulnerable( components( may(undermine(their(defences(and(enable(a(range(of(possible(attacks(and( impacts.”& Throughout!the!project!there!should!be!a!track!list!of!all!used!external!liX braries!and!frameworks!and!their!versions.!That!list!should!be!regularly! checked!to!make!sure!that!the!latest!versions!are!in!use.!If!it!is!discovered! that!an!update!is!available,!then!the!update!notes!need!to!be!examined!to! verify!if!the!new!version!is!fixing!any!security!vulnerabilities.!If!yes,!then! the!old!library!or!framework!needs!to!be!replaced!with!the!new!one.! 10. &Not& validated& Redirects& and& Forwards!–!“Web(applications(frequently( redirect(and(forward(users(to(other(pages(and(websites,(and(use(untrusted( data(to(determine(the(destination(pages.(Without(proper(validation,(attack7 ers(can(redirect(victims(to(phishing(or(malware(sites,(or(use(forwards(to(ac7 cess(unauthorized(pages.”& Throughout!the!system!there!should!be!no!redirections!with!user!paramX eters.!Only!parameters!that!are!defined!in!the!server!will!be!used.!As!a!reX sult!a!page!request!like!www.example.com/redirect?url=evil.com!should! never!redirect!to!the!evil.com.!
!
2.8. SECURITY!AUDIT!
A! thorough! vulnerability! audit! should! be! conducted! in! order! to! verify! that! the! system!is!indeed!secure.!There!are!three!general!methods!how!to!find!security! risks!in!a!web!page:!conducting!manual!code!review!and!penetration!testing,!auX
! 33! tomated! source! code! scanning,! and! automated! penetration! testing.! (Austin! &! Williams,! 2011)! Unfortunately,! none! of! these! techniques! applied! alone! have! proven! to! have! 100%! coverage! and! detection! rate.! (Edmundson! et.! al,! 2013)! (Austin!&!Williams,!2011).!Therefore,!all!methods!should!be!applied!in!order!to! maximise!the!results.!!
Considerable! knowledge! about! security! vulnerabilities! is! needed! for! manual! code!review!and!penetration!testing.!Luckily,!there!are!some!checklists!that!can! be!used!to!ease!the!process.!The!ones!that!will!be!used!in!this!project!are!as!folX lows:!SANS!Web!Application!Security!Checlist!(Baccam,!2013)!and!Certified!SeX cure!Basic!Web!Application!Audit!Checklist!(Certified Secure, 2013).!The!manual! code! review! and! penetration! testing! are! in! essence! informal! processes.! The! overall!goal!is!to!find!any!potential!security!risks!by!applying!tester’s!knowledge! about!the!domain.!If!any!problems!are!found,!they!will!be!reported!by!providing! answers!to!following!questions:!!
Vulnerability!Type! Vulnerability!Location! Vulnerability!Description! Impact! Steps!to!Exploit!
Automated!source!code!scanning!can!be!done!by!a!variety!of!tools.!UnfortunateX ly,!most!of!them!are!not!designed!for!PHP!and!few!that!do!support!PHP!are!very! expensive!proprietary!tools.!(YaoXWen!et.!al,!2004)!Some!openXsource!tools!such! as!RIPS!Security!scanner!by!Johannes!Dahse!are!attractive,!but!sadly!are!not!deX signed!to!handle!objectXoriented!code.!(Dahse, 2013)!The!only!potentially!usable! tool,!the!author!was!able!to!find,!as!of!April!2013,!is!Yasca!by!Michael!V.!Scovetta.! Yasca! is! a! generalXpurpose! source! code! analysis! tool! that! is! capable! of! using! a! number!of!thirdXparty!plugins!such!as!FindBugs,!PHPLint!and!Pixy!to!enhance!its! search!capabilities.!(Scovetta V., 2013)!The!author!will!try!to!use!Yasca!to!scan! the!finished!project’s!source!code!and!report!any!found!security!issues.!
Source!code!scanning!that!was!examined!in!previous!paragraph!can!be!viewed!as! whiteXbox!testing;!on!the!other!hand,!automated!penetration!testing!is!a!variaX tion!of!blackXbox!testing.!The!general!idea!is!to!let!the!system!to!probe!the!finX
! 34! ished!web!application!without!providing!access!to!the!source!code.!Thus,!the!sysX tem!is!in!essence!simulating!the!realXworld!hacker.!Bau!et.!al.!have!concluded!in! their!research!that!automated!scanners!are!relatively!cheap!and!quick!tools!to! find! the! most! obvious! vulnerability! issues.! (Bau, Bursztein, Gupta, & Mitchell, 2010)! As! with! source! code! scanners,! openXsource! penetration! testing! tools! are! scarce.!There!are!two!potential!solutions!that!could!be!used!for!this!project:!SkipX fish!by!Google!(Google, 2013)!and!Wapiti!by!Nicolas!Surribas!(Surribas, 2013).!The! author!will!make!an!effort!to!run!both!of!these!tools!against!the!finished!project.!
2.9. BACKGROUND!RESEARCH!SUMMARY!
As!a!result!of!extensive!background!research!several!important!decisions!were! made!in!regards!how!this!project!will!be!executed.!Firstly,!the!author!will!follow! agile!principles.!Specifically,!a!selection!of!suitable!Extreme!Programming!pracX tices!will!be!implemented.!After!careful!consideration!a!set!of!programming!lanX guages!were!chosen.!These!included!HTML,!CSS!and!JavaScript!in!the!front!end! and!PHP!in!the!backend.!Moreover,!Google!Maps!API!was!proven!to!be!the!best! tool! to! build! the! map! mashup.! Background! research! also! emphasised! the! imX portance! of! security! and! usability! and! defined! the! processes! how! to! evaluate! both!of!them.!
!
! !
! 35! 3. METHODS!
This!chapter!will!provide!an!overview!of!which!methods!were!used!in!the!proX cess!of!implementing!the!proposed!artefact.!
!
3.1. AGILE!DEVELOPMENT!X!USER!STORIES!&!SPRINTS!
As!defined!in!the!XP!methodology!(Cohn,!2004),!the!requirements!for!a!system! have!to!be!written!down!in!a!form!of!user!stories.!These!are!short!descriptions! explaining!what!the!system!should!do.!They!are!not!meant!to!encompass!all!deX tails!of!proposed!functionality;!instead!user!stories!should!be!starting!points!for! discussions!between!developer!and!the!customer.!!
To!organise!and!plan!the!development,!the!user!stories!need!to!be!evaluated!in! terms!of!story!points.!A!notion!of!ideal!working!day!is!used!for!defining!the!story! point.! One! ideal! working! day! is! an! imaginable! eightXhour! time! lapse! during! which!a!programmer!would!work!continuously!from!start!to!the!end!without!any! interruptions.!
Next,!the!length!of!one!sprint!is!set!to!be!two!weeks!containing!2X3!story!points! (ideal!working!days).!The!variation!was!needed!due!to!different!developer!comX mitment!levels!throughout!the!project.!After!that,!all!users!stories!are!be!allocatX ed! into! sprints.! The! acceptance! tests! are! defined! just! before! the! start! of! corresponding! user! story’s! implementation.! Here! is! an! example! of! how! one! sprint!with!one!user!story!will!look!like.!It!includes!a!sprint!number,!user!story! estimation!in!ideal!working!days,!info!how!long!it!took!in!reality,!acceptance!tests! and!an!indication!if!the!test!is!passed!or!not.!
Spr.& User&Story& Estimation& Real& Acceptance&tests& OK&
4! As! School! administrator,! 3! 3! If!the!visitor’s!name!is!set!to!be!private,! OK! I!want!to!be!able!to!indiX the! name! of! the! visitor! is! changed! to! cate! if! visitor! name! “Anonymous”!for!all!not!logged!in!users.!! should! be! public! and! do! Logged!in!users!can!see!the!names!of!all! OK! we! have! permission! to! private!visitors.! display! their! names! or! Visitor’s!name!can!be!set!private!either! OK! not!for!privacy!reasons.! during! the! initial! visit! entry! or! later! at! any!point!of!time.!
! 36! Sprint&4&Working&Days:& 3& 3& !
Figure'5.'An(example(from(sprints(and(user(stories(table.( (
It!is!important!to!note!that!during!the!project!it!is!possible!to!add!new!stories! and!adjusted!the!priorities!of!existing!ones.!Thus,!at!the!beginning!of!each!sprint! the!developer!reviews!the!current!list.!The!stories!that!are!currently!not!allocatX ed!into!sprints!are!noted!down!in!a!backlog.!If!implementation!time!permits,!they! are!allocated!into!sprints!at!the!later!stage!of!the!project.!Throughout!the!project! the!author!and!the!supervisor!are!having!weekly!meetings!during!which!each!itX eration!is!retrospectively!analysed!to!see!if!everything!went!as!expected!and!if! user!stories!in!the!next!iteration!should!be!reordered!due!to!changing!priorities.!
In!short,!the!methodology!is!relatively!simple!and!easy!to!follow.!It!can!be!sumX marized!with!following!steps:!
1. Setting!sprint!length,!defining!developing!environment!and!tools,!creating! test!data! 2. Gathering!user!stories!in!collaboration!with!the!client! 3. Prioritizing!the!user!stories!and!defining!what!to!add!to!the!sprints! 4. Implementing!current!sprint’s!user!stories! 5. Acceptance!testing! 6. Formative!evaluation!and!sprint!review! 7. Repeat!steps!2X7!during!every!iteration! 8. Summative!evaluation!
!
3.2. TEST!DATA!GENERATOR!
Due!to!privacy!concerns,!the!School!of!Computer!Science!was!reluctant!to!proX vide!the!real!visitors!information!at!the!early!stage!of!the!project.!Therefore!auX tomated!data!generator!tool!had!to!be!created!in!order!to!conduct!proper!tests! and!see!how!the!visualisation!works.!
The! requirement! was! to! be! able! to! flexibly! define! a! time! range,! minimum! and! maximum! length! of! one! stay! and! the! quantity! of! how! many! visits! to! generate.!
! 37! Times! Higher! Education! World! University! Rankings! Top! 200! list! was! used! to! populate!the!test!database!with!institutions.!After!that,!a!script!was!created!that! queried!Google!Maps!API!for!each!of!these!universities’!geolocation!and!saved!it! in!the!database.!The!names!for!test!visitors!and!hosts!were!randomly!generated! with!an!openXsource!tool!GenerateData,!made!by!Ben!Keen.!(Keen, 2013)!
!
3.3. THIRDXPARTY!PLUGINS!&!TOOLS!
A! considerable! amount! of! thirdXparty! plugins,! frameworks! and! libraries! were! used! in! order! to! achieve! more! efficient! development.! Moreover,! functionality! from!popular!and!wellXsupported!tools!provided!a!better!guarantee!for!reliability! and!security.!For!example,!it!would!have!been!very!hard!and!time!consuming!to! build!on!our!own!authentication!system!that!would!meet!all!of!the!security!reX quirements.!Next!is!a!list!of!tools!that!were!used!in!addition!to!ones!mentioned!in! previous!chapters:!
1. CodeIgniter!2.1.3!from!EllisLab!is!a!backXend!PHP!framework.!(EllisLab, 2013)!It!is!one!of!the!most!popular!PHP!frameworks!and!is!proven!to!be! very!flexible,!fast!and!secure.!(Lancor & Samyukta, 2013)!It!enforces!ModX elXControllerXView! design! pattern! that! helps! to! keep! the! system! easy! to! understand!and!maintain.! 2. Bootstrap!is!a!frontXend!website!building!framework!built!by!Mark!Otto! and!Jacob!Thornton!from!Twitter!Inc.!that!simplifies!and!speeds!up!user! interface!development.!It!has!a!support!for!a!responsive!Cascading!Style! Sheets!(CSS),!that!enable!the!website!to!dynamically!scale!its!components! if!different!screen!sizes!are!used.!(From!desktop!computers,!laptops,!tabX lets!to!smartphones)!Bootstrap!has!a!big!selection!of!built!in!user!interX face! components! such! as! menu! dropdowns,! buttons,! alert! windows! etc.! (Twitter, 2013)! 3. Plusstrap& is! a! design! theme! for! Bootstrap! built! by! Ayrat! Belyaev! that! changes! the! look! of! Bootstrap! components! and! customizes! most! of! the! user!interface!to!be!less!generic.!(Belyaev, 2013)!
