AlignMinds Technologies logo

SINCE 2009

Founded over 15 years ago, we’ve grown from a small team in Kochi, India, to a leading global technology consulting company that transformed businesses by our design led product engineering.

info@alignminds.com
+1 850 999 7458 | +91 484 485 4333

Category: All Blogs

Whats trending – Our team writes about technology frontiers and engineering excellence.

Posted on

Mobile Security: A Growing Concern in COVID Times

“One single vulnerability is all an attacker needs”
-Window Snyder

Mobile phones are becoming an efficient mode of communication and making life easier. New models and more advanced technology are introduced into the mobiles to meet the needs of people and make their life easier. With the ability to stay connected with people, pay bills online, storing data, taking pictures and many other irresistible features, the mobile phone has become an inevitable part in human lives.

As the different applications and features in a mobile phone make our life easier, it is also raising the risk of exposing our sensitive and confidential data to the hackers.

How do hackers cheat people to get their devices hacked?

The hackers are so much active and finding new ways to cheat people through a fake email, a fake web page etc. Especially, as people are in a state of fear due to this Covid-19, hackers are taking advantage of this situation. They use Covid-19 themes to create urgency and people unaware respond to this malware becoming victims of phishing and hacking. The scammers pretending to provide support and help by providing free meal coupons and such offers, often trick people to believe this is real. People unknowingly fall prey to this by clicking the malicious link and giving access to the personal information stored in their phones. Other sets of attackers persuade citizens to download malware by impersonating health organizations conveying important health information and tips.

Mobile malware, phishing, hacking is becoming common factors of threat in the mobile world. Protection of mobile phone data at personal and at the enterprise level has become very crucial.

How to protect your data in your mobile phones?

Bring self-awareness about security threats, training employees about the security measures, taking enough precaution steps are some good ways to protect the mobile phone data.

Popular brands have their own expert teams to protect their products and their users from attack. For example, Google’s Threat Analysis Group (TAG) is a group of experts that provide a solution to protect their products and their users from phishing and scams. They work continuously to identify new threats and scams in the market.

Various organizations provide several mobile security services such as Mobile Device Management (MDM), Mobile App Access (MAA), Data Leakage Protection (DLP), Identity Right Management (IRM).

Here are few recommended security practices everyone should follow at personal and at enterprise level:

  • Implement robust authentication measures
  • Ensure routine updates and data backup
  • Block suspicious applications
  • Continuous monitoring of connected devices
  • Perform regular health checks

Let’s consider each of the security practice in detail.

1. How to implement robust authentication measures in mobile phones?

At personal level,

Set a screen lock (there are a number of ways to lock your smartphones based on the model of your phone), eliminate unwanted apps, block ads/tracking malware etc in your phone, keep notifications off the lock screen are some of the simple and common ways to secure your mobile phones.

Some more advanced mechanisms to provide secured passwords are providing pattern lock, setting a PIN number, and biometric authentication with fingerprint and face recognition. To make the authentication even stronger, one can combine these authentication methods along with multifactor authentication:

The different levels of authentication that can be applied on mobile devices are listed below:

Username Password authentication is sufficient where the apps are not very sensitive. This is a common form of authentication among social media apps.

Dual factor authentication

This method adds an additional layer of security making it harder for the intruder to get access to the mobile phone and its data. Here, PIN along with security token is used to authenticate users accessing the device.

Three factor authentication

Biometric factor along with this dual-factor authentication makes this authentication more secure to access the devices. The personal attributes of the user such as the voice or fingerprint are also used to authenticate the user in this method.

Geographical location tracking and device information

Geographical location tracking and device information can help prevent fraud by providing limited access to devices.

Behavioural analysis

Bigger enterprises also make use of technology connected to behavioural studies. It helps track any unusual user activities. If any different behaviour is noticed at the user end, they will be subjected to re-authentication. This behaviour also gets included in the Audit Analysis database for further monitoring and analysis.       

The authentication mechanism that an enterprise adopts depends on their needs and ability to adopt security mechanisms. Some enterprise uses OTP to authenticate their user that works well for the enterprise needs. Many banking applications use OTP as a mean for ensuring security.

Other enterprises adopt PKI authentication which utilizes a private non-transferable encryption key stored as a hardware token. They are also recognized by government regulations.  

2. Ensure routine updates and data backup

Ensure the updates are installed in mobile phones. Software updates for the mobile devices include the patches to the security holes for various security threats, so make sure to install the update as soon as they are available. Running an outdated or pirated version of OS could be more prone to mobile malware and malicious attacks.

Data backup is an essential security procedure that must happen at personal and at the enterprise level. The user data can be set for auto backup. How much and how often can be pre-defined.

At the enterprise level, based on how much data to back up and the budget available for data backup processes, they can choose an appropriate media like an external hard disk or NAS box with cloud back up for backing up their data. Other optical storage media like CD/DVD, Blu Ray etc can be considered as other cheaper alternatives, however, their life and capacity could be short.

3. Block suspicious applications

It is worth to check periodically what applications are given access to your device. The malicious apps may contain a piece of code that can extract personal details and other critical data. Before a download, always check the permissions of the app, the number of downloads, ratings, and reviews about the app. Do not download from third-party stores.

There is also good antivirus software available. Some are free, and some are paid but might provide better support. Based on your preferences, you may select a good one that meets your requirement.

4. Continuous monitoring of connected devices

Logging of activities at a various level can help to make access to mobile phone secure. Logging of text messages, social media activities, other web activity, application blocking etc to track any unusual activity can bring better security.

Protection can be made stronger at the enterprise level by using security services by various providers. For Example, AWS Security Hub, you can receive security threat alerts using services like GuardDuty for continuous threat detection.

5. Perform regular health checks

With emerging technologies and evolving security risks, the security aspects have become a huge challenge. Strong security solutions must be in place to identify vulnerabilities and an organization’s risk against real-world threats.

The more we are technology-dependent, the more we are prone to malware and cyber-attacks. It is mandatory that every individual is self-aware about phone security threats and preventive steps to protect their mobile phone data. Every employee at the enterprise level must be trained for security awareness.

Even if all the necessary steps to prevent the threat are in place, the security threat cannot be eliminated, however, it can be mitigated. There could still be attacks and losses, however, those losses could be controlled in a reasonable manner if we are well prepared. Security breaches, the violation to compliance law, data leakage etc. can cause severe damage to an organization’s reputation and trust among their users and business partners. So, it is very critical to adopt enough security measures to protect the data in smartphones and mobile applications.

Implementing effective security measures, making data protection practices a mandate, setting defined protocols for lost or stolen devices, spending money to bring security awareness among employees is a worthwhile investment and would benefit the organization in their long run.

“The only real security that a man have in this world is a reserve of knowledge, experience and ability”
Henry Ford

Posted on

Making Secure Financial Transactions on Mobile: Always Do This!

For the last few years, our mobile usage grew extremely high and this leads to a huge risk of data theft. Here the Government itself promote digitalisation and there arises a discussion on a very interesting topic of securing financial transactions on mobile devices.

Security for mobile devices has been advancing in an enormous way. But, compared to computers within your home network, mobile devices can be less secure. Here are a few tips you can follow to make your mobile devices more secure and use them to perform transactions that are protected.

How to make financial transactions on mobile secure?

1. Do not download apps from untrustworthy sources

Do not download 3rd party applications from other areas outside the App Store. Download apps only from the official App store for your device. Also, checking and verifying the following things before you download an app will help you with securing all the finical transactions you are going to perform later.

Read Reviews and check the ratings

Imagine ourselves as a customer who is buying a product from a shop. We would usually check the reviews and ratings of the shop and the products before making a purchase decision. Like that, you should undergo a habit of reading the reviews and checking ratings of the app before downloading it. There are apps that are fake and do not reveal much information on the app store. Going through the reviews and ratings will help you with deciding whether the app is useful to you and secure.

Number of Downloads

An app with a high number of downloads is more likely to be genuine and secure. An app with 1 million downloads makes it evident that there is a positive buzz created around the app due to its usefulness and security. A security breach will be less likely in case of such apps since it will affect the wide customer base they have.

Also, due to its huge customer base, the developer will usually have the budget and resources to maintain the security of the app even if the threats surrounding the mobile app evolves. So, using only the most popular apps is an easy way to secure financial transactions or any type of transaction on mobile devices.

Find the vendor or developer

App store shows the contact details of the vendor/developer of the app. Find and learn their security and privacy policies. Check whether your information is used for any other purpose and what are the purposes of sharing user data with third parties, if they are doing so.

Granting Permissions

Do you have a habit of granting all the permissions asked while getting the app installed on your device?

Due to convenience, users have the habit of granting all the permissions without checking what are they and whether they are really needed while installing a new app on their device!

While granting all the permissions allows users to explore the features of the app, granting unwanted permissions may put you in trouble. Asking permission to access the camera or social media accounts may be appropriate for a video editing app. Messaging apps like WhatsApp asks permission to access your messages and contacts. But, a mobile app that in no way is designed to make a call or send messages or email to people is asking for access to contact list may be inappropriate, especially if the app was downloaded from untrustworthy sources.

So, make sure that only the appropriate permissions are granted while installing the app.

2. Strong Password Protection

The first thing a user does in his new mobile is setting up a security password/pattern lock. The reason may be privacy more than security.

A strong password is a better way to protect your device. Nowadays, most of the smartphones are enabled with at least one of these features like facial recognition, iris scan, and fingerprint etc to secure mobile devices, restrict unwanted people accessing them and protect all types of transactions that will be done using the devices. These features offer more security and protection for your devices than a PIN or password can offer.

3. Keep your software updated

You must ensure that software on your devices is up to date. Updating software regularly ensures more security, and since they often fix security vulnerabilities from time to time, hackers will not be able to use them to their advantages.

4. Transactions only through secure mobile websites

In some cases when you have no computer to access online shopping portals to do some shopping and there are no apps available on the App Store to help you with it, you will be forced to use the mobile version of their website. In such cases, using only a secure HTTPS connection to access the website will be the first step to secure your transactions. This is a guarantee that any data passed between your device and the server are only shared between these two machines. Always check whether there is a padlock icon before dropping items to the shopping cart. The padlock symbol usually means that the transactions are protected and the webpage is secure. This also means that you should not be doing financial transactions through websites that do not have the padlock symbol on the address bar or on the top of the screen in case of mobile devices.

5. Don’t pass sensitive information through public Wi-Fi

Any information sends through public Wi-Fi can be accessible by those who have access to the network. So, use only your phone’s cellular network or your home’s password-protected internet connection for doing secure financial transactions.

6. Check bank statements and mobile charges

The majority of identity theft cases and cybercrimes involve financial fraud. So check your bank statements regularly and immediately report if there is any suspicious activity. Authentication through fingerprint can be enabled for banking apps on top of PIN or passwords authentication, allowing you to maintain more security for your financial transactions.

The Bottom Line

As technology is advancing, more techniques and methods and deployed to secure financial transactions. But, frauds and thefts are also on the rise as culprits are leveraging the same technology advancement. It may not possible to prevent all fraudulent transactions and data theft. These are some of the tips you can follow and invest in some type of protection to some extent.

This article is written by Sarath M V, Manager – Finance and Administration at AlignMinds Technologies

Posted on

Future of Application Development and the Role of Microservices Architecture

An era without software seems to have been a millennium ago. We are used to software like never before. Be it creating a meeting appointment or switching on your air conditioner before you get home, software is an integral part of our life.

What is the future of app development and what will be the role Microservices Architecture?

Traditional software development has been following a monolithic approach. Any change will require the whole system to be updated. For example, if you run an ERP software and you want to make a change to the purchase module only, you’ll have to upgrade the rest of the software as well. It’s a single code base with multiple modules bundled together. However, this approach brings in a lot of disadvantages

  • Over a period of time, this becomes complex and impossible to manage.
  • Developers find it difficult to understand.
  • Modules are tightly coupled, eliminating the possibility of reuse.
  • Increases the risk of failure.
  • Testing is slow due to the higher amount of regression to be performed.
  • IDEs and Web servers tend to get overloaded due to monolithic code.
  • A high degree of coordination is required to scale development.
  • Results in long term lock-in of technologies.
  • Difficult to scale the application.

The result is that it takes ages to develop and deploy even small releases or bug fixes causing huge expenses and missed market opportunities.

The smartphone revolution in the latter part of the last decade has placed cutting edge software in the hands of the consumers. People are using mobile apps for everything they do – shopping, health, entertainment, work and securing their home. Every enterprise out there is looking to woo the consumers and get a share of the pie. Global IT spend is expected to touch $4 Trillion in 2022 after factoring in the expected decline in 2020 due to COVID-19 situation.

In today’s dynamic and competitive market, it is all the more important for software providers to be able to quickly and continuously release product updates and bug fixes. And where the traditional methods fail to deliver, newer ideas like Microservices are taking centre stage.   

What are Microservices?

Microservices, by definition, is an architectural style in which the application is a collection of loosely coupled services. In Microservices architecture, a large application is divided into small modular services and have the following characteristics –

  • Services are technology agnostic and use light weight protocols to communicate.
  • Services are organised around specific business capabilities.
  • Services are small in size, autonomously maintainable and independently deployable.
  • Services are built and released with automated processes.

What are the advantages of Microservices?

The advantages of breaking an application into different smaller services are numerous.

1. Modularity and simpler development

Each Microservice is a small module. Hence it is easy to understand, develop and test.

2. Scalability

Microservices are implemented and deployed independently of each other. Since they are independent processes, they can be monitored and scaled independently.

3. Empowered teams and distributed development

Microservices can be developed, deployed and scaled in parallel by small autonomous teams. Each team is empowered to make architectural decisions. The architecture of each service evolves independently to achieve the best results.

Microservices architecture helps with building and deploying application faster.

4. Build and deploy faster

Microservices architecture employs continuous integration, continuous delivery and deployment. This significantly reduces time to market and human errors.

