This fresh edition of the Betica Blog news digest contains a few interesting stories from an endlessly fascinating software development world. If interested, here is a link to last month’s article. Use these insights and ideas at your own shop to stay on the forefront of an ever-changing industry.
Developers and QA Engineers on the Frontlines of the Battle for Cybersecurity
Earlier this month, CIO Magazine reported on how software engineers and QA personnel can improve their efforts to prevent cybercriminals and other nefarious agents from hacking their systems and technical infrastructure. This battle is especially fierce considering the growing number of devices connected to the Web because of the Internet of Things (IoT) and mobile technology. Stronger coding practices and more thorough software testing are key factors in protecting applications.
Chris Wysopal, co-founder and CTO of the software security firm, Veracode, commented on the importance of stronger code and testing when considering cybersecurity. “In today’s technology environment, application security testing for vulnerabilities and flaws in software code should be a security best practice, regardless of an organization’s size or industry,” said Wysopal. Unfortunately, a survey by his company reported 83 percent of the respondents deployed code without a full vetting of the underlying application security.
The article noted companies must require developers to perform code reviews focused on security. Additionally, state of the art QA techniques, like static and dynamic application testing as well as white hat testing are needed to ensure an application is sufficiently protected before it’s released into production. While automated testing tools help somewhat, humans also need to be involved to assure the highest possible level of security.
CIO reported that the Open Web Application Security Project (OWASP) provides a valuable resource for companies looking to improve their cybersecurity efforts. It offers practical information on the best practices for ensuring an application’s code is safe. Ultimately, this freely-available information is vital for winning the war against hackers and other cybercriminals, especially concerning the current shortage of application security talent in the IT industry.
Is “Low-Code” the Next Wave in Software Development?
The problems discovered when forced to maintain and enhance legacy applications has led to a new paradigm focused on using tools that assemble pre-written functionality into a complete application. In a sense, this is a streamlined and highly-automated take on the current microservices trend in the industry. SiliconANGLE discussed low-code software development in a February article.
The app used by the ride-sharing service, Uber, is a highly public example of an application developed using low-code techniques. It pieces together functionality from a variety of sources, including Box Inc.’s Cloud storage, Google Inc.’s Maps, payment services from Braintree, Twilio for messaging, and SendGrid’s email services. Many pundits feel the flexibility offered by the low-code model suits today’s competitive business era better than traditional application coding techniques.
The industry research analyst group, Forrester, predicts the low-code software market will grow to over $10 billion over the next two years. “The market for these [low-code] platforms is growing fast, but selecting a platform that actually delivers without creating a [fourth-generation programming language]-like orphan in the software portfolio isn’t easy’” said Forrester. Obviously, this makes it a trend worth watching at your software development shop.
Keep coming back to the Betica Blog for additional news and information on the expanding software development universe. Thanks for reading!