A routine day at Infinijith starts with the discovery phase. In web and mobile apps development, the key is to offer consistent, optimal, well-grounded and user-centric solutions, which withstand the test of times.
Our way of web and mobile apps development starts with discovery stage, so that we are sure,
That we can deliver the optimal, reliable and user-friendly solution that customers and users will be delighted to use.
Karuna worked as a full stack developer on my team. He worked primarily on the Angular.JS layer of our stack and does thorough and thoughtful work. He understands the Angular.JS tool chain - Grunt, Karma, Jasmine, Bower and Protractor. I've put him through many difficult technical situations...
The importance of a secure code has never been important today than ever before. Thus, it begs the question: why don't programmers write more secure code? From the benefits that range from security and safety of confidential information, sound market reputation, to the risks including lawsuits, poor brand image, security code isn’t just about preventing vulnerabilities. The professionals at the Software Engineering Institute of Carnegie Mellon University came up with ten secure coding practises. As simple as it may sound, these are quite effective to secure your hard worked code: 1. Validate input: This you should do from untrusted data sources. Input validation, if properly done, can get rid of most software vulnerabilities. Be wary of most external data sources such as network interfaces, command line arguments, user controlled files and environmental variables. 2. Heed compiler warnings: Code compiling should be done with the highest warning level for the compiler; remove warning with code modification. The additional security flaws should be detected and eliminated with static and dynamic analysis tools. 3. Design & Architect for security policies: Go for software architecture and design your software to enforce and execute security policies. For instance, if your system is designed for different privileges at various times, you should consider dividing it into separate intercommunicating subsystems, each provided with a suitable privilege set. 4. A minimalist approach: Complex designs are likely to increase their error made in the configuration, implementation and use. Further, if you have a robust security mechanism, you needn’t worry about the assurance level. 5. Default deny: The access decisions should be permission-based instead of exclusion-based. This implies that, access, by default, is denied and the conditions, identified by the protection scheme, grants access to permission. 6. Stick to the principle of least privilege: Every process should entail with the least set of privileges needed to finish the job. Any elevated permission must only be accessed for the minimal amount of time needed to finish the privileged task. This can thwart any chances an attacker has to implement arbitrary code with elevated privileges. 7. Clean up data sent to other systems: Clean up and sanitize all data that is passed to complex systems including commercial off-the-shelf (COTS) components, relational databases and command shells. Attackers can invoke functionalities left unused of in these components via the use of command, SQL or several other injection attacks. And we know quite well that this isn’t essentially an input validation issue as the complex subsystem that is being invoked has no understanding of the context in which a specific call is made. As the calling process has a fair understanding of the context, it can sanitize and clean up the data before the subsystem is invoked by it. 8. Practice deep level defence: Adopt multi-layered defensive strategies; therefore, if one layer is not good enough, another layer of defence should serve as a citadel against exploitable vulnerabilities and reduce the effects of a potential exploit. For instance, a combination of secure runtime environments and secure programming methods should likely reduce the probability of the vulnerabilities found in the code level at deployment time could be exploited in the operational environments. 9. Use efficient QA techniques: Effective QA techniques can be useful for eliminating and identifying vulnerabilities. Penetrating testing, source code audits and Fuzz testing should be included as part of an effective QA program. Secure reviews, if done independently, can result in more secure systems, because this can bring in an autonomous perspective; for instance, in determining and fixing invalid assumptions. 10. Deploy a sound and secure coding standard: Stick to a secure coding method. Create and/or apply a secure coding standard for your intended development platform and language.
An automated unit test suite gives you a number of unique advantages in comparison to other testing strategies; let us take a quick look at some of the possible reasons why unit testing is to be automated: Automated unit testing fixes issues effectively as early as it can, long before the customer gets to use the software, and even before the QA team eliminates them. Most issues in new code are uncovered before now the developers/coders check code into source control. An automated unit test suite keeps watch over the code in two dimensions: space and time. In time dimension, it ensures that code written works now as well as in the future: With respect to the space dimension, the unit test that you write for some other feature guarantees the new code doesn’t infringe upon them; similarly it ensures that the coding done for other features doesn’t adversely impact the code written for this feature. Refactoring a code is altering some code without affecting its behaviour, whilst at the same time integrating new features to the software. Automated unit testing should be set up before refactoring or cleaning up the current code to achieve a clean code structure. When you run the unit tests applying the fixes, they will uncover unwanted side-effects. Releasing quick fixes is neither the solution, nor is publishing hotfixes – only an automated unit test can reduce such things, whilst without causing new problems. Automated unit testing can improve the project’s truck factor, nothing but the number of coders that if, supposing, hit by a truck would bring the project to a standstill. By improving the truck factor of the project, the developer would find it easier to take over and work on a piece of code he/she is not thoroughly familiar with. Remember if your project’s truck factor is ‘1’, then it is under higher risk. Last but not least, automated unit test brings down the need for a project’s manual testing. Though some manual testing will be required, running an automated unit testing is not only cost-effective but critical to perform the mundane testing, while the QA team can deal with the hard-to-find bugs. The combined effects of the benefits discussed above will transform the area of software engineering to be more repeatable and predictable, similar to an engineering discipline, while not putting the ‘art’ in design and coding phases completely out of context. What automated unit testing can do, at best, is to remove the shortcomings of the ad-hoc approach in software development which is the major reason for several problems that confront software projects. Importance of Writing Unit Tests Unit testing, a key area of agile software development process, is excellent for designing robust software, thereby maintaining code and eliminating the glitches in code units. The QA team should never accept any build for verification