5. Isolation of services and reduced risk of failure

Since Microservices are modular and independent, there is a reduced risk of overall system failure. Isolated services are easier to debug and fix.

6. Freedom to try different technologies

Since Microservices are technology agnostic, each service could be implemented in a different technology, whichever is best suited to the business function being performed. Sometimes, the choice could be based on the knowledge levels of available developers. A service written in Node.js works harmoniously with one written in Go. The focus is on implementing the business capabilities and not technology.

7. No long-term lock-in of technologies

Microservices are sufficiently small and independent. Hence it is easy to implement a service in new technology and replace the old one when the technologies become obsolete. It is easy to upgrade without impacting the system.

Companies like Amazon, Netflix, eBay, Coca-Cola, PayPal, Walmart, Spotify and many more have refactored their applications into Microservices. We are seeing deeper integration of microservices offerings in Google Cloud, AWS and Azure. AWS Lambda is a great example of serverless microservices. Microservices style of architecture is gaining traction quickly as the preferred method of implementing applications throughout industrial verticals. Companies are embracing innovation to increase the efficiency of product teams and reduce development and deployment times. With its rapid adoption rate, it is predicted that Microservices will become the default architecture for applications in the years to come.

This article is written by Madhu M Peringote, Director of Technology at AlignMinds Technologies

Posted on

Want Your MVP to be Successful? 5 Most Important Considerations

Erik Ries who wrote the bestseller The Lean Startup says that the best strategy to dive into the Product-Market fit is by rolling out a Minimum Viable Product(MVP) and continuously iterating the same based on user’s feedback. This is the exact opposite to what we do today which is to release with what we think is our final and perfect product to the public.

This is not a wise idea!

“If you are not embarrassed by your first release, you probably spent too much time on it”

Here are the 5 most important rules for building a successful Minimum Viable Product(MVP).

5 Most important rules of building a successful MVP

1. Learning must be your goal!

MVP is the version of a new product which allows the team to gather a maximum amount of validated learning about the customers with the least amount of time and money. Your concept must be genuine. If you cannot explain it clearly and simply, don’t expect that your customers will understand it.

The important point is that you must have a clear idea about what you want to learn from this feedback. What problem your MVP is going to be addressed? Are your customers really like your idea or not? What is the important feature you would like to have on your product to solve the problem which you are planning to address? The problem you are choosing to get answers is the most important thing and chose it smartly to validate the results in build, measure and learn product building ecosystem.

2. Do not waste too much money

The whole idea behind building a minimum viable product is that you get a chance to review and improve your product before you are pouring a lot of money into it. So, you don’t need to release a full-fledged version of your product and instead, please concentrate on the main problem you are planning to get resolved or your core idea. It must be a cheap and not time-consuming solution to get feedback from your customers. You can choose the best-suited one from the different types of MVP.

3. Choose your target customers wisely

You will face more difficulty in finding the right customers if your proposed solution is more innovative. It’s not necessary that your proposed solution must be for everyone! You can share your MVP with the same people from your professional network who find passion in new ideas, give honest and constructive feedback. I am sure that they will give you an impartial opinion about the questions you are asking and will be the entry point to a wider section of your targeted customers.

4. Test, test, test and more test

If your assumptions are not correct, then there is a great chance that your MVP is going to be a disaster. Avoid it at any cost. The best way to get it is to test our MVP more and more. Your thinking will not always be the same as what the customers are actually looking for. Instead of assumptions, it’s always better to find an answer and validate every hypothesis even if it looks good. The more feedback you get through testing, the more you are closer to your customers’ needs and goals.

5. Changes make your product fantastic

“ Everybody has ideas, however, what really matters is having ideas to solve real problems”
– Orkun Ozbatur

Our ideas and views are so dear to us so much so that we always have a tendency to avoid the actual feedback from the customers. Most of their feedback might not be in align our ideas. This is the prime reason that many products are ended up by using very fewer people apart from us. The thumb rule is that if your product needs to be successful in the market, it must be liked and used by the real customers not us. It’s anytime a good idea to develop one which the customers love and are ready to spend their hard-earned money on it.

This article is written by Manoj Pillai, Head of Delivery at AlignMinds Technologies

Posted on

Why a Heuristic Evaluation Is Critical for Your App UX

If you want to be a winner, you must have a good user experience for your apps. Major game changers in the field like Facebook, Apple and Google invest a lot of time and energy on user experience and they are very keen on building a UX team. It is their secret mantra for success and brand value.

But, except these powerful companies, many take the least interest in building a good user experience team. It’s because of this reason that the market is flooded with poorly user experienced products and services which are costing trillions of dollars in US e-commerce domain alone.

“88% of online consumers are less likely to return to a site after a bad experience.”
– Justin Mifsud, Usability Geek

It’s at this point that a well-known usability method called “Heuristic Evaluation” is coming into the picture.

Heuristic Evaluation

Heuristic Evaluation is a stage in the product development process where few usability experts evaluate the usability of the product interface against a checklist of 10 accepted principles called Heuristics. This can be done throughout the product development life cycles to make sure that the designed solution satisfies all the expectations from the real user’s point of view.

After the evaluation is done, the usability experts submit a list of their usability findings to the product development team. The Product manager can then instruct his team to incorporate those suggested recommendations on their product. If properly incorporated, this will resolve around 80% of the usability issues of the product.

Heuristic Evaluation vs usability testing

Please do not confuse Heuristic Evaluation with usability testing. While Heuristic Evaluation is done by product development usability experts with accepted guidelines, usability testing is something that we give a task to the potential user and then observing how he or she is moving around the product with the tasks in hand.

When to do a Heuristic Evaluation?

It’s better to do Heuristic Evaluation at the early stage of the design process of your interface. If you do it early, you will get good usability opinion before the actual users are exposed to it. The more complex the user interface becomes at the later stage, the more difficult it will be to incorporate the feedback. It will also be at the cost of time and money.

If your product team is delivering stuff through SCRUM methodology, Heuristic Evaluation will be very handy for the product owners to design their sprints and prioritize the user stories accordingly. Normally the evaluators present the list of their findings on priority order. This will help the sprint team to get the works done on priority and thereby can reduce the chances of skipping the deadlines.

Why do a Heuristic Evaluation?

Heuristic Evaluation is the most practical and cost-effective usability technique compared to other methodologies which are time-consuming and costly. While developers are busy with developing the product, the experts can evaluate the product at each sprint and give their opinion to the team. Then the team can incorporate the suggested opinions and present back a much better product for review to the usability experts. It goes on until a well-refined product is delivered to the public for their use.

Heuristic Evaluation does not mean that you do usability testing at all! In fact, both can be used in parallel to find out the hidden usability issues which otherwise would not have been possible in the routine development process. You can use various usage reports to evaluate the effectiveness of the Heuristic Evaluation you have implemented on the product. If you can spot some trends on the usage reports, you can concentrate on that part for a Heuristic Evaluation.

Conducting a Heuristic Evaluation

You can select any user interface for a Heuristic Evaluation. Even if it’s a rough sketch, wireframe or a final high-fidelity layout, all these can be used for the evaluation. That is the best part of it. The only condition is that it must somehow showcase the same features and functionalities which you are going to be released to the market. It’s not a one-time evaluation but it’s a continuous iterative process.

It’s always better to use three to five evaluators to do it. This will give you a comprehensive picture of different viewpoints.  Instead of using the product team members, it’s always better to use people from outside the team belonging to different professional backgrounds and age groups. This will give you different feedback from the real customer point of view of using the features which might have been downplayed by its own product teams.

After the selection of evaluators, we can proceed for inspecting the interface. Let each evaluator come up with their own exclusive feedback. In this way, we will be able to a get unique viewpoint of each of them. Observers can be deployed to assist the evaluators in case if they need any clarification about the design. Their evaluation is based on Jakob Nielsen’s 10 Usability Heuristics for User Interface Design which are regarded as the basics for creating a better product from the usability perspective.

They compare the design against each of these rules and record their findings for future analysis and implementation.

After the evaluation, the evaluators can sit together and discuss their findings. They can reach on some common grounds and the differences can be settled amicably. This will also help them if they had overlooked any functionality or not. They can collect all their findings together and prioritize them. Then the product manager or owner can come to the picture and can discuss those findings along with the evaluators.  This will give valuable information to the product managers on how they can enrich their designs and if they have any questions; they can get it answered from the evaluators on the spot.

“Care for happy customers, and the money will follow.”
– Stefan Freimark, Interactive Tools

If your company is not doing Heuristic Evaluation, it’s high time to do it now as it is very cost-effective and one of the best ways to fix most of the usability issues of your product. It is better late than never! Most of the products we use are built with business goals in mind, forgetting the user’s goals and needs. A minor investment in UX design and evaluation will lead to a massive return for businesses

Are you looking for a heuristic evaluation consultant? Contact us now!

This article is written by Manoj Pillai, Head of Delivery at AlignMinds Technologies

Posted on

How the App Development Community is gearing up to Fight Covid–19

There’s no stopping Covid-19 now. It’s spreading like wildfire. Any city or country, you name it, and you will find several positive or suspected Covid-19 patients there.  

Speaking to Time magazine, Richard Kuhn, a virologist and professor of science at -Purdue University, informed that if the health officials had taken action earlier and contained the outbreak within Wuhan, things would not have escalated to this level.

So, now the question is how to control this pandemic that threatens to take the whole world under its wraps?

Sure, lockdowns and curfew imposed by many governments are helping us control the viral transmission of this global pandemic, to a very higher degree. But then is this enough?  

Not until the health sector world over starts relying more and more on smartphone apps, data analytics, and artificial intelligence to fight the spread of coronavirus. These technologies are widely being used in a variety of industries, such as retail, banking, and more. High time the health industry takes note of it and starts applying technology to their industry.

Leveraging this technology might help stop the spread of this pandemic right in its track.

Consultancy for Covid-19 through apps

Currently, people who are suffering from fever, cough, and shortness of breath meet the doctor in person. This means, they visit the doctor at a clinic or hospital, and thereby transmits the virus to all those who came in contact with – it could be the doctors, nurses, other patients, and more.

Instead, if such patients stay at home and connect with the doctor via an app, and describe their symptoms, the doctor will be able to treat him accordingly.  Given that the suspected patient doesn’t move out of his house, he is not exposing others to the virus.

Case study

In Singapore, nearly a million people have used the telehealth app called – MaNaDr. About 20% of physicians offer different services via this app. Patients were getting pre-screened on MaNaDr and advised to be at home if the symptoms were not severe. However, the patient reports to the doctor every evening to keep him posted about his condition. If the latter feels that he is getting sicker, then an ambulance is ordered to take him to the hospital. 

This kind of virtual monitoring makes it easier for the doctors to treat patients and also puts less pressure on the hospital that is already facing resource crunch in the wake of Corona spread. More than anything, consultancy apps avoid transmitting the virus to others.

Covid-19: Tracker Apps

Worried that its healthcare system would collapse in the face of coronavirus scare, India has gone on a complete lockdown mode – which is being now termed as World’s Largest Coronavirus Lockdown.  Not surprisingly, the tech community is keeping itself busy in developing different apps that could help control the spread of the pandemic.

CoWin-20

The soon to be launched app, CoWin-20, would most likely help users find if they came in close contact with people infected with the virus. Plus, it would also be able to tell you if you’re in an area with a high number of infected cases.  The app most likely determines this by scanning the database of infected people and checking individuals’ travel history.

Co-Win is currently being tested on both iOS and Android. 

Corona Kavach

This is yet another app being launched by the Indian government. Currently available in beta version, the app, Corona Kavach, would helps users check if they have crossed paths with patients who have tested positive for the virus. Plus, it keeps you posted with the latest details on the community spread of Coronavirus through the user’s location.  

Covid Symptom Tracker app

This new app launched by British researchers of Kings College London will help track the symptoms related to the Virus, allowing people to self-report their condition daily. The app, according to a Techcrunch report, will measure temperature, tiredness, and symptoms such as headaches, breathing problems, coughing, and more. If the user is showing signs of Covid-19, a testing kit will be sent home to understand the symptoms better. Further, it will help parse between mild coronavirus from seasonal coughs and colds, which currently may be making people to self-quarantine unnecessarily, or inadvertently infecting people.

Covid News, Tips and Alerts Apps

WHO MyHealth

With the Covid-19 pandemic taking its toll world over, people are already on their tenterhooks. But what’s making the situation even worse is misinformation being communicated about this virus through Whatsapp forwards and all, creating further panic among people. 

To combat misinformation, the World Health Organization is gearing up to launch an official Android, iOS, and Web app, called WHO MyHealth, for news, tips, alerts, and more to keep you updated about the COVID-19 pandemic.

This article is written by Jennifer Warren, a Content Crafter with  GoodFirms , a research and review platform for service and software companies. The company provides a curated list of top mobile app development companies, top writing service companies among many others.

Posted on

Latest Trends in POS Software

Whether you’re a retailer or restauranteur, bringing customer experience to the next level is a linchpin when it comes to fostering your company’s growth. This is why implementing a powerful POS is crucial to unlock your business’s full potential.

While there are plenty of tried and tested POS solutions in the market, customer demands constantly change, which prompt developers to incorporate new functions that keep up with the times. Below are some POS software trends that you should watch out for and try yourself:

1. Cloud-based POS

One of the largest developments in pos technology is the ability to host your system via cloud. According to Forbes, cloud-based POS software is amassing the market’s interest and adoption, thanks to significant advantages in expenses, usability, flexibility and performance.

It’s true. A cloud-based POS system offers both mobility and versatility. For instance, you want to find out when your enterprise’s slow season falls. Your POS system can determine the exact dates for you, thanks to past sales reports stored in the cloud.

Because data is also saved online, this enhances your system’s security, making it more robust against the most dangerous mobile security threats. Information is saved efficiently and automatically on the cloud, so you no longer have to break a sweat about back-ups.