! 38! 4. Ion&Auht!is!an!authentication!library!for!CodeIgniter!framework!built!by! Ben!Edmunds.!It!simplifies!building!login!and!user!validation!functionaliX ty.!Ion!Auth!also!incorporates!all!of!the!latest!security!recommendations! defined!by!OWASP,!thus!significantly!reducing!the!work!needed!to!design! safe!authentication!logic.!(Edmunds, 2013)! 5. jQuery& && jQueryUI! are! JavaScript! libraries! made! by! a! volunteer! group! jQuery!Foundation.!They!make!developing!dynamic!content!loading!and! user!interface!animations!considerably!easier.!Both!of!them!are!also!used! by!Bootstrap!framework.!(jQuery Foundation, 2013)! 6. TableSorter!is!a!jQuery!plugin!created!by!Christian!Bach!that!adds!sortX ing!and!searching!functionalities!to!standard!HTML!tables!without!page! refreshes.!Due!to!its!flexibility!it!is!easy!to!customize!and!change!the!look! and!feel!of!the!table!to!match!it!with!the!rest!of!the!website!design.!(Bach, 2013)! 7. jQRangeSlider!is!a!JavaScript!plugin!built!by!Guillaume!Gautreau!on!top! of!jQuery.!It!provides!a!wellXdesigned!date!range!slider!that!is!easy!to!emX bed!and!link!with!the!rest!of!the!system.!(Gautreau, 2013)! 8. Select2!is!a!JavaScript!plugin!built!by!Igor!Vaynberg!that!enhances!ordiX nary!HTML!form!select!dropXdown!boxes!by!providing!searching!and!infiX nite!scrolling!functionalities.!(Vaynberg, 2013)! 9. PHPUnit!is!a!unitXtesting!framework!created!by!Sebastian!Bergmann!that! is!specifically!designed!for!PHP!development!projects.!It!simplifies!writing! and!running!unit!tests!by!introducing!principles!and!syntax!that!is!similar! to!other!popular!unit!testing!frameworks!such!as!JUnit.!(Bergmann, 2013)! 10. MYVCIUnit& is! a! combination! of! plugins! that! are! built! on! top! of! PHPUnit! and! CIUnit! to! simplify! writing! unit! tests! and! fixtures! for! projects! using! CodeIgniter!framework.!(Suzuki, 2013)!
! !
! 39! 4. RESULTS!
This!chapter!will!give!an!overview!what!has!been!produced!during!the!duration! of!the!project.!!
!
4.1. DEVELOPMENT!PROGRESS!
At!the!beginning!of!the!development!process!the!author!and!the!client!defined!22! user!stories!that!in!total!were!valued!to!25!story!points.!The!stories!were!allocatX ed!to!10!sprints,!each!two!weeks!long.!Throughout!the!project!the!author!adjustX ed!the!user!stories!and!sprints!to!reflect!the!changing!requirements.!By!the!end! there!were!19!stories!allocated!into!9!sprints.!(See!Appendix!2)!
There!are!several!ways!how!to!present!the!progress!of!an!agile!project.!User!stoX ry! burnXdown! charts! and! workday! burnXup! charts! are! often! used.! Below! is! a! burnXup!chart!that!shows!how!much!time!was!used!during!each!sprint!compared! to!the!initial!plan.!
35,00! Cumulative!Ideal!working!days! 30,00! Cumulative!Real!working!days! 25,00!
20,00!
15,00! Working&Days& 10,00!
5,00!
0,00! 0! 1! 2! 3! 4! 5! 6! 7! 8! 9! Sprints& !
Figure'6.'Burn(up(chart(showing(how(many(days(are(spent.( (
! 40! Planned& Cumulative&Ideal& Cumulative&Real& Sprint& Dates& Ideal&days& Real&days& working&days& working&days& 0! 04.02X17.02! 2,25! 2,75! 2,25! 2,75! 1! 18.02X03.03! 2,00! 2,00! 4,25! 4,75! 2! 04.03X17.03! 2,50! 2,00! 6,75! 6,75! 3! 18.03X31.03! 2,50! 3,00! 9,25! 9,75! 4! 01.04X14.04! 3,00! 3,00! 12,25! 12,75! 5! 15.04X28.04! 3,00! 4,00! 15,25! 16,75! 6! 29.04X12.05! 2,00! 4,00! 17,25! 20,75! 7! 03.06X16.06! 3,00! 4,00! 20,25! 24,75! 8! 17.06X30.06! 2,00! 2,00! 22,25! 26,75! 9! 01.07X14.07! 2,50! 2,50! 24,75! 29,25! Figure'7.'Table(showing(sprint(dates,(planned(and(real(working(days( (
As!seen!on!the!chart!and!the!table,!from!sprint!zero!until!sprint!four!the!project! was!taking!almost!exactly!as!much!time!as!was!expected!and!all!the!user!stories! were!completed!on!time.!But!during!sprint!five!and!six!the!development!started! to!be!lengthier!than!initially!estimated.!Iterations!six!and!seven!required!considX erably! more! effort! than! planned.! This! can! be! explained! by! increased! system! complexity!that!slows!down!the!coding!process.!!
The! stories! that! are! currently! not! allocated! into! sprints!were! noted! down! in! a! backlog.!(Appendix!3)!By!the!end!of!the!implementation!process!there!were!four! stories!in!the!backlog.!One!of!them!is!related!to!the!security!assurance!that!was! kept!in!mind!throughout!the!project.!Others!are!related!to!the!additional!features! that!the!author!and!the!client!considered!but!found!not!as!important!as!rest!of! the! stories! that! were! allocated! to! iterations.! These! three! user! stories! could! be! used!as!a!basis!for!future!system!enhancements.!
!
4.2. SYSTEM!ARCHITECTURE!
CodeIgniter!2.1.3!from!EllisLab!was!chosen!for!backXend!framework.!The!basic! data!flow!in!the!CodeIgniter!framework!is!as!follows:!
! 41! !
Figure'8.'CodeIgniter(Data(Flow((EllisLab,(2013)( (
The!Router!first!examines!the!HTTP!request!reaching!the!server.!If!there!exists!a! cached!version!of!requested!webpage,!it!will!be!send!back!directly,!avoiding!the! usual!execution!sequence.!CodeIgniter!has!automatic!Security!module!that!examX ines!and!filters!all!incoming!HTTP!headers!and!user!submitted!data!before!passX ing! it! on! to! the! controller.! The! Controller! is! responsible! for! loading! all! the! necessary!base!drivers,!helpers,!models!and!other!tools!that!are!required!to!hanX dle!the!request.!Finalized!response!is!rendered!by!the!View!and!sent!off!to!the! browser.!!If!Caching!is!enabled,!the!response!is!stored!to!make!future!requests! faster.!!
MySQL! is! used! for! the! database.! It! was! selected! because! of! good! CodeIgniter! support.!Below!is!a!simplified!class!diagram!with!main!entities!and!their!primary! attributes.!
! 42! !
Figure'9.'Simplified(Class(diagram( In!addition!to!classes!shown!in!the!diagram,!the!system!is!also!using!users,!group! and!users!groups!classes.!These!three!are!created!and!handled!by!the!Ion!Auth! authentication!library.!
Below!is!the!system’s!page!structure!that!shows!how!pages!are!linked!and!which! parts!of!the!website!are!accessible!by!which!users.!
!
! 43! !
Figure'10.'Website(map(showing(pages,(their(connections(and(access(rights( !
4.3. IMPLEMENTING!TEST!DATA!GENERATOR!
After!finishing!with!the!development!of!the!base!structure!and!the!database!arX chitecture,! the! system! needed! demo! data.! For! that! a! separate! subXsystem! was! created!according!to!requirements!and!steps!specified!in!the!methods!chapter.! Finished!test!data!generator!has!visually!attractive!user!interface!with!a!possibilX ity!to!manually!add!new!institutions!and!create!unlimited!amount!of!test!visits! that!match!with!the!set!parameters.!
During!the!implementation!process!500!randomly!generated!names!and!15!real! School!of!Computing!research!groups!were!entered!into!the!database.!Also,!200! world’s!top!universities!with!their!exact!coordinates!were!included!in!order!to! simulate!realistic!data.!A!special!script!was!used!to!query!Google!geolocation!API!
! 44! that! retrieved! the! latitude! and! longitude! parameters! for! each! institution.! The! random! data! generation! has! a! simple! algorithm! that! comprises! of! following! steps:!
1. A!random!visitor!and!host!name!is!picked!from!the!random!names!table.! 2. A!random!institution!is!picked!from!the!institution!table.! 3. A!random!research!group!is!selected!from!the!group!table.! 4. A!random!visit!start!date!is!chosen!that!fits!between!user!specified!start! and!end!dates.! 5. A!random!visit!length!is!picked!that!fits!between!user!specified!stay!minX imum!and!maximum!length.! 6. Steps!one!to!five!are!repeated!for!every!visit.!The!user!specifies!the!quanX tity!of!visits!before!executing!the!generation!process.!
An!example!of!aggregated!test!data!would!be!as!follows:!
Host:!John!Smith! Visitor:!Peter!Decker!! Institution:!Erasmus!University!Rotterdam! Research!Group:!Information!Management! From!Date:!2001X03X15! To!Date:!2001X05X26! !
! 45! ! Figure'11.'Data(Generator’s(Institution(search(interface.(Found(institution’s(coor7 dinates(are(automatically(fetched(from(Google.( !
! Figure' 12.' Data( Generator’s( Random( Visits( interface( through( which( generation( parameters(are(set.(
! 46! !
4.4. ENTERING!THE!REAL!DATA!
An!administrative!employee!in!the!School!of!Computer!Science!manually!collectX ed!data!about!the!real!historical!research!visitors!in!a!Microsoft!Access!database.! It!was!then!handed!over!to!the!author!to!be!transferred!into!the!new!system.!UnX fortunately,! the! data! proved! to! be! extremely! polluted.! There! were! numerous! challenges!that!resulted!in!significant!manual!work!in!order!to!get!the!data!enX tered!into!the!new!website.!!
Firstly,! there! was! no! standardized! logic! how! visitor’s! home! institutions! were! recorded;!the!institution!name!was!sometimes!in!Address1!field,!sometimes!in! Address2!field.!As!a!result,!the!rest!of!the!address!was!often!completely!missing! or!was!randomly!entered!into!one!of!the!four!different!address!fields.!There!were! also! numerous! entries! in! which! the! home! Institution! was! completely! missing.! Moreover,!the!database!included!significant!amount!of!entries!about!visitors!who! were! in! reality! the! University! of! Manchester! employees! temporarily! receiving! their!salaries!as!visitors.!
Initially,!the!author!was!planning!to!create!a!script!that!would!automatically!queX ry!Google!geolocaction!search!API!to!obtain!each!visitor’s!home!institution!coorX dinates!and!enter!it!into!the!database!together!with!the!rest!of!the!information!in! the!raw!Access!database.!Unfortunately,!the!addresses!and!the!institution!names! were!entered!into!the!database!so!inconsistently!that!automation!proved!to!be! unreasonably!complicated.!In!addition,!Google!geolocation!search!API!was!often! unable!to!find!any!results!if!only!the!name!of!the!institution!was!queried,!meanX ing!that!manual!search!and!adjustments!of!the!names!were!needed.!
