Skip to content

Planning Poker Summary and Feature Selection

Planning Poker Participants

  • Andreas Kjersheim
  • Noora Kuikka
  • Ali Muneeb
  • Niko Satejeff
  • Ashutosh Burman
  • Markus Suonio

Summary

During the planning poker session, the team evaluated various features and user stories based on their complexity and familiarity with the required technologies. Points were assigned to each feature to reflect the perceived difficulty of implementation. The points ranged from 0 to 100, with higher points indicating greater complexity and uncertainty.

Feature Categorization

Based on the points assigned during planning poker, the features can be categorized as follows:

Low Complexity (0-20 points)

  1. Compare different LAM stations side by side
  2. Securely authenticate user accounts
  3. Save favorite LAM stations to user account
  4. Export data to CSV from the database
  5. Export history data from specific dates
  6. Enforce secure coding practices
  7. Manage cloud-based infrastructure
  8. Establish automated testing and quality assurance processes
  9. Maintain good documentation of the architecture and pipelines
  10. Regularly update and patch the underlying technology stack
  11. Manual Testing
  12. Maintainable Documentation

Medium Complexity (40 points)

  1. Implement web app accessibility measures
  2. Implement automated build and deployment pipeline
  3. Configure scalable and resilient infrastructure using containerization
  4. Implement container redundancy

High Complexity (75-100 points)

  1. User Feedback service
  2. HTTPS Connection
  3. Implement automated security testing pipeline
  4. Configure rate limiting on certain API endpoints
  5. Regularly scan for known security vulnerabilities
  6. Harden all the containers
  7. Control access to the server
  8. Protect application with Web Application Firewall
  9. Provide e-mail summaries of road work and traffic situations
  10. Display road tolls in Nordic countries

Feature Selection

From the features categorized as low complexity, the team will select a subset to prioritize for implementation based on their relevance to project objectives and user needs. Additionally, the medium complexity features will be considered for inclusion in the development roadmap, with careful consideration given to available resources and project timelines.

Proposed Solutions for Top 30 Features

Low Complexity

  1. Compare different LAM stations side by side - Solution: Implement a side-by-side comparison feature using HTML/CSS and JavaScript for frontend rendering and a backend service to fetch and process station data.

  2. Securely authenticate user accounts - Solution: Utilize JWT (JSON Web Tokens) for user authentication and implement secure password hashing using bcrypt in the backend.

  3. Save favorite LAM stations to user account - Solution: Implement a database schema to store user favorites and create API endpoints for CRUD operations to manage favorites.

  4. Export data to CSV from the database - Solution: Develop a backend service to query database records and generate CSV files dynamically, allowing users to download them.

  5. Export history data from specific dates - Solution: Implement a date filter feature in the frontend to select specific date ranges and fetch corresponding data from the database.

  6. Enforce secure coding practices - Solution: Conduct regular code reviews, implement OWASP security guidelines, and use tools like ESLint and SonarQube for static code analysis.

  7. Manage cloud-based infrastructure - Solution: Utilize cloud platforms like AWS or Azure for infrastructure management, leveraging services like EC2, S3, and RDS for scalable and reliable deployments.

  8. Establish automated testing and quality assurance processes - Solution: Implement unit tests, integration tests, and end-to-end tests using frameworks like Jest, Selenium, and Cypress, integrated into the CI/CD pipeline.

  9. Maintain good documentation of the architecture and pipelines - Solution: Use tools like Markdown, Swagger, and PlantUML to document system architecture, API endpoints, and deployment pipelines.

  10. Regularly update and patch the underlying technology stack

    • Solution: Monitor for updates from technology vendors and apply patches regularly to mitigate security vulnerabilities and ensure compatibility.

  11. Manual Testing

    • Solution: Develop test cases covering critical user scenarios and execute manual tests periodically to validate system functionality.

  12. Maintainable Documentation

    • Solution: Document codebase, APIs, and system architecture using standardized formats like Markdown and ensure regular updates to reflect changes.

Medium Complexity

  1. Implement web app accessibility measures - Solution: Follow WCAG guidelines for accessibility and use tools like Axe and Lighthouse for accessibility testing.

  2. Implement automated build and deployment pipeline - Solution: Use CI/CD tools like Jenkins, GitLab CI/CD, or GitHub Actions to automate the build, test, and deployment processes.

  3. Configure scalable and resilient infrastructure using containerization - Solution: Utilize Docker containers orchestrated with Kubernetes for scalability and reliability, ensuring high availability and fault tolerance.

  4. Implement container redundancy - Solution: Deploy container replicas across multiple nodes in a Kubernetes cluster to achieve redundancy and minimize single points of failure.

High Complexity

  1. User Feedback service - Solution: Develop a feedback form feature integrated into the web app UI, storing user submissions in a database for analysis and action.