2. Integration with other systems

Integrated POS solutions fuse the advantages of a sophisticated cash register and completely combines it with the back-office system. A fully integrated POS system will oversee both transaction and inventory, which means that all related data to client and stock information can be retrieved from a central database, which is run and updated by an enterprise resource planning system.

As stocks are sold, levels are simultaneously updated, which results in more productive stock holding management. This trend also works for organizations with multiple branches. Such grasp over inventory dodges stock shortages, which leads to lost sales and customers. As a bonus, reports and analytics on stock sales can also be released with information regarding bestsellers, seasonal demands as well as other relevant information.

As for customer information, an integrated POS paves way for loyalty programs and special offers to be awarded to particular customers. Everything about POS is centred on enhancing customer relations. Connecting customers in the system also enable enterprises to extract consumer data, which leads to more effective advertising, enhanced company-customer relations, ensured customer satisfaction and customer retention.

3. Strategic staff management

Modern pos systems have cutting-edge features that provide advantageous gains on superintending staff. POS software trends that focus on mobility are vital since mobile apps exist to enhance staff interaction.

Empowering your employees to regulate their shifts and schedule through an easy-to-use platform grants them a better work-life balance. This is especially important since employee loyalty is declining. According to Tiny Pulse, 43% of workers are inclined to leave their jobs for a 10% salary raise, due to feeble company cultures. 

Organizing staff schedules to keep up with peaks and valleys of customer flux will guarantee that you’re fully staffed during busy periods while seeing minimal inactive time during slow periods. This also makes distributing payroll easier and should provide you monitoring capacity to make sure there are no missed hours.

For restauranteurs, modern pos systems can easily integrate production metrics for staff, from working hours in comparison to serviced tables to transactions completed during their shift, which grants you a better grip on staff costs while encouraging them to exert their best performance.

4. Mobile or tablet POS

Of all POS software trends, this rises on top of the list, especially when it comes to restaurants. Driven by an increased motive to enhance customer service, expand sales and cut down costs, restaurateurs are applying mobile or tablet-based pos solutions to broaden service range and upgrade traditional terminals.

The future of POS terminals lies in tablet-based pos. When equipped with these devices, diners’ orders can be swiftly and directly transmitted from table to kitchen. Customers can also use these tablets to review their orders on their tables. Rather than handing their cash or card to a server and going through the front counter, patrons can also relish in the convenience brought by the pos solutions’ pay-at-the-table feature. Servers can also finish transactions tableside or diners can accomplish the task themselves if the tablets are integrated on their tables.

5. Increased control over inventory

One of the most important POS software trends includes inventory management. Most modern POS systems allow users to organize purchase taxes and construct divisions, inventory items, storage points and vendors. They also grant them the power to create and oversee acquisition orders, invoices, transfers, consumption, opening stock, file status as well as stock number. Besides this, stock posting processes and stock modifications can be done with a simple tap of a finger.

Don’t miss out

Old pos models are still useful, but because customer demands change, they can be quite restrictive for your business. Remember that your focus should be creating a unique customer experience so that your enterprise can only go nowhere but up. Make sure you don’t miss any of these trends and that you critically appraise and productively allocate your resources to prepare for them.

Are you looking for a most modern POS software for your restaurant business? Check out IvyPlex, a lightweight, Android POS based on the latest cloud technology and specially designed for restaurants and food courts.

Posted on

Why It Is Time to Choose IvyPlex POS System for Your Restaurant?

IvyPlex is a complete restaurant POS system developed focusing on mobility and efficiency. This modern, cloud-based, Android POS system helps you with all the functions of running a restaurant business starting from ordering taking, order management, CRM and to billing and inventory management.

IvyPlex is a cloud-enabled Android POS system specially designed for restaurants and food courts.

IvyPlex uses the latest cloud technologies, making it one of the fastest, secure, reliable and affordable restaurant POS systems. Choosing Android as the platform for developing the product has helped us to meet our objective of offering mobility in the restaurant POS industry with a quality that is unmatchable considering the cost and features offered by the solution.

Why IvyPlex?

As a private technology firm that focuses on introducing innovative products in the market, the intention behind the development of IvyPlex or any other product could be profit. However, such product innovations are not driven by profit alone. As a firm that values a human-oriented approach and committed to making a positive impact in the industry, our products always have a touch of “Social Consciousness”.

The detailed study we conducted about the restaurant industry and the challenges faced by small to mid-sized restaurant owners compelled us to develop a comprehensive restaurant solution that focuses on mobility, efficiency, affordability and customer satisfaction.

In the US alone, there are over one million restaurants that are in operation today. While the food and drinks sales of the restaurant industry were somewhere around 42.8 billion in 1970, the figure crossed 745.61 billion U.S. dollars in 2015. The number of consumers who have visited a sit-down restaurant looks more promising and, the figures are close to 200 million in 2018 alone.

The restaurant industry has seen steady growth in recent years and, The Restaurant Performance Index (RPI) sits at 101.6 as of May 2019. Anything over 100 is considered a positive trend. Another study states, 91% of restaurateurs expect profits to increase in 2019.

A detailed study of these trends showed us that there is a growing market existing in the restaurant industry that we can explore. A further study revealed the number of challenges faced by restaurant owners and managers while running the business.

Scalability

Since the restaurant industry is on the path of growth and projected to grow further in the coming years, over 80% of restaurant businesses are adopting technology to accelerate their pace of growth. However, scalability is one of the biggest challenges faced in the restaurant industry.

To help restaurants with this challenge, we decided to leverage the advantages of the latest cloud technologies and develop a restaurant POS system that is scalable, reliable and affordable at the same time. Choosing a cloud server had other benefits like helping us to meet our objective of making the product mobile and secure than any other product currently in the market.

Cost

Some restaurants are still facing difficulties in adopting the latest equipment that will help them with running their business. One of the major reasons is the cost involved in buying new equipment and upgrading the existing equipment to current standards.

A report by Toasttab states, 47% of restaurateurs would repair or update their equipment if they had extra money on hand. Due to the increase in running the business, 16% of restaurant operators have had to halt hiring efforts to lower labour costs. And the higher cost has compelled 65% of restaurants to increase their menu price.

A restaurant solution that is reliable and affordable seemed the need of the hour in the restaurant industry.

Efficiency

A report by ToastTab states, 95% of restaurant owners believe technology improves their business efficiency.  To facility various services and improve their efficiency and service quality, over 80% of restaurants have already started incorporating technology into their operation. Technology helps them to facilitate a wide range of services and functions like online ordering, booking of reservation and inventory management, and report making and analytics.

Such trends and factors prevailing in the market were the major things we took into consideration while developing IvyPlex. Studying such trends and data helped us to brainstorm the features of IvyPlex and enabled us to turn the product into an effective and comprehensive restaurant POS system.

Customer satisfaction

When someone dines out at a restaurant, the person is seeking an experience that he can enjoy the most. A study by Eventbrite states, 78% of Millennials are interested in spending their money on an experience like dining out at a restaurant than buying an item from a store. More and more restaurants are realizing this factor and they have started investing heavily on improving customer experience.

One of the objectives of the IvyPlex is to help such businesses who want to improve customer satisfaction. The mobility, speed and convenience offered by IvyPlex restaurant POS system are unmatchable in the industry. Since this modern POS system is developed focusing on mobility, the quality of customer experience is something that can be guaranteed without a doubt.

Guest experience

There are many ways to improve customer satisfaction.  A study says that server handheld tablets help restaurants to improve the quality of guest experience. Facility for online reservation is another factor that determines the degree of customer experience.

As part of being a complete restaurant POS system, IvyPlex offers the option of a consumer app that helps the customers of a restaurant to reserve tables online, before arrival or on their arrival. The consumer app will feature the list of all services and products available at the restaurant and guests can order them directly from their smartphone.

Customer Relationship management

Studies show that more than 45% of diners eat outside multiple times a week. 20% of diners eat at a restaurant at least once a week. But, this doesn’t mean that people go to the same restaurant every time they decide to dine outside. They want to try out a new dish or enjoy a new experience every time they go outside, and it is for that experience they are spending their hard-earned money. However, there are means for a restaurant to attract repeated customers. Customer relationship management is one of them.

A study by Accenture finds that more than 83% of people are ready to share their personal information if it helped them to get personalized service. IvyPlex restaurant POS system lets restaurants collect personal details like name and contact number and use it to send special offers and discounts to their loyal customer directly from the product interface.

Adoptability

The restaurant industry has one of the highest turnovers. Training the new staffs every time someone leaves is a task that is heavy on resources. A study by Toasttab states that staffing is a major challenge faced by the majority of the restaurant while 35% of restaurants say training staff is a top challenge.

IvyPlex try to solve these challenges through its user-friendly interfaces and a workflow that can be followed by anyone who has read the basic instructions at least once.

Business friendliness

31% of restaurateurs update their menu every month. 24% of restaurants do it seasonally. The business-friendly approach adopted by IvyPlex restaurant POS system makes it easy for any types of restaurants to customize their menu on the go.

Reports generation and analytics

68% of restaurant businesses review sales reports regularly. 45% of them review labour reports regularly and, 32% regularly review menu reports.

The inbuilt features of IvyPlex POS system make it easy for restaurant owners and managers to generate automatic reports on sales, inventory and staff performance during any time of the day.

Other features

Shift details

IvyPlex restaurant POS records the shift details every time a shift commences and closes. The shift details include the amount of cash in the drawer, sales statistics, date and time of the shift and the person in charge of the shift. This innovative feature helps management with accounting and bookkeeping.

Staff perforce report

IvyPlex is an advanced restaurant POS system that can generate real-time reports on staff performance. This helps the restaurant management identify and reward their best performing staffs who are dedicated to their work.

Inventory report

IvyPlex is one of the few restaurant POS systems that come with inbuilt inventory management. This Android POS system keeps a track on inventory all day long. It helps the management to identify the fast-moving items in the menu and restock them before it’s run out of stock.

Sales report

The automatic sales report helps the restaurant management to know much crucial information like real-time data on sales, what times of day they are busy etc. If a business can identify during what time of the day they have a maximum crowd, they can deploy an extra workforce to take care of the extra demand.

Split bills

IvyPlex makes it easy for a restaurant to split bills and improve customer satisfaction. This modern restaurant POS system also has the feature to merge bills. Spilt bills can be paid using different modes of payment, cash for one bill and card for the other.

Different payment modes

Make payments via cash, credit/debit cards and mobile money. In the case of cash, POS staff can enter the amount collected and system prompts the change to be returned to the customer.

Kitchen Display System

IvyPlex is a dedicated restaurant POS system. It features a powerful Kitchen Display System (KDS) that can be used to display customer orders elegantly in the kitchen, bar, or at the location of your choice. This user-friendly KDS system also offers an option to print KOTs (Kitchen Order Tickets), complete orders just with a touch of the finger, and map orders to different stores based on category.

Devidasan S D

Want to know more about this restaurant POS system? Check out IvyPlex product page.

Posted on

Everything About POS: The All in One Guide

Have you seen cashiers at the supermarket making settlements so precisely at the billing stations?

Have you ever wondered how he does these operations so fast?

How he gets information about each and every item that we buy at the same station?

The answer is simple.

It is all done with the help of Point of Sale systems set up at their counters.

What is a Point of Sale System?

Point of sale system is an ultimate solution for every business owner to know which product sells the most, which customer buy frequently, how much inventory is on hand, what method is preferred by customers when paying (cash, credit card, debit card or mobile money) and how much is actually sell on a particular day.

Any retail-based operations require a Point of Sale (POS) System to record the customer and product activity. The purpose of every point of sale system is to provide this information to the business owner.

History of POS systems

The history of POS systems can be dated back to 1879 when the cash register was invented.

The first POS systems were introduced by IBM in the 1970s.  Two of the early users of POS were the Pathmark supermarket stores in New York and New Jersey and the Dillards department stores in California. But, most retail establishments were still using old fashioned cash registers, or the new electronic cash registers, which were in the form of electric typewriters combined with calculators. In 1986, Gene Mosher explored the technology for his deli with the first graphical point of sale software. His invention featured coloured widgets and a touch screen interface.  The EMV standard was established in Europe in 1993.

The first cloud-based POS system was introduced in the United Kingdom in 2002. In 2003, Mc Donalds, America’s largest restaurant chain, started to accept credit and debit cards.

In 2013, Papa Johns and Dominos pizza attributed over 40% of their sales to orders made online. In 2014, Panera bread allows guests to order through to self-serve kiosk systems. In 2015, the United States introduced EMV chip card technology.

Modern-day POS systems make it possible for businesses to complete and track store transactions.

How is POS set up?

The components of a POS system can be categorized into two.

The first is the hardware. Typically, this includes a cash drawer, a computer, a scanner and a credit card reader.

The second part is the software. The software is programmed to meet respective needs. In general, a database of the inventory is loaded into the software and tell the software the cost per unit and the number of units on hand.

In addition, if there are regular customers, their respective data can be loaded into the software too.

Once the hardware and software are installed and the databases updated, the system is ready to be used.

The Importance of POS

Points of sale are considered as strategic points in a business since it is where consumers make their purchasing decision.

Generally, POSs are set up at store exits to improve sales by persuading the leaving customers to make a purchase. However, marketers can change the location of the POS if they think doing so may attract more sales.

For example, it is usual for department stores to have POSs for individual product groups, such as appliances, electronics, and apparel. The staff at POS can assist the customers to choose the products that fit the customer needs along with helping them to complete the purchase.

Types of POS systems

There is a wide verity of POS system available in the market that varies from small POS units that can be used in a local store to a business that has stores across the country.

Smartphone Point-of-Sale (Mobile POS)

Smartphone POS services are a popular choice for businesses who need to be mobile. Some smartphone POS also offers basic inventory management and collecting customer information. Most of them are compatible with a receipt printer. The receipts can also be mailed directly to the customer.

This form of application can be used by street vendors, fair or event vendors, contract services, farmers market vendors or any other mobile services.