As!a!result!of!described!complications,!the!author!was!unable!to!automate!any!of! the! data! transfer! process! and! resorted! to! reXenter! all! of! the! visits! manually.! There!were!291!visits!in!total!out!of!which!112!did!not!have!significant!errors,! enabling!the!author!to!enter!them!with!relatively!small!effort!–!only!a!handful! had!some!problems!with!home!institutions.!For!example!Dr!Raquel!Urtasun!was! coming!from!“MUT,!CSAIL”!which!after!doing!some!searching!turned!out!to!be!a! department!in!the!MIT!–!Massachusetts!Institute!of!Technology.!!
! 47! Next,!the!author!entered!103!visits!most!of!which!lacked!all!information!about! their!home!institutions.!In!order!to!overcome!the!problem!the!author!manually! searched!each!individual’s!names!in!academic!publication!databases!Elsevier!and! ACM!Digital!Library!and!pinpointed!to!which!institution!the!person!was!associX ated!to!just!before!the!start!and!during!the!visit!to!Manchester.!!
As!a!result,!the!entire!data!entry!process!took!two!weeks!of!arduous!manual!reX search.!In!the!end!the!author!was!able!to!input!215!visits.!41!entries!in!the!raw! database!were!confirmed!to!be!the!University!of!Manchester!current!or!ex!emX ployees,!thus!not!real!visitors.!35!entries!were!either!about!people!whose!home! institution! was! not! found! or! they! were! also! suspected! to! be! local! researchers! concealed!to!bet!visitors.!!
!
4.5. USER!INTERFACE!AND!DESIGN!
The!usability!of!the!system!was!one!of!the!development!top!priorities;!therefore,! user!interface!received!a!considerable!amount!of!attention.!The!goal!was!to!comX bine! aesthetically! pleasing! design! with! intuitive! and! simple! user! interaction! throughout!the!system!–!from!the!home!page!to!the!very!smallest!admin!panel! widgets.!Nielsen’s!usability!heuristics!(Nielsen, 1994)!were!applied!from!the!beX ginning!to!the!end!of!the!development!process.!Below!are!snapshots!of!selected! parts!of!the!user!interface.!
! 48! ! Figure'13.'Home(page(with(tools(to(filter(the(data(
! Figure'14.'Google(Maps(mash7up(with(dots(for(visitors’(home(institutions(and(con7 trols(to(filter(the(visits.(
! 49! (
Figure'15.'Visitors’(information(table(with(filter,(sorting(and(search(controls.( (
! Figure'16.'New(visitor’s(entry(form.(
! 50! !
Figure'17.'An(example(of(drop7down(select(box(with(search(functionality.(All(drop7 down(select(boxes(in(the(admin(area(are(designed(in(a(following(way.( (
( Figure'18.'An(example(of(date7picker(calendar(widget.(All(date(fields(are(equipped( with(this(widget.( !
! 51! ! Figure' 19.' Adding( a( new( institution( is( done( through( in7page( pop7up( window( in( which(user(can(search(for(the(location(by(providing(just(the(institution’s(name.( !
! Figure'20.'An(example(of(client7side(form(validation.(All(forms(are(validated(before( sending(them(off(to(the(server.( !
! 52! ! Figure'21.'An(example(of(hosts(overview(page(with(a(table(and(controls(to(add,(ed7 it(and(delete(hosts.(
!
Figure'22.'After(clicking(on(visitor’s(name(more(detailed(information(is(shown.(
! 53! !
Figure'23.'Statistics(dashboard(can(be(used(to(discover(further(interesting(insights( about(historical(data.( !
4.6. INCORPORATING!SCHOOL!WEB!DESIGNER!FEEDBACK!
The!partially!finished!system!was!introduced!to!the!School!of!Computer!Science! web! designer! Rina! Srabonian! who! made! several! recommendations! what! could! be!changed!to!make!it!more!seamlessly!integrated!with!the!look!and!feel!of!the! school’s!new!website.!The!author!was!able!to!complete!the!following!changes:!
1. The!school’s!new!website!is!made!fully!mobile!device!friendly!and!Rina! wanted!to!have!the!research!visitor’s!page!also!changed!to!be!easily!usaX ble!with!devices!that!have!smaller!screens.!In!order!to!achieve!this!the!auX thor!had!to!change!all!of!the!elements!in!the!design!from!fixed!widths!to! fluid!percentage!widths.!As!a!result,!even!if!the!screen!size!is!very!small!!X! for!example!on!a!mobile!phone!X!the!content!of!the!system!is!automaticalX ly!scaled!to!fit!exactly!into!that!small!display.!In!addition,!the!main!data! table! in! the! home! screen! had! to! be! changed! to! responsively! reduce! the! amount!of!columns!shown!depending!on!the!width!of!the!screen.!
! 54! 2. The!website’s!global!font!was!changed!to!“Open!Sans”!and!the!colours!of! all! design! elements! such! as! topXmenu! bar,! links,! buttons! and! calendar! date!selectors!were!changed!to!conform!to!the!University’s!official!Visual! Identity!Guidelines.!The!same!guideline!was!the!basis!of!new!school!webX site’s!design.! 3. It!was!also!agreed!between!the!school!web!designer,!the!author!and!the! supervisor!to!remove!the!name!“BrainsPotting”,!that!was!used!initially!as! the!title!of!the!system,!and!replace!it!with!more!generic!and!neutral!name! X!“CS!Research!Visitors”.! 4. The!author!also!customized!the!look!and!feel!of!the!Google!Map.!The!colX our! scheme! was! changed! to! reflect! the! university! recommended! colour! palette.! Also,! unnecessary! features,! such! as! buttons! to! switch! between! map!and!satellite!pictures!view,!latitude!lines!and!ocean!names!were!reX moved!to!give!the!map!more!minimalistic!view.!
' Figure'24.(A(comparison(of(old((left)(and(new((right)(map(designs.( !
As!a!result!of!the!abovementioned!changes!the!system!can!be!seamlessly!inteX grated!with!the!rest!of!the!School!of!Computer!Science!website.!In!the!end!of!this! dissertation! project! the! source! code! of! the! system! will! be! handed! over! to! the! school!to!be!fully!embedded!into!the!school’s!homepage.!!
!
4.7. ADDITIONAL!MEASURES!TO!STRENGTHEN!SECURITY!
As! described! in! the! background! research! part! of! the! paper,! the! security! of! the! system!is!critical.!The!website!will!be!hosted!on!university!servers!and!thus!if!the!
! 55! system!would!be!compromised,!the!potential!damage!could!be!considerably!bigX ger!than!just!infiltrating!this!project’s!website.!!
In!order!to!further!reduce!the!risks,!the!author!and!the!School!of!Computer!SciX ence! have! agreed! to! disable! public! system’s! direct! database! querying.! Instead,! the!installation!will!have!two!almost!identical!systems!–!one!accessible!in!public! Internet,!another!only!accessible!inside!university!network.!The!public!website! will!be!fetching!it’s!data!from!static!JSON!files!stored!in!publicly!accessible!direcX tory.! Those! JSON! files! will! be! automatically! created! once! per! night! by! a! script! that! queries! internal! system.! Administrators! will! have! direct! access! to! the! priX vate!installation!to!manage!the!data!about!visits.!
!
Figure'25.'A(Diagram(showing(how(the(two(system(installations(will(be(set(up.(( !
As!a!result!of!this!setup,!even!if!the!public!system!would!be!compromised,!the! attacker!would!not!have!access!to!the!rest!of!the!University!network!infrastrucX ture.!It!also!eliminates!the!risk!of!SQL!injection!attacks!or!any!other!database!reX
! 56! lated!attacks.!Thus,!the!system!will!become!considerably!more!secure!with!relaX tively!small!adjustments.!!
!
! !
! 57! 5. EVALUATION!
The! next! chapter! will! discuss! how! were! the! security! and! usability! evaluations! done!and!what!were!their!results.!In!addition,!insights!are!presented!about!the! historical!research!visits!data!and!the!single!person!agile!development.!
!
5.1. SECURITY!AUDIT!
Despite!the!increased!security!achieved!by!introducing!public!and!private!instalX lations!we!would!still!need!to!make!sure!that!the!system!is!thoroughly!secure.! Otherwise,!if!the!website!would!be!compromised!it!could!be!potentially!used!as!a! platform!to!attack!other!unsuspecting!visitors.!The!author!has!conducted!a!threeX step!security!audit!to!verify!the!security!is!sound:!
1. Manual&penetration&testing&and&code&review.&The!author!has!conductX ed!a!thorough!testing!by!following!through!two!security!checklists!X!SANS! Web!Application!Security!Checklist!(Baccam,!2013)!and!Certified!Secure! Basic!Web!Application!Audit!Checklist!(Certified!Secure,!2013).!The!only! serious!security!issue!identified!was!the!fact!that!the!system!is!currently! not!using!SSL!encrypted!connection!during!logged!in!sessions.!Luckily,!as! the! system! configuration! was! changed! only! the! school’s! local! network! system! installation! that! is! accessible! inside! University! local! network! is! used! to! facilitate! login! and! other! administrative! functions.! As! a! result,! sensitive!and!potentially!valuable!information!that!would!require!encrypX tion! is! never! transmitted! through! public! Internet.! Therefore,! as! long! as! the!system!is!installed!in!a!way!described!in!chapter!4.7,!it!is!not!critical!to! encrypt! the! connection! with! SSL! certificates.! In! an! event! of! alternative! system!setup,!encryption!would!be!highly!recommended.!& 2. Automated& sourceVcode& scanning.! The! author! also! carried! out! source! code!scanning!with!a!freeware!tool!called!Yasca!developed!by!Michael!V.! Scovetta.!(Scovetta V., 2013)!It!is!searching!for!various!security!vulnerabilX ity!patterns!and!builds!a!report!about!it.!The!tool!did!find!in!total!59!isX sues.! Fortunately,! all! of! critical! and! medium! risk! problems! were! false!
! 58! positives.! There! were! 39! critical! points! that! claimed! the! code! is! storing! weak!hardXcoded!passwords!and/or!credentials.!All!of!those!claims!were! incorrect! –! none! of! the! found! code! lines! contained! real! passwords! or! usernames.!There!was!one!instance!of!medium!risk!vulnerability!having! potentially! sensitive! data! visible,! but! that! too! was! false! positive.! Lastly,! Yasca!found!18!low!risk!problems!that!were!related!to!process!control!isX sues.!Luckily,!all!of!these!issues!were!related!to!other!parts!of!CodeIgniter! framework!that!is!not!used!by!this!project.!In!summary,!the!source!code! scanning!was!successful!and!proved!that!there!are!no!serious!security!isX sues.& 3. Automated&penetration&testing.&The!author!used!a!testing!tool!Skipfish! to!automatically!assess!the!security!of!the!system.!It!uses!smart!fuzzing! technologies!and!handcrafted!dictionaries!to!scan!and!try!bruteXforce!atX tacks!on!the!system.!The!results!showed!no!severe!security!issues,!but!it! did! highlight! some! medium! risk! problems.! Importantly,! Skipfish! highX lighted! that! some! of! the! cashing! directives! were! set! incorrectly.! That! would!have!resulted!in!cookies!being!cashed!by!Internet!service!providers! and!served!by!them!to!wrong!people,!effectively!enabling!session!hijackX ing.! The! author! was! able! to! amend! the! issue! and! subsequent! scans! showed!improved!security.!Other!medium!risk!problems!identified!by!the! tool!were!all!false!positive!–!for!example!Skipfish!considered!incorrect!or! missing!charset!and!external!content!embedding!to!be!risky.&
In!conclusion,!all!three!security!audit!steps!showed!that!the!system!is!highly! secure.!The!process!did!not!discover!any!highXrisk!vulnerability!and!the!auX thor!amended!the!few!medium!or!low!risk!issues!that!were!found!during!the! test.! With! the! additional! security! measures! in! separating! the! public! system! installation!from!the!database!it!is!possible!to!claim!that!the!system!is!reaX sonably!safe!and!cannot!be!breached!easily.!!
