Posts Tagged ‘Security’
Even if you only build websites using CMSs, you’ve probably heard the word “framework” before. You’ve probably also heard of a few famous web frameworks, including Ruby on Rails, Django and Bootstrap. Many experienced web developers build websites using frameworks and often find them easier and enjoyable to use.
In this article, we’re going to explain what a framework is, and when you might use a framework.
If you are currently doing one of the Coding Training classes, this information will prove especially useful to you. If you are just using a CMS, this post will still contain some valuable insights, as many CMS systems can and are built using frameworks. For example, Drupal 8 is currently being built on Symfony and Joomla 3 is using the CSS framework Bootstrap.
What is Framework?
The goal of a framework is to allow designers and developers to focus on building the unique features for their project, rather than re-inventing the wheel by coding common, familiar features found across many websites and web applications.
A framework can be considered a pre-built that handles most of the repetitive or common features. As a result, unlike a CMS, a framework will probably not have a template/structure user interface (although this is not always the case, as Django provides an administration interface). Most of the activity will be done by writing code and interacting with different parts of the framework itself through code.
Often frameworks take a while to learn, but once you’re familiar with them, they should speed up your development time.
5 advantages to using a framework:
- Open-source: Most of the popular frameworks in many languages are open-source (or available to use for free). They also come with licensing that isn’t restrictive and allows you to build commercial products using such frameworks
- Documentation and support: Although this can vary (if the language being used is popular and the framework has a lot of developers using it), you can expect that the framework will either have good documentation, good support or both at the same time. It is worth mentioning that “good support” is a subjective issue at times. Typically, paid support will almost always be faster and more concise, but this also depends on the level of activity within the framework – as a framework like Ruby on Rails demonstrates with a massive community, which is renowned for its welcoming nature and good support too.
- Efficiency: This could be considered the most vital reason why frameworks exist. They eliminate the need to write a lot of repetitive code that you will find being used in many different applications. These include, for example, user-authentication and commenting systems. On average (if you have sufficient knowledge using a certain framework) you can expect to build a project in much less time than would be achieved writing code without a framework
- Security: Typically, a framework is developed and tested by many different developers. It is extremely likely that many security risks are addressed and tested when the framework is being built. New security risks can also be addressed and fixed quickly. However, security can also be considered a con, as will be mentioned in that section
- Integration: If you are building almost any type of application (including a website) and you want to store some data, you will typically use a database. Just like a database, there also exists many other tools that link to web development. Many frameworks will thus make it easier to link to these tools and also communicate with them (for example, when “talking to” a database is abstracted away in a certain framework, making communication with the database much easier)
5 disadvantages to using a framework:
- Limitations: Generally, you will not be able to do almost anything with a single framework. They are all restricted in some way, from coding paradigms to database designs and everything in between. A good way to work around this is to see what the framework is being used for by other developers in the community, as this will give you an idea of what you can achieve
- Learning bias: If you decide to learn how to use any framework from some programming language you are familiar with, chances are that what you learn will be somewhat different to the language itself. This is due to the fact that a lot of those repetitive tasks have been created in custom functions and other parts, which is why you will learn such things that may not have existed in the language lessons itself. Apart from that, you may also learn a lot of things that may be irrelevant to you whilst using the framework in real-life, but are necessary to grasp how the framework works
- Steep learning curve: Although this isn’t always the case, most frameworks can be difficult to learn and even more difficult to master. After some simple research into this matter, a university professor said that it will take about 2 years (with no programming background) to become familiar and comfortable using a language (Ruby) combined with a framework (Rails). This may not be the case when being self-taught or having years of programming experience, but I would say that even with experience, at least 3-6 months will be needed to become confident using any framework (based on continuous learning and practice)
- Cost: Frameworks require more development expertise and experience than most CMSs. As a result, it can be more costly to hire reliable framework developers than reliable CMS developers. As the experience shows, the average project built with a framework is more expensive than a similar project built with a CMS.
Examples of popular frameworks
Below are some popular web frameworks (in no particular order) for different web languages. This is not an extensive list, as there exists many more options out there.
Over to you?
Have you built any websites using a framework instead of a CMS?
What were the advantages and disadvantages of going with a framework?
Share your feedback or any other experiences below.
Every business starts from the question: ”Which direction to take, how to choose the right niche…”. Most start-ups choose software development as the direction to start with because of quite low launching costs, easiness to start the business, high popularity of IT and the well-known postulate “software will eat the world”. But when choosing IT sphere it is quite important to understand this market and find new perspective areas in it. As investors and business angels are much more eager to invest not in what is popular today, but what will be the future of tomorrow.