Tablet POS

Android and iPad based point-of-sale systems are increasingly popular since they are more affordable and you can often use a tablet that you have already invested on. When it comes to credit card processing, some tablet POS services offer it for “free” while others require you to pay a low monthly subscription fee. But the latter allows you to choose your own credit card processor. Many support compatible hardware such as bar code readers, cash drawers and tablet stand.

Terminal POS

Terminal point-of-sale systems are one of the most common POS systems. It is widely used by various types of businesses and people are most familiar with it. Even though most of the terminal POS systems use traditional hardware/software, they may still require access to the internet. They can also leverage the advantages of Cloud.

The businesses that use terminal POS mainly include large scale restaurants, retail chains, grocery stores, boutiques, electronic stores, antique stores, bookstores, salons of all kinds, spas etc.

Online Point-of-Sale

The advantage of online POS is that you can use your own hardware. Hardware might be a PC or a tablet. The startup costs are minimal in this case. Online POS is most suitable for businesses that are low-volume and high-ticket-price.

Common users of online POS: small retailers, art galleries, salons, small cafes, pet groomers, consignment stores, high-ticket retailers

Self-Service Kiosk POS

Most kiosk POS systems are designed with a specific purpose and are considered as specialized solutions. Businesses may use such self-service kiosk as a complimentary service to help their customers purchase movie tickets or booking parking space.

Common users of kiosk POS: transportation passes, patient check-ins, grocers, ticket sales, parking, product look-up, human resources

Android POS, IvyPlex

We have developed an app for POS solutions named IvyPlex.

With Ivyplex, we can take orders to tables, takeaway or delivery, and instantly display the orders at Kitchen Display Systems (KDS) or print KOTs (Kitchen Order Tickets) in the kitchen, bar or wherever it needs to be produced. We can also easily handle variations in the ordered items and tables to orders, collect customer details and offer discounts or promotions that drive sales and revenue. IvyPlex also has options to split bills, merge bills and make payments via cash, credit/debit cards and mobile money.  Ivyplex POS system continues running even when the internet connection is down. Data is stored locally, and then automatically synced to the cloud as soon as the connection is online.

This Android POS app can handle operations in large food courts and bars, restaurants, hotels, coffee shops and ice cream parlours.

With the backend website, we can keep up to date by, stock level management, inventory management, and view real-time reports on daily sales and stocks. This Android Point of Sale system keeps a track on all your sales in real-time – so you can see which products are selling, the busiest time of the day, and the best performer among the staffs.

Ivyplex is a POS system which can be used at terminals and in tabs.

Advantages of Modern POS systems

Cloud-based POS systems, also referred to as Software-as-a-Service (SaaS) or web-based, are Web-hosted solutions that store data on remote servers and make information accessible online. Some of the advantages of such modern POS systems are

1. Integrated Systems

Restaurants etc mostly need integrated POS solutions that can manage everything from online ordering to generating financial reports. Such demands can only be fulfilled by full-featured cloud-based POS system that has the potential to support all components of a business.

Advanced SaaS systems also feature customer relationship management (CRM) for restaurants solutions that allow restaurateurs to record and use the history of customer data to personalize loyalty programs, online ordering, and email marketing.

2. Data Accessibility

SaaS POS systems store data in the cloud. The benefit is that you can access the data and make changes from anywhere with internet access.

The other advantage of SaaS POS systems is that the workforce can be managed more easily. The number of staffs needed to be deployed at a site can be reduced since registers, reports and inventory etc. can be accessed without visiting the site. It also enables real-time viewing of data which means the number of uncertainties in hand is less.

3. Frequent Updates

Legacy POPS systems are updated manually. Since manual updating involves extra labour, the cost of maintenance of legacy POS system is on the higher side. This forces businesses to upgrade POS software only once in a year at best.

SaaS POS systems are hosted centrally. This helps the provider to implement updates remotely with little disruption to the end-user. Cloud-based solutions get bug fixes and updates faster than legacy systems.

4. Cost Efficiency

Web-based POS systems are more affordable and require fewer upfront costs than their legacy counterparts. The less complex installation, remote maintenance, inexpensive hardware etc. have helped to bring the cost to an affordable range.

5. Innovative Hardware

Mobile technology has revolutionized worldwide commerce. Food and service industry is no exception. Mobile POS systems 0pen up possibilities for restaurants and nightclubs to modernize their service. Cloud-based POS systems are more advanced than legacy POS systems as they can support mobile devices to perform more than one task at the same time as sending orders tickets to the kitchen while storing customer information in the cloud.

Future of POS systems

Cloud-based POS systems provide countless advantages over traditional POS systems. An increasing number of retailers are switching to cloud-based mobile point of sale solutions (mPos). These systems are hosted on the internet and have the capability to store all kinds of data. Remote accessibility offered by cloud-based systems helps businesses by managing all their operations from anywhere, at any time. This type of POS software is great for getting instant software upgrades, In-depth data analytics, data consolidation, and it integrates easily with third-party applications.

1. Biometrics

Biometrics are in use for at least a decade now. With the use of biometrics, signing into your bank account and unlocking our phone has become more simple and safe. The retail industry has gone one step ahead by businesses deploying biometrics technology as a way for their employees to logging into the POS system and enable self check-outs for customers.

Biometrics, along with fingerprints, voice recognition, and retinal scans, is becoming increasingly popular as a way to verify identity and confirm transactions in a secure manner.

This advanced technology reduces theft as employees can use only those cash register, they are authorized to access. Any errors or unauthorized access can be traced, and the culprit can be easily punished.

2. Employee Time Management and Payroll Reporting

Modern technology is a powerful tool for workforce management. Using the latest technologies, a business can easily identify the busiest hour of the day and deploy additional manpower if necessary. Similarly, labour costs can also be calculated at the backend, whenever needed. In this day and age, employees can clock in and out with a simple tap on a screen without the need for a punch clock. Payroll reporting is becoming increasingly automated as well.

3. Payment Security

The modern payment terminals have plenty of built-in security features. One of the biggest and most important features in recent years has been EMV card readers. EMV is the acronym for Europay, Mastercard, and Visa and enables safe and secure payments. EMV has become the worldwide standard for cards with computer chips.

The benefit of making payments using chips cards is that every transaction creates a unique transaction code, and these codes can be used to identify transaction/transaction during the event of fraud or theft.

Summary: Point of Sale System

A good POS system provides great information to a business owner. From daily sales volume to inventory information, all this data helps the business owner increase profits and reduce stress. With this information, a business owner receives many benefits including highly specialized intelligence. Along with processing customer transactions, modern POS systems help businesses to build a meaningful relationship with customers and ensure they are happy and loyal.

Nowadays, retail businesses integrate Android Point of Sale with the other technologies, including payment terminals, accounting software, employee scheduling tools, loyalty programs and expands their overall business and consumer relationship. One of the most liked features of POS system is that they help businesses to does away with the need for price tags. Each product will have a product code that is linked with a selling price so that by simply scanning the code, the cashier can help the customers to complete the purchase.

If you are in a search for a modern POS system for your business, check out IvyPlex, a cloud-enabled Android POS system designed and developed by AlignMinds.

Posted on

Most Dangerous Mobile Security Threats of 2020

Smartphones are widely used across the world today, hence the security threats are also widely spread. Our phones have become the most connected devices, at the same time the least secure. The security threats we face are those which we fail to notice and will be more hazardous in the near future. Let us look at some of the major security threats that every mobile user must be aware of.

Cryptojacking

Cryptojacking is defined as the secret use of your smartphone device by the attacker to mine cryptocurrency.

Cryptojacking used to be confined to the victim unknowingly installing a program that secretly mines cryptocurrency.

When using browser there is no need of a separate program to do the In-browser crypto-jacking.

  • The threat actor compromises a website
  • The crypto mining script executes when the user connects to the compromised website.
  • Users unknowingly start mining cryptocurrency on behalf of the threat actor
  • When successfully adding a new block to the blockchain, the threat actor receives a reward in cryptocurrency coins.

      • Insecure communications

      The networks that you use to communicate are never fully foolproof, making your device vulnerable to attacks from malware. There are chances that hackers tend to set-up fake access points when you access Wi-Fi in public places such as coffee shops, airports, etc. The access points are named using nonexclusive names, which can fool even the most brilliant people.

      It is always good to be cautious when connecting to public Wi-Fi. Use public Wi-Fi only if extremely required and never use it to access personal information like bank account access etc.

      Mobile ransomware

      A form of ransomware which affects only mobile devices is called mobile ransomware.

      A cybercriminal uses mobile malware to steal sensitive data from smartphones or attempts to lock a device, before demanding payment to return the data to the user or to unlock the blocked device. Sometimes people may find some innocent content or some software through social networks, which they download accidentally and get tricked into downloading some malicious ransomware.

      After the malware is downloaded onto a device, it will ask the user to pay an amount before encrypting files and locking the phone. After the payment is processed online, often via Bitcoin, the ransomware will send a code to unlock the phone or data.

      While installing any app, make sure the app is downloaded from Google Play or App Store than from any third-party app stores.

      Phishing attacks

      A social engineering attack often used to steal user data, including login credentials and credit card numbers is called Phishing.

      It occurs when an attacker fools the victim into opening an email, instant message, or text message by acting as a trusted entity.

      User can play smart by not clicking any unfamiliar email links. Always enter URLs manually as much as possible.

      SMS–based attacks

      From the email world, the phishing has evolved into the SMS world. You get SMS texts and links that you are asked to open to authenticate certain information. To any novice user, the links and the sender would seem genuine. However, clicking on these links can make your device vulnerable to the attacks, and in turn, give away your confidential information. This is a developing security threat for your mobile device.

      Botnets attack

      A botnet is just a short form for the terms “robot” and “network”.

      A botnet is a number of web-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed refusing of service attack (DDoS attack), send spam, steal data, and allows the attacker to access the device and its connection.

      A botnet attack firstly requires creating numerous botnets or a botnet army. Once the attack is initiated, these botnets are used to send network/Internet-based requests to the target system in a large quantity. These requests can be in the form of bulk email messages to simple ping messages. The attack can slow down the network/server, making it busy or unable for others to access it or temporarily freeze the server.

      Distributed denial of service (DDOS) is a common example of a botnet attack that utilizes a number of botnet devices to send a large number of simultaneous requests/packets to the targeted system.

      Installing effective antivirus/anti-malware software can protect your device from such attacks.

      User & device authentication

      Most mailing apps have provided the user & device authentication, which has allowed the user to store passwords, and their data on the devices. If the device is stolen, your authentication and the data will be at risk. This is one of the major threats to mobile devices, as they contain our valuable personal pieces of information.

      The smartphone is a device that blurs the boundaries between professional and personal life and the users are up to three times more likely to be the victims of mobile threats. Safe browsing, identifying suspicious files or phishing emails, ensuring safe data access at public Wi-Fi networks, safe downloads are some of the important tips that a user must be careful about. Other than these security measures, several mobile security software is available to download from Google Play and App Store to ensure safety in your mobile devices.

      Understanding these common security threats and implementing recommended solutions can help you protect data in your smartphone.

Posted on

Interactive Data-Driven Visualization Using D3.js

We are always having a massive amount of data to deal with today. A visual representation is more perfect to express the data in a more meaningful way.

D3 is a successor to the earlier Protovis framework by Mike Bostock and team. Rather than any other libraries, D3.js allows great control over the final visual result and hence can be considered as a flexible way for data visualization.

What is D3.js?

Based on the data provided, the JavaScript library D3.js, manipulates documents. D3 stands for Data Driven Document. D3 helps us to bring life to data by using HTML, SVG and CSS.

We can certainly point out that D3 efficiently focuses on interactions, transitions and transformations which are making it more impressive and thus providing some awesome features for interactions and animations.

Why D3.js?

D3 is told to be data driven as it can use static data or can convert and use it from different formats like Arrays, Objects, CSV, JSON, XML etc… so as to produce different types of charts. Document Object Model (DOM) can be manipulated according to our data with D3.

More than 1000 different charts of D3.js are available on this site. You can easily look and use them for the different graphs you required and can also make changes in codes to get desired graphs.

How to work with D3.js?

As D3 is written in JavaScript someone who has experience in basic JavaScript coding can easily understand and learn it.

If you use npm you can install it as, npm install d3

To link directly to the latest release, you can copy this snippet on to your code:

<script src=”https://d3js.org/d3.v5.min.js”></script>

D3.js Examples

1. Creating Hello world using D3.js

A simple ‘Hello World’ can be displayed with the below code.

d3.select(“body”).append(“span”) .text(“Hello, world!”);

2. Creating a pie chart using D3

For creating a pie chart, you can follow the below code referenced from this site .

Create dummy data.

vardata = {a:9, b:20, c:30, d:8, e:12}

Set the colour scale.

varcolor = d3.scaleOrdinal() .domain(data) .range([“#98abc5”, “#8a89a6”, “#7b6888”, “#6b486b”, “#a05d56”])

Compute the position of each group on the pie.

varpie = d3.pie() .value(function(d) {returnd.value; }) vardata_ready = pie(d3.entries(data))

Build the pie chart: Basically, each part of the pie is a path that we build using the arc function.

svg .selectAll(‘whatever’) .data(data_ready) .enter() .append(‘path’) .attr(‘d’, d3.arc() .innerRadius(0) .outerRadius(radius) ) .attr(‘fill’, function(d){ return(color(d.data.key)) }) .attr(“stroke”, “black”) .style(“stroke-width”, “2px”) .style(“opacity”, 0.7)

3. Creating a directive for D3 when working with Angular

If you are working with Angular you can create a directive that generates a graph and call that directive whenever you need a graph.

Let’s create an angular directive which can be used to generate both the pie chart and the donut chart.

Creating a pie chart and donut chart

Import the libraries required.

import { Directive, Input , Output , EventEmitter} from’@angular/core’; import { ElementRef } from’@angular/core’; import*asD3from’d3′;

CSS selector that identifies this directive in a template here let’s use it as ‘appPiechart’.

