A Closer Look at the MEAN Stack

The LAMP stack – which stands for Linux, Apache, MySQL, and PHP – has been standard practice for web development at many shops for nearly a decade. Since the one constant in the technology world is its rapid pace of change, it stands to reason a new standard is emerging in this software development space. The MEAN stack leverages many recent innovations in technology, including NoSQL databases in addition to some popular JavaScript libraries.

What follows is a high level overview of the MEAN stack to give you some food for thought before architecting your next web development project. Leverage these insights to make an informed decision on which development stack works best for your needs.

What is “MEAN?”

The MEAN stack is made up of MongoDB, one of the most preeminent NoSQL databases, used in combination with three popular JavaScript frameworks, ExpressJS, AngularJS, and Node.js. The fact that nearly all code for a MEAN project – from database to client – is written in JavaScript is one of the main reasons for its rapid growth. If your organization boasts a lot of JavaScript coding talent, it makes MEAN worthy of consideration on your next web project.

The Four Components of the MEAN Stack

MongoDB is a NoSQL document database widely popular for all kinds of applications. MongoDB is also available through many Cloud service providers, including Amazon AMS, Microsoft Azure, and Google Cloud. It leverages the JSON format for data transfer, making it highly appropriate as the database of choice for MEAN.

A lightweight framework for architecting web applications, ExpressJS was inspired by the popular Ruby library, Sinatra. It is a high performance framework well suited for both scalability and concurrency. It also facilitates the creation of unique APIs specifically for use in a web application.

AngularJS is a Google-developed framework for quickly building web-based user interfaces. It makes the creation of dynamic web pages a breeze; leveraging two-way data binding along with other useful features, including client-side code execution and support for the MVC model. Angular’s extensibility and flexibility enhances its compatibility with other frameworks and libraries, in addition to being a major component of the MEAN stack.

Node.js provides the server side execution environment for a MEAN application. Expect a high scalability factor even with a server farm charged with hosting multiple applications. Built upon version 8 of the Chrome JavaScript runtime engine, Node.js by itself is growing in usage among development teams.

The Advantages of the MEAN Stack

Obviously, the fact that all server and client code is written in JavaScript remains of the major advantages of the MEAN stack. Companies are able to take advantage of their staff’s familiarity with a scripting language that’s been around for two decades. Any overall learning curve is lessened by simply focusing on learning MEAN’s three libraries and MongoDB. 

The scalability features of ExpressJS and Node.js make the MEAN stack suitable for the highly concurrent web applications currently in vogue throughout the technology world. The flexibility of the libraries used in MEAN make it easy to swap out any of the components for a library (or database) more familiar to your development staff. It is definitely worthy of exploration for use in your team’s next web development project.

Keep returning to the Betica Blog for additional dispatches from the wide world of software development. Thanks for reading!

DevOps needs an Influx of Information Security Talent

As DevOps continues to become an essential part of software development and the information technology world, it is also suffering from lack of engineers experienced in cybersecurity. The need for these skills remains paramount, as highlighted by the recent CCleaner malware incident at Avast, where hackers were able to inject nefarious code into Avast’s build process. Customers – unaware of the hack – then installed the malware on their system when installing CCleaner.

Industry surveys reveal a notable lack of information security talent throughout the IT industry, but especially when it comes to those working at a DevOps shop. Let’s take a closer look at the data. Perhaps it inspires your company to close a similar skills gap in your office if it exists?

Causes of the Cybersecurity Skills Gap

Veracode and DevOps.com recently combined to produce and publish the 2017 DevSecOps Global Skills Survey. One of the more interesting findings of the survey reveals that 70 percent of the 400 respondents currently working at a company that follows DevOps feel they didn’t receive enough training in cybersecurity. This applies both to university coursework and post-graduate professional training.

Considering 80 percent of the survey respondents hold either a bachelors or masters degree, it becomes obvious colleges need to ramp up cybersecurity content as part of their IT-related curriculum. Over two-thirds of those surveyed feel the security education they received didn’t sufficiently prepare them for the real world. Alan Shimel, editor-in-chief at DevOps.com, feels businesses also need to work diligently to close this skills gap.