  2. HTTPS Connection - Solution: Obtain SSL/TLS certificates from a trusted Certificate Authority and configure HTTPS on the web server to encrypt data transmission.

  3. Implement automated security testing pipeline - Solution: Integrate security testing tools like OWASP ZAP, Burp Suite, and SonarQube into the CI/CD pipeline to identify and remediate security vulnerabilities automatically.

  4. Configure rate limiting on certain API endpoints - Solution: Implement rate-limiting middleware in the backend to restrict the number of requests per user IP address or API key within a defined time window.

  5. Regularly scan for known security vulnerabilities - Solution: Utilize automated vulnerability scanning tools like Nessus, OpenVAS, or Qualys to regularly scan the infrastructure and applications for known vulnerabilities.

  6. Harden all the containers - Solution: Apply security best practices to Docker containers, including minimizing attack surfaces, restricting privilege escalation, and using trusted base images.

  7. Control access to the server - Solution: Implement role-based access control (RBAC) and use SSH key-based authentication for server access, coupled with firewall rules to restrict incoming connections.

  8. Protect application with Web Application Firewall - Solution: Deploy a WAF (Web Application Firewall) solution like ModSecurity or AWS WAF to inspect and filter HTTP traffic for malicious payloads and attacks.

  9. Provide e-mail summaries of road work and traffic situations - Solution: Implement a scheduled task in the backend to aggregate relevant data and send email summaries to subscribed users based on their preferences.

  10. Display road tolls in Nordic countries

    • Solution: Integrate with relevant APIs or databases to retrieve road toll data for Nordic countries and display it dynamically on the map interface.

Methods to Perform Top 30 Features

Low Complexity (0-20 points)

Compare different LAM stations side by side

  • Solution: Implement a feature allowing users to select multiple LAM stations and display their data side by side on the map interface.
  • Method: Use React state management to track selected stations, fetch data for each station from the backend API, and render the information side by side using Leaflet maps.

Securely authenticate user accounts

  • Solution: Implement JWT-based authentication for user accounts to ensure secure access to the application.
  • Method: Utilize libraries like jsonwebtoken in the backend to generate and verify JWT tokens upon user login. Store tokens securely in browser cookies or local storage.

Save favorite LAM stations to user account

  • Solution: Provide users with the ability to save their favorite LAM stations to their account for quick access.
  • Method: Implement CRUD operations for user favorites in the backend API, allowing users to add, remove, and retrieve their favorite stations. Store favorites in a user-specific database collection.

Export data to CSV from the database

  • Solution: Enable users to export traffic data from the database to CSV files for offline analysis.
  • Method: Implement a backend endpoint to query and fetch data from the database based on user-defined filters. Convert the retrieved data into CSV format and provide a download link to the user.

Export history data from specific dates

  • Solution: Allow users to export historical traffic data from specific dates for detailed analysis.
  • Method: Extend the existing data export functionality to accept date range parameters. Query the database for data within the specified date range and export it to CSV format.

Enforce secure coding practices

  • Solution: Ensure adherence to secure coding practices to prevent common security vulnerabilities.
  • Method: Conduct regular code reviews to identify and mitigate security issues. Enforce coding standards and utilize static code analysis tools like ESLint and SonarQube to catch vulnerabilities early in the development process.

Manage cloud-based infrastructure

  • Solution: Utilize cloud platforms like AWS or Azure to host the application and manage infrastructure resources.
  • Method: Provision virtual servers, databases, and other necessary resources on the cloud platform. Utilize Infrastructure as Code (IaC) tools like Terraform or AWS CloudFormation for automated provisioning and management.

Establish automated testing and quality assurance processes

  • Solution: Implement automated testing processes to ensure code quality and reliability.
  • Method: Set up unit tests, integration tests, and end-to-end tests using frameworks like Jest, Selenium, and Cypress. Integrate testing into the CI/CD pipeline to automate test execution on code changes.

Maintain good documentation of the architecture and pipelines

  • Solution: Document the system architecture, APIs, and deployment pipelines to facilitate collaboration and maintenance.
  • Method: Use Markdown files and diagrams to document architecture components, API endpoints, and deployment procedures. Keep documentation up to date with changes and version control it alongside the codebase.

Regularly update and patch the underlying technology stack

  • Solution: Stay vigilant about security updates and patches for the technology stack to prevent vulnerabilities.
  • Method: Monitor for updates from technology vendors and apply patches promptly. Utilize tools like Dependabot or Renovate to automate dependency updates in the codebase.

Manual Testing

  • Solution: Conduct manual testing to validate system functionality and ensure a positive user experience.
  • Method: Develop test cases covering critical user scenarios and edge cases. Execute manual tests periodically to identify and address issues not caught by automated testing.