@Directive({ selector:'[appPiechart]’ }) exportclassPiechartDirective {

Define the input and output properties.

@Input () chartOption : {}; @Output() piechartUpdated = newEventEmitter>();

Create the parameters required.

privatehost: D3.Selection; privatesvg: D3.Selection; privatewidth: number; privateheight: number; privateradius: number; privatehtmlElement: HTMLElement; privatepieData: number[]; privatesum: number; publiccolors:any; constructor(privateel: ElementRef) { this.htmlElement = this.el.nativeElement; this.host = D3.select(this.htmlElement); this.pieData = []; this.sum = 0; } ngOnChanges(){ this.pieData=this.chartOption[‘data’]; this.colors=this.chartOption[‘colors’]; if(this.pieData.length !== 0){ this.setup(); this.buildSVG(); this.buildPie(); }else{ this.host.html(”); } }

Setup the radius, width and height, here we can provide the outer radius from the component HTML so that each pie chart be of the required size.

privatesetup(): void { this.radius = this.chartOption[‘outer_radius’]; this.width = (this.radius *2); this.height = (this.radius *2); }

Create an SVG to show the pie chart.

privatebuildSVG(): void { this.host.html(”); this.svg = this.host.append(‘svg’) .attr(‘height’, this.height+40) .attr(‘width’, this.width+40) .attr(‘viewBox’, ‘0 0 ‘+(this.width+30)+’ ‘+(this.height+30)) .append(‘g’) .attr(‘transform’, `translate(${(this.width / 2)+7},${(this.height / 2)+ 20})`); }

Function to build the pie chart.

privatebuildPie(): void { constpie = D3.pie() .startAngle(1.1*Math.PI) .endAngle(3.1*Math.PI); this.sum = this.pieData.reduce((a, b) =>a + b, 0); constarcSelection = this.svg.selectAll(‘.arc’) .data(pie(this.pieData)) .enter() .append(‘g’) .attr(‘class’, ‘arc’); this.populatePie(arcSelection); }

Function to modify the pie chart as required.

privatepopulatePie(arcSelection: D3.Selection): void {

Inner radius is defined for the donut chart, in case of pie chart the inner radius will be zero.

constinnerRadius = this.chartOption[‘inner_radius’]; constouterRadius = this.radius; constarc = D3.arc() .outerRadius(outerRadius) .innerRadius(innerRadius);

For each of the arc section drawing, we are to give different colours.

arcSelection.append(‘path’) .attr(‘d’, arc) .attr(‘fill’, (datum, index) => { returnthis.colors[index]; })

The transition for each arc is provided so as to get better animations.

.transition().delay(function(d,i) { returni * 10; }).duration(1500) .attrTween(‘d’, function(d) { vari = D3.interpolate(d.startAngle+0.1, d.endAngle); returnfunction(t) { d.endAngle = i(t); returnarc(d) } });

Percentage of the data is shown with the animation on the pie/donut chart for the better understanding.

arcSelection.append(‘text’) .text((datum, index) => { letper = Math.round(this.pieData[index] * 100 / this.sum);return” + per + ‘%’} ) .attr(‘font-size’, 12) .transition() .delay(1000) .attr(‘transform’, (d: any,index) => { d.innerRadius = innerRadius; d.outerRadius = outerRadius / 2; return’translate(‘ + arc.centroid(d) + ‘)’; }) .attr(‘fill’, (datum, index) => { return’white’; } ) .attr(“dy”, “.35em”) .style(‘text-anchor’,(d: any,index) =>{ return”middle”; }); this.piechartUpdated.emit(arcSelection); } }

Now, as we have created the directive let’s call the directive on the component HTML template of angular. We can call the directive name ‘appPiechart’ within division where we require the chart.

Within the input properties ‘chartOption’ we are supposed to provide the data, colour and radius.

For a pie chart give the inner radius as 0

<div class=”pie-container”appPiechart [chartOption]=”{data:pieData, colors:colors, outer_radius:90, inner_radius:0}”id=”c2″></div>

For a donut chart give value to the inner radius.

<div class=”pie-container”appPiechart [chartOption]=”{data:donutData, colors:colors, outer_radius:90, inner_radius:55}”id=”c1″></div>

Conclusion

Easily we could create a pie and donut chart which is animated. Similarly, we can create many more charts with little effort. The wide availability of the different type of animated graph examples of D3 helps to put much effort into creating and modifying for better visualization.

– Anusree P

Are you looking for a D3.js consultant? We have an expert team that can assist you with D3.js and Data Visualizations. Contact us now!

Posted on

Sustainable Mobile App Development: 7 Factors You Should Take Care

Mobile application development has driven everyone into a state or period of uncontrolled excitement. As mobile phones are an important and obligatory part of daily life, 1000s of new mobile applications are released day by day both in Android and iOS. Yet only a handful will survive. It is not just the development of an application, moreover, it is a business. Let us have a brief study of the important points to remember for successful development and launching of the app.

It is always the vast idea that develops into a mobile application so each and every tiny point has to be focused on the good future of the app. As application development need to infect mobile phones all over the world, the development process has to be very systematic and should focus on various aspects. Here is the list of top 7 factors you should take care of during sustainable mobile app development.

  • Methodology
  • UI & User Experience
  • Functionality Testing
  • API Management
  • Mobile Content Management
  • Connectivity with Users
  • Promoting and Marketing the App

1. Methodologies

In the field of sustainable mobile app development or software engineering in general, methodologies mean a framework that is used by the development team to plan, structure and control the process of developing an information system. It is a process of splitting of development procedure into various phases with the aim of better planning and management.

Common methodologies include waterfall, prototyping, spiral development iterative, incremental development, rapid application development, extreme programming and several other types of agile methodology.

A variety of such frameworks have evolved over the years, each with its own recognized ups and downs. A particular methodology used to develop software is not necessarily suitable for use by all projects. Each of the available methodology frameworks is suitable to specific kinds of projects, each based on various technical, organizational, project and team considerations.

While going through various app development methodologies, it is seen that Agile development methodologies are more popular than other traditional development methodologies and I would like to describe the same over here.

2. Agile development methodology

Agile software development is a primary framework for undertaking software projects including mobile application. There are a number of agile development methodologies like Dynamic Systems Development Model (DSDM), Crystal Method and Scrum.

Most of the agile development methods try to minimize the risk by developing applications in short timeboxes, called ‘iterations’, which commonly last for one-four weeks. Each iteration is like a mini software project and includes all the tasks necessary to release the mini-increment of new functionality: planning, requirements analysis, design, coding, testing, and documentation. While each iteration will not include the functionalities to warrant releasing the product, an agile software project intends to be capable of releasing new product at the end of every iteration. At the end of each iteration, the project team re-evaluates project priorities.

Agile development methodology is a crucial factor in sustainable app development.

Agile development method mainly emphasizes on real-time communication, avoids written documents and prefer face-to-face communication. Most agile teams are located in a bullpen and include necessary manpower necessary to finish the application or software. At a minimum, this includes programmers and the people who define the project such as project managers, business analysts, or even actual customers. The bullpen may also include technical writers, interface designers, testers band management team. Agile methods also highlight working software as the primary measure of progress.

3. UI & User Experience

How to amplify user experience by improving accessibility, usability, and pleasure is what the user experience design tells.

Some of the main factors that influence the quality of user experience are listed below. These factors are also important in the case of sustainable mobile app development.

1. Visual design

The motive of visual design is to use elements like pics, symbols and colours to convey the message of application to users.

2. Information architecture

It is the fine art of organizing and structuring the information related to software product and services by supporting usability and findability.

3. Structuring, organization and labelling

Structuring is the process of relating building units of a mobile application to each other, where each building units contains basic information regarding them. Grouping these units into meaningful and well-defined manner is called organizing. Labelling is the process of using of appropriate wordings to assist easy navigation and findability.

As the mobile app is delivered to the hands of a wide range of users, user experience design plays a very important role as it enhances user satisfaction by improving usability, accessibility and pleasure provided in the interaction between a product and the user.

It is better to start by an MVP (minimum viable product) and test the same in a small circle nearly 500-1000 users depending on our mobile application. Before launching the final product, it is good to have feedback from MVP and small iterations will help to launch the final product.

As mobile app development is not a onetime process, it needs to continue upgradation and improvement. Even if it is a freelancer or a reputed company, a good relationship is very important until the releasing of the app.

Begin it with a brainstorming session of all your plans, ideas, and features and design the mockups of each screen. Mobile applications working on various platforms have different UI, so follow the particular UI guidelines for each platform. Share the demo app with maximum people so we can learn from the feedback and iterate the design till we are satisfied.

4. Functionality testing

Functional testing is a quality assurance (QA) method and a type of black-box testing which is based on various test cases on the specifications of the mobile application under test. Functions are tested by examining the output for various inputs and the thing is that the internal structure of the program is very rarely considered, not like in white-box testing. Functional testing explains what the system does and it tests a slice of the functionality of the whole application.

Don’t consider it as the final testing of the app and it is not the system testing of the same. Functional testing is different from system testing in such a way that functional testing verifies a program by checking it against design document(s) or specification(s), while system testing validates a program by checking it against the published user or system requirements.

Functional testing is of different types and is pointed below;

  • Smoke testing
  • Sanity testing
  • Regression testing
  • Usability testing

The procedure of Functional testing can be briefly concluded in six steps.

  • Realizing the functions that the software is expected to perform
  • Analyzing of input data based on the function’s specifications
  • Analyzing of output based on the function’s specifications
  • Executing all the test cases
  • Comparing actual outputs with the expected outputs
  • Check whether the application meets customer requirements.

5. API Management

API Management helps organizations publish APIs to external partner and internal developers to unlock the potential of their data and services. Businesses everywhere are looking to extend their operations as a digital platform, creating new channels, finding new customers and driving deeper engagement with existing ones. API Management provides the core competencies to ensure a successful API program through developer engagement, business insights, analytics, security and protection.

6. Connectivity with users, Promotion and Marketing the App

1. Customers are our press

End users are the backbone of any business and due to them, application developers enjoy continues rewards.

2. Leverage your mobile website

If we have a mobile website that attracts heavy traffic, it can be used for marketing and promotion of the app and also many other advantages in excess. These people are the ‘targeted group’ who will be happy to accept the app from birth. It is the one way to make the app spot to users.

3. Feature the App in an official blog

Writing a blog will be very useful to make the customers know about the whole story of the application. Tell them about the plus points and how it helps them make thing easier. Including pp links, videos and images will help to provide a good idea of the application.

4. Focus on emails

91% of people check their emails regularly. Take this chance by incorporating our app links into newsletters, customer service mails and it is better to use it in email signatures.

5. Consider alternative app stores

Do not depend only on google play store and app store for marketing our app, there are many other online market where we can upload our app. The study has revealed that if the app is submitted on other relatively less popular stores, it will increase expected downloads 200 percentage more compared to google play store.

There are few app stores that can be considered for marketing like,

  • GetJar
  • SlideMe
  • Opera Mobile Store
  • AppsLib
  • Amazon Appstore
  • AppBrain

6. SEO matters if you aim for sustainable mobile app development

Identify the best-targeted keywords that can rank for. Also, analyses which keyword your app is currently ranking on. Build some high-quality link accordingly to increase the rankings.

7. Join Entrepreneurs & Developers group on Social Medias

Let’s try to increase our visibility in communities like LinkedIn, Facebook, Google+ and various other Media to become better known among entrepreneurs, app developers and users. We can build a correlation among them by discussing features, bug fixes, future updates etc. It allows an opportunity to boost our apps without spending a cent. It is also important to know about App Store Optimization (ASO) which also work similarly based on search relevance, keyword relevancy and keyword density.

The mobile application market is exponentially evolving along with the invention of new technologies, so it is important and inevitable to follow the path of sustainable mobile app development in order to deliver productive outcomes to the end-users including businesses and costumers.

– Jerin Johny

Are you looking for a reputed mobile application development company to implement your next project? AlignMinds is an award-winning company with more than 10 years of success in the field. Contact us now!.

Posted on

Rapid Mobile Application Development (RMAD): 5 Strategic Advantages

Rapid Mobile Application Development (RMAD) was introduced by the analyst firm Gartner which allows the business professionals to build and deliver cross-platform business apps quickly and easily increase efficiency and time. It is the mobile equivalent of Rapid Application Model (RAD) which is based on the concept that high-quality software can be built faster through much convenient process such as early prototyping, reusing the software components etc.

5 Advantages of Rapid Mobile Application Development Model (RMAD)

1. Speedy delivery of apps

Over the past 5 years, we have seen a drastic increase in the number of apps along with growing demand for quicker and more efficient apps. With the growing demands and building the apps in a short time, we have seen the failure rate has also increased throughout the creation, deployment and management of mobile applications.

Most of the companies increased spending time and resources for the development of the mobile applications, however in many cases after spending a lot of time and resources for building an app, there is no guarantee that it will be used by more users. In addition to this, new technologies are introduced at a lightning speed, forcing business to introduce them to remain in the market.

Under these circumstances, many of the companies have come forward with Rapid Mobile App Development.

2. No code or development with little code

The main problem of the app development was the time taken and the resources needed for the creation of the app.

Rapid Mobile App Development eliminates most if not all coding when comes to the creation of an app. This codeless platform makes it possible for everyone, whether they have experience with coding or not, to build an app in a simple platform. Thus, the severity involved in creating an app that would have taken months for completion has been reduced to mere minutes. That’s why the name RMAD, in which a non-developer can also create and deploy the app quickly and in a short time.

3. Organizational Benefits

Once a company knows how to handle different projects created with RMAD platforms they can truly experience some of the best benefits. It is said that about 94 per cent of the project either fail or the budget may be high, behind schedule or behind expectation. RMAD can help IT departments to meet their required quality and meet the project deadlines.

Also, it creates a common language between the IT department executives which increases the co-operation among the employees which can boost the company in their process.