In my article I would like to draw your attention to some trends that seem promising in my opinion
The Internet of things
The Internet of Things is likely to have a staggering impact on our daily life and become an inherent part of such areas as electricity, transportation, industrial control, retail, utilities management, healthcare, petroleum etc. For example, GE predicts that the oil and gas industry will be able to save more than $90 billion a year thanks to the reduced operating costs and fuel consumption that smart components will deliver. The health care sector may save more than $63 billion because of improved resource usage and modern equipment.
Also the Industrial Internet will make transport more economical, and safer too. Jumbo jets, loaded with sensors that record every detail of their flights, will help engineers to design safer aero-planes and know which parts need to be replaced. On the road, fleets of trucks and even ordinary drivers will be able to tap into the web, monitoring traffic in real time, with automated programs suggesting alternative routes in case of accidents/traffic congestion.
Of course, all of these benefits mean plenty of business opportunities for those who are brave enough to make the first step. Profits will grow exponentially as the Internet of Things itself matures. Today, there’s around 1.3 billion connected devices in the world, but by 2020 this could well exceed 12.5 billion devices. Similarly, the M2M (machine-2-machine) industry is said to be worth around $121 billion a year today. By 2020, that value will grow to almost $950 billion, according to the Carbon War Room. Don’t lose your chance!
Computer Science health
This sphere suit startups that plan to develop software to diagnose and treat diseases (i’m not taking about Biotech, but about Information Technology). As a rule it is a noninvasive methodology. The technology will help to avoid costly and dangerous procedures: instead of an operation it will be enough to use a specialized device Different kinds of fitness applications have already filled the market. Apps that evaluate sleep state and help to wake up at the most opportune moment, that evaluate quality, caloric value and allergenicity of food are not a rarity anymore. More and more people keep track of their daily activity: number of steps made, calories burned, heart rate etc by using bracelets and kardiosensors. But the real revolution will produce a system that will combine sensor data and sensor condition of the body with genetic information. The Apps will give an opportunity to influence the physical state, recommending an appropriate lifestyle and a specific diet, supplements and medicines.
In 2012 and 2013 we saw significant data breaches across multiple industries and governments impacting millions of users. For instance, according to a recent study conducted by Ponemon Institute, nearly 1.5 million Americans have been victims of medical identity theft. Individuals whose medical information has been stolen often deal with erroneous medical expenses, insurance issues and incorrect data on medical records that can lead to fatal medical errors. And data security issues compromise more than patient privacy and personal data.
Is this an uncertain future we will have to live with? Can we accept degraded privacy and security and billions of dollars in lost revenue, damage, reduction in brand value and remediation costs?
Such issues will become the concern of more and more enterprise leaders. Thus, Data Security could be the biggest challenge for startups.
“Green Energy” field
We live in the world of limited subsoil resources. We may experience and in fact we do already experience their shortage. The time of “users” is close to the end and the era of “creators” is coming instead. The “creators” are sure, that the potential of the “Green Energy” is huge… and they are right. Every fifth kWh is got from renewable energy sources in the developed countries. Let’s see what is happening in the world:
Elon Musk, the creator of PayPal, has opened a company that produces electric cars Tesla. For three years they have produced quite expansive super-cars and rectified technologies …btw the technologies are still being improved ( hope you understand what I’m driving at…). Also the super-cars require refueling …with the help of solar batteries, which are quite widespread in the USA and Western Europe. By the way it is predicted that America, South Canada and most of Europe will be covered with solar stations by the end of 2015 year (another niche ;) ) and the solar batteries will be used not only for the refueling).
What I’m driving at …want to say that there will be need in different applications (including mobile apps as well) for its ordering, managing etc.
In conclusion I would like to wish you to find your niche and not be afraid of putting your ideas out and trying them. Good luck and thanks for the reading :)
It seems most companies understand opportunities that cloud computing solutions and services open up for them, especially for SMBs. So now the question sounds like: how to choose a good provider and the right one for your company and to what extend cloud computing services should be used. The complexities are numerous – issues such as security management, attack response and recovery, system availability and performance, the vendor’s financial stability and its ability to comply with the law, all need to be considered. There may be a number of advice and tips formulated with this regards (some are taken from CIO article):
1) Choose trusted providers. Today it exists a number of cloud tech companies to choose from and new ones go live each month. Despite this for cloud services it’s better to stick with trusted and solid companies. To name a few: Microsoft, Google, Intuit, Dropbox, Apple, Amazon, Salesforce. These are companies with deep pockets and dealing with security, and your data is an important part of their business.
