10%

Try : Insurtech, Application Development

Edtech(5)

Events(34)

Interviews(10)

Life@mantra(11)

Logistics(1)

Strategy(14)

Testing(8)

Android(46)

Backend(29)

Dev Ops(3)

Enterprise Solution(22)

Frontend(28)

iOS(41)

Javascript(13)

Augmented Reality(17)

Customer Journey(12)

Design(13)

User Experience(34)

AI in Insurance(31)

Insurtech(59)

Product Innovation(37)

Solutions(15)

E-health(3)

HealthTech(8)

mHealth(3)

Telehealth Care(1)

Telemedicine(1)

Artificial Intelligence(109)

Bitcoin(7)

Blockchain(18)

Cognitive Computing(7)

Computer Vision(8)

Data Science(14)

FinTech(44)

Intelligent Automation(26)

Machine Learning(46)

Natural Language Processing(13)

5 things you need to know from Stack Overflow Survey 2016- JavaScript Continues to Rule The Web.

To gain insight into the state of development, every year tens of thousands of developers are surveyed by Stack Overflow through their service. Stack Overflow serves as a stage where designers share their work and make inquiries identified with coding. Consistently, the site overviews a huge number of engineers to get a thought regarding the present situation of the tech world, making it a standout amongst the most exhaustive designer study ever directed.

Every year the statistics of inside industry are fascinating and this year for 2016’s study, 50,000 to 56033 developers responded from across the industry from 173 countries– and the findings are fascinating, as well as insightful. The company found that JavaScript is still overwhelmingly the most popular development language, with more than 55.4 percent of people saying they use the language. PHP fell 4 percent in the last year to 25 percent, which Stack Overflow attributed to the rise of Node and Angular, but Microsoft’s Visual Basic is the most “dreaded” language. It was also found that 46 percent of the developers have no degree in computer science or any related field and that more than 57 percent of them check in code at work more than once a day.
Survey statistics of January 2016 showed, more than 45 million opened Stack Overflow in their web programs to pose a question or answer something asked by a kindred designer. Most respondents recognize themselves as full-stack designers with a number as high as 28%, trailed by back-end web engineers with 12.2%.

Among overall participants, the most popular developer job title was “Full-Stack Web Developer” at 28 percent, followed by “back-end developer” at 12 percent and around 11.4% percent call themselves an understudy, trailed by 8.4% developers who are Android, iOS, Windows Phone, and multi-stage development developers. Interestingly the most common developer age is 25-29, with more than 28 percent of respondents fitting into the category, followed by 23 percent at 20-25.
Stack overflow engineer overview 2016 designer occupations: Stack Overflow 2016- 1

If we move to the area where we’ll discuss the most utilized advances, JavaScript keeps on decision the web. It’s still the most mainstream programming dialect for web advancement with 55.4% individuals saying that they code in JavaScript. This colossally famous programming dialect is trailed by SQL Server (49.1%), Java (36.3%), C# (30.9%), PHP (25.9%), and C++ (19.4%).Stack Overflow 2016- 4

In “Stack Overflow engineer review 2016 most prevalent technologies”, if we discuss the inclining advancements on Stack Overflow, React, Spark and Swift (taking business sector from Objective-C ‘quickly’) are administering the graphs, while Node.js and Angular JS are on the rise.stackoverflow- 2016- 6

This year we asked respondents if they are Engineers, Experts, Hackers or any of the other descriptors we’ve frequently seen in job listings, business cards, and Twitter bios.
95% of developers identify as either a Developer, Programmer, Engineer, Senior Developer or Full-Stack Developer. Embedded Application Developers are most likely to identify as Engineers. Graphics Programmers are most likely to identify as Programmers.
But Developer is the runaway choice in this survey.Stack Overflow 2016- 5

The average developer has about 6.5 years of IT or programming experience. This isn’t necessarily professional experience (the average student tells us they have 3.4 years of experience). Developers gain experience by building things, even if they’re doing it unpaid or part-time. We’ve found this experience distribution to closely match that of more than 230,000 developers who make their CVs available on Stack Overflow.

Worldwide, the median Front-End Web Developer has 3.5 years of experience. The median Full-Stack Developer has 8 years of experience. And the median Engineering Manager has 13 years of experience.

Stack Overflow 2016- 1

The other points that were highlighted in Survey were, 69% of all developers tell us they are at least partly self-taught. (13% of respondents across the globe tell us they are only self-taught.) 43% of developers have either a BA or BS in computer science or a related field. 2% of developers have a PhD.

Overall, about 73% of developers tell us they think diversity is at least somewhat important in the workplace. 41% of developers say diversity is very important. And developers who most often influence hiring decisions are more likely to believe in the value of diversity than other developer types.

The saddest statistic in the Survey document, which has been highlighted as a major issue at many silicon valley tech companies, is that more than 92 percent of the respondents were male, showing just how gendered the industry really is and how far we need to go.

The study provides a lot of other interesting data if you’re looking for insights into where to move next, or if you’re looking for an easy pay bump. Mantra Labs has been continuously keeping watch on latest trends in Tech companies, to know more about latest trends, connect to Mantra Labs.

