News from the World of Software Development – February 2017

This fresh edition of the Betica Blog news digest contains a few interesting stories from an endlessly fascinating software development world. If interested, here is a link to last month’s article. Use these insights and ideas at your own shop to stay on the forefront of an ever-changing industry.

Developers and QA Engineers on the Frontlines of the Battle for Cybersecurity

Earlier this month, CIO Magazine reported on how software engineers and QA personnel can improve their efforts to prevent cybercriminals and other nefarious agents from hacking their systems and technical infrastructure. This battle is especially fierce considering the growing number of devices connected to the Web because of the Internet of Things (IoT) and mobile technology. Stronger coding practices and more thorough software testing are key factors in protecting applications.

Chris Wysopal, co-founder and CTO of the software security firm, Veracode, commented on the importance of stronger code and testing when considering cybersecurity. “In today’s technology environment, application security testing for vulnerabilities and flaws in software code should be a security best practice, regardless of an organization’s size or industry,” said Wysopal. Unfortunately, a survey by his company reported 83 percent of the respondents deployed code without a full vetting of the underlying application security.

The article noted companies must require developers to perform code reviews focused on security. Additionally, state of the art QA techniques, like static and dynamic application testing as well as white hat testing are needed to ensure an application is sufficiently protected before it’s released into production. While automated testing tools help somewhat, humans also need to be involved to assure the highest possible level of security.

CIO reported that the Open Web Application Security Project (OWASP) provides a valuable resource for companies looking to improve their cybersecurity efforts. It offers practical information on the best practices for ensuring an application’s code is safe. Ultimately, this freely-available information is vital for winning the war against hackers and other cybercriminals, especially concerning the current shortage of application security talent in the IT industry.

Is “Low-Code” the Next Wave in Software Development?

The problems discovered when forced to maintain and enhance legacy applications has led to a new paradigm focused on using tools that assemble pre-written functionality into a complete application. In a sense, this is a streamlined and highly-automated take on the current microservices trend in the industry. SiliconANGLE discussed low-code software development in a February article.

The app used by the ride-sharing service, Uber, is a highly public example of an application developed using low-code techniques. It pieces together functionality from a variety of sources, including Box Inc.’s Cloud storage, Google Inc.’s Maps, payment services from Braintree, Twilio for messaging, and SendGrid’s email services. Many pundits feel the flexibility offered by the low-code model suits today’s competitive business era better than traditional application coding techniques.

The industry research analyst group, Forrester, predicts the low-code software market will grow to over $10 billion over the next two years. “The market for these [low-code] platforms is growing fast, but selecting a platform that actually delivers without creating a [fourth-generation programming language]-like orphan in the software portfolio isn’t easy’” said Forrester. Obviously, this makes it a trend worth watching at your software development shop.

Keep coming back to the Betica Blog for additional news and information on the expanding software development universe. Thanks for reading!

Microservices – a Flexible Architecture for the Continuous Deployment Era

As more modern businesses embrace new organizational structures like DevOps, with a goal of achieving the continuous deployment of software, SOA architectures are becoming more granular. Microservices is a term used to describe these lightweight, highly portable applications used to build larger systems. Each microservice typically runs in its own process, communicating with other microservices using a protocol, such as HTTP.

Like many newer technology industry buzzwords, it is hard to explicitly define microservices, but enough common attributes exist to provide a high-level overview. Perhaps this architectural approach makes sense for your team’s next application design?

An Architecture to better support a Scalable Internet

The esteemed software architecture pundit, Martin Fowler, describes how the need for microservices grew out of the hassle of making relatively minor changes to large monolithic applications running in the Cloud. For example, a simple UI change required all the components in the application to be rebuilt and redeployed across multiple servers.

Improved scalability in a Cloud-based distributed environment is another major advantage of microservices. Older applications required all of their components to be scaled. On the other hand, software designed using microservices only needs the scaling of the most resource intensive portions of the application.

The fact that each microservice is individually deployable ultimately makes this process easier to manage for build engineers.

Improved Flexibility when designing Applications

Being able to leverage collections of microservices is a boon for organizations looking at code reuse for quickly architecting, designing, and building a web-based application. This echoes some of the original promises of SOA – or even piecing together desktop software using components – but the improved granularity of a smaller microservice works better in this era of the Cloud. 