!
!
!
! 59! 5.2. USABILITY!EVALUATION!
Usability!evaluation!consisted!of!both!qualitative!and!quantitative!analysis.!FirstX ly,!the!author!asked!the!test!subjects!to!complete!12!tasks!that!were!created!to! investigate!the!main!functionalities’!usability.!User!stories!and!acceptance!tests! were!used!as!a!basis!of!tasks!to!ensure!they!were!indeed!related!to!the!key!feaX tures!of!the!website.!In!order!to!assist!in!creating!high!quality!tasks!United!States! Department! of! Health! &! Human! Services! Usability! Testing! instructions! were! closely!followed.!(U.S. Department of Health & Human Services, 2013)!The!12!conX structed!tasks!were!as!follows:!
1. You!are!a!researcher!from!Japan!and!are!wondering!how!many!people!(if! any)!have!been!visiting!the!School!of!Computer!Science!from!Tokyo.!Find! it!out!using!the!website.! 2. You!are!a!keen!robotics!researcher!and!would!like!to!know!from!which! countries!there!have!been!visitors!to!the!Robotics!Group.!Find!it!out!using! the!website.! 3. You! are! wondering! from! which! country! most! visitors! to! the! Advanced! Processor!Technologies!Group!come!from.!Find!it!out!using!the!website.! 4. You!would!also!like!to!know!how!many!(if!any)!people!have!been!visiting! the!School!from!The!United!States!since!the!beginning!of!2010.!Find!it!out! using!the!website.! 5. While!browsing!the!website!you!noticed!that!there!is!a!visitor!from!Kenya,! but!you!know!for!a!fact!that!nobody!has!come!from!there.!Report!the!issue! to!the!administrators.! 6. You!are!now!impersonating!university!admin!worker.!Login!to!the!adminX istrative!side!of!the!system!with!following!credentials:! username:[email protected]! password:!temporary! 7. John! Appleseed! wants! to! have! access! to! the! admin! part! of! the! system.! Create!a!new!admin!user!for!him;!use!your!own!real!eXmail.!John!is!a!reX searcher!in!Robotics!Group!who!is!planning!to!invite!a!colleague!from!GeX neva!to!Manchester.!
! 60! 8. Log!out!from!the!system!and!check!your!email!for!John's!login!details.!Use! them!to!login!again.! 9. Insert!a!new!Visit.!Use!your!own!name!and!let!everybody!see!it.!You!are! visiting!from!the!Glasgow!University!and!your!were!working!as!Visiting! Research!Assistant!in!Medical!Informatics!Group!together!with!your!host! John!Smith.!You!visited!Manchester!from!17th!of!January!2013!to!23rd!of! June!2013.! 10. Change!the!only!Kenyan!visit!details!X!add!the!fact!that!the!visitor!came! from!a!Faculty!of!Natural!Sciences.! 11. !Add!another!visit!for!Dr!David!Barton!from!AverStar!Inc.!He!was!visiting! Manchester! as! Honorary! Visiting! Research! Fellow! from! 1st! of! January! 2003!to!20th!of!July!2003.!David!was!invited!over!by!Hilary!Kahn!from! Text!Mining!Group.! 12. While!browsing!the!map!you!noticed!one!pin!that!should!be!pointing!to! Newcastle!University!is!actually!in!the!middle!of!Scotland,!make!the!necX essary!adjustments!to!fix!the!problem.!
The!author!managed!to!recruit!11!test!subjects.!The!background!of!participants! was!extremely!varied!–!in!total!eight!different!nationalities!were!represented:!3! Estonians,!2!Scottish,!1!German,!1!Austrian,!1!Indian,!1!Norwegian,!1!Malaysian! and!1!Canadian!volunteers.!Seven!persons!were!studying!various!subjects!in!the! University!of!Manchester!and!in!total!10!had!at!least!BSc!or!BA!university!degree.! There!were!7!male!and!4!female!participants,!and!the!age!distribution!was!very! concentrated!–!the!mean!age!was!24.64,!mode!and!median!were!both!25.!All!of! the!participants!replied!that!they!use!computer!and!Internet!regularly!and!are! comfortable!with!discovering!new!websites.!At!the!same!time!only!one!person! was! specifically! studying! computer! science.! Participants’! varied! cultural! backX ground! helped! to! make! sure! that! a! big! spectrum! of! different! approaches! and! views!were!covered!during!the!usability!testing,!ensuring!higher!problem!detecX tion!rate.!
Before!the!completion!of!tasks!the!volunteers!were!briefly!introduced!to!the!sysX tem.!The!author!explained!the!rationale!why!the!website!was!built,!to!whom!it!is! targeted! and! what! are! the! main! functionalities.! Importantly,! the! introduction!
! 61! was! not! explicitly! showing! how! to! complete! any! of! the! usability! testing! tasks.! During!the!tests!the!participants!were!encouraged!to!use!a!thinkXaloud!method!–! trying!to!verbalise!one’s!thoughts!while!navigating!the!system.!Volunteers!were! also!advised!to!give!additional!comments!and!suggestions!throughout!the!testing! process.!As!a!result,!in!total!18!usability!issues!were!discovered:!
1. Some!of!the!dropXdown!menus!were!not!ordered!–!All!of!them!need!to!be! alphabetically!sorted.! 2. Date! format! yyyyXmmXdd! was! slightly! confusing! during! new! date! entry! process.! A! dd.mm.yyyy! format! would! be! preferable! in! the! Edit! and! Add! New!Visit!page.! 3. Date!range!slider!in!the!home!page!was!not!easily!discoverable.!A!headX line! and! additional! borders! around! it! would! help! to! make! it! stand! out! more.! 4. Statistics!page!was!not!easily!discoverable.!(Only!a!small!link!in!the!upper! right!corner)!Having!a!second!button!next!to!the!visit!filters!would!help.! 5. The!name!"BrainSpotting"!needs!to!be!changed!throughout!the!system!to! “CS!Research!Visits!Map”.! 6. Not!clear!what!you!need!to!do!in!the!new!Institution!entry!page.!At!the! beginning!there!is!only!one!field!–!“Institution!Full!Name”!and!two!grey! buttons!–!“Search”!and!“Cancel”.!User!should!click!on!the!Search!button!afX ter!which!a!map!with!found!location!is!shown.!It!would!help!if!the!Search! button!were!more!prominent,!for!example!coloured!green!to!indicate!that! the!user!should!click!on!it.! 7. Login!button!was!visible!even!if!logged!in;!it!should!be!hidden!for!logged! in!users.!Also,!login!dropXdown!interface!was!not!included!in!the!Statistics! page.! 8. The!New!Host!form!input!validation!JavaScript!code!was!not!working.! 9. The!Date!range!slider!on!the!home!page!had!blocked!areas!in!the!edges;!as! a!result!the!range!couldn’t!be!dragged.! 10. The!User!Types!in!the!"New!User"!interface!were!not!selfXexplanatory.!As! only! the! Administrative! user! in! reality! is! used,! then! the! selection! is! reX dundant!and!should!be!hidden.!
! 62! 11. If!the!login!link!is!clicked,!then!an!eXmail!field!should!automatically!be!seX lected!for!entry!in!the!opened!modal!window,!so!the!user!would!save!one! redundant!click.! 12. The!Logout!button!was!not!behaving!the!same!way!as!the!rest!of!the!butX tons!in!the!upper!menu!–!all!of!them!should!have!borders!when!hovering! over!them.! 13. "From! Date"! and! "To! Date"! table! columns! were! confusing,! as! many! thought!they!could!be!used!to!search!for!a!range!of!years.!For!clarity,!reX name!them!to!"Visit!Start"!and!"Visit!End".! 14. On!Existing!Visit's!table!page!the!Hosts!dropXdown!menu!was!empty.! 15. It!would!be!more!convenient!if!there!were!a!possibility!to!go!to!the!specifX ic! institution’s! Edit! Institution’s! Details! page! directly! from! the! map,! inX stead! of! going! through! a! separate! page.! Add! a! direct! link! to! the! institution’s!info!window!in!the!map.! 16. In!the!Edit!Institution!Details!page!the!text!above!and!under!the!map!(that! explains!how!to!manually!reposition!the!location!pin)!is!too!small!and!not! noticeable.! Make! it! bigger! and! change! the! colour! to! something! more! prominent.! 17. Cannot!clean!up!all!of!the!home!page!filters!at!once!with!one!click.! 18. !Special!search!functionality!inside!some!dropXdown!menus!is!not!showX ing! all! of! the! icons! (magnifying! glass,! up! and! down! arrows)! on! a! retina! display!device.!
Out!of!all!found!issues!the!first!16!were!fixed.!Unfortunately,!the!last!two!proved! to! be! more! challenging! and! therefore! remained! unsolved! at! the! current! stage.! Issue!17!was!seen!to!be!too!big!and!timeXconsuming!change!to!implement,!conX sidering!the!relative!insignificance!of!the!subject!matter.!!!Issue!18!was!related!to! a! plugin! used! for! special! search! functionality! inside! some! of! the! dropXdown! menus.!At!the!time!of!the!usability!tests!there!were!no!new!versions!available!for! the! plugin! that! would! fix! the! issue.! Therefore,! the! plugin! would! have! to! be! changed!later!in!the!future!when!an!updated!version!becomes!available.!
!
!
! 63! 5.2.1. SYSTEM!USABILITY!SCALE!
Having!the!test!participants!complete!the!preXdefined! tasks! helped! to! discover! problems!in!the!interface!and!generated!new!ideas!how!to!further!improve!the! usability!of!the!system.!But!that!did!not!give!quantifiable!feedback!on!what!peoX ple!think!about!the!website.!In!order!to!evaluate!the!usability!of!the!interface!the! author! asked! the! participants! to! anonymously! fill! up! a! System! Usability! Scale! questionnaire.! (See! Appendix! 1–! System! Usability! Scale! (SUS)! standard! quesX tionnaire.)!As!explained!by!Jeff!Sauro!and!other!usability!experts,!the!SUS!score! can!only!be!interpreted!as!a!single!final!number;!the!individual!question!scores! can! be! misleading! and! should! not! be! used! to! derive! conclusions.! (Sauro, 2011)! The!author!analysed!the!questionnaire!results!and!did!the!calculations!according! to!the!instructions!described!in!Chapter!2.6.!The!results!showed!that!the!test!parX ticipants!gave!the!system!an!average!score!of!82.92!points.!Sauro!highlights!that! the!SUS!score!cannot!be!interpreted!as!a!percentage;!instead!it!should!be!normalX ized!in!comparison!with!other!system!scores.!He!has!devised!a!database!of!more! than!500!SUS!scores!showing!the!distribution.!An!average!score!in!Sauro’s!dataX base!is!68!and!at!least!80.3!points!is!needed!in!order!to!be!in!the!top!10%!of!the! distribution.!Therefore,!the!score!82.92!can!be!interpreted!as!a!result!that!is!betX ter!than!approximately!93%!of!all!systems.!In!conclusion,!the!initial!goal!of!getX ting!more!than!80!points!in!the!SUS!score!was!achieved!and!it!can!be!viewed!as!a! really!good!result!only!attributed!to!high!quality!interfaces.!
!
Figure'26.'Diagram(showing(normalized(SUS(Scores(and(their(interpretation.((
! 64! !
