V-Model Development
V-Model V Shape Software Development Lifecycle Verification Validation Testing Requirements Design Unit Test Integration System Test Acceptance Test Safety-critical Waterfall
| SDLC Model | Testing | Flexibility | Risk | เหมาะกับ |
|---|---|---|---|---|
| V-Model | ทุก Phase | ต่ำ | ต่ำ | Safety-critical |
| Waterfall | ท้ายสุด | ต่ำ | สูง | Simple Projects |
| Agile/Scrum | ทุก Sprint | สูง | ปานกลาง | Evolving Requirements |
| Spiral | ทุก Iteration | สูง | ต่ำ | Large Complex |
| DevOps | Continuous | สูงมาก | ต่ำ | Cloud SaaS |
V-Model Phases
# === V-Model Implementation ===
# V-Model Structure:
#
# Requirements Analysis ←→ Acceptance Testing
# System Design ←→ System Testing
# Architecture Design ←→ Integration Testing
# Detailed Design ←→ Unit Testing
# Implementation (Coding)
#
# Left Side: Development (Top-down)
# Bottom: Implementation
# Right Side: Testing (Bottom-up)
# Requirements Traceability Matrix
# req_id | requirement | design_ref | test_case | status
# REQ-001 | User login | DES-001 | TC-001 | Verified
# REQ-002 | Payment | DES-002 | TC-002 | Verified
# REQ-003 | Report | DES-003 | TC-003 | Pending
from dataclasses import dataclass
@dataclass
class VModelPhase:
dev_phase: str
test_phase: str
dev_output: str
test_output: str
tools: str
traceability: str
phases = [
VModelPhase(
"Requirements Analysis", "Acceptance Testing",
"SRS Document", "UAT Test Cases",
"Jira DOORS", "REQ → UAT"
),
VModelPhase(
"System Design", "System Testing",
"System Design Doc", "System Test Plan",
"Enterprise Architect", "SDD → ST"
),
VModelPhase(
"Architecture Design", "Integration Testing",
"Architecture Doc", "Integration Test Plan",
"UML Diagrams", "ADD → IT"
),
VModelPhase(
"Detailed Design", "Unit Testing",
"Module Design Doc", "Unit Test Cases",
"Class Diagrams", "MDD → UT"
),
VModelPhase(
"Implementation", "—",
"Source Code", "—",
"IDE Git", "Code → All Tests"
),
]
print("=== V-Model Phases ===")
for p in phases:
print(f" Development: {p.dev_phase}")
print(f" Output: {p.dev_output} | Tools: {p.tools}")
print(f" Testing: {p.test_phase}")
print(f" Output: {p.test_output} | Trace: {p.traceability}")
print()Testing Strategy
# === V-Model Testing Strategy ===
# Unit Test Example (pytest)
# class TestPaymentProcessor:
# def test_calculate_total(self):
# processor = PaymentProcessor()
# assert processor.calculate_total(100, 0.07) == 107.0
#
# def test_validate_card_number(self):
# assert validate_card("4111111111111111") == True
# assert validate_card("0000000000000000") == False
#
# def test_process_payment_success(self):
# result = process_payment(amount=100, card="4111111111111111")
# assert result.status == "approved"
#
# def test_process_payment_insufficient_funds(self):
# result = process_payment(amount=999999, card="4111111111111111")
# assert result.status == "declined"
# assert result.reason == "insufficient_funds"
# Integration Test
# class TestPaymentIntegration:
# def test_order_to_payment_flow(self):
# order = create_order(items=[{"id": 1, "qty": 2}])
# payment = process_payment(order_id=order.id, amount=order.total)
# assert payment.status == "approved"
# assert order.status == "paid"
#
# def test_payment_to_notification(self):
# payment = process_payment(amount=100)
# notifications = get_notifications(payment.id)
# assert len(notifications) == 1
# assert notifications[0].type == "payment_confirmation"
# System Test
# class TestPaymentSystem:
# def test_end_to_end_purchase(self):
# # Login → Browse → Add to Cart → Checkout → Pay → Confirm
# user = login("test@example.com", "password")
# cart = add_to_cart(user, product_id=1, qty=2)
# order = checkout(cart)
# payment = pay(order, card="4111111111111111")
# assert payment.status == "approved"
# assert order.status == "completed"
# assert email_sent(user.email, "order_confirmation")
@dataclass
class TestLevel:
level: str
scope: str
count: int
