Posts tagged "Web development"

security

How To Add Security To Your Apps, According To Developers

March 26, 2019 Posted by Programming 0 thoughts on “How To Add Security To Your Apps, According To Developers”

Lately, security has been a hot button issue in regards to China’s open databases and Facebook’s numerous data leaks. The problems of security is something more and more developers are going  to have to come to grips with. If you’re an aspiring developer, knowing basic security protocols can give you a leg up during the interview process. By grilling the hiring manager, you can position yourself as responsible developer. Knowledge of security also helps freelancers who can their her client’s trust by making their knowledge of security practices apparent.

 

Dian Fey

  1. Trust no one. Especially yourself.
  2. The only perfectly secure system is one that’s been disconnected, powered off, encased in concrete, and dropped into the ocean from a helicopter flown blindfolded.
  3. Any functionality you can use is functionality someone else with ulterior motives can use. Data you can access through your system is data someone else can access through your system. Backdoors are an inherent security risk.
  4. Assume user input is malicious until proven otherwise.
  5. If you’re good enough to roll your own crypto, you already have a job working specifically on crypto.
  6. If you only need to test whether input matches something you’ve stored (like passwords), hash, don’t encrypt.
  7. Bind prepared statements, don’t interpolate parameters into queries.
  8. If you have a publicly-visible API backing your site, remember that your site isn’t the only thing that can hit it.
  9. Think about and test edge cases.

 

Adnan Rahić

A big part of my role as Chief Defender Against the Dark Arts at 1Password is helping our very talented development team to build secure code. I have the good fortune of working with people who are highly motivated to do things securely, but they have not necessarily been specifically trained how to. Here are a few broad and narrow lessons in no particular order off of the top of my head.

  1. Developers need (to be pointed to) the right tools to do things right. It is not enough to say “don’t do X, do Y instead” if you don’t give them the tools to do Y. So when some security expert tells you not to do X, ask them for the tools to do better.
  2. Instead of addressing specific attacks (as they come up or we can imagine them), it is better to build things in ways to preclude whole categories of attack.
  3. Ad-hoc regular expressions are rarely the right way to validate input (and all input may be hostile). But (see point 1), we need tools to build safe parsers for input.
  4. Expanding on the previous point: That stuff that you learned and promptly forgot in your Formal Language Theory or Automata Theory class turns out to be really important for securely handling potentially hostile input.
  5. Have as few user secrets as possible. (This is an example of 2).
  6. And users should have as much control as possible over determining what is “secret”.
  7. Using good cryptographic libraries is essential, but they are very very easy to use incorrectly. Have someone who knows about cryptography to review your use. You may have to pay them.
  8. Many exploits involve chaining together little, seemingly, harmless bugs. Just because you can’t think of how some issue could be practically exploited doesn’t mean that someone won’t figure it out some day. (This is a variant of 2, but it is worth restating this way.)
  9. Use debuggers, not printf, to study intermediate values. This prevents accidentally logging things that shouldn’t be logged.
  10. Heed IDE/compiler warnings. Run static and run-time analytics. Remember, many memory addressing errors can be turned into exploits.

 

Donald Merand

The less data you store, the fewer security hazards you expose yourself to, and the safer your participants will be. Don’t hoard data on the theory that it’ll become useful – only save what you need, and question yourself every time you get into a situation where you think you need it.

If you must store data, especially sensitive data, don’t ever store it in plain-text! Look into hashing algorithms like bcrypt.

Always give your participants the option to delete their data, and actually delete it when they ask you to.

 

Joel Murphy

API Keys are just as sensitive as a username and password combination!

  • Don’t expose them in publicly accessible repositories or source code.
  • Do configure them as server environment variables in a contained environment.

 

Kevin McGinn

I’d add: never even commit a credential (password/API key/etc) to your repo. I’d argue this applies to any repo, not just open source ones, since you never know what might happen to the repo in the future. Even if you remove the credential in a future commit, it still exists in the history.

 

Andrew Davis

The OWASP top ten security vulnerability documents are a great place to start: OWASP. Typically, the top web app security vulnerabilities are SQL injection, XSS and authentication issues. The top web frameworks will address those issues in their documentation so that is another place to begin researching.

 

Conclusion

Keeping up to date on the best security practices is possible if you can use resources as a sort of guide. Here are some resources that were mentioned in this article, including others.

