Introduction to Prompt Engineering (Focusing on ChatGPT)
AUTH - SEAF
1. The So'ware Development
Process
Prof.
Andreas
L.
Symeonidis
Aristotle
University
of
Thessaloniki
asymeon@eng.auth.gr,
seaf-‐int@olympus.ee.auth.gr
2. SEAF
Webinar
-‐
SoC
Dev
Process
SEAF Architecture
&
Technologies
26
Apr
2016
2
3. SEAF
Webinar
-‐
SoC
Dev
Process
Architectural diagram
UI
(Browser)
Contractor
UI
Investor
UI
Admin
UI
Back-‐end
API
DB
File
Storage
SEA
EvaluaQon
SEA
StandardizaQon
SEA
Risk
Assessment
Accounts
Projects
NoQficaQons
Monitoring
Logging
26
Apr
2016
3
4. SEAF
Webinar
-‐
SoC
Dev
Process
Contractor User Interface
• User
interface
to
visualize
and
interact
with
contractor
services
as
discussed
earlier
• Macroscopic
(dashboard
like)
and
Microscopic
views
(per
project)
will
be
offered
Project
inputs
Personal
profile
informaQon
Recent
acQvity
on
the
plaZorm
NoQficaQons
Pipeline
quick
view
PorZolio
performance
metrics
Project
form
Project
pipeline
overview
Contractor Views
26
Apr
2016
4
5. SEAF
Webinar
-‐
SoC
Dev
Process
Investor User Interface
• User
interface
to
visualize
and
interact
with
investor
services
• Macroscopic
(dashboard
like)
and
Microscopic
views
(per
project)
will
be
offered
Investor views
Personal
profile
informaQon
Recent
acQvity
on
the
plaZorm
NoQficaQons
Pipeline
quick
view
PorZolio
performance
metrics
Project
form
Project
pipeline
overview
26
Apr
2016
5
6. SEAF
Webinar
-‐
SoC
Dev
Process
Administrator User Interface
26
Apr
2016
6
• User
interface
to
handle
users/user
categories
and
project
logisQcs
Administrator views
User
request
informaQon
Recent
acQvity
on
the
plaZorm
NoQficaQons
Pipeline
creaQon
New
metrics
New
input
data
New
processes
7. SEAF
Webinar
-‐
SoC
Dev
Process
Technologies
• MEAN
stack
• MongoDB
• ExpressJS
• AngularJS
• Node.js
• Built
for
the
web
• Enormous
community
• RESTful
API
• Devops
• Integrate
operaQons
into
code
• ConQnuous
delivery
• AutomaQc
deployment
• Logging
• AnalyQcs
• Monitoring
• Quality
• SonarQube
• Jenkins
CI
• LinQng
26
Apr
2016
7
8. SEAF
Webinar
-‐
SoC
Dev
Process
Agile/Scrum
Development
Methodology
26
Apr
2016
8
9. SEAF
Webinar
-‐
SoC
Dev
Process
Agile/Scrum
• We
expect
con;nuous
changes
in
the
requirements,
so
we
want
to
be
as
agile
as
possible
• We
need
to
deliver
soCware
from
day
1
• “A
prototype
is
worth
a
1000
meeQngs/10K
slides”
• ConQnuous
value
delivery
• 1
main
developer
partner
è
Team
colocaQon
è
Beger
face-‐2-‐face
communicaQon
è
Agile/Scrum
beger
fit
• The
2
releases
(early/final)
will
be
snapshots
of
the
Scrum
process.
26
Apr
2016
9
10. SEAF
Webinar
-‐
SoC
Dev
Process
Why Agile/Scrum?
• ConQnuously
aligns
the
delivered
soCware
with
business
needs
easily
adapQng
to
changing
requirements
throughout
the
process.