4. Better Software development

One of the benefits of RMAD is better software development since it can make use of the readily available software components. The prototype development which starts in the early phase acts as a framework and the same can be set up on existing projects or parts of the projects. This reduces the time for the creation of the app from scratch which reduces the cost and time.

Rapid Mobile Application Development allows the developers to follow the Rapid prototyping model, in which a prototype is created with minimum requirement analysis and once the actual requirements are clearly understood the prototype is discarded and actual system is developed with a clear understanding.

5. Management of apps created in RMAD

We have seen above that RMDB increases productivity and build the apps quicker than earlier. If an organization uses the RMDB to create few apps, managing the whole apps is not a big challenge, but if a company creates numerous apps with a short time, suddenly they get piled up and it will be very difficult to manage. Business who use RMDB should keep in mind about this problem, and the solution for this is an enterprise mobile application management platform.

With this platform, a business can easily manage and keep track of all their apps, who should use and when it should be used. With these benefits, it will lead more people to use the apps and will have better investment in return.

 – Ebin J Sebastian

Are you looking for a reputed mobile application development company to implement your next project? AlignMinds is an award-winning company with more than 10 years of success in the field. Contact us now!.

Posted on

5 Trending React Native UI Components in 2020

Every software companies always tend to have an increasing interest in cross-platform applications since they have dramatically reduced the amount of resources required to build mobile apps.

React Native applications stands at the top when comes to cross-platform apps.

React Native has tremendous possibilities in designing the user interface of an application.

The main time-consuming process for building an app is its user interface. Many third-party libraries and UI toolkits are now available to help you build next level React Native application.

Let’s see some possibilities of React Native UI designs.

1. NativeBase

NativeBase is the most popular and widely used library. It provides a wide range of cross-platform UI components for React Native.

Nativebase is 100% open source.

One of our main goal with NativeBase 2.0 is to make it easy to theme the components with very little changes to the components themselves.

Nativebase is built with blocks called components. The Components are constructed in pure React Native platform along with some JavaScript functionality with a rich set of customizable properties. They are constructed in pure React Native platform along with some JavaScript functionality with a rich set of customizable properties. These components allow you to quickly build the perfect user interface.

Building a button using normal React Native code on left and with NativeBase on right

NativeBase includes components such as anatomy of your app screens, header, input, buttons, badges, icon, form, checkbox, radio-button, list, card, actionsheet, picker, segment, swipe-able list, tabs, toast, drawer, thumbnail, spinner, layout, search bar etc.

Each of these components in NativeBase is made with a better version of the same component in its native part.

After finding out about NativeBase we found ourselves using it in every app we develop.

For example, we used it in various screens in Referr app, a mobile application that helps users to win points and gift cards by recommending local businesses to their friends and family. Titles of every screen were made with NativeBase  { Header, Title }. This helped us in saving a lot of time and effort.

We use NativeBase Header component in Referr to make a better feel in UI and to reduce time and effort.

2. React Native Elements

React Native Elements is another cross-platform React Native UI toolkit. It is completely built-in JavaScript and is very much easy to use. React Native Elements also supports Expo. Every component in React Native elements is customizable. You can change the basic colour, size, fonts etc. for each component.

With React Native Elements, coding becomes much simpler. If you want to create a button component, it is as easy as the below code.

import { Button } from’react-native-elements’;

React Native Elements also gives a wide collection of icons. It has all the social icons that a developer needs in the current scenario.

3. React Native Material UI

React Native Material UI provides highly customizable material design components for React Native. To make more customized components, React Native Material UI is using a single JS object the uiTheme. By default, it is a light theme that can be changed easily.

Installing React-native-vector-icons helps to unveil the full potential of React Native Material UI.  React-native-vector-icons has wide support for icons. It helps to easily change the primary colour of the application.

4. UI Kitten

React Native UI Kitten is a mobile framework with a set of easily customizable elements. Despite there are a lot of standalone react-native components nowadays, there are not so many frameworks that offer you a wide set of commonly used components as a single dependency with similar UI design.

For instance, in Web Development there are CSS frameworks like Bootstrap that allows you to add dozens of nice-looking elements. You can also style them according to your corporate guidelines by just changing variables.

UI Kitten framework attempts to fill this gap.

All components are flexible and can be customized. It aims at boosting your mobile application development and allows you to focus on business logic instead of view composition. It helps you to bring your MVP to life in a shorter period of time.

Using React Native UI Kitten you will be able to create style configurations of components that you use the most (buttons, inputs etc.). These styles can be reused then in the process of development. Configure them once and use anywhere!

For example, below code showcases how to build a button using UI kitten.

import{RkButton }from’react-native-ui-kitten’; render( ) { return( Click me! ) }

5. Nachos UI

Nachos UI is a React Native component library. It has almost 30 customizable UI components. Nachos UI Kit is coded with Avocode which is a fully-featured tool to share, hand-off and inspect Photoshop and Sketch designs.

Nachos UI also works on the web with the help of React Native Web. It also has Prettier which is an opinionated JavaScript formatter. It also uses Jest Snapshot Testing. Nachos UI is so easy to use. For example, let’s look into an example of building a simple slider.

import { Slider } from ‘nachos-ui’ const Example = ({ value, handleOnChange }) => { return ( ) }

Conclusion

For every developer, his main aim is to build his application with impressive UI in a limited time frame. When I stepped into React Native, a most difficult milestone for me to pass was to build the user interface for an application. Because this took me a lot of time and effort to offer my client an effective solution with a mind-blowing interface. But now, with these predefined and customizable UI components, the styling of the user interface is made a lot easier. I suggest you should try at least one of these UI components in your next project.

– Sharoon Shaji

Are you looking for a reputed application development company to implement your next project? AlignMinds is an award-winning company with more than 10 years of success in developing disruptive applications for multiple verticals. Contact us now!.

Posted on

Accelerated Mobile Pages (AMP): What to Expect?

Accelerated Mobile Pages is an Open Source Initiative to overcome the slow and frustrating experience of web pages and to provide fast mobile experience. Google together with other publishers and technology companies found this solution – AMP Project to bring the whole internet to your mobile really fast – be it images or videos. AMP is a fantastic approach to make the mobile web faster.

How does Accelerated Mobile Pages work?

AMP basically has three components

1. AMP HTML

These are a subset of HTML designed to create “reading” contents than interactive contents. This strips out most of the elements that make the app pages load slowly in mobile devices.

2. AMP JS

It strips down third-party JavaScript and manages resource handling and asynchronous loading.

3. AMP CDN (Content Delivery Network)

Cache and optimize AMP-enabled pages for better performance.

Pros and Cons of AMP

Pros of AMP

  • Instant speed
  • Increased performance and reliability
  • Increased customer visits
  • Excellent support for ads
  • Improved ranking

Cons of AMP

  • Rewrite your template to accommodate the restrictions (like, CSS must be inline and less than 50 KB).
  • A custom amp-imp element must be used for images and width and height must be included explicitly.
  • Custom tag amp-video must be used to embed videos via HTML 5. Amp-YouTube must be used to embed YouTube videos.

Is using Accelerated Mobile Pages good or bad?

Performance is crucial for a website to be successful. If the web pages cannot load fast, the user will simply leave your website and try somewhere else.

AMP provides the free flow of information and works faster and better for everyone and everywhere. However, it comes with the cost of removing sometimes your most desired piece of code because AMP does not allow some form elements and third-party JavaScript as they really slow down your pages.

Therefore, for the developers who are interested in exposing their website features to the fullest, rather than relying on a stripped-down version of their code, there are so many performance gauging tools available online that provide recommendations on how to improve performance. It provides you with a list of blocking JavaScript files, large-sized images, resources requesting for an HTTPS connection, the order of display of items in your web page and every other information that is required to improve your website’s performance.

Instead of using AMP to shorten your piece of code, focus on finding slow areas that affect your app performance and think of ways to fine-tune and optimize your code. You won’t end up displaying the stripped-down version of your code and can utilize the power of your website to its fullest. In other words, AMP is not of much importance for developers who aim for code optimization and for those who are not interested in integrating a third-party concept to their code.

– Susan B. John

Posted on

What’s So Special About Google Fuchsia?

Not a long time ago, Google had only two operating systems.

  • Android OS
  • Chrome OS.

Later, Google developed a new operating system called ‘Fuchsia’.

What is Fuchsia?

Fuchsia is a cross-device, cross-platform and open-source operating system from Google. The Android and Chrome OS are based on Linux kernel, whereas Fuchsia is based on a new microkernel called ‘Zircon’(derived from operating system ‘Little Kernel’). Zircon is previously known as Magenta. Fuchsia is written in the mix of languages C, C++, Dart, Go, Python, Rust, Shell and Swift. The initial release was on 15 August 2016 on GitHub.

Advanatages of Fuchsia

1. Free and open source

Fuchsia is developed as an open source program. Which means that the licesnse is available for free to developers.

2. Graphical User Interface

Fuchsia currently provides two different layouts, mobile design called ‘Armadillo’ and the traditional desktop design known as ‘Capybara’. The mobile design will drop the App Drawer and a shortcut model for a combined view of all recent apps, quick settings, Google Feed etc. The desktop design is still work in progress, using a taskbar that contains only time at right side, a placeholder for quick setting, and something like the start button at left side.

3. Cross-device OS

In today’s world, almost everyone has multiple devices like phone, desktop, laptop, tablet etc., Google is attempting to run Fuchsia in all devices simultaneously. Maintaining progress and context are some of the challenges with this implementation. If you have signed in with your Google Account on Fuchsia, then your applications get saved automatically across all the devices that are signed in with the same account. In Fuchsia, Google uses ledger as distributed storage, and everything is stored in cloud.

4. Split-Screen Mode

Fuchsia provides another new feature called ‘Split-screen mode’. Split-screen mode occurs when we drag one app onto another app, then we will enter split-screen mode with those all merged apps by taking up the top and bottom portions as per our linking takes place. We can add any number of apps into this group in order to use them all at once.

5. Security

Fuchsia provides more security than Android as encrypted user keys are built into the software to ensure that the information is protected every time there is an update in the software.

Armadillo – Mobile layout

Capybara – Desktop layout

In short, Fuchsia is Google’s attempt to unite the entire digital world under a single operating system. Not only it will look the same across a range of devices like various digital gadgets, PC, mobile phones etc., it is also designed to better accommodate voice interactions and provide more frequent security updates. We have to wait and watch to see whether Fuchsia would replace Android and Chrome OS or it would just become a part of them.

Aswin Sasi

Posted on

Top 7 UI Trends in 2020 That Will Make Users Fall in Love with Your App

In today’s digital world, it is essential to create websites and mobile apps that enhance your brand identity, boost customer engagement and drives more traffic for your business. The customers expect a lot many things from brands and one of them is great user experience. We need to understand the customer’s preferences before we start designing our product.

The product should be user-friendly, easy-to-use and efficient. It should be neat and interactive. Your page design, logo design, navigation, and colour selection should be well researched and user engaging.

It’s important to leverage the UI designing trends that keep changing at frequent intervals. The competition bar has raised and mere updating your apps and websites bi-annually will not take you to a favourable position.

So, here are some latest trends for designing the UI that you can follow to remain ahead in the race.

Top 7 UI Trends in 2020

1. Gradients

We can see them everywhere; in illustrations, UI elements, and text. We love gradients because they add realism and depth to the platform, the way we see everything in real life. That probably explains why elements with gradients feel more natural.

The gradient designs also provide scope for performing creative colour experiments on the layout of the mobile apps, in an attempt to make them vibrant and eye-catching. Next year will probably bring us many more apps and websites with bold colours and gradients mixed with transparency.

2. Typography

Typography is one important factor that helps us to make the best UI. There is a trend of using big “headings” with gigantic fonts in combination with a little bit of smooth animation. Even if there is only a little content, it will catch the attention of eyes.

Today, UI designs for mobile apps seem to be incomplete without adding some bold typography as it is a key factor that contributes to holding the users’ attention. The typography trend works great with creative experiments that require a mix of elegant fonts with catchy taglines. Here are some examples of the same:

  • Text content that is visually integrated into creative images.
  • Addition of animated typographic elements.
  • Using interfaces based on typography as the core visual elements of a UI design.

3. Illustration and animated graphics

Illustrations are one of the most powerful tools in a designer’s toolbox. Well-crafted illustrations allow designers to convey pretty complex ideas without using too many words. So, when users see illustration, they can understand the concept in a glance.

An enjoyable illustration can give websites or mobile apps their own personality, thus making them more memorable.

Micro-animations help customers distinguish elements on the screens they are going to interact with. After an event takes place, feedback performs an important task in assuring the user that the intended action has actually happened.

This, in turn, brings users a better experience. Additionally, to make these pages stand out, these illustrations often come to life with complex motions.

4. Augmented Reality (AR)

In 2020, web design trends will all involve thinking outside the box, or rather, the grid. We need to forget UI fixed to screens. Instead, we should emphasise interactions which feel like they take place within the real-world environment. Google and Apple have already introduced their own AR development platforms, ARCore and AEKit, that blend the physical and digital worlds.

Designers will need to go beyond screen-only interfaces to include physical interactions. Augmented Reality has ushered a new era in user interface design, a new way of thinking.

Augmented Reality (AR) has become one of the top UI trends in the year 2020.

5. Voice User Interface

The popularity of Alexa and Google Home can’t be undermined. They are the new norm, as they become users’ go-to medium to seek nifty information, get entertained and even control their routine tasks. The navigation-less, button-less and menu-less experience seems so intuitive to a user that 40% of adults now use voice search once per day!

This makes it clear — voice search is not the future. It’s already here and will only become more prevalent in 2020. Voice interactions are slowly but fundamentally changing the way we interact with interfaces.  Instead of relying on touchscreens, mice and keyboards, users are steadily accepting the hands-free way of doing their everyday tasks.