OWASP 10  and OWASP 10 Cheat Sheet

Microsoft’s Cyber Defense Operations Center shares best practices

Web Application Security Guide

Stack Exchange: Security

Startup Security Guide: Minimum Viable Security Checklist for a Cloud-Based Web Application

Please follow and like us:
0
web development platforms

3 Most Hyped Web Development Technologies of 2019

March 25, 2019 Posted by Technology 0 thoughts on “3 Most Hyped Web Development Technologies of 2019”

There always seems to be a new language or tech stack to rave about within the web development industry. A new language, for example, may claim to do away with the inconvenience of the language it was patterned after. That causes disgruntled devs to migrate over to that new language. When they find those promises to be true, they become evangelists, whipping up hype for the new technology. The same goes for shifts in philosophy. New ways of approaching tasks may improve productivity or flatten a learning curve. All of the benefits from new technologies and ideas create a well of hype within the web development community that can be hard to ignore.

Here are the 3 most hyped technologies in the web development world.

 

JAMstack

 

Not all innovations require reinventing the wheel. The JAMstack consists of JavaScript, APIs, and Markup. Nothing remarkable. The stack itself is really a fancy way of promoting the use of static websites. This tech stack is a tech blogger’s response to WordPress. Instead of dealing with unwieldy UI, the tech blogger can simply shift over to GitHub’ simple and familiar version control.

The movement has gained widespread popularity and now has a thriving community. The philosophy of shifting focus to the front end now that JavaScript has become more of a powerhouse is understandable, especially if you relate it to my experience.

When I decided to create a tech blog, I had the choice of signing up for WordPress and a hosting site or simply using GitHub pages to host my blog while using Jekyll as a framework. Suffice to say, I chose GitHub and Jekyll to create my static website. I was surprised to find out how in control I felt having built everything from the ground up. Uploading content that included code blocks was a breeze. I gained a new appreciation for how much I can do with a static website simply by using JavaScript and web APIs. There is definitely something to admire about the simplicity and flexibility of the JAMstack

 

Typescript

 

Typescript is a superset of JavaScript that was built by Microsoft in 2012. It’s gained popularity because it addresses one of the major gripes of JavaScript: the lack of static types. Having to depend on the interpreter to dynamically assign types allows for dodgy bug-handling and slower speeds, as well as poor readability. Static typing, on the other hand, allows programmers to see at a glance what type a function would return. This makes documentation a much more easier task.

 

Web Assembly

 

Listen to a friend whose a Go dev for a while and he might start telling you that the web of the future might be written in Go rather than JavaScript. That’s because Web Assembly essentially turns languages like C, C++, and Rust into JavaScript by allowing those languages the same access to the Web APIs that make JavaScript such a viable language for the web. Though the notion that a web app can be built without JavaScript is a hyperbole at best since WASM needs to be ported into JavaScript, the idea of foregoing JavaScript to build a web app isn’t new; Google Web Toolkit allows Java-savvy developers to program web apps in Java, which is then compiled into JavaScript.

You can see that yet again, a piece of tech is generating hype because it makes it even easier to circumvent JavaScript’s limitations. In this case, WASM allows people to do what they’ve always done:  boost performance by importing C++ into JavaScript code.

 

 

Please follow and like us:
0

What Makes A Programming Language Bad?

February 8, 2019 Posted by Programming 0 thoughts on “What Makes A Programming Language Bad?”

There are many articles that claim to have constructed a list of the worst programming languages out there. The problem is that there is no quantifiable way to make a list of languages that are objectively horrible. Of course, that’s the same for many other variables like foods or movies. Yet rating systems exist using agreed upon rubrics. For example, poor acting and poor CGI within a particular action movie may make that movie score low on Rotten Tomatoes, which simply aggregates ratings from critics.

Still, rubrics alone do not weed out inherent subjectivity. There will almost always be disagreement about a particular movie or game or restaurant. Our insatiable desire to categorize everything into numbers and groups forces us to confront varying viewpoints. We consume lists and reviews to have our fears allayed, our beliefs confirmed, or our knowledge of the order of things expanded.

For some new to a programming language, they want to allay fears that the language of their choice isn’t either obsolete or considered horrendous. Seeing what the worst languages are may mean the avoidance of time wasted. That person may also have a high-paying job in mind. Others may simply be curious. The point is, how can a rubric be created to determine a “bad” programming language that would satisfy someone to the extent that movie reviews satisfy wary moviegoers?

I discussed this with a few developers on Dev.to and here were their responses.

Idan Arye

The number one problem that makes a bad language is pitfalls. I define pitfalls as potential bugs that tend to get exposed only after they’ve done some damage. Usually because:

  • It makes sense to expect it to work.
  • It works in the simple cases.
  • It doesn’t work in more complex cases.
  • Once you found out it doesn’t work, you have already integrated it in your code – so you need to do lots of refactoring to fix it.

There are other reasons to not like a language, but most of them are a matter of personal taste. But I think everyone would agree that pitfalls are bad.