Using microservices also makes it easier to organize an application’s architecture. Fowler notes many enterprises create teams based on the business capability for a microservice. This means each cross-functional team includes personnel responsible for the UX, database, middleware, etc.

From an organizational standpoint, this is a structure similar to the Agile Tribes concept used at the Internet music streaming company, Spotify. Fowler mentioned that companies organizing their software development teams around their chosen application architecture is another example of Conway’s Law influencing the software engineering process – a process we talked about last year.

Designed for Continuous Delivery

As mentioned earlier, application design using microservices helps organizations achieve a continuous delivery model compared to older software architectures. Given a scenario where only a small portion of a microservice needs updating, it is easier to rebuild that granular piece instead of an entire application. Organizations are able to leverage automated test and build routines to streamline the entire process.

Still an Emerging Software Development Model

Fowler feels it is too soon to anoint microservices as the future of software development. “While our experiences so far are positive compared to monolithic applications, we’re conscious of the fact that not enough time has passed for us to make a full judgment. Often the true consequences of your architectural decisions are only evident several years after you made them,” said Fowler.

There’s no denying that microservices architecture is worthy of further analysis by your software development organization. It just may be the missing link on your path to highly scalable and easily deployable applications.

Keep returning to the Betica Blog for additional insights on the software development world. Thanks for reading!

An Overview of Neo4j – the NoSQL Graph Database

NoSQL databases have grown in popularity over the last few years because they meet many needs of modern businesses better than traditional relational databases, especially when trying to gain meaningful knowledge out of the masses of data generated by social media – i.e., Big Data. The “NoSQL” moniker covers a whole host of database formats and structures, with document, graph, and key-value pair databases being three of the most common types. Many of the popular NoSQL databases also have open source origins.

Graph databases are highly suitable for those “needle in the haystack” scenarios when trying to find a singular relationship within a Big Data store. Neo4j continues to be an industry leading example of this NoSQL type. Here is an overview of Neo4j.

The Genesis of Neo4j

Developed by Neo Technology, the first version of Neo4j became available in early 2010. An open source edition of the product is freely available for developers and database professionals to explore its functionality. A variety of commercial licenses, including the Neo4j Enterprise Edition, give businesses additional features, like support for large volumes, scalability, and online backups.

Version 3.1 is the most recent stable release of Neo4j. The growing popularity of graph databases in general is one of the reasons Neo Technology closed on $36 million of venture capital in November of last year. The open source version of Neo4j has been downloaded 2.5 million times.

What makes Graph Databases so great?

Graph databases focus on the connections within the data; greatly outperforming traditional SQL databases in finding relationships between records in real time. Because of this superfast query speed, graph databases are highly suitable in a variety of scenarios, including fraud detection, social network applications, searching for information, and more.

This database format is also appropriate for organizations building applications using Agile. Time isn’t wasted creating massive database diagrams where one table change affects many parts of an application. As such, it nicely serves the needs of the nimble business.

The Advantages of Neo4j

One major advantage Neo4j holds over many other NoSQL and graph databases it its support for ACID (atomic, consistent, isolated, and durable) transactions. This helps ensure the quality of data, especially in widely distributed architectures where data gets replicated across different Cloud-based server farms.

The Enterprise Edition of Neo4j includes a feature known as “elastic scalability” where internal memory stores offer fast queries, with high availability provided by a replication protocol. Even greater scalability is achieved when using the Neo4j version compatible with IBM’s POWER8 processor.

Driver support for many of the most popular programming languages – Java, C#, Python, JavaScript – is included. The robust Neo4j community has also developed drivers for Ruby, PHP, and other languages. The database also plays well with many other data programming frameworks, such as JDBC, Django ORM, Spring Data, and more.

Neo4j also integrates with other popular NoSQL databases, including MongoDB and Cassandra, giving developers a measure of flexibility in building database applications to handle different needs.

If your organization is interested in NoSQL databases, download the open source version of Neo4j and explore how easy it is to create graphs and build queries against them. Soon your customers will be able to find the needle in their haystack of Big Data.

Keep checking out the Betica Blog for additional insights from the wide world of software development. Thanks for reading!