Smart home speakers have already found their place in the hospitality industry, automobiles and large enterprises. The convenience of having an always-on machine that helps you do your digital tasks will not only aid the visually impaired but also introduce a unique way for illiterate users to access the web, in years ahead.

6. Parallax Scrolling & Fixed Navigation Bar

Parallax scrolling is a website trend where the background content is moved at a different speed than the foreground content while scrolling. Parallax Design is a newer element which is being used by several designers in their designs. It involves creating a visual setting in which the object appears moving, or it appears different when viewed from different angles. This type of design is even possible with video and multi-layered parallax.

Fixed Navigation is helpful for users. When they scroll down a website, the navigation bar will be still visible to users and, it will help them to move to another webpage if they like to.

7. 3D graphics

The mass-market currently has little demand for this technology and 3D graphics seems a bit unusual for websites. Nonetheless, 3D elements rendered specifically for a platform get a place in this year’s UI trend list.

It is added at the end of the list because, the production cost of 3D elements is not only higher, they take a longer time to load on a screen.

Nobody loves waiting. Users expect platforms to load in an instant. Any element that adds more time to the user journey meets with frustration.

The good news is, we don’t have to give up entirely on 3D elements. Faux-3D lets objects look three-dimensional. The downside is, they are not completely convincing regarding light and shadow.

The change in the design-first approach

The design-first approach for digital products became a primary attribute this year.

Why?

These designs should improve people’s lives and help businesses to meet their goals.

Most phones have lost their borders and have rounded edges, bezel-less displays or notch displays. That changes their interface quite a bit. It will pose challenges for designers to use sharp-edged elements in their mobile UI and app design.

In 2020, the trends prioritise speed, simple page designs with asymmetrical layouts, and most importantly, a mobile-first approach.

It is more likely that these trends will also change in the coming years as the main platform(mobiles) will be having major changes in layout and sizes.

Vishnu Anilkumar

Posted on

Whats Makes DApps So Interesting?

Has anyone ever heard of DApps? Decentralized App in short for DApps is a storm of change in the tech world.

Let’s see what DApp is.

What is DApps?

By definition,

“DApp is an open source application that operates autonomously on a decentralized public blockchain. It cannot be controlled by a single entity, and it generates and uses tokens by following a standard cryptographic algorithm.” 

Let’s analyze the criteria that make an app DApp:

1. Open Source and Autonomous

DApp is open source, means, it is available for every one from anywhere without any restrictions. It has the freedom to govern itself or control its own activities. Since the code is open source and managed autonomously, it is available for everyone for checking out. The changes are decided by all or the majority of the users.

2. Public blockchain

The underlying technology behind a DApp is BLOCKCHAIN (we will discuss in detail below), which should be public.

3. Cannot be controlled by a single entity

Single entities can be interpreted as an operational unit. DApp, as the name indicates, is decentralized. Its control is spread all over the world. They do not come under the influence of a person or an organization. DApps are free from control and interference from any single authority.

4. Generate and use tokens following a standard cryptographic algorithm

DApps generate and use tokens from every single entity it is performing. These tokens are encrypted using a standard cryptographic algorithm for security. If an app doesn’t meet all these criteria, then it is not a DApp. Based on the above definition, the first DApp ever built was Bitcoin. Bitcoin is an implemented blockchain solution that arose from problems revolving around centralization. One can say Bitcoin is a self-sustaining public ledger that allows efficient transactions without intermediaries and centralized authorities.

Blockchain is the underlying technology behind DApp. Now let us look into the basics of blockchains for a better understanding of DApps.

What is Blockchain and how it works?

Blockchain is the technology that enables moving coins or assets from one individual to another. Always understand that Bitcoin ≠ Blockchain. The main use of blockchain is faster and reliable money transfer without a centralized third-party.

Let’s take the above example. Suppose a Person A in America wants to send $10 to a person B in India, A is dependent on a trusted 3rd party for the process. However, the process takes time, about 3 days for the trusted 3rd party to find the correct Person B in India and pay him the money. They will also charge B an amount as their service amount which means person B receives only $8.5 after 3 days.

If this same process is done with the help of blockchain, there won’t be a third party. Also, you can send your money directly to the person without any delay and approximately no service charge. Blockchain technology, made possible to dis-intermediate third-party operators to exchange value online. This decentralized trust.

Why use DApps?

Here is the list of the top reasons why you should use DApps.

1. Own your Data

The best advantage of DApps is that you can own your own data. Your data is the most valued possession in this digital era. Anybody can access your data and you can earn with this concept.

2. Increased data reliability

Since DApps is decentralized, there won’t be any central server which stores every data. Data will be distributed everywhere so that there won’t be any broken links or 404 not found.

3. Faster data transfer

Since data is distributed across the world, the number of peers will be more. Therefore, we can access data from the nearest peer. The download speed will be so fast as the number of peers increases.

4. Cannot be shut down

There are cases where some website, links or apps are not accessible for a person, region or country. For example, China blocked Facebook in 2009 June to stop a riot since Facebook was the main source of communication for the activists. Such cases won’t happen if DApps was in the scenario.

Sneha Mohan

Posted on

Solutions: Most Dangerous Mobile Security Threats of 2020

Prevention of mobile security threats helps organizations and individuals to protect their devices, apps, users and content from malicious attacks. Security teams can prevent these threats by using an app that scans devices and configurations within the network, or by setting up security protocols in case malware is present on the network.

1. Cryptojacking attacks

Check these steps to minimize the risk of your organization falling into a trap

Install an ad-blocking or anti-crypto mining extension on web browsers.

Since crypto jacking scripts are often delivered through web ads, installing an ad blocker can be an effective means of stopping them. Using ad blockers like the Ad Blocker Plus can easily detect crypto mining scripts. Experts recommend extensions like No Coin and MinerBlock, which are designed to detect and block crypto mining scripts.

Keep your web filtering tools up to date.

If you identify a web page that is delivering crypto jacking scripts, make sure your users are blocked from accessing it again.

Maintain browser extensions.

Browser extensions are meant to make our tasks simpler. But, some of them could be a trap set by an attacker to execute crypto mining scripts.

Use mobile device management (MDM) solution to better control users’ devices.

Bring-your-own-device (BYOD) policies for preventing illicit crypto mining. An MDM solution can help to manage apps and extensions on users’ devices. MDM solutions tend to be geared toward larger enterprises, and smaller companies that often can’t afford them. However, experts note that mobile devices are not as at risk as desktop computers and servers. Because they tend to have less processing power, they do not produce a great deal of profit for hackers.

2. Insecure communications

Here is a list of few best practices to be used for Android phones which may bring down risks related to insecure communication.

Understand that the network layer is highly capable of eavesdropping, thus making it insecure.

  • It is important to apply SSL/TLS to transport channels used by the mobile app to transmit sensitive pieces of information, session tokens, or other sensitive data to a backend API or web service.
  • When an application runs a routine via the browser/WebKit, using outside entities for third-party analytics companies and social networks could be more secure. Mixed SSL sessions should be avoided as they could expose the user’s session ID.
  • Always use a strong, standard cipher suites with suitable key lengths.
  • Use certificates signed by a trusted CA provider.
  • Do not pin certificate for security conscious applications and never allow using self-signed certificates.
  • Always require SSL (Secure Socket Layer) chain verification.
  • Always establish a secure connection with trusted certificates from keychain after verifying the identity of the endpoint server.
  • Build a UI that alerts users when a mobile app detects an invalid certificate.
  • Avoid sending sensitive data over alternate channels (e.g, SMS, MMS, or notifications).
  • Apply a separate layer of encryption to any sensitive data before it is given to the SSL channel. In the event of a possible vulnerability in the SSL implementation, the encrypted data will provide a secondary defence against confidentiality violation.

3. Mobile ransomware

  • Only install applications from authorized stores like Google Play or AppStore. To be sure that no application makes its way onto your device from an untrusted source, go to Android settings, choose Security, and make sure that the “Unknown Sources” box is not checked.
  • Regularly check updates for your installed applications and your device OS. You can choose to update all installed apps automatically. It’s better to do update the system to the latest version as soon as an over-the-air (OTA) update arrives.
  • Install a strong security solution. Downloading apps from only the official stores and updating them regularly alone will not promise maximum security. Malware can lurk into even Google Play and, can also spread by means of exploit kits using yet-unknown vulnerabilities.

4. Phishing attacks

  • Think Before You Click!
  • Keep Your Browser Up to Date
  • Keep Informed About Phishing Techniques
  • Check Your Online Accounts Regularly
  • Use Firewalls

5. SMS–based attacks

  • Think before you click a link from SMS
  • Do not open spam messages
  • Keep informed about phishing techniques

6. Botnets attack

To avoid system compromises, it is advised to use only licensed and genuine software. Keep your mobile updated with latest security patches. Install anti-malware solution and update it regularly. Disable Autoplay /Autorun for removable drives.

Always protect your device from Trojans and other threats by using effective anti-malware software.

7. User & device authentication

  • Think before allowing store passwords, and your data in mailing apps and browsers

Remember there is no single fool-proof way to avoid mobile security threats.

– Habeeb Rahman

References

Posted on

The Fundamentals of Machine Learning

Have you ever wondered what machine learning is?

Even I had no idea about machine learning a few months ago. My interest in machine learning developed when I saw a documentary on the latest trends in robotics. Ever after, my idea of machine learning keeps on getting simpler.

What is Machine learning?

Wikipedia says

“Machine learning is the ability of a computer to learn and act accordingly without being explicitly programmed”.

Well, that is just the technical explanation of machine learning.

Let’s investigate a much simpler one.

Humans learn everything from their past experiences whereas computers follow instructions for doing the same task. For a computer to acquire such instructions a human should have knowledge about the same. Think about a situation where computers can also learn from past experiences and act faster!!! This precisely is called machine learning.

Machine learning is an application of Artificial Intelligence. Machine learning concentrates on the development of computer programs that can teach themselves to grow and change when exposed to new data. Since we are living in a technically emerged era, there are plenty of examples of machine learning in our daily life.

For example, let’s take the case of Google Maps. Google maps help you to analyse the time required to reach your destination based on current traffic. Also, in case of heavy traffic, Google Maps redirects you through another route which helps you to reach your destination at lesser time. This can be considered as the best example of machine learning. Let’s have look at how machine learning works with google map.

Google maps use a combination of people currently using the app, historical data of the route collected over time and a few other tricks. Everyone using maps is providing their location, the average speed and the route in which they are travelling which in turn helps Google collect massive data of traffic which helps them predict the upcoming traffic and adjust your route accordingly.

Above depicted is a graph which is plotted based on the number of users at a location versus speed of the user. When the number of users using maps are on one specific location and the speed of the user is slow, we can conclude for heavy traffic and redirects another route. Google maps keep on analysing such situations and keeps on improving their data.

Types of Machine learning

Machine learning can be mainly categorized into three different types.

Supervised Learning

Supervised learning is the simplest form of machine learning.

Supervised learning uses labelled data to train the modal. This type of learning always has an input variable X and an output variable Y. We figure out an algorithm to get a  mapping function from the input to output. In simple words, y = f(x)

Whenever you get a new input data x, the machine can easily predict the output y for the data. The result of supervised learning can be continuously predicted by the machine.

For example, let’s take Siri, Alexa or Google Assistant. Each one of these is a voice automated system which collects your voice and starts working based on this collected data.

Biometric attendance is another common example of supervised data from our day to day life. Here, the system first collects data of our fingerprints, retina scan or even face recognition and trains the machine with this data. And hence, it will validate our biometrics.

Unsupervised Learning

Unsupervised learning always has input X but we cannot directly predict the output Y.

They have unlabelled data for output calculation. They are important because they allow the machine to self-analyse and develop an output from the collected bulk data.

Unsupervised learning clusters input data into classes of statistical properties. Clustering and Association are the two most important concepts in unsupervised learning.

For example, consider cases of online shopping sites like Amazon, Myntra or Flipkart. When we add an item like mobile to their cart, they will suggest products people brought together with that mobile and also its similar product recommendations. This is possible by continuous observing of order details of customers and clustering such data.

Another example of unsupervised learning is Google maps which we already discussed earlier. Google maps also form two clusters where one is with high traffic and other normal traffic.

Reinforcement Learning

Reinforcement Learning works on the principle of feedback. This type of learning is all about taking decisions sequentially. There should be an initial state of input which leads to output and the next input depends on the output of the previous input.

Google Survey in Google Photos is the best example of Reinforcement Learning. Google photos identify a face and groups all photos of that same face together. For this, Google photos first collect all of the images of that face and ask the user if they are all of the same people. Thus, it gets into a conclusion and groups all photos with the same face.

Summary

Machine learning is now the hottest trend. This will provide enormous hopes for building Artificial Intelligence. Sophia, the first social humanoid robot developed by Hong Kong is one of the first major achievements of machine learning and artificial intelligence. Hopes everyone had a good time reading this blog and have figured out more about machine learning.

Sharoon Shaji

Posted on

Top 10 Vulnerabilities in Web Applications and How to Tackle Them

Before we begin with the vulnerabilities in web applications, it is good to know there are several open communities like OWASP that are always looking out for vulnerabilities and are dedicated to resolving these vulnerabilities. Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain web applications and APIs that can be trusted.

Now let us check the top 10 vulnerabilities in web applications and how to tackle these vulnerabilities.

1. Cross-Site Scripting (XSS)

It is a very common application-layer web attack. XSS targets scripts embedded in webpages that are executed on the client side (i.e., the scripts run on the user’s web browser). XSS is a threat for client-side scripting languages like HTML & JavaScript. It works by controlling the client side to work as desired by the attacker. Such an attack may, for example, use a script to run every time page reloads or on any other events.

XSS is mainly used for tampering and stealing user sensitive data. XSS usually targets the user and not the application.

We can prevent XSS by separating untrusted data from active browser content. We can also use frameworks like React JS or Ruby on Rails that automatically escape XSS by design.

2. SQL Injection

It’s an application security weakness that allows the attackers to alter the data in the database or just read confidential data such as a password. The vulnerability occurs when we enter untrusted data to the database from web forms or when it is part of a SQL query.