5.3. INSIGHTS!ABOUT!RESEARCH!VISITS!DATA!
During!the!development!process!a!dashboard!page!was!created!to!visualize!data! and!make!it!easy!to!get!an!overview!of!the!statistical!details.!With!the!help!of!that! page!it!is!possible!to!draw!some!insights!about!historical!research!visits!to!the! School!of!Computer!Science.!Sadly,!the!information!provided!cannot!be!considX ered! completely! trustworthy.! During! the! data! entry! process! the! author! was! struggling!to!identify!some!of!the!visitors,!and!on!the!other!hand!the!raw!data! contained!some!bogus!visits!that!in!reality!were!ex!school!employees!who!were! given!an!opportunity!to!stay!in!the!University!as!visitors,!even!though!they!had! been!working!only!in!the!University!of!Manchester.!Therefore!the!database!could! contain! some! visits! that! are! not! real! and! at! the! same! time! exclude! some! valid! ones.!Nevertheless,!general!conclusions!are!still!possible.!
From!1998!until!2013!there!has!been!in!total!215!research!visitors,!which!makes! 13.44!visits!per!year!on!average.!The!average!visit!length!was!288!days.!The!busX iest!years!have!been!2008!and!2007!during!which!the!school!hosted!27!and!26! visitors.!The!majority!of!visitors!are!coming!from!Europe!(37.2%),!UK!contribuX tion!is!17.2%!and!only!9.8%!are!from!North!America.!Rest!of!the!people!(35.8%)! are! visiting! from! various! other! parts! of! the! world.! The! most! popular! country! from!where!researchers!come!is!UK!(37!visits).!Next!is!China!(32!visits)!and!the! third!most!popular!home!country!is!Spain!(28!visits).!By!far!the!busiest!group! has! been! Information! Management! group! that! has! hosted! 53! visitors! over! the! years.! The! second! is! Advanced! Processor! Technologies! group! with! 23! visitors! and!the!third!is!Machine!Learning!and!Optimisation!group!who!have!hosted!19! researchers.!Below!are!several!charts!illustrating!the!visitors’!distribution.!
! 65! !
Figure'27.'A(chart(showing(how(many(visits(there(were(each(year(and(what(was( the(average(visit(length(during(those(years.( !
!
Figure'28.'A(chart(showing(from(which(regions(the(visitors(come(from.( !
! 66! !
Figure'29.'A(chart(indicating(from(which(countries(visitors(come(from.( (
! 67! ( Figure'30.'A(chart(showing(how(visitors(are(distributed(between(research(groups.( (
5.4. INSIGHTS!ABOUT!ONE!PERSON!AGILE!DEVELOPMENT!
As!discussed!earlier,!due!to!intrinsically!teamwork!nature!of!agile!development!it! is!fundamentally!impossible!to!embrace!all!of!its!principles!and!methods!in!a!sinX gle! person! team.! Nevertheless,! the! author! identified! some! of! the! practices! deX fined! in! Extreme! Programming! X! the! most! popular! agile! development! methodology!(Dybå & Dingsøyr, 2008)!X!which!were!followed!during!the!project.! In!practice!only!few!of!them!worked!well!and!proved!to!be!useful.!
The! author! agrees! that! defining! the! system! requirements! as! user! stories! and! planning!the!project!in!iterations!is!very!useful!and!it!helped!to!concentrate!on! the!important!aspects!of!the!system.!This!was!possible!due!to!client’s!clear!unX derstanding!on!how!a!development!based!on!user!stories!works!and!what!feaX tures!should!there!be!in!the!system.!The!client’s!active!participation!in!defining!
! 68! the!user!stories!in!a!correct!format!was!critical!in!using!them!efficiently.!MoreoX ver,!small!iterations!helped!to!keep!the!pace!of!the!development!high!as!it!kept! the!author!motivated!and!alert!to!meet!all!of!the!frequent!iteration!deadlines.!As! a!result,!more!features!were!delivered!in!the!same!amount!of!time.!User!stories! and!iterations!were!also!very!good!in!keeping!an!overview!of!how!far!the!develX opment!was!and!if!any!adjustments!were!needed.!It!was!very!easy!to!discuss!and! introduce!changes!in!the!functionality!as!at!the!end!of!iterations!the!system!was! in!a!stable!state!with!all!of!the!functionality!working.!In!insight,!the!author!beX lieves! that! most! of! the! positive! aspects! of! the! agile! development! experienced! would!not!have!been!possible!if!the!client!were!not!highly!involved,!motivated! and!well!educated!about!the!practices.!
Unfortunately,!there!were!several!agile!principles!and!methods!that!the!author! initially!hoped!to!follow,!but!failed!partially!or!completely.!All!of!the!issues!can!be! attributed!to!a!lack!of!discipline!due!to!missing!peer!and/or!manager!superviX sion.!Most!importantly,!the!author!failed!to!consistently!write!unit!tests!for!the! system.!During!the!first!three!iterations!the!tests!were!written!properly!and!the! coverage!was!estimated!to!be!70%!to!80%.!But!later!the!pace!of!the!development! and!the!complexity!of!the!functionalities!increased;!as!a!result!the!author!found! less!and!less!time!to!finish!the!tests.!Also,!in!the!later!stages!of!the!project!the! new! functionality! often! required! changes! in! the! existing! code! and! as! a! conseX quence! changes! in! their! unit! tests! that! made! the! total! required! work! on! tests! even!bigger.!In!the!end,!almost!no!new!tests!were!written!and!old!ones!were!not! updated.!As!a!result,!the!author!was!firstly!more!reluctant!to!properly!refactor! the!code!because!there!was!always!a!risk!of!breaking!something.!Secondly,!lack! of! unit! tests! permitted! to! write! unnecessarily! complex! and! long! functions! that! would!not!normally!happen,!as!they!are!very!hard!to!tests.!Moreover,!because!of! all!abovementioned!mistakes!the!general!design!of!the!system!was!not!optimal;! the! code! simplicity! and! maintainability! was! neglected! over! quick! functionality! delivery.!
Nevertheless,!the!author!feels!that!even!in!a!single!person!team!the!agile!develX opment!methodologies!are!useful!and!helpful.!The!major!important!recommenX dation!for!the!future!is!to!have!a!proper!supervision!on!all!agreed!aspects!of!the!
! 69! agile!principles!that!are!going!to!be!followed.!The!nature!of!humans!to!reach!for! the!low!hanging!fruit!without!realizing!the!longXterm!consequences!is!sadly!perX vasive!and!hard!to!avoid!without!external!supervision.!
! !
! 70! 6. SUMMARY!
The! objective! of! this! dissertation! project! was! to! provide! convenient! means! to! discover!who,!at!what!time!and!from!where!has!been!to!the!School!of!Computer! Science!as!a!research!visitor.!The!motivation!was!to!promote!to!internal!and!exX ternal!audiences!the!attractiveness!and!the!activity!of!the!school!in!the!competiX tive! and! international! research! field.! By! displaying! the! visitor! data! in! fun! and! engaging!way!on!a!map!the!school!can!promote!its!popularity!among!computer! science! researchers.! In! order! to! achieve! the! goal! the! author! successfully! conX ducted!a!development!project!with!several!steps.!
First!of!all,!an!extensive!background!research!was!undertaken!during!which!suitX able!development!technologies!and!methodologies!were!identified.!It!was!agreed! with!the!customer!–!the!director!of!research!in!the!School!of!Computer!Science!–! to!use!agile!development!principles!and!more!precisely!adopt!the!Extreme!ProX gramming! methodology.! Importantly,! due! to! single! person! development! team! only!a!selection!of!Extreme!Programming!principles!were!selected!and!followed.! Throughout! the! project! the! author! highlighted! the! importance! of! usability! and! security.! Thus,! considerable! effort! was! devoted! to! investigate! issues! related! to! them.!During!the!background!research!the!choices!in!technical!domain!were!also! discussed.! The! author! decided! to! use! PHP! scripting! language,! MySQL! database! and!CodeIgniter!development!framework!to!create!the!backXend!of!the!system.! The!frontXend!of!the!system!was!programmed!in!HTML,!CSS!and!JavaScript!and! the!communication!was!conducted!with!asynchronous!Ajax!calls.!The!central!feaX ture!of!the!system!–!the!interactive!visitors!map!–!was!developed!with!Google! Maps!API.!
Next,!the!real!data!was!cleaned!and!entered!after!which!an!extensive!evaluation! of!the!system!was!possible.!The!author!conducted!a!thorough!threeXstep!security! audit! that! consisted! of! source! code! review,! whiteXbox! automated! code! testing! and!blackXbox!automated!penetration!testing.!As!a!result,!only!one!considerable! security! issue! was! discovered! and! fixed.! Thus,! the! security! of! the! system! was! found!to!be!high!enough!to!allow!the!school!to!install!it!into!its!web!infrastrucX ture.! Later,! an! exhaustive! usability! evaluation! was! conducted.! 11! participants! with! diverse! background! helped! to! identify! in! total! 18! usability! issues! out! of!
! 71! which!16!where!addressed.!The!testers!expressed!high!satisfaction!with!the!sysX tem!and!found!it!easy!to!use.!Indeed,!the!average!System!Usability!Scale!score! over!all!participants!was!82.92!points!that!can!be!viewed!as!a!great!success.!
In!conclusion!the!author!was!able!to!meet!the!project’s!objectives!by!developing! a!highly!attractive,!usable!and!secure!maps!system.!Despite!some!challenges!in! following!the!agile!principles!the!dissertation!project!went!largely!according!to! the! initial! plan! and! there! were! no! major! failures! or! challenges.! The! School! of! Computer!Science!has!expressed!satisfaction!with!the!system!and!will!incorpoX rate!it!into!its!official!website.!!
The! artefact! is! also! publicly! accessible! on! the! following! page:! www.karlkerem.com/brainspotting.!A!temporary!account!can!be!used!to!access! the!administrative!side!of!the!system.!It!will!be!valid!until!30.10.2013.!
username:[email protected]! password:!temporary!
!
6.1. FUTURE!WORK!
Despite!the!apparent!success!of!the!development!the!author!has!identified!some! areas!where!improvements!and!additional!work!could!be!made:!
1. Firstly,!due!to!limited!time!there!were!some!administrative!features!that! were!not!implemented.!Importantly,!there!is!no!functionality!to!manage! and!delete!existing!admin!users.!Only!an!interface!for!creating!new!ones! was!completed.!Therefore,!if!a!person!forgets!its!password!or!there!is!a! need!for!deleting!its!account!the!master!admin!needs!to!make!the!necesX sary!adjustments!directly!in!the!database.!Thanks!to!modern!MySQL!adX ministrative! interfaces! such! as! phpMyAdmin! it! is! relatively! easy;! but! never!the!less,!it!poses!inconveniences!that!could!be!addressed.! 2. Also,!the!development!backlog!contains!three!user!stories!that!were!not! implemented.!All!of!them!are!related!to!nice!to!have!extra!features!that! were!not!prioritized!high!enough!to!be!included!in!the!completed!iteraX tions.!!
! 72! 3. The!author!has!recognized!that!system’s!code!structure!could!be!more!opX timal.!Importantly,!current!system!does!not!use!object!relational!mapping,! instead!direct!database!calls!are!made!inside!model!classes.!This!compliX cates!the!design!of!the!code!and!makes!it!less!understandable.!In!addition,! there!is!room!for!considerable!amount!of!refactoring!and!commenting!in! order!to!make!the!system!more!maintainable!in!the!long!run.! 4. Moreover,!currently!the!system!is!not!very!well!optimized!for!minimizing! webpage! load! times.! Specifically,! the! JavaScript! libraries! used! could! be! critically!reviewed!and!all!of!the!unused!functionality!removed.!Also,!all!of! the!JavaScript!code!could!be!minified!and!incorporated!into!one!file!to!reX duce!the!amount!of!HTTP!calls!made!during!the!initial!load.! 5. Lastly,!at!the!moment!the!system!is!designed!specifically!for!the!School!of! Computer!Science,!but!there!is!a!possibility!to!introduce!similar!maps!sysX tem!for!the!entire!university.!Unfortunately,!this!would!require!considerX able! development.! For! example,! each! faculty! and! department! would! probably! want! to! have! some! unique! features! and! custom! data! to! be! shown.!!