in the case of any of the failure of the unit tests. This, when made into a standard process, can help catch defects in the early project development cycle, saving valuable time. Takeaways: Testing can be conducted right at the beginning phase of the software development lifecycle. Bug fixing in unit testing can solve several other issues occurring in the testing and later development cycle. Cost involved in fixing a defect and the number of bugs is lower than of acceptance or system testing. Code coverage can be effectively measured. Code completeness can be achieved running unit tests. Robust design and developers, as coders, write test cases only by taking in the specifications first. Easy to identify who disrupted the build. Shortened development time due to reduced defect count How will you write good unit tests? A unit test should be written for the verification of a single unit of code and not the integration. Smaller chunks and isolated unit tests with well defined naming would render it easily maintainable and simple to write. If one part of the software is changed, it shouldn’t affect the unit test if those are small and isolated and developed for a particular unit of code. It should run fast and the unit test must be reusable. Myths and Truths: 1. Myth: Writing code with unit test cases is time consuming Truth: Saves up development time , as a matter of fact. 2. Myth: Unit testing will find every single bug Truth: It is aimed at building robust software component having less number of defects in the later phases of SDLC. 3. Myth: 100 percent code coverage means 100 percent test coverage Truth: No guarantee for error-free code How unit testing improves manageability? Unit testing can help managers control and manage projects better. Functional managers and project managers are focussed on the core activities of the developers. Unit testing can enhance management in a gamut of areas such as reporting and visibility, control and course correction, speed and efficiency, predictability and planning, and customer satisfaction. How automated testing can help? Automated testing is an excellent way to check if the code is functional and continues to do so as intended. Here are specific objectives that must be met: The developer should be able to run the collective efforts of all the developer’s tests. The CI (continuous integration) server must run the complete range of tests sans any manual intervention. The test outcome must be iterative and unambiguous. The primary objective is a range of automated unit tests that help any coder to verify that their current set of changes don’t disrupt existing code under test, thereby eliminating undesirable or accidental outcomes. The second objective is vital in that the CI server can run these tests integrated as part of the thorough and full build cycle, thereby allowing it to verify the efficiency of the system. If you’re a developer you can run the complete automated test suite with zero configurations or setups. The third objective demands the tests be correct, consistent and clear. This means whether a change in the code necessities the tests were through before or if the tests will prove successful if tests are re-run. The Bottom Line Unit testing requires proper execution and consistency. Software projects are quite effective at offering the correct solution in a managed and predictable way. Three objectives to bear in mind when you begin to write your unit tests: Readability – Writing test code that communicates for itself and simple to understand Maintainability–Writing test code that are consistent over time and robust Automation– Writing test code that need zero to little configuration and setup
Before we look at the benefits of MariaDB, let’s take a quick look at what MariaDB. MariaDB is an open source (OS) database management system (DBMS) that is MySQL-based. It is a development derivative or fork of MySQL and it can replace MySQL exceedingly well. MariaDB was developed after the world’s most popular open-source database, MySQL, and Oracle Corporation later acquired it. One of the biggest advantages of MariaDB is increasingly focussed on security for the database with the MariaDB team working all round to find and fix security issues for both MariaDB as well as MySQL. As for compatibility, MariaDB is to be created as a database solution which enables one to move a MySQL database right into the MariaDB system conveniently. This brings us to the question why enterprises choose MariaDB over others, which is what the blog will cover: MariaDB supports numerous engines: Aria, SphinxSE, TokuDB, FederatedX, ScaleDB, Spider, etc, in comparison to MySQL, perhaps even more than the common InnoDB to xtraDB, which is nearly equal to InnoDB, but comparatively powerful. MariaDB is growing aggressively and continuously in comparison to MySQL. This is partly due to the fact that it is open source. Updates are sent out to end users faster compared to MySQL. MariaDB, for commercial use, provides a cluster database which also brings about multi-master replication. One can make use of it freely and doesn’t have to rely on MySQL Enterprise system for it. MariaDB is optimized for superior performance and displays powerful features than MySQL for voluminous data sets. Effortless migration from other DBMS to MariaDB is another key advantage. Also, switching to MariaDB is a cinch. Warnings and bugs are fewer in number with a gamut of extensions. The creators of MariaDB wanted its code to be maintained open source. MariaDB versions are identical to that of MySQL via version 5.5. It lends almost all the features of the MySQL 5.5 features. After MySQL 5.5, MariaDB version begins at 10. This is an indication that not every feature from MySQL or future releases would be imported. The present stable release of MariDB (at the time of writing this blog) is 10.2. There have been MySQL improvements before and will continue so such that MariaDB will never steamroll them. As for now, they are somewhat compatible at the storage level; however, with time, they will show up more diverse functionalities. With various performance enhancements, MariaDB has improved query performance, multi-source replication and parallel replication. MariaDB displays much of an open source attitude. Implementing Galera is better in the case of MariaDB. It also comes as a default option in a number of hosting environments such as RackSpace Cloud and some distro such as the Red Hat series. And there are good reasons for you too to make a transition to MariaDB: MariaDB is built fully in the open with the patch flow transparent in the fully public and updated code repository. There is a lot of community around. MariaDB releases upgrades and security announcements at the same time and handling the post-transparency and pre-secrecy in a proper way. It comes packed with cutting edge features and goes through a more exhaustive review pre-release. MariaDB comes with a large amount of storage engines and other plugins, shipped with the official release. MariaDB is known to be a better query optimizer exhibiting a range of performance related improvements. Galera, a cutting-edge clustering engine enables new scalability architecture for MySQL/MariaDB. Oracle stewardship is dubious. The release of Red Hat Enterprise Linux 7 and SUSE Enterprise Linux 12 has enabled vendors to pick MariaDB rather than MySQL and pledges to support their MariaDB versions for up to 13 years - that is the lifetime of the main distribution releases. Easy to migrate and compatible, even from 5.6 to 10.0 without any issues.