2) Distribute between free and paid accounts. For storing financial or alike information paid accounts are preferable. For less critical data and applications free accounts of big trusted cloud service providers may work well. For instance, Google can afford to offer decent free accounts because their business is well-established and their free services just act as bait aimed at attracting new users and then gently pushing them towards paid services and premium accounts.
3) Select the right apps and data for the public cloud. Some businesses, mainly start-up companies, begin using the public cloud for all applications, including mission-critical apps and their data. However, public clouds are neither for every organization nor for every application: what can be subject to the default security provided by most cloud service providers are websites, application development, testing, online product catalogs and product documentation.
4) Evaluate and add security if it makes sense. CSPs can provide significantly different levels of public cloud security. The ISO/IEC 27000 series of standards provides guidelines for evaluating this. If necessary security measures that are used in an organization’s internal private cloud may need to be extended to their public cloud instances, and some cloud products like CloudSpan allow doing this.
5) Get use of the third-party auditing services. When comes to security compliance, organizations need not simply take the CSP’s word for it. Third-party auditing services can be used to audit and then compare to the promised ones.
6) Add authentication layers. Most CSPs provide good authentication services for public cloud instances. Some products like Halo NetSec can help add an additional layer of authentication. Before doing this you need to weigh the benefits of better public cloud security against the costs of increased network latency, possible performance degradation and additional points of failure.
7) Weigh additional security effect on integration. Adding on top of default security by CSP may affect overall application performance and identity and access management. It’s especially important to consider if you work with mission-critical application that need to integrate with other business applications.
8) Make security guarantees from SLA clear for yourself. Public cloud security guarantees with CSPs should be clearly stipulated as service level agreements in the contract, so make sure that transparent monitoring and reporting functions are available to you as a customer as well as security processes, procedures and practices are transparent and verifiable so that you may rely on this information.
9) Streamline logging and monitoring. Comparing one CSP’s logging and monitoring practices with another before you sign a SLA may reveal subtle differences in the security that’s provided so it’s another key to ensuring public cloud security.
10) Add encryption. You may want to employ your own encryption instead of or in addition to the ones provided by the CSP. A number of installable products or SaaS vendors can do this type of encryption on the fly. (VPN-enabled cloud instances fall under this category of augmented public cloud security.) When this happens, only the customer and the third party know the key; the CSP does not.
11) Spread outages risk with multiple even redundant CSPs. Despite cloud provisioning tools these days come already integrated with leading CSPs, it’s possible to spin up additional instances of servers with multiple CSPs automatically on demand: they are turned on if average CPU utilization reaches a certain threshold and turned off once utilization drops. Also when spinning up additional instances, it may make sense to use different CSPs in a round-robin fashion.
Thus, as you may see, experience of using cloud services may be adjusted and improved through following some advice. What’s crucial is finding a balance between cloud security and performance. Naturally there’s always a tradeoff when adding layers of security may be at the expense of application running slower and potentially adding points of failure. Figuring out the right balance between security and performance, though being difficult, is a must-have to run a strong business today.
Helen Boyarchuk – Business Development Manager (LI page)
Helen.Boyarchuk@altabel.com | Skype ID: helen_boyarchuk
Altabel Group – Professional Software Development
When you say “cloud” somebody’s imagination draws a sky with dozens of funny-shaped airy clouds, IT folks’ mind will recall companies’ names like Microsoft, Google, Dropbox, Amazon. Indeed, cloud computing has contributed to the business world tremendously, still there is much skepticism around such kind of services, reliability and security of remote clouds. Naturally when you store all your data in the cloud you “shift” control over it and rely on a cloud provider – here your fears of data possibly to be lost, damaged, leaked or hacked, services and sites to be kicked offline, come on to the stage. Legally according to the agreement between you and provider the service provider would be responsible should any of the aforementioned occur, but at the end of the day the possible losses endured by the business resorting to the cloud are greater than the cloud service provider’s since such actions could result in the complete destruction of the business. So a decision of moving to the cloud is a serious one.
Interesting that more than a third (36%) named security a main issue holding back uptake for them. This concern is contradictory due to a number of factors:
Firstly, the whole point of cloud computing is that the applications and data being used are sitting on multiple servers at once in data centers located around the world. Thus attacking one part of the infrastructure becomes virtually a waste of time as redundancy will always ensure access to this data. It means attacking data or performance of a targeted company becomes almost “mission impossible”.