Maintainable Documentation

  • Solution: Create and maintain comprehensive documentation to aid in system understanding and maintenance.
  • Method: Document codebase, APIs, and system architecture using Markdown files and diagrams. Ensure documentation is organized, searchable, and accessible to all team members.

Medium Complexity (40 points)

Implement web app accessibility measures

  • Solution: Enhance accessibility by following WCAG guidelines and utilizing tools for accessibility testing.
  • Method: Implement ARIA attributes, keyboard navigation, and semantic HTML to improve accessibility. Use tools like Axe and Lighthouse for automated accessibility testing and address any issues found.

Implement automated build and deployment pipeline

  • Solution: Automate the build, test, and deployment processes to streamline development and release cycles.
  • Method: Use CI/CD tools like Jenkins, GitLab CI/CD, or GitHub Actions to set up automated pipelines. Configure pipelines to trigger on code changes, run tests, and deploy to staging or production environments.

Configure scalable and resilient infrastructure using containerization

  • Solution: Containerize application components using Docker and orchestrate with Kubernetes for scalability and resilience.
  • Method: Dockerize frontend and backend services, define Dockerfiles and Docker Compose files for local development. Deploy containers to Kubernetes clusters and configure auto-scaling and load balancing.

Implement container redundancy

  • Solution: Ensure high availability and fault tolerance by deploying container replicas across multiple nodes.
  • Method: Configure Kubernetes ReplicaSets or Deployments to maintain a specified number of container replicas. Use Pod anti-affinity rules to spread replicas across different nodes for redundancy.

High Complexity (75-100 points)

User Feedback service

  • Solution: Develop a feedback form feature integrated into the web app UI, storing user submissions for analysis and action.
  • Method: Implement a feedback form component in the frontend UI, allowing users to submit feedback on their experience. Store feedback data in a database and provide an interface for analyzing and responding to feedback.

HTTPS Connection

  • Solution: Configure HTTPS on the web server to encrypt data transmission and enhance security.
  • Method: Obtain SSL/TLS certificates from a trusted Certificate Authority and configure the web server (e.g., Nginx or Apache) to enforce HTTPS. Redirect HTTP traffic to HTTPS for all requests.

Implement automated security testing pipeline

  • Solution: Integrate security testing tools into the CI/CD pipeline to identify and remediate security vulnerabilities automatically.
  • Method: Use tools like OWASP ZAP, Burp Suite, and SonarQube to scan code for security vulnerabilities during the build process. Fail the pipeline if critical vulnerabilities are detected and provide feedback to developers for remediation.

Configure rate limiting on certain API endpoints

  • Solution: Implement rate-limiting middleware to restrict the number of requests per user IP address or API key.
  • Method: Utilize middleware libraries like Express Rate Limit or NGINX rate limiting to enforce request limits. Configure limits based on user authentication status, API endpoint, or IP address.

Regularly scan for known security vulnerabilities

  • Solution: Utilize automated vulnerability scanning tools to regularly scan the infrastructure and applications for known vulnerabilities.
  • Method: Schedule periodic scans using tools like Nessus, OpenVAS, or Qualys to identify security weaknesses. Generate reports and prioritize vulnerabilities for remediation based on severity.

Harden all the containers

  • Solution: Apply security best practices to Docker containers to minimize attack surfaces and reduce the risk of compromise.
  • Method: Implement container security measures such as restricting privilege escalation, minimizing container capabilities, and using trusted base images. Scan container images for vulnerabilities using tools like Docker Bench Security or Clair.

Control access to the server

  • Solution: Implement role-based access control (RBAC) and use SSH key-based authentication for server access.
  • Method: Configure server access policies using tools like AWS IAM or SSH configuration files. Grant permissions based on user roles and responsibilities, and enforce multi-factor authentication for critical systems.

Protect application with Web Application Firewall

  • Solution: Deploy a Web Application Firewall (WAF) to inspect and filter HTTP traffic for malicious payloads and attacks.
  • Method: Use WAF solutions like ModSecurity, AWS WAF, or Cloudflare WAF to monitor and filter incoming web traffic. Configure rulesets to block common attack patterns like SQL injection and cross-site scripting (XSS).

Provide e-mail summaries of road work and traffic situations

  • Solution: Implement a scheduled task to aggregate relevant traffic data and send email summaries to subscribed users.
  • Method: Develop a backend service to collect and process traffic data from external APIs. Use a cron job or scheduler to trigger the email summary generation and distribution process.

Display road tolls in Nordic countries

  • Solution: Integrate with relevant APIs or databases to retrieve road toll data for Nordic countries and display it dynamically on the map interface.
  • Method: Fetch road toll data from authoritative sources using HTTP requests or database queries. Parse and render toll information on the map interface alongside other traffic data.