Dustin King

It’s extremely subjective and situational, but there are a lot of metrics that one could apply (though there’s not necessarily an objective way to measure them), and if a language scores low on everything, one might call it “bad”. But which metrics are important to you is going to vary quite a lot. Here are some I can think of:

  • Manipulexity and whipupitude, Larry Wall’s terms for what he was trying for with Perl: fine grained control plus the ability to create a useful program quickly.
  • Usefulness for large teams or large projects
  • Readability
  • Succinctness (the ability to express the intent of the program with the fewest number of symbols)
  • Performance
  • Security
  • Backward/forward compatibility (If I write something today, will it run a year from now? Ten years? 10,000 years?)
  • Libraries/packages
  • Welcoming culture
  • Friendliness for beginners
  • Ability to illustrate CS or programming concepts
  • Ability to hire people who know it or are willing to learn it
  • Ease of use for some problem domain (e.g. server-side web programming for PHP)

I’m probably forgetting some. But in general, if something scores low on all these (or at least the ones you care about), then you might be justified in calling it “bad”. But then what you care about might not be what the language authors care about.

There are also deliberately “bad” languages like Brainfu*k and Intercal. But maybe they’re good for their intended use, which might make them not really bad.

My Response

To reply to Dustin King’s excellent response, you can see, by looking at his list, how some may favor friendliness and strong community culture when they’re just starting out with a language. On the other hand, more seasoned developers might bash that same language for its “syntactic sugar” and its slow compile time. This creates a strong bias because many programming languages can’t avoid all the pitfalls that Ayre and King put forth. Diane Fay put it best when she, in responding to my question,

“When people say a programming language is “bad”, what they mean is that it’s difficult for them to do what they want to accomplish with it or that they have aesthetic objections to how programs are written and structured in it. There are some cases where most people agree (MUMPS is nigh-universally abhorred), but it’s still fundamentally a matter of opinion.”

Arye, King, and Fay all agree that, for the most part, the notion of a bad programming language is subjective. One can even go as far as saying that it’s a myth. That’s because trends typically shape a particular view of a language. Now that we have Swift, which was supposed to replace Objective C, you have articles saying Objective C is one of the worst programming language to learn. Well, that wasn’t the case years before Swift came out. Unlike movies and video games, programming languages sometimes come in and out of fashion. Some become obsolete while others become mainstays.

In the end, bad programming languages are bad according to your opinion; or, according to another developer who responded to my question, your laziness towards understanding and mastering a new language.

Please follow and like us:
0

Why You Should Hire a Web Development Agency

February 6, 2019 Posted by Startups 0 thoughts on “Why You Should Hire a Web Development Agency”


So, you’ve probably read our article about why your business needs a website and are now wondering how to go about getting a website. The first impulse you’re probably going to have is to find a free and easy option. The most popular are Squarespace and Wix. Both offer a DIY approach to website building by using simple drag and drop interfaces. These types of websites are well-suited for hobbyists who simply want a portal to showcase their knowledge.

The problem with website builders is that there is nothing unique about the templates. There are over 644 million website on the internet. Somehow, you have to stand apart, especially within your niche. Pre-made themes that don’t require any technical abilities on the part of the business owner ultimately hinders flexibility.

At some point, you’re going to want that really modern functionality you see on your competitor’s website(they probably hired a professional). So, you’re going to have to hire a designer who will then use, for example, Squarespace’s CSS box to add some pizzazz to your website. If you want more complex functionality, you’ll then need a JavaScript developer to come in and edit the theme. That, in a sense, defeats the free and easy purpose of the website builder.

Using a pre-made theme is like buying in bulk when what you’re looking for is a bespoke item.

Underlying many of these pre-built themes is code that isn’t efficient. Slow websites drive people away. In addition, some themes may not be optimized for security. Any plugin or outside feature you add to customize your site increases your vulnerability to attack.

What you want in a website is a full representation of your business and its philosophy. Internet users are savvy. They know when a company hasn’t put effort into their website. If a company doesn’t have any love for their website, how do they treat their products? Remember that:

It only takes .05 seconds for a user to form an opinion of your website. That instant judgment means that a slow site turns off users in a hurry.

94% of any negative opinion is a result of poor design.

75% of consumers admit to making judgments about the company based on their design

88% of people who have a negative opinion will never return.

SWEOR

The last thing you want a user to think is that your company is generic. That’s why businesses that have money to spend hire their own developers. The problem is that recruiting and vetting your own candidates can be a challenging, time-consuming, and money-consuming process. The last thing you want is to hire a developer who doesn’t know how to code.

In that case, you may want to look into hiring a web development agency to build a custom website for you. Here are some of the benefits:

Expertise

Since the web development agency has done all the hard work of hiring the best developers out there, all you need to do is communicate your idea. Web development agencies are experienced in all of the latest technologies and have built websites for businesses of all sizes. They’ve dealt with almost every problem associated with building complex systems and have the tools necessary to troubleshoot any problem that arises.