Cancel

Knowledge thats worth delivered in your inbox

12 Tips To Secure Your Mobile Application

Cyber attacks and data theft have become so common these days especially when it comes to mobile applications. As a result, mobile apps that experience security breaches may suffer financial losses. With many hackers eyeing to steal customer data, securing these applications has become the number one priority for organizations and a serious challenge for developers. According to Gartner’s recent research, Hype Cycle for Application Security, investment in application security will increase by more than two-fold over the next few years, from $6 billion this year to $13.7 billion by 2026. Further, the report stated, “Application security is now top-of-mind for developers and security professionals, and the emphasis is now turning to apps hosted in public clouds,” It is crucial to get the fundamental components of DevOps security correct. Here are the 12 tips to secure your mobile application: 

1. Install apps from trusted sources:

It’s common to have Android applications republished on alternate markets or their APKs & IPAs made available for download. Both APK and IPA may be downloaded and installed from a variety of places, including websites, cloud services, drives, social media, and social networking. Only the Play Store and the App Store should be allowed to install trustworthy APK and IPA files. To prevent utilizing these apps, we should have a source check detection (Play Store or App Store) upon app start.

Also read, https://andresand.medium.com/add-method-to-check-which-app-store-the-android-app-is-installed-from-or-if-its-sideloaded-c9f450a3d069

2. Root Detection:

Android: An attacker could launch a mobile application on a rooted device and access the local memory or call specific activities or intents to perform malicious activities in the application. 

iOS: Applications on a jailbroken device run as root outside of the iOS sandbox. This can allow applications to access sensitive data stored in other apps or install malicious software negating sandboxing functionality. 

More on Root Detection- https://owasp.org/www-project-mobile-top-10/2016-risks/m8-code-tampering

3. Data Storing:

Developers use Shared Preferences & User Defaults to store key-value pairs like tokens, mobile numbers, email, boolean values, etc. Additionally, while creating apps, developers prefer SQLite databases for structured data. It is recommended to store any data in the format of encryption so that it is difficult to extract the information by hackers.

4. Secure Secret Keys:

API keys, passwords, and tokens shouldn’t be hardcoded in the code. It is recommended to use different techniques to store these values so that hackers cannot get away quickly by tampering with the application. 

Here’s a reference link: https://guides.codepath.com/android/Storing-Secret-Keys-in-Android

5. Code Obfuscation

An attacker may decompile the APK file and extract the source code of the application. This may expose sensitive information stored in the source code of the application to the attacker which may be used to perform tailored attacks. 

It is better to obfuscate the source code to prevent all the sensitive information contained in the source code.

6. Secure Communication:

An attacker may perform malicious activities to leverage the level of attacks since all communication is happening over unencrypted channels. So always use HTTPS URLs over HTTP URLs.

7. SSL Pinning:

Certificate pinning allows mobile applications to restrict communication only to servers with a valid certificate matching the expected value (pin). Pinning ensures that no network data is compromised even if a user is tricked into installing a malicious root certificate on their mobile device. Any app that pins its certificates would thwart such phishing attempts by refusing to transmit data over a compromised connection

Please refer: 

https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning

8. Secure API request & response data

The standard practice is to use HTTPS for the baseline protection of REST API calls. The information sent to the server or received from the server may be further encrypted with AES, etc. For example, if there are sensitive contents, you might choose to select those to encrypt so that even if the HTTPS is somehow broken or misconfigured, you have another layer of protection from your encryption.

9. Secure Mobile App Authentication:

In case an application does not assign distinct and complex session tokens after login to a user, an attacker can conduct phishing in order to lure the victim to use a custom-generated token provided by the attacker and easily bypass the login page with the captured session by using a MiTM attack.

i) Assign a distinct and complex session token to a user each time he/she logs on successfully to the application. 

ii) Terminate the session lifetime immediately after logging out. 

iii) Do not use the same session token for two or more IP addresses. 

iv) Limit the expiry time for every session token.

10.  Allow Backup 

Disallow users to back up an app if it contains sensitive data. Having access to backup files (i.e. when android:allowBackup=”true”), it is possible to modify/read the content of an app even on a non-rooted device. So it is recommended to make allow backup false. 

11. Restrict accessing android application screens from other apps

Ideally, your activities should not give any provision to the opening from other services or applications. Make it true only when you have a specific requirement to access your flutter screens from other apps otherwise change to android:exported= ”false”

12. Restrict installing packages from the android application

REQUEST_INSTALL_PACKAGES permission allows apps to install new packages on a user’s device. We are committed to preventing abuse on the Android platform and protecting users from apps that self-update using any method other than Google Play’s update mechanism or download harmful APKs.

Conclusion: 

Mobile Apps have become more personalized than ever before with heaps of customers’ personal data stored in them every day. In order to build trust and loyalty among users and prevent significant financial and credential losses for the companies, it is now crucial to make sure the application is secure for the user. Following the above-mentioned mobile app security checklists will definitely help to prevent hackers from hacking the app.

About the Author:

Raviteja Aketi is a Senior Software Engineer at Mantra Labs. He has extensive experience with B2B projects. Raviteja loves exploring new technologies, watching movies, and spending time with family and friends.

Read our latest blog: Implementing a Clean Architecture with Nest.JS

Cancel

Knowledge thats worth delivered in your inbox

Loading More Posts ...