Secondly, it makes sense to view security matter from the perspective of the capabilities of the cloud computing systems versus ones of internal software systems. How high are chances that a large cloud provider won’t have far more resources to direct at security than the average enterprise? The infrastructure of cloud computing systems is comprised of machinery and technology on the cutting edge of technological advancements in addition to the far-advanced skills and knowledge of their workers – doubtful that this is accessible to an average business or computer user. Therefore, the business has a greater chance of loss handling the company data and software internally. As more and more organizations make the move into the cloud, it’s certain that safety and security measures only increase.
Experts say a more reasonable concern relates to resilience and outages, not data breach. Outages of Amazon or Microsoft are regularly reported. They can be caused by freak weather like for instance happened to Amazon Web Services resulting in such popular services as Instagram and Netflix being pushed offline for a number of hours. Instagram’s outage hit the headlines due to a short period of downtime, but what if smaller companies using cloud providers face their sites knocked offline – how high up their cloud provider’s list of priorities will it be to get it fixed? Well, in this case for web sites it’s of vital importance to be hosted with multiple cloud providers since this makes sites virtually almost unassailable experiencing close to zero downtime.
Worries about legal compliance are probably more justifiable. Under the Data Protection Act, organisations have to agree that personal data will not be moved outside a particular group of named European countries, but a cloud provider may be storing data in multiple jurisdictions. This problem isn’t insurmountable (personal data can be anonymised, for example), but it does make the decision to move to the cloud a more complex one.
To conclude, cloud computing service providers treat security, availability, privacy and legal compliance issues very seriously since this is the essence of their very business. СSPs mostly have better machinery, technology and skills and invest more in their further advancement than an average enterprise could afford itself. Loss or damage of any data by a cloud services provider or long downtime does not only implicate a possible demise or huge direct and indirect losses of the business to which the service was provided, but can be partially or completely fatal for the cloud computing service business and its reputation. Cloud services providers are legally implied with massive liability which is very incentive for them to preserve a high quality of their services and treat issues with due diligence.
Or don’t you agree? :)
Helen Boyarchuk – Business Development Manager (LI page)
Helen.Boyarchuk@altabel.com | Skype ID: helen_boyarchuk
Altabel Group – Professional Software Development
Posted April 30, 2012on:
More than 600,000 Macs have been infected with a new version of the Flashback Trojan horse that’s being installed on people’s computers with the help of Java exploits. How does this infection affect Apple’s reputation for security? Let’s see what LI members think on this point:
“Not in the slightest. Most of Apple’s users wouldn’t know what Flashback is, nor would they care. Did Lulzsec’s hack of Sony’s PSN have any effect on Sony users? Not a bit.
If there will be any change it may be from Sysadmins realizing that there’s no such thing as a perfectly secure OS. Good education on how to use systems applies equally to Mac and Windows users – always has. The OS may be slightly better, but there are still multiple different apps and other attack vectors that can be used – following bad links probably the top of that list.”
Technical Project Manager & Info Sec Architect
“I think it is funny. Most people still think that only Microsoft software gets viruses.”
Real Time Card Stunts for sports teams & sports events
“Mac OS X has a great reputation for security in general, but it’s not perfect. Most of the malware we see exploit vulnerabilities in other platforms installed on top of OS X like Java and Adobe Flash. The latest, LuckyCat even comes in through Microsoft Word 2011! Apple’s response may have been slow, but it was definitive. Apple has eliminated the threat with standard software updates. It’s just a question of time before the current variant of Flashback is extinct.
As for Apple’s reputation, it will be a bit tarnished by the outbreak because most people don’t understand the true mechanism of these attacks. That being said, Since Apple controls when Java gets updated for OS X, Apple would do well to keep Java updated on a more regular basis. They allowed this vulnerability to exist for Mac OS X even when the main Java codebase had already been patched.”
Business Technology Consultant
“I would say that it shows that their OS isn’t inherently more secure, just less targeted, but that isn’t actually what was at play here.
The vulnerability wasn’t in OS X, but rather in the implementation of Java that came with it. Apple manages its own JRE deployment to OS X, and as a result this vulnerability came into play only on Apple’s environment. That vulnerability lends itself well to exploitation, and that’s what happened. Security…real security…was never about how tight an operating system or application is. I mean, that’s a part of it, but there isn’t anything that has no vulnerabilities. And so, the really important thing that determines security is the overarching process and capability to manage those vulnerabilities and deal with them. Microsoft used to entirely suck at this…but now they are the industry leader. Nobody issues patches like they do; theirs is the gold standard. And yes, some of their vulnerabilities go a long time without being fixed, but when I look at how much code comprises Windows these days, and the damage that results if they issue a bad patch, I don’t know that I really want to yell at Microsoft over it. And Apple does worse.”