A web development agency also has processes in place to ensure that the final product is suitable for your consumers. Time is often spent on:

  • Designing- a design process ensures that a website attracts maximum attention.
  • Building- developers build the websites using well-constructed designs as guides.
  • Testing- as they build, developers test the code to ensure that there aren’t bugs.

Scalability

How large and complex do your expect your company website to get? Web development agencies have the know-how necessary to ensure that code is optimized for growth no matter how large the website becomes. Any new features that are required can be added by the agency’s developers without needing to implement buggy plugins.

Custom Design

A custom design allows for a responsive design. Web development agencies have the personnel to make sure your website looks great on any platform.Considering that 85% of adults believe that a company’s website should look just as good, if not better, on a smartphone, you can’t lose spending $2,000 or more on a custom design.

In The End

For anyone building a personal website, a web development company may be too sophisticated. That person may be better off getting a simple website to start off. Even then, there are many popular bloggers who inevitably turn to professionals to customize their website after starting their personal blog. A large part of marketing is creating a recognizable brand. Getting brand recognition won’t happen overnight, but a custom website goes a long way towards solidifying your place in the virtual marketplace called the internet.

Please follow and like us:
0

Top 5 Web development trends in 2018

October 9, 2018 Posted by News 0 thoughts on “Top 5 Web development trends in 2018”

New competitors pop up every day, so you have to keep your audience’s attention long enough to turn them into conversions. Web developers have also got a crucial role to play when it comes to catching and keeping the user’s attention, and they can do the same using some smart tactics.

In keeping with the times, here are the top 5 trends in web development that every developer should watch out for, and ensure the implementation of the same for better conversion rates. Exceed your customers’ expectations by dishing out something extra, and these 5 web development trends can tell you the ways to do it!

1. Revamped landing pages

Landing pages have gone through an unending process of transformation. Moving past the text-heavy landing page formats, we have come to light landing pages that focus more on the information being readily accessible to the user. Since Internet users do not care to read even a third of what you write as content, it is best to keep the text to a bare minimum when it comes to designing your landing pages. Use riveting web design templates and features (and tonnes of CTAs) on your landing page to cater to the streamlined queries and problems of your users.

2. Age of static site generators

Dynamic site content can readily be turned into static ones using static site generators. This is the go-to tool for most bloggers of the modern age. It ensures keeping a low budget and enhanced site loading speed, making your content accessible to users. Security factors can also be taken care of using static site generators, and you can convert plain text into creative websites using these site generators. Web developers who like to work on light software that runs on all servers can heavily benefit from this trend for sure.

3. Featuring hero images and videos

Go to your browser and open the homepages of Samsung or Nike. The first thing that greets you is a big and bold image of happy faces featuring their products. Since human brains process visuals way faster than text, why not take advantage of the same and create your website around it? Using hero images that feature in the homepage section of your website is thus a trend that is here to stay. The same goes for big and bold geometric patterns and fonts. If you want an even better effect, go for a slideshow format and stuff up that homepage with three or more hero images! The same goes for videos too. Videos help engage audiences faster and a few seconds of captivating content is enough to keep them hooked to your website for long. As a web developer, you should keep this trend in mind the next time you meet with your team to discuss alterations you can bring to your website.

4. Chatbots and interactive UI to the fore

Live chats and chatbots are ringing in a new age in conversational UI. They make our lives way simpler and take care of auto-reply functions with ease. Incorporating the same for your website can be one of the best ways for you to ensure engagement and a better user experience. Virtual assistants help users to shop and assist them to choose from products and cater to their problems or queries, which is the next big things in web development. It also helps users overcome the barrier of having to go through complicated processes of navigating through your site by including a simple chatbot-powered interactive feature to your website.

5. The rise of the JavaScript

2017 was the year of JavaScript with brilliant frameworks, technologies, and libraries. Riding on the JavaScript wave this year comes to the fundamentals that web developers need to get to the bottom of. Functions of JavaScript like the Builtin method, Closures, ES6, Pure Functions, Callbacks, RAIL, Promises, and Node have got the web developers around the world sitting up and taking notice. Since JavaScript also has the REACT library for building user interfaces, it can be the go-to solution for every web developer worth his coding skills this year as well. Combine frameworks like Meteor with resources from the library, and you will pave your way to a better website interface in the future.

Final Thoughts

Whether it is assisting users to shop online with just a live chat conversation with a chatbot or making websites way more engaging with loads of video content, keep the 5 brilliant web development trends in mind when developing your strategy for this year. Ensure smooth functioning of every feature in your website, catering to the mobile-only audience group, and make the all-around UX an enjoyable and efficient one. As a web developer of the modern age, that’s what you should be focusing on anyway. Since the industry keeps transforming itself with every new function added to a coding language or resource, brace yourself for the next major upheavals in web development.

Please follow and like us:
0