!
! !
! 73! REFERENCE!LIST!
Abrahamsson,!P.,!Oza,!N.,!&!Siponen,!M.!T.!(2010).!Agile!software!development! methods:!a!comparative!review.!In!T.!Dingsøyr,!T.!Dybå,!&!N.!B.!Moe,!Agile(Soft7 ware(Development!(pp.!31X59).!Berlin:!SpringerXVerlag.!
ARWU.!(2012,!Aug).!Natural(Sciences(and(Mathematics(7(2012.!Retrieved!Aug!11,! 2013!from!Academic!Ranking!of!World!Universities:! http://www.shanghairanking.com/FieldSCI2012.html!
Austin,!A.,!&!Williams,!L.!(2011).!One!Technique!is!Not!Enough:!A!Comparison!of! Vulnerability!Discovery!Techniques!.!2011(International(Symposium(on(Empirical( Software(Engineering(and(Measurement!(pp.!97X106).!Washington,!DC:!IEEE! Computer!Society.!
Baccam,!T.!(2013,!April).!Checklists:(Web(Application(Security.!Retrieved!April!20,! 2013!from!SANS!IT!Audit:!http://itXaudit.sans.org/community/checklists/webX applicationXsecurity!
Bach,!C.!(2013,!May).!TableSorter(7(Flexible(client7side(table(sorting.!Retrieved! May!04,!2013!from!http://mottie.github.io/tablesorter/docs/index.html!
Bangor,!A.,!Kortum,!P.!T.,!&!Miller,!J.!T.!(2008).!An!Empirical!Evaluation!of!the! System!Usability!Scale.!International(Journal(of(Human(Computer(Interaction!,(24! (6),!574X594.!
Barnum,!C.!M.!(2002).!Usability(testing(and(research.!New!York:!Hamilton!PrintX ing!Company.!
Barnum,!C.!M.!(2011).!Usability(Testing(Essentials(7(Ready,(Set...Test!!Elsevier.!
Bau,!J.,!Bursztein,!E.,!Gupta,!D.,!&!Mitchell,!J.!(2010).!State!of!the!Art:!Automated! BlackXBox!Web!Application!Vulnerability!Testing.!IEEE(Symposium(on(Security( and(Privacy,!(pp.!332X345).!
Beck,!K.!(1999).!Embracing!change!with!extreme!programming.!Computer!,(32! (10),!70X77.!
Belyaev,!A.!(2013,!May).!Plusstrap(framework.!Retrieved!May!04,!2013!from! http://xbreaker.github.io/plusstrap/index.html!
Bergmann,!S.!(2013,!May).!PHPUnit(7(GitHub.!Retrieved!May!05,!2013!from! https://github.com/sebastianbergmann/phpunit/!
Brooke,!J.!(1996).!SUS:!A!“quick!and!dirty”!usability!scale.!In!Usability(evaluation(
! 74! in(industry!(pp.!189X194).!London:!Taylor!&!Francis.!
BuiltWith.!(2013,!April).!Google(Maps(API(Usage(Statistics.!Retrieved!April!30,! 2013!from!BuiltWith!Technology!Usage!Statistics:! http://trends.builtwith.com/mapping/GoogleXMapsXAPI!
Certified!Secure.!(2013,!April).!Certified(Secure(Basic(Web(Application(Audit( Checklist.!Retrieved!April!20,!2013!from! https://www.certifiedsecure.com/download/inline/26234!
Cohn,!M.!(2004).!User(Stories(Applied:(For(Agile(Software(Development.!Boston:! Mass.!
Compete.!(2013,!May).!Statistics(about(manchester.ac.uk.!Retrieved!May!8,!2013! from!Compete!Site!Analytics:! http://siteanalytics.compete.com/manchester.ac.uk/!
Dahse,!J.!(2013,!April).!RIPS(Scanner.!Retrieved!April!20,!2013!from!http://ripsX scanner.sourceforge.net/!
Dybå,!T.,!&!Dingsøyr,!T.!(2008).!Empirical!studies!of!agile!software!development:! A!systematic!review.!Information(and(Software(Technology!,(50!(9X10),!833X859.!
Edmunds,!B.!(2013,!May).!Ion(Auth(library.!Retrieved!May!04,!2013!from! http://benedmunds.com/ion_auth/!
Edmundson,!A.,!Holtkamp,!B.,!Rivera,!E.,!Matthew,!F.,!Mettler,!A.,!&!Wagner,!D.! (2013).!An!Empirical!Study!on!the!Effectiveness!of!Security!Code!Review.!5th(in7 ternational(conference(on(Engineering(Secure(Software(and(Systems!(pp.!197X 212).!Berlin:!SpringerXVerlag.!
EllisLab.!(2013,!May).!CodeIngiter.!Retrieved!May!3,!2013!from! http://ellislab.com/codeigniter!
Eveleens,!J.,!&!Verhoef,!C.!(2010).!The!Rise!and!Fall!of!the!Chaos!Report!Figures.! IEEE(Software!,(27!(1),!30X36.!
Fonseca,!J.,!Vieira,!M.,!&!Madeira,!H.!(2010).!The!Web!Attacker!Perspective!X!A! Field!Study.!IEEE(21st(International(Symposium(on(Software(Reliability(Engineer7 ing,!(pp.!299!X!308).!
Gautreau,!G.!(2013,!May).!jQRangeSlider.!Retrieved!May!04,!2013!from! http://ghusse.github.io/jQRangeSlider/index.html!
Gillmore,!J.,!&!Treat,!R.!H.!(2006).!Beginning(PHP(and(PostgreSQL(8(From(Novice( to(Professional.!Berkeley:!W.!Jason!Gilmore.!
! 75! Google!Maps!Mania.!(2013,!April).!Google(Maps(Mania.!Retrieved!April!29,!2013! from!http://googlemapsmania.blogspot.com/!
Google.!(2013,!April).!FAQ.!Retrieved!April!2013!from!Google!Maps!API:! https://developers.google.com/maps/faq#usagelimits!
Google.!(2013,!April).!Showcase(7(Maps.!Retrieved!April!30,!2013!from!Google!DeX velopers:!https://developers.google.com/showcase/#tags=maps!
Google.!(2013,!April).!Skipfish.!Retrieved!April!2013,!2013!from! https://code.google.com/p/skipfish/!
Haklay,!M.,!Singleton,!A.,!&!Parker,!C.!(2008).!Web!Mapping!2.0:!The!NeogeograX phy!of!the!GeoWeb.!Geography(Compass!,(2!(6),!2011X2039.!
Hills,!M.,!Klint,!P.,!&!Vinju,!J.!(2013).!Exploring!PHP!Feature!Usage!for!Static!AnalX ysis.!The(International(Conference(on(Software(Engineering.!!
Hudson,!W.!(2001).!How!Many!Users!Does!it!Take!to!Change!a!Web!Site?!SIGCHI( Bulletin!,(33,!6X6.!
Johnson,!R.!(2005).!J2EE!development!frameworks.!Computer!,(38!(1),!107X110.!
Jordan,!T.,!&!Taylor,!P.!(1998).!A!sociology!of!hackers.!The(Sociological(Review!,( 46,!757–780.! jQuery!Foundation.!(2013,!May).!jQuery(Framework.!Retrieved!May!4,!2013!from! http://jquery.com/!
Keen,!B.!(2013,!May).!GenerateData.!Retrieved!May!5,!2013!from! http://beta.generatedata.com!
Kniberg,!H.!(2007).!Scrum(and(XP(from(the(Trenches.!InfoQ!Enterprise!Software! Development!Series.!
Krug,!S.!(2005).!Don't(Make(Me(Think:(A(Common(Sense(Approach(to(Web(Usability! (2nd!Edition!ed.).!New!Riders.!
Lancor,!L.,!&!Samyukta,!K.!(2013).!Analyzing!PHP!frameworks!for!use!in!a!proX jectXbased!software!engineering!course.!44th(ACM(technical(symposium(on(Com7 puter(science(education!(pp.!519X524).!New!York:!ACM.!
Martin,!B.,!Brown,!M.,!Paller,!A.,!&!Kirby,!D.!(2011).!2011(CWE/SANS(Top(25(Most( Dangerous(Software(Errors.!CWE.!The!MITRE!Corporation.!
Neil,!T.!(2009,!May).!Review(Usability(Best(Practices.!Retrieved!March!19,!2013!
! 76! from!Designing!Web!Interfaces:!http://designingwebinterfaces.com/6XtipsXforX aXgreatXflexXuxXpartX5!
Nielse,!J.,!&!Landauer,!T.!K.!(1993).!A!mathematical!model!of!the!finding!of!usabilX ity!problems.!Proceedings(of(the(INTERACT('93!(pp.!206X213).!New!York:!ACM.!
Nielsen,!J.!(1994).!Enhancing!the!explanatory!power!of!usability!heuristics.!CHI( '94(Proceedings(of(the(SIGCHI(Conference(on(Human(Factors(in(Computing(Systems! (pp.!152X158).!New!York:!ACM.!
Nielsen,!J.!(1994).!Guerrilla!HCI:!Using!Discount!Usability!Engineering!to!PeneX trate!the!Intimidation!Barrier.!In!Cost7Justifying(Usability!(pp.!245X272).!
Ohloh.!(2013,!March).!Projects.!Retrieved!March!05,!2013!from!Ohloh!by!Black! Duck:!http://www.ohloh.net/tags/framework/php!
Oracle.!(2013,!March).!Java(Basics.!Retrieved!March!05,!2013!from!Ocacle!TechX nology!Network:! http://www.oracle.com/technetwork/topics/newtojava/downloads/index.html!
OWASP.!(2013).!OWASP(Top(10(7(The(Ten(Most(Critical(Web(Application(Security( Risks.!Retrieved!April!18,!2013!from! http://owasptop10.googlecode.com/files/OWASP!Top10!X!2013!X!RC1.pdf!
OWASP.!(2013).!The(Open(Web(Application(Security(Project.!Retrieved!April!19,! 2013!from!Top!10!2013:!https://www.owasp.org/index.php/Top_10_2013!
Programmable!Web.!(2013,!April).!Web(Services(Directory:(Most(Popular.!ReX trieved!April!2013!from!API!Directory:! http://www.programmableweb.com/apis/directory/1?apicat=Mapping!
RAE!2008.!(2008).!UOA(23(Computer(Science(and(Informatics.!Retrieved!05!08,! 2013!from!RAE!2008!quality!profiles:! http://www.rae.ac.uk/results/qualityProfile.aspx?id=23&type=uoa!
Reghunadh,!J.,!&!Jain,!N.!(2011,!Sep).!Selecting(the(optimal(programming(lan7 guage.!Retrieved!Mar!1,!2013!from!developerWorks:! http://www.ibm.com/developerworks/web/library/waX optimal/index.html#resources!
SANS!Institution.!(2009).!The(Top(Cyber(Security(Risks.!!
Sauro,!J.!(2011,!Feb!02).!Measuring(Usability(With(The(System(Usability(Scale( (SUS)(.!Retrieved!July!03,!2013!from! http://www.measuringusability.com/sus.php!
! 77! Schmidt,!M.,!&!Weiser,!P.!(2012).!Web!Mapping!Services:!Development!and! Trends.!In!M.!Peterson!(Ed.),!Online(Maps(with(APIs(and(WebServices!(pp.!13X21).! Springer!Berlin!Heidelberg.!