• Accelerates
the
delivery
of
business
value
• Minimizes
the
overall
project
risks
26
Apr
2016
10
30 days 30 days 30 days 30 days
Backlog:
25
features
Backlog:
19
features
Backlog:
17
features
Backlog:
12
features
Planning
Daily Scrum
Daily Scrum
Daily Scrum
Daily Scrum
Development
Sprint
Review
Retrospec;ve
Planning
Daily Scrum
Daily Scrum
Daily Scrum
Daily Scrum
Development
Sprint
Review
Retrospec;ve
Planning
Daily Scrum
Daily Scrum
Daily Scrum
Daily Scrum
Development
Sprint
Review
Retrospec;ve
Planning
Daily Scrum
Daily Scrum
Daily Scrum
Daily Scrum
Development
Sprint
Review
Retrospec;ve
1
2
3
4
11. SEAF
Webinar
-‐
SoC
Dev
Process
Extract
requirements
from
pilot
case
users
and
the
DoW
Transform
requirements
to
user
stories
based
on
behavior-‐driven
development
and
prioriQze
Generate
funcQonality
based
on
test-‐driven
development
Run
regression,
integraQon
&
acceptance
tests
and
deploy
Retrospect
the
cycle
and
demo
the
release
to
the
stakeholders
The Sprint process
12. SEAF
Webinar
-‐
SoC
Dev
Process
QRS
Quality
–
Reliability
–
Security
26
Apr
2016
12
13. SEAF
Webinar
-‐
SoC
Dev
Process
Quality
• TesQng
• Our
tesQng
process
covers:
• Unit
tests
• API
acceptance
tests
• User
acceptance
tests
• Regression
tests
• Goal:
>
70%
test
coverage
• Readability
&
Best
Coding
PracQces
• AirBnb’s
linQng
rules
• Technical
debt
• SonarQube
• Goal:
<
1
week
26
Apr
2016
13
14. SEAF
Webinar
-‐
SoC
Dev
Process
Reliability
• Aim
for
building
reliability
into
code
• Infrastructure:
• Dedicated
server
hosQng
just
SEAF
• Server
runs
in
the
university
network
backed
by
an
onsite
administrator
and
an
expert
backbone
group
(hgp://it.auth.gr/en)
26
Apr
2016
14
15. SEAF
Webinar
-‐
SoC
Dev
Process
Security Plan
Go
for
a
pracQcal
(and
pragma;c)
approach
towards
security:
1. Learning
from
other
people’s
mistakes
2. Develop/deploy
tools
to
detect
and
correct
problems
3. Planning
to
have
everything
compromised
Our
security
plan
will
be
documented
in
a
deliverable,
available
upon
request.
26
Apr
2016
15
16. SEAF
Webinar
-‐
SoC
Dev
Process
Learning from other people’s mistakes
CSA’s
Top
8
cloud
threats
for
SaaS
1. Data
Breaches
2. Data
Loss
3. Account
or
Service
High-‐jacking
4. Insecure
Interfaces
and
APIs
5. DoS
6. Malicious
Insiders
7. Insufficient
Due
Diligence
8. Shared
Technology
VulnerabiliQes
OWASP’s
Top
10
security
threats
1. InjecQon
2. Broken
AuthenQcaQon
and
Session
Management
3. Cross-‐Site
ScripQng
(XSS)
4. Insecure
Direct
Object
References
5. Security
MisconfiguraQon
6. SensiQve
Data
Exposure
7. Missing
FuncQon
Level
Access
Control
8. Cross-‐Site
Request
Forgery
(CSRF)
9. Using
Components
with
Known
VulnerabiliQes
10. Unvalidated
Redirects
and
Forwards
26
Apr
2016
16
17. SEAF
Webinar
-‐
SoC
Dev
Process
Our plan
• Our
security
plan
will
aim
at
counteracQng
against
major
threats
which
are
pregy
broad
and
cover
a
lot
of
ground.
• We
plan
to
have
everything
automated
by
developing
&
deploying
tools
to
detect
and
correct
problems
• In
case
of
a
compromise
we
aim
for
the
data
and
criQcal
informaQon
to
be
safe:
• Secured
credenQals,
even
if
compromised
• Data
Integrity
–
Frequent
backups
offsite
• Cryptographic
anonymizaQon
of
criQcal
informaQon
• Upon
comple;on
we
aim
for
SEAF
to
be
in
the
top
;er
of
secure
web
apps.
26
Apr
2016
17