Assessment is aimed to provide a detailed review of the code base and architecture according to the following factors:
1. Responsibility Leak:
a. Checking no responsibility leaks exist from backend to frontend or vice versa.
2. ACID Database Transactions:
a. Database transactions should be atomic and therefore ensuring all the required data has been saved to the database.
b. Control should be enforced over transaction isolation levels (Serializable, Repeatable Reads and Read committed … etc) and therefore avoiding dirty reads.
3. Separation of Concerns (Architecture Tiers):
a. Clear architecture tiers should exist with different responsibilities to make the system easy to maintain and decreasing technical debt.
b. Checking no responsibility leak exists either across different architecture tiers within a single code base (backend/frontend)
c. Dependencies between different tiers should be mapped to abstract classes or interfaces not concrete ones, thus making it easy to control dependencies using IOC Containers.
4. Database Design:
a. Detecting (N+1) query problems in the application if exists.
b. Detecting design problems causing data inconsistency caused by duplicating frequently updated data.
c. Overall assessment of database design extensibility.
d. Checking the current database backup mechanism.
5. Database Migrations:
a. Clear database migration steps should exist not SQL scripts.
b. At some version of the application deployment, you should be able to check at which step the database has been updated, in the existence of migrations, you can simply check the migrations history table.
c. Only newly added migration steps should be run at the deployment time.
6. API Design:
a. Checking how input validations are handled.
b. Checking how business logic validations are handled.
c. Checking if the APIs built for Mobile First design.
7. Unit Testing:
a. Assessment of code base testability by checking if objects can be mocked and thus testing the behavior of dependent classes easily.
b. Checking unit tests are independent of any external environment communication (Database, API …etc).
c. Calculating current test coverage for the application.
8. Application Assets (Images, Videos ..etc):
a. How Application assets are persisted.
b. Checking existence of a CDN (Content Delivery Network) (AWS S3 for example).
c. Application assets backup mechanism (in case the application not using a CDN).
9. Exception Monitoring:
a. Checking the existing real-time exception monitoring and alerting mechanism that reflects runtime errors happening on production in real-time and details about these errors such as exception time, frequency and stack trace.
a. Checking the current deployment pipeline from development to production.
b. Checking configuration management and versioning mechanisms used during the development lifecycle.