Assignment 4

Read the Nielsen paper on Heuristic Evaluation and the Advosys paper on secure web applications. Write a brief summary of your impressions on both papers in your blog.

Neilsen paper:

As information technology professionals, it is essential to understand the importance of usability. It affects many facets of our everyday lives, from a simple system login to the many applications we use on a daily basis. Unfortunately, there are still many individuals that do not see the value of spending time to ensure good usability and justifying the costs to do it.

However, proposing multiple heuristic evaluations seems to be an excellent low-cost start into usability. Anything with a 1:48 cost - benefit ratio is hard to dispute. The example from the article, “The cost of using the method was about $10,500 and the expected benefits were about $500,000.” With an average fixed cost of $4,250 per evaluation and $655 per evaluator, it is a relatively small cost within an average application development budget.

It is important to note that while heuristics evaluations are very effective and are comparatively unbiased, they should not be treated as a replacement for a traditional usability test. An application may go through many rounds of heuristics evaluation and revisions, but the true test will be when actual end-users interact with the application. It is not uncommon for users to interpret or interact with something completely differently than what you would expect.

If you’re interested in learning more about usability, there’s a few other websites you may want to check out:

• http://www.nngroup.com/
• http://www.ibm.com/easy
• http://www.jnd.org/
• http://www.asktog.com/
• http://www.useit.com/
  

Advosys paper:

This article was an interesting read for an insight into how nefarious people can do malicious things to a web application. Although some of the writings were above my technical level of comprehension (e.g., “taint checking), I was able to learn some security best practices, such as the recommendation to not put everything into the HTML directory and using absolute paths.

The biggest takeaway for me after reading was the recommendation to do field validation on the server. From a usability standpoint, I always prefer to let users know that there’s an issue with their input the minute they click off the field. When server validation is done and errors are presented poorly, it’s generally more difficult for users to go back and find what errors they must correct before proceeding to the next step. Therefore, to ensure security and a good user experience, it will be necessary to implement a combination of both client and server side validation.

The only thing that may be difficult is convincing the developers to do this…