“With major industry breaches further highlighting the need to integrate security into the DevOps process, organizations need to ensure that adequate security training is embedded in their DNA.  As formal education isn’t keeping up with the need for security, organizations need to fill the gap with increased support for education,” said Shimel.

Professional Cybersecurity Training is a Must

Unfortunately, the survey also notes an issue with DevOps professionals receiving sufficient cybersecurity training once they are employed. Less than half of the respondents said their companies paid for any additional security training. 70 percent of those surveyed felt their overall cybersecurity training was inadequate for the nature of their work.

Maybe an unforeseen benefit of the malware attack on Avast is an increased focus by companies on providing the right security training for their DevOps employees? Universities and technical colleges also need to improve their offerings. These are points echoed by Veracode’s VP of Engineering, Maria Loughlin.

“Our research with DevOps.com highlights the fact that there are no clear shortcuts to address the skills gap. Higher education and enterprises need to have a more mature expectation around what colleges should teach and where organizations need to supplement education given the ever-changing nature of programming languages and frameworks. The industry will have to come together to ensure the safety of the application economy,” said Loughlin.

When even companies specializing in cybersecurity become victims of hacking, like Avast, everyone takes notice. Ultimately, if your company leverages DevOps and its array of Cloud-based tools to make its software development practice more efficient, cybersecurity training for your team needs to be an important consideration.

Thanks for checking out the edition of the Betica Blog. Keep coming back for additional insights from the software development world.

 

News from the World of Software Development – September 2017

With autumn now upon us, it becomes time to train our eyes towards the latest software industry news to see if any interesting stories provide meaningful insights on how your team builds applications. If you want to check out last month’s stories, simply click on the following link. Stories on the use of AI to improve continuous delivery, and a new DevOps metrics tool await you.

CCleaner Malware Attack places renewed Onus on “Cybersecure” Development

One of the last month’s biggest stories in the technology world involved the malware attack on CCleaner, a cybersecurity application from Avast, one of the most well known anti-virus companies in the industry. Hackers were able to infect the development team at Avast, interjecting malware into versions of the deployed application – both CCleaner and CCleaner Cloud.

Ultimately, the over two-million users who installed the application on their own systems effectively provided cyber criminals with a gateway into their computer. End-users feeling they are taking the right steps to protect their desktops ended up getting burned by a cybersecurity company unknowingly serving as the middleman for hackers. News and analysis of this insidious cyber attack was published on eWEEK, as well as many other sources.    

Avast acquired the original developer for CCleaner – Piriform – in July. The attack took place some time in August, with all versions of the application installed from August 15 to September 12 affected by the malware. Since the CCleaner install had a legitimate digital signature from a respected antivirus company, effectively all users installed the program unaware of the hacked code within.

The places the onus on software engineering teams to secure all computers and digital signatures involved in the development process, a point echoed by Craig Williams, a senior technical lead with Cisco. “The fact of the matter is, when it comes down to supply chain attacks, if the attacker is in your build system already, you’ve lost. Once the attacker has all the certificates and all the keys and all the passwords, there is not a lot you can do,” said Williams.

Artificial Intelligence changing Software Quality Assurance

AI continues to influence many aspects of the software engineering process, so it isn’t surprising quality assurance is also taking advantage of machine learning routines to improve its efficacy. A variety of companies specializing in QA services – Infostretch, Appdiff, and dinCloud – are now including AI-based functionality in some of their testing products. News about the inroads artificial intelligence is making in the QA world was published this month in Tech Target

Infostretch’s new service is called Predictive and Prescriptive QA. It relies on data analysis and machine learning to quickly give software testers the information they need to find defects. The other two companies’ products essentially are testing bots aimed at software development organizations already taking advantage of automated QA as part of their DevOps implementation.

The introduction of AI and robotic testers doesn’t mean QA engineer jobs are at risk. Instead, these tools only help them become more productive and ultimately better at finding software defects.   

Keep returning to the Betica Blog for additional news and insights from the world of software development and QA. As always, thanks for reading!