automated: int
pass_rate: float
avg_time: str
test_levels = [
TestLevel("Unit Test", "Function/Method", 500, 500, 98.5, "30s"),
TestLevel("Integration Test", "Module/API", 120, 110, 96.2, "5min"),
TestLevel("System Test", "End-to-end", 50, 40, 94.0, "30min"),
TestLevel("Acceptance Test", "User Scenarios", 30, 15, 100.0, "2hr"),
]
print("\n=== Test Coverage ===")
total_tests = sum(t.count for t in test_levels)
for t in test_levels:
auto_pct = (t.automated / t.count) * 100
print(f" [{t.level}] Tests: {t.count} | Auto: {auto_pct:.0f}%")
print(f" Pass Rate: {t.pass_rate}% | Duration: {t.avg_time}")
print(f"\n Total: {total_tests} test cases")Security SDL
# === Security Development Lifecycle (SDL) ===
# V-Model + Security at each phase:
# Requirements → Threat Modeling, Security Requirements
# Design → Secure Architecture Review, STRIDE Analysis
# Implementation → Secure Coding, SAST, Code Review
# Unit Test → Security Unit Tests
# Integration Test → DAST, API Security Test
# System Test → Penetration Testing
# Acceptance → Security Compliance Audit
# STRIDE Threat Model
# S - Spoofing: ปลอมตัวตน → Authentication
# T - Tampering: แก้ไขข้อมูล → Integrity Check
# R - Repudiation: ปฏิเสธการกระทำ → Audit Log
# I - Information Disclosure: ข้อมูลรั่ว → Encryption
# D - Denial of Service: ทำให้ล่ม → Rate Limiting
# E - Elevation of Privilege: ยกสิทธิ์ → Authorization
@dataclass
class SecurityActivity:
phase: str
activity: str
tool: str
frequency: str
finding_type: str
security_activities = [
SecurityActivity("Requirements", "Threat Modeling", "STRIDE Microsoft TMT", "ต้น Project", "Threats"),
SecurityActivity("Design", "Architecture Review", "Manual Review", "ทุก Design Change", "Design Flaws"),
SecurityActivity("Implementation", "SAST Scan", "SonarQube Semgrep", "ทุก Commit", "Code Vulnerabilities"),
SecurityActivity("Implementation", "Dependency Scan", "Snyk Dependabot", "ทุกวัน", "CVEs"),
SecurityActivity("Integration", "DAST Scan", "OWASP ZAP Burp", "ทุก Sprint", "Runtime Vulns"),
SecurityActivity("System", "Penetration Test", "Manual + Tools", "ทุก Quarter", "Exploitable Vulns"),
SecurityActivity("Acceptance", "Compliance Audit", "Manual Review", "ก่อน Release", "Compliance Gaps"),
]
print("Security Development Lifecycle:")
for s in security_activities:
print(f" [{s.phase}] {s.activity}")
print(f" Tool: {s.tool} | Frequency: {s.frequency}")
print(f" Finding: {s.finding_type}")
compliance = {
"OWASP Top 10": "All addressed",
"SAST Findings": "0 Critical, 2 Medium",
"DAST Findings": "0 Critical, 1 Medium",
"Dependency CVEs": "0 Critical, 5 Low",
"Pen Test": "Passed (last quarter)",
"Code Coverage (Security)": "85%",
}
print(f"\n\nSecurity Compliance:")
for k, v in compliance.items():
print(f" {k}: {v}")เคล็ดลับ
- Traceability: ทุก Requirement ต้องมี Test Case ที่สอดคล้อง
- Early Testing: วางแผน Test ตั้งแต่ Requirements Phase
- Automate: Automate Test ให้มากที่สุด โดยเฉพาะ Unit และ Integration
- Security: เพิ่ม Security ทุก Phase ไม่ใช่แค่ตอนท้าย
- Documentation: เอกสารสำคัญมากใน V-Model เก็บให้ครบ
V-Model คืออะไร
SDLC Model พัฒนาจาก Waterfall Testing คู่ทุกขั้นตอน ซ้าย Development ขวา Testing Requirements Acceptance Design System Coding Unit Safety-critical
V-Model ต่างจาก Waterfall อย่างไร
Waterfall Testing ท้ายสุด Bug แพง V-Model Test ตั้งแต่เริ่ม ทุก Phase มี Test Traceability ดีกว่า พบปัญหาเร็ว แก้ถูกกว่า
V-Model เหมาะกับงานอะไร
Safety-critical Medical Automotive Aerospace Defense Compliance FDA ISO 26262 Requirements ชัดเจน Embedded Banking Audit Trail ไม่เหมาะ Agile
Verification กับ Validation ต่างกันอย่างไร
Verification สร้างถูกต้อง Code Review Static Analysis Unit Integration Validation สร้างสิ่งที่ถูก UAT Beta Customer Review Quality Assurance
สรุป
V-Model V Shape SDLC Verification Validation Testing Requirements Design Unit Integration System Acceptance Security SDL STRIDE Traceability Safety-critical Compliance