Scovetta!V.,!M.!(2013,!April).!Yasca.!Retrieved!April!20,!2013!from! http://www.scovetta.com/yasca.html!
Spool,!J.,!&!Schroeder,!W.!(2001).!Testing!web!sites:!five!users!is!nowhere!near! enough.!CHI('01(Extended(Abstracts(on(Human(Factors(in(Computing(Systems!(pp.! 285X286).!New!York:!ACM.!
Surribas,!N.!(2013,!April).!Wapiti.!Retrieved!April!20,!2013!from!Web!application! vulnerability!scanner!/!security!auditor:!http://wapiti.sourceforge.net/!
Suzuki,!K.!(2013,!May).!MY7CIUnit.!Retrieved!May!05,!2013!from! https://bitbucket.org/kenjis/myXciunit!
The!Guardian.!(2011,!Sep!5).!Top(100(QS(World(University(Rankings(for(computer( science(and(information(systems(2011.!Retrieved!Aug!11,!2013!from!Higher!EduX cation!Network:!http://www.theguardian.com/higherXeducationX network/2011/sep/05/topX100XuniversitiesXworldXcomputerXscienceXandX informationXsystemsX2011!
The!Standish!Group.!(2010).!Retrieved!March!13,!2013!from!CHAOS!Report! Summary!for!2010:!http://insyght.com.au/special/2010CHAOSSummary.pdf!
Tidwell,!J.!(2011).!Designing(Interfaces!(2nd!Edition!ed.).!O’Reilly!Media.! timemap.!(2013,!April).!timemap.!Retrieved!April!30,!2013!from! https://code.google.com/p/timemap/!
TIOBE!Software.!(2013,!March).!TIOBE(Programming(Community(Index.!ReX trieved!March!04,!2013!from! http://www.tiobe.com/index.php/content/paperinfo/tpci/index.html!
TSL!EDUCATION!LTD.!(2012,!Aug).!Times(Higher(Education(World(University( Rankings.!Retrieved!Aug!11,!2013!from!2012X2013!Rankings!in!Engineering!&! Technology:!http://www.timeshighereducation.co.uk/worldXuniversityX rankings/2012X13/subjectXranking/subject/engineeringXandXIT!
Tullis,!T.!S.,!&!Stetson,!J.!N.!(2004).!A!Comparison!of!Questionnaires!for!Assessing! Website!Usability.!Usability(Professional(Association(Conference.!!
Twitter.!(2013,!May).!Bootstrap.!Retrieved!May!04,!2013!from! http://twitter.github.io/bootstrap/index.html!
! 78! U.S.!Department!of!Health!&!Human!Services.!(2013,!July!03).!Scenarios.!ReX trieved!July!03,!2013!from!Usability.gov!X!Improving!the!User!Experience:! http://www.usability.gov/howXtoXandXtools/methods/scenarios.html!
UNESCO.!(2013,!April).!UNESCO(Places.!Retrieved!April!30,!2013!from! http://unescoplaces.org/features!
Vaynberg,!I.!(2013,!May).!Select2(.!Retrieved!May!05,!2013!from! http://ivaynberg.github.io/select2/index.html!
VersionOne.!(2011).!State(of(Agile(Development.!Retrieved!March!13,!2013!from! VersionOne:! http://www.versionone.com/state_of_agile_development_survey/11/!
W3C.!(2013,!March).!World(Wide(Web(Consortium.!Retrieved!March!04,!2013! from!Web!Design!and!Applications:!http://www.w3.org/standards/webdesign/!
Web!Technology!Surveys.!(2013,!March).!Usage(of(server7side(programming(lan7 guages(for(websites.!Retrieved!March!04,!2013!from!W3!Techs:! http://w3techs.com/technologies/overview/programming_language/all!
YaoXWen,!H.,!Yu,!F.,!Hang,!C.,!Tsai,!C.XH.,!Lee,!D.XT.,!&!Kuo,!S.XY.!(2004).!Securing! web!application!code!by!static!analysis!and!runtime!protection.!13th(internation7 al(conference(on(World(Wide(Web!(pp.!40X52).!New!York:!ACM.!
!
!
!
!
!
!
!
!
!
!
!
!
! 79! APPENDIX!1–!SYSTEM!USABILITY!SCALE!(SUS)!STANDARD!
QUESTIONNAIRE.(
! 80! APPENDIX!2!,!SPRINTS!
Spr.% User%Story% Estimation% Real% Acceptance%tests% OK%
0! Set!up!development!environment.! 0.25! 0.25! Developer!has!working!LAMP!(Linux,!Apache,!MySQL,!PHP)!environment.! OK!
Developer!has!working!IDE! OK!
Developer!has!working!Unit!Testing!environment! OK!
0! Create!a!common!base!MCV!struc, 1! 1.5! Suitable!MCV!framework!is!selected! OK! ture.! Empty!project!with!proper!configuration!is!deployed! OK!
0! Create!a!common!View!Design! 1! 1! Suitable!Front!End!design!framework!is!selected! OK! Common!design!elements!are!created! OK!
Sprint%0%Working%Days:% 2.25% 2.75% !
1! As! an! administrator! I! want! to! be! 2! 2! Admin!can!specify!how!many!test!visits!should!be!created! OK! able! to! automatically! create! test! data! about! visitors,! so! during! the! Admin!can!specify!date!range!into!which!test!visits!will!be!created! OK! system! development! we! can! see! Admin!can!specify!the!minimum!and!maximum!length!of!a!test!stay.! OK! the! output! without! entering! the! real!data.! Admin!can!create!test!visits!with!specified!limits! OK!
Created!test!visits!use!random!person!names!and!random!institutions!from!Times!top!200! OK! ranking!
Sprint%1%Working%Days:% 2% 2% !
2! As!Third!party!visitor!to!website,!I! 2.5! 2! Google!Maps!is!shown!with!pointers!from!where!all!visitors!have!come!from! OK!
! 81!! want! to! look! at! webpage! to! see! A!date!slider!is!shown!which!enables!to!show!only!visits!starting!during!certain!timeframe! OK! from!where!people!visit!the!school! of!comp!science!to!see!if!good!peo, When!clicking!on!pointers!a!small!info!window!is!shown!with!following!data:!visitor!name,! OK! ple!are!going!to!visit!that!school.!! host!name,!visit!dates!and!hosting!research!group!name.!
Sprint%2%Working%Days:% 2.5% 2% !
3! As! School! director! of! research,! I! 0.5! 0.5! A!table!is!shown!that!has!following!columns:!visitor!name,!host!name,!visit!dates!and!hosting! OK! want! to! have! tables! of! research! research!group!name.! visitors! per! year,! per! group,! per! It!is!possible!to!filter!the!contents!of!the!table!by!year,!hosting!research!group,!visitor’s!home! OK! third! party! country! and! per! third! institution,!visitor’s!home!country,!visitor’s!home!region!and!host.! party!institution.! It!is!possible!to!do!free!text!search!per!each!table!column.! OK!
3! As! School! Admin,! director! of! re, 1! 1! E,mail!and!password!are!required!to!login.! OK! search!and!staff!member,!I!want!to! If!user!enters!invalid!e,mail,!then!the!system!warns!and!disables!the!login!possibility.! OK! be!able!to!log!in!to!restricted!area! of!the!website,!so!third!party!visi, After!login,!user!has!a!possibility!to!log!out!from!the!system.!If!person!doesn’t!manually!log! OK! out,!the!system!will!do!it!automatically!after!3!hours!of!inactivity.! tors!to!website!wouldn't!see!sensi, tive!information.!
3! As!School!Administrator,!I!want!to! 1! 1,5! Only!School!Administrator!can!see!the!functionality!to!create!new!users.! OK! be! able! to! create! users! for! staff! Following!information!is!captured!for!a!new!user:!first!name,!last!name,!password,!e,mail,! OK! members!and!director!of!research.! user!type!(Staff!member,!Administrator!or!Director),!whether!the!user!can!be!a!visitor’s!host! and!research!group!(optional).! If!any!field!is!empty,!the!system!prevents!submitting!the!new!user’s!form.! OK! After!creating!new!user,!the!person!is!sent!a!new!automatic!e,mail!with!instructions!how!to! OK! log!in.! For!security!reasons!after!the!first!successful!login!the!new!user!is!asked!to!change!its!pass, OK! word.!!
! 82! Sprint%3%Working%Days:% 2.5% 3% !
4! As!School!administrator,!I!want!to! 3! 3! If!the!visitor’s!name!is!set!to!be!private,!the!name!of!the!visitor!is!changed!to!“Anonymous”! OK! be! able! to! indicate! if! visitor! name! for!all!not!logged!in!users.!! should! be! public! and! do! we! have! Logged!in!users!can!see!the!names!of!all!private!visitors.! OK! permission! to! display! their! names! Visitor’s!name!can!be!set!private!either!during!the!initial!visit!entry!or!later!at!any!point!of! OK! or!not!for!privacy!reasons.! time.!
4% As! School! director! of! research,! I! 0% 0% All!tests!in!the!same!iteration’s!previous!user!story!need!to!be!passed.! OK! want! to! be! sure! that! we! are! ethi, cally! compliant! such! that! the! pri, vacy! of! internal! staff! and! external! visitors! is! preserved! and! names! are!shown!only!with!permission.!
Sprint%4%Working%Days:% 3% 3% !
5! As!School!administrator,!I!want!to! 1.5! 2! Following!information!is!asked!when!entering!a!new!visit:!visitor’s!title,!first!name,!last!name,! OK! be!able!to!enter!in!visitors!so!they! gender,! whether! name! is! public,! home! institution,! department,! visiting! position,! research! can! be! displayed! on! the! visitor! group,!host,!from!date!and!to!date.!All!of!it,!except!the!department,!is!compulsory.! website.! If!it!is!a!returning!guest!then!administrator!can!select!the!name!from!a!list.!If!done!so,!the!fol, OK! lowing!information!will!be!entered!automatically:!visitor’s!title,!first!name,!last!name,!gender! and!whether!the!name!is!public! Following!fields!have!a!possibility!to!select!an!option!from!an!existing!list:!home!institution,! OK! department,!visiting!position,!research!group,!host! If!existing!list!doesn’t!contain!required!entry,!then!admin!can!enter!a!new!entry!without!leav, OK! ing!new!visit!entry!page! A!date!can!be!entered!by!selecting!it!from!a!small!calendar.! OK!
! 83! 5! As!School!administrator,!I!want!to! 1.5! 2! Admin!can!search!for!an!institution!by!its!name!after!which!a!marker!is!displayed!on!a!map!to! OK! be! able! to! record! where! institu, confirm!the!location!of!searched!institution.! tions!are.! If!the!institution!wasn’t!found!or!the!location!was!incorrect,!then!the!admin!can!select!a!cor, OK! rect!location!from!the!map.! If!the!search!was!successful,!following!information!will!be!filled!automatically:!Street!address,! OK! postal!code,!Town/City,!Country! For!each!institution!following!information!is!compulsory:!name,!location!on!a!map!and!coun, OK! try.!Street!address,!postal!code!and!town/city!are!optional.!
Sprint%5%Working%Days:% 3% 4% !
6! As.!School!administrator,!I!want!to! 1! 1.5! All!the!data!about!the!visitor!can!be!changed!by!admin!at!any!point!in!time.! OK! be!able!to!edit!data!held!about!the! visitors.! If!a!visitor!has!more!than!one!visits!then!changing!the!name!will!change!it!globally!over!all! OK! visits.! When!editing!a!visit,!the!same!compulsory!information!as!in!entering!visits!needs!to!be!pro, OK! vided.!If!anything!is!missing,!then!the!system!will!not!enable!to!save!the!changes.!!