Power Generation Cyber Security Lead
“I don’t think it affects it at all. Apple has always had a poor reputation for security in terms of providing patches in a timely manner. In terms of overall reputation for security though, the machines have enjoyed a minor user-base for years and thus were not targeted often. Now that the user base has increased exponentially in recent years, one can only expect that the amount of exploits in production for the platform will also rise.
In terms of my own personal feelings on the matter. I still trust my Mac. I still use an industry standard antivirus solution (ClamXav). Most importantly, I don’t surf the types of sites that typically are used to host malware, and watch what I click on. I’ve been pretty happy and virus free for years so no complaints here.”
at Aholattafun Creative Solutions
“It will probably have a small negative effect on the market perception of Apple security but perhaps the real question is will that have any impact on Apple’s business? My feeling is that Apple’s perceived security advantages do not lead to increased sales, but if they ignore the increasing threat to their platforms it could have a significant negative effect in the medium term.”
an Independent Consultant, Researcher and Author
Maybe you have something to add? You’re welcome with your comments.
We are now living in the age of the Smartphone, and as Google has recently proved, there are millions of people getting new phones every single week (over 500,000 Android devices are activated every day!). As the number of users increases, so will the security risks that Smartphones bring to us.
Even though Android and the iPhone are pretty secure, they definitely can be broken and used to spy on people, steal data from the device and for other malicious purposes. The recent Carrier IQ scandal has shown that you don’t even need to know about an app on your phone or approve it for it to be running and transmitting every keystroke to a remote server.
With that in mind, below you may find LI members’ advices that help you keep your Smartphone safe and secure:
«Trusting any individual app for security is questionable. If you have a knowledgeable programmer pal (in mobile, network security) and the source code is available then you can tell with certainty that your Smartphone is secure with an app. You can use that in tandem with a trusted Smartphone antivirus, anti malware, anti root kit software. At least you need to use this if you don’t have source unencrypted code at disposal. If you download from market you may not have source code. Most market operators check for security violations. Despite that
some apps send identifiable customer data for marketing purpose.»
Vinodh Sen Ethirajulu
Technical Lead,ING Institutional Plan Services
«I use the mobile security product from the company that makes the phone and I also have my phone locked using a pattern.»
Senior Sales Representative
«I and all my techy friends, have standard phone securities such as passwords and pins, we have a home record of IMEI numbers and sim references.
As for Apps we all use Preyproject. They have a free version which can secure 3 devices, it can allow SMS or Online activation, which sends reports to your email every 10 minutes with GPS location and WIFI tracking, it can also secure you laptop, if it has a camera, will also email you a picture of the next person using it!! Genius!»
Systems Administrator at MWL Systems
«I do not own a Smartphone because there is no such thing as security with that particular device.»
MicroMentor Volunteer and Founder “Smalltofeds”
«I always prefer to use security product or protection system provided by the mobile company itself as its always doubtful to trust the various security based mobile applications.»
Business Analyst at Algoworks
The security risks that a Smartphone brings with it will only grow in number in the following years, and if you have any sensitive data on your phone (especially if you’re using Google Wallet or some sort of credit card number storage app) or don’t want to fall victim to any scam, you should start getting acquainted with the various security apps and tools available for your handset right now.
Many companies are having great success with cloud computing, and it’s evident that the market continues to grow quickly. Here are three surefire ways to fail with cloud computing and what you can learn from them to avoid suffering that same fate.
First, put the wrong people on the project. This is the most common way that cloud computing development, migration, and implementation projects fail. Cloud computing is a hyped “cool” space. Those who have the most political clout in an IT organization quickly position themselves on cloud computing projects. However, just because they are buddy-buddy with the CIO does not mean they have the architectural and technical skills to make the cloud work for the enterprise. Bad decisions are also made in terms of deciding how to select technology types and technology providers. When you select what’s popular versus what’s a true architectural fit, you shoot yourself in the foot.
Second, security is an afterthought. This means that those driving the project do not consider security and compliance requirements until after deployment. It’s almost impossible to retrofit security into a cloud computing deployment, so the approach and use of technology (such as encryption) should be systemic to the environment. This is a rookie mistake.
Third, select the wrong business problem to solve with cloud computing. The right approach is to pick new application development or existing application migration that is meaningful to the business, but that is not mission-critical. There are two paths to failure here. The first is to pick the “kill the business with a single outage” type of application, put it in the cloud, then pray to the Internet gods that nothing goes wrong. Too risky. The second is to pick a meaningless application that nobody cares about, move it to the cloud, and hope that somebody notices. Too underwhelming. Find something that falls in the middle.
Hope, you’ll find the tips above useful.