6! As!School!administrator,!I!want!to! 1! 1! Admin!can!change!all!the!information!about!members!of!staff!and!research!groups,!except!the! OK! be! able! to! edit! information! about! staff’s!e,mail!addresses!that!are!used!for!authentication.!! members! of! staff! and! research! When!editing!a!member!of!staff!information,!the!same!compulsory!information!as!in!entering! OK! groups!in!our!school.! it!needs!to!be!provided.!If!anything!is!missing,!then!the!system!will!not!enable!to!save!the! changes.!
Sprint%6%Working%Days:% 2% 2.5% !
! 84! 7! As!a!user!I!want!to!be!able!to!use! 1,5! 2! All!of!the!content!on!the!webpage!is!responsively!changing!its!with!to!fill!up!the!maximum! OK! the! webpage! on! a! mobile! device! amount!of!space!depending!on!the!with!of!the!device’s!screen.! such!as!tablets!and!mobile!phones.! If!the!with!of!the!device!screen!is!very!small,!then!reduce!the!amount!of!columns!shown!in! OK! the!data!table.!
7! As!a!user!I!want!to!have!clusters!of! 1,5! 2! If!single!institution!point!is!shown!on!the!map,!then!the!pointer!has!a!number!indicating!how! OK! close!by!visits!on!a!map!combined! many!visitors!have!come!from!that!institution.!!! into!one!point!with!a!number!indi, If!more!than!one!institution!is!shown!together,!then!the!pointer!has!a!number!indicating!how! OK! cating! how! many! visits! it! repre, many!visitors!have!come!from!all!of!the!combined!institutions!in!total.! sents.! The!size!of!clustered!pointer!depends!on!how!many!institutions!it!combines.!There!are!three! OK! options!–!2,9,!10,49!and!50!and!more!institutions.!More!it!combines,!the!bigger!it!gets.!
Sprint%7%Working%Days:% 3% 4% !
8! As! School! director! of! research,! I! 2! 2! The!statistics!page!contains!a!chart!showing!the!amount!of!visitors!and!their!average!length! OK! want!to!be!able!to!look!at!statistics! on!each!year.! on! visitors! so! that! I! can! see! how! The!statistics!page!contains!overall!statistical!numbers!–!how!many!visits!have!there!been!in! OK! attractive!we!are!for!research!visi, total!over!the!years,!how!many!visits!are!there!on!average!per!year!and!what!is!the!average! tors.!(Executive!dashboard)! visit!length! The!statistics!page!contains!three!charts!showing!how!the!visits!are!distributed!regionally,!by! OK! visitor’s!home!country!and!by!hosting!research!group.! The!statistics!page!will!enable!to!filter!the!shown!data!by!region!and!by!research!group.!If!the! OK! filters!are!used!then!the!data!will!be!shown!will!be!updated!statistics!dynamically!recalculat, ed!
Sprint%8%Working%Days:% 2% 2% !
9! As!a!school!staff!member,!I!want!to! 1! 1! Throughout!the!website!the!font!is!set!to!‘Open!Sans’! OK! make! sure! that! the! system! looks!
! 85! and! feels! the! same! as! rest! of! the! All!of!the!design!element!component!colours!will!be!selected!according!to!The!University!of! OK! school!website.! Manchester!Visual!Identity!guidelines.!!
9! As! School! staff! member,! I! want! to! 1! 1.5! If!clicked!on!visitor’s!name!on!the!map!or!in!the!table!then!a!modal!popup!is!opened!with!de, OK! be! able! to! check! that! the! data! tailed!information!and!a!possibility!to!write!a!report!if!anything!is!found!wrong!about!the!info! about! people! who! visited! me! is! If!the!report!is!sent!off!then!an!e,mail!is!automatically!sent!off!to!the!administrator’s!e,mail! OK! correct,! and! if! not,! to! notify! the! that!is!defined!in!the!config!file.! admin.!
Sprint%9%Working%Days:% 2% 2.5% !
% % % !
! 86! APPENDIX!3!–!BACKLOG!
User%Story% Estimation%
As.! School! administrator,! I! want! to! be! able! to! do! bulk! upload! of! visitor! data.!! 2! (csv!probably)!
As!School!Director!of!Research!I!want!to!be!sure!that!the!system!does!not!conU 2! tain!any!OWASP!TOP!10!web!security!risks.!
As!School!administrator!I!want!to!locate!new!institution's!coordinates!by!speciU 1.5! fying!its!address!and!then!doing!a!search.!
As!external!visitor!I!want!to!see!the!visits!on!a!graphical!timeline.! 2! !
!
APPENDIX!4!–!ETHICS!APPROVAL!FORM!
!
Application form for approval of a research project
This form should be completed by the Chief Investigator(s), after reading the guidance notes.
Project Details:
Title: Where do our research visitors come from?
Abstract: The School of Computer Science keeps track of all research visits, but it is currently not public. Thus, the attractiveness and the ac- tivity this exhibits in the School of Computer Science really is under- exploited as a resource.
This project will address the problem by introducing a new web based system in which the visitor data is visualized on a map, keeping in mind any ethical constraints on viewing, for instance, visitor’s names. More- over, the tool will enable users to segment data by applying various fil- ters; such as time, hosting research group, hosting person or visitor’s home region. This project will also examine the existing data about re- search visitors and highlight significant phenomena.
Study Details:
87! ! ! 87! The study type is: Postgraduate usability evaluation
Study Title: Website usability testing
Abstract: My Dissertation involves substantial amount of web design. In order to evaluate the success or failure of design choices I would like to conduct us- ability testing sessions with up to 14 participants. During those sessions each participant would solve 10-15 short tasks with think-aloud method. At the end, they would fill up a standard System Usability Scale questionnaire.
Applicants: *Karl Kerem.
1: Proposed start date of the study
01.06.2013!
2: Anticipated completion date for the study
31.06.2013
3: What is the principal research question/objective?
My dissertation project involves substantial amount of web design. The pur- pose of this study is firstly to evaluate the success or failure of design choices, and secondly to outline any potential interface issues that could be fixed be- fore releasing the product.
The success or failure of design choices is defined by standard System Usa- bility Score (SUS) questionary result. The hypothesis is that more than 70 points could be achieved with a good design.
4: What is the scientific justification for the research? What is the back- ground? Why is this an area of importance? Has any similar research been done already?
Usability testing is a critical part of website building process. Major research leaders on this subject such as Jakob Nielsen and John Brooke recommend to do as many tests as frequently as possible. The rationale is that the author of the design fails to see potential usability problems in the design; the same way as writers have hard time to spot their own grammar mistakes.
5: Give a full explanation of the purpose, design and methodology of the planned research. It should be clear exactly what will happen to the re- search participant, how many times and in what order.
The evaluation is to help determine the usability of this postgraduate project. As such the participants will engage in a 15 minute training period in which the functionality under evaluation will be shown. After this a 30 minute di- rected evaluation will be undertaken using the 'Think Aloud Methodology'. The evaluation itself will comprise a maximum of 25 directed activities at which
! 88! time the evaluator will make written notes relating to the comments and sug- gestions of the participant. These notes will be formally transcribed after the evaluation taking due care to anonymize the participant information as well as any comments or notes which could lead to the participants identification be- ing deduced by third-parties. The Think Aloud methodology is a well under- stood evaluation process evolving mainly from design based approaches. In this case it will produce qualitative data and will occur as part of an observa- tional process (and is therefore not a direct measurement of participant per- formance, as would be normal in more formal laboratory settings). 'Think Aloud' requires the evaluation activities to be completed, however it is not the direct measurement of those activities. Instead, it is the associated verbalisa- tions of the participants as they progress through the activities describing how they are feeling, what they think, and what they think they need to do. In this case, we wish to understand explicitly the activities and thoughts of the user, as they are performing the evaluation activities specific to this evaluation. The main risk with 'Think Aloud' is that it is very easy to implicitly influence the par- ticipant into providing outcomes that are positive regardless of the true nature of the interface or interaction. Indeed, the very act of verbalising their thoughts and feelings means that participants often change the way they interact with the system. At the end of the session participants would fill up a standard Sys- tem Usability Scale (SUS) questionnaire. This will provide a quantitative feed- back on the usability of the artifact.
6: Describe the methods that will be used to analyse the data collected in the study.
The evaluator will analyse the data. This will take the form of drawing conclu- sions regarding usability from common themes and user experiences reoccur- ring throughout the formal transcripts. Understanding common positive and negative aspects of the user experience will enable future work to be sug- gested and/or changes to be made to the artefact currently under evaluation.
Also, System Usability Scale (SUS) questionnaire results will be combined and a SUS score will be calculated.
7: How many participants will be recruited?
14
8: Provide details of the participants.
Male and female computer literate adults between the ages of 18 and 60
9: Will the participants be from any of the following groups? (Tick as appropriate)
None of the above
10: Will you have direct contact with participants?
! 89! Yes
11: How will you identify and select participants?
Networks and recommendations
12: Please enter the text used for recruitment.
Dear peers and friends,
I would like to ask your help in evaluating the usability of my MSc dissertation project.
Expected duration of the evaluation is 45 minutes.
This is a nice opportunity to have a first hand experience with advanced web technologies and give valuable feedback on their usability.
13: Will participants receive an incentive for taking part?
No
14: What is the potential for adverse effects, risks or hazards for re- search participants, including potential for pain, discomfort, distress or inconvenience?
It is not anticipated that there will be any physical discomfort associated with the study, but it is possible that some participants may find performing the evaluation difficult, and therefore stressful. Before the evaluation starts, partic- ipants will have time to practice using the new software, and getting used to the commands, and they will also be able to ask questions at any point during the evaluation. Participants will be free to take a break or withdraw from the evaluation at any point.
15: Will individual or group interviews/questionnaires discuss any top- ics or issues that might be sensitive, embarrassing or upsetting, or is it possible that criminal or other disclosures requiring action could take place during the study (e.g. during interviews/group discussions)?
No
16: How long do you anticipate the total duration of participation for each participant?
One hour or less
17: What is the potential for adverse effects, risks or hazards, pain, dis- comfort, distress, or inconvenience to the researchers themselves?
It is not anticipated that there will be any risks to the experimenter associated with the study.
! 90! 18: How will risks or inconvenience to the participant/researcher be minimised?
It is not anticipated that there will be any risks to the experimenter associated with the study.
19: Will a signed record of consent be obtained?
Yes
20: How long after they receive the information sheet will participants have to decide whether to take part in the research?
More than 24 hours
21: Will you be using any of the following forms of data recording?
None of the above
22: Where will the experiment take place?
University of Manchester premises
23: Will the research be carried out wholly within the UK?
Yes
24: Please confirm that data will be:
Obtained and used only in the way(s) for which consent has been given Fairly and lawfully processed Processed for limited purposes Adequate relevant and not excessive Accurate Not kept longer than necessary Processed in accordance with the participant's rights Secure Not transferred to settings without adequate protection.
25: What measures have been put in place to ensure confidentiality of personal data? Give details of whether any encryption or other anony- misation procedures have been used and at what stage.
All data from participants will be stored under a subject number. This number will not be linked with the participant's name, providing anonymity.
26: Where will the data analysis take place?
A private study area
27: Will the data be stored in a secure place (e.g., a locked drawer, ac-
! 91! cessible only to the researcher, or secure, password protected electron- ic files.) at all times?
Yes
28: Who will control the data generated during the study and act as its custodian?
The supervisor
29: Who will have access to the data generated by the study?
The researcher & the supervisor
30: Will the data be kept for 10 years?
Yes
31: Will any adverse events be reported to the University Research Eth- ics Committee?
Yes
32: Does this research pose any conflicts of interest?
No
33: How will the results of the study be reported and disseminated?
Dissertation/thesis
!
%
! 92!