Web applications use SQL query to communicate with the database. SQL injections occur when the application fails to validate the data in a SQL query (from web forms) and hence, an attacker can trick the database to execute unexpected commands.

Using LIMIT and other SQL controls within queries are a way of tackling injections.

3. LDAP Injection

This is similar to SQL injection. Here also, the attacker place codes in user input fields to gain unlimited access. It may lead to information theft, browser or session hijacking, defacement of the website or even other problems.

LDAP (Lightweight Directory Access Protocol) injections work by inserting harmful codes to client provided data in LDAP statements. If a web application does not properly validate the input fields, attackers can construct LDAP statements which execute with user permission. Such queries can modify or delete anything in the LDAP tree and cause disastrous results.

To handle these injections, it is advised to use safe API, that avoids interpreter entirely and provides a parameterized interface, migrates to use Object Relational Mapping Tools (ORMs).

4. Cross-Site Request Forgery (CSRF)

Usually, a website sends an application a request that a user is authenticated from another website. An attacker can use this to access data and functionalities of the web application as the browser is already authenticated using the user’s credentials. Attackers may use XSS to defeat CSRF defence the application might employ. So, avoiding XSS will prevent these types of attack to some extent.

5. Insecure cryptographic storage

It occurs when sensitive data is not stored securely. Make sure all sensitive data are encrypted while storing & secured key management must be adopted.

Use a good encryption algorithm.

Make sure you do not use cryptography of your own since you can never predict whether it is secure or not. Do not ship or deploy with any default credentials, particularly for admin users.

6. Broken Authentication

Broken authentication happens when application functions related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.

Practice implementing multi-factor authentication for web applications to prevent automated, credential stuffing, brute force, and stolen credential re-use attacks.

7. Sensitive Data Exposure

Many web applications and APIs do not properly protect sensitive data such as financial, healthcare, and PII (Personally Identifiable Information). Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data may be compromised without extra protection such as encryption at rest or in transit and requires special precautions when exchanged between browser and server.

We can prevent such situations by applying controls as per classification. Classify data stored processed and transmitted by an application.

Don’t store sensitive data unnecessarily. Discard it as soon as possible or use PCI DSS compliant tokenization or even truncation. Remember, data that is not retained cannot be stolen.

8. XML External Entities (XXE)

Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

Points to keep in mind are, whenever possible, use less complex data formats such as JSON and avoid serialization of sensitive data.

Also, patch or upgrade all XML processors and libraries in use by web applications or on the underlying operating system. Use dependency checkers. Update SOAP to SOAP 1.2 or higher.

9. Broken Access Control

Restrictions on the privileges of authenticated users are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, access other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc.

The possible solution to overcome this problem is to implement access control mechanisms once and reuse them throughout the application. Also, Minimize the use of CORS.

10. Security Misconfiguration

Security misconfiguration is the most commonly seen issue. This is commonly a result of insecure default configurations, incomplete or ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. Not only all operating systems, frameworks, libraries, and applications should be securely configured but also, they must be patched and upgraded in a timely fashion.

We can avoid this by checking none of the default accounts credentials is the same.

The aim of this article is to give a good insight into common flaws that can lead to modern data breaches and could make web applications vulnerable to various attacks.

As the saying goes “Prevention is better than cure”, proactive and defensive security steps must be adopted beforehand than making it a practice only after a security breach.

Bharath Varma

Posted on

What Makes Katalon a Fantastic Tool for Test Automation

Today there are many test automation tools available in the market.

But, why do we need an automation tool for testing at all?

What makes use of automation tool a “must-have” in the Software development industry?

In today’s software world, demand for high-quality apps and products within very tight deadlines gives very less time for testers to perform quality testing. It is just impossible to test the complete application/product manually every time there is a bug fix or new releases.

Also, when it comes to testing scenarios like a large number of users access the website or an application simultaneously, it leaves no choice for an organization than to hire several hundred thousand testers (and test machines too) to do a manual test.

However, these challenges can be overcome by a tester or an organization if they choose an appropriate automation tool that fits their testing requirement. Choosing the right automation tool helps in saving resources, time, effort and cost. It can also help in effective testing delivering a high-quality product meeting the deadline and thereby increasing organization revenue and achieving customer satisfaction.

Katalon Studio is one such test automation tool that provides advanced test generation capabilities, faster execution and excellent reporting features. With the evolving features, leveraging in-built features and templates, Katalon is becoming tester’s favourite automation testing tool.

What is Katalon?

Katalon is a free-license automation solution for testing web and mobile application. It is developed by Katalon LLC. Katalon’s first release to the public was in September 2016.

Katalon Studio is built on the open-source automation framework Selenium and Appium. It is a very user-friendly and simple tool with an intuitive interface. Katalon is becoming the number one testing tool in the software testing field. While with other test automation tools, it takes weeks to automate test scripts, Katalon Studio requires just a few hours to achieve the same.

Why Katalon?

What makes Katalon so powerful and unique in comparison to other test automation tools?

The main advantage of Katalon over other automation tools is that it requires very little coding experience.

While several other test automation tools require testers to have technical skills to design test scripts, Katalon Studio’s specialized IDE and simple interface make it very user-friendly for testers who have no prior coding experience. Testers with some development knowledge can use the advanced features of this tool for the automation purpose. Even a black box tester can use this tool efficiently for the automated testing of web and mobile applications.

The time and efforts required to design test scripts are greatly reduced using this tool. Reusability/ scalability aspects are some other major features of Katalon Studio. Katalon makes use of several of Selenium features, you can still leverage the features in Katalon Studio to build your own scripts.

Highlights/Features of Katalon

  • Katalon Studio plays an important role in DevOps toolchain. Tests can be easily integrated with CI tools like Jenkins and TeamCity using Console Mode Execution or non-GUI mode in Katalon studio. One can make avail of command-line mode execution by installing the Katalon Studio plugins using Katalon Store’s API keys. This is a very powerful feature supported by Katalon.
  • Katalon Studio supports dual scripting interface. The black box testers with limited or no coding experience can use its simple interface to create test scripts. The tool has record and playback and manual mode for non-programmers. Katalon Recorder records the test actions, captures the web elements and plays the recorded steps. Testers can play their recorded scripts as many times as they want for their testing. The learning curve is very less as testers do not essentially need any coding experience in this case.
  • Testers with an advanced level of coding experience can use the scripting mode for test script creation. Those who have knowledge in Groovy can easily edit the test scripts in scripting mode. Katalon Studio allows reuse of these automated test scripts.
  • The tests recorded in Katalon Studio in one browser can be executed on multiple browsers (in parallel or sequential) speeding up the test cycle thus improving test coverage.
  • Using its well-structured framework and leveraging built-in features, Katalon Studio enables to provide high-quality applications. For example, Katalon supports parametrizing test objects dynamically which means users can control the object dynamically (sometimes the properties of an object might change due to business rules). The Test Objects can be handled in both manual modes and in script mode. Katalon provides systematic and neat UI with menus, tree views and tables so that one can organize well their test cases, objects and data files. This makes Katalon well-structured framework.
  • Features like Spy web utility is a great add-on in Katalon Studio. Using Spy web utility, object properties and locating method can be defined by the user themselves. This makes Katalon an intelligent tool.
  • While we must use other third-party libraries to generate reports in other automation tools, Katalon provides reports in graphical format. Also, it generates reports in HTML, CSV or PDF format.
  • Failures are reported with screenshots and logs.
  • Script creation time is very less when compared to other test automation tools.
  • Katalon Studio can be launched on Windows, Linux and Mac OS.

Cons of Katalon Studio

  • Katalon Studio supports only Apache Groovy for test script creation. However, it supports Java libraries and Java-compatible languages for test script execution.
  • Katalon is not open source, it has closed source code leaving no option to the community to customize or use community-built packages.
  • Katalon Studio does not support distributed testing currently.
  • Katalon Studio is more focused on functionality testing and does not support any load or performance testing.
  • Katalon Studio supports only web, mobile and API testing and does not support automating desktop application.
  • Sometimes the tool just slows down and freezes, mobile automation testing takes even more time to record scripts.

Choosing a test automation tool depends on the testing requirement of an organization. If the organization is looking for a tool to test the functionality of their web/mobile applications, Katalon would be the right decision. Katalon Studio mainly focusses on functionality testing, but with very little focus on testing of design aspects like screen size, orientation etc.

Katalon: The future

As the tool is new and in early stages in the market and the features are still evolving, it sometimes throws some bugs and just gets stuck during test script execution. More updates and bug fix releases are expected in future to make it more stable and smooth-running tool.

Also, support to more scripting languages for test script creation would be a great plus.

However, with all the great benefits provided by the tool and with its simple UI, the tool has already won the hearts of testing engineers. In spite of the drawbacks, Katalon Studio is becoming an emerging tool for test automation and is gaining popularity in the software development industry. Overall Katalon is an amazing tool and has a great future.

Susan

Posted on

What Are The Advantages of Kotlin Over Java?

Kotlin vs Java has been one of the hot topics of debate for the last few years.

Ever since Kotlin was released in February 2016 programmers have been having doubts about which language to use for Android development.

Java has been around for a very long time. It is being used by millions of programmers worldwide but had some minor drawbacks. Then Google introduces a new language specifically for android which is said to be better than Java.

Last year, Kotlin has been made a ‘first class’ language for Android development by Google in addition to existing support for Java and C++. The impact of Google’s decisions for adopting Kotlin can be seen from GitHub’s findings.

The number of GitHub notes and contributors using Kotlin for projects has more than doubled over the last couple of years.

I’ve been making android apps using Java for about 4 years now and, I learned Kotlin just three months ago. While making an app in Kotlin, I quickly understood that there are many advantages of using Kotlin over Java.

Advantages of Kotlin over Java

1. Readability

Comparing to Java, Kotlin has more readable and precise code which makes it easier to understand the program. After a small learning curve, a Java developer can easily understand how to write Kotlin very quickly.

After learning Kotlin I observed that it needed much less code than Java as shown below

Java

Kotlin

As we can see, Kotlin reduces boilerplate as compared to java. Now, boilerplate refers to those codes which must repeat lots and lots of times and which do not serve any purpose to the functionality of the application. Kotlin has been designed in a way that it eliminates the need for boilerplate code.

Kotlin requires fewer lines of code as compared to java.

In Java, we must create references for views using findViewById. In Kotlin, that is taken care of automatically, therefore, reducing the lines of code drastically. That makes it easier for a beginner to learn Kotlin.

2. Null-Safe

Null pointer exceptions also referred to as “The billion-dollar mistake”, is one of the most common errors that cause apps to crash if you are using Java.

Kotlin is null-safe by default. It does not allow variables to be assigned with a null value. But in Java, we can assign null values to variables and, it may lead to null pointer exception that may crash the application.

3. Using Getters and Setters

In Java, we have to use getter and setter functions for receiving data from variables in the modal classes. Model classes are just used for holding data. We can use the getters and setters for accessing the data from model classes.

In Kotlin we don’t need all those getter and setter functions. We can access all the data’s using the variable name itself. See the example below.

This modal class in Kotlin only has to define the variables instead of also defining the getter and setter methods. While comparing the above two images, we can clearly see that Kotlin uses less code as compared to java.

4. Interoperability

Kotlin language is interoperable. This means that both Java and Kotlin are somewhat similar and we can use java commands and Java libraries in a Kotlin project.

Since Java is still being used by most programmers, Kotlin has been made to be interoperable. It can be used with existing Java classes and won’t cause any errors. The compiler will allow the code containing the Java and Kotlin classes to work flawlessly.

Because of this feature, developers can transition from Java to Android with ease.

5. Immutability

An immutable object is an object whose state cannot be changed once it is created.

In Kotlin variables are defined using val or var to help developers easily understand which values can be reassigned.

Using val in our code makes it super clean and will be able to safely assume that the properties will never be changed and that they will not be null. The benefit is that it allows you to just get on with the project at hand.

Conclusion

I can confidently say, Kotlin language is far better than Java for Android development as it takes care of the drawbacks Java has. Moreover, the transition from Java to Kotlin is easy and anyone who is interested in programming can make good progress within a short span of time.

– Benedict Thomas

Posted on

What Makes Kotlin The Fastest Growing Programming Language?

Kotlin is one of the fastest growing programming languages in the world. It is open-source, statically typed language primarily developed by JetBrains programmers based in Saint Petersburg, Russia. Statically typed programming language means Kotlin performs type checking at compile-time as opposed to run-time.

Java was once among the most popular, most favourite programming languages. However, looking at the limitations and errors caused by Java, developers required a desperate rescue. That’s when the JetBrains developers created Kotlin which proved to be much more efficient than Java.

Kotlin has advanced benefits in terms of reliability, efficiency, runtime performance and maintenance when compared to Java, yet fully interoperable with Java. It provides seamless integration with Java frameworks and libraries and supports backward compatibility. Kotlin also boasts about the fact that fewer lines of code are required to solve a problem resulting in clean, concise, easy to write and understand the code.

Kotlin is developed just recently and is already gaining popularity among developers. Kotlin is becoming a strong competition to Java. The common issues that are a cause of frustration to Java developers are well covered in this young rival.

In May 2017, Kotlin was named as the official language of Android by Google. The team just decided to name it after an island and that’s why the name Kotlin (from Kotlin Island, near St. Petersburg).

Stack Overflow says that Kotlin is becoming developer’s favourite programming language and is outranking languages like Python and JavaScript. According to some survey reports, around 80% of Kotlin developers are using Kotlin as a programming language. Around 30% use it for Backend/server-side applications and another 30% use it for SDK/libraries.

Coursera, Atlassian, Basecamp, Pinterest, Keepsafe are already using Kotlin in their mobile applications.

What makes Kotlin the fastest growing language?

Concise

This is the biggest advantage of Kotlin over other programming languages that you can solve the same kind of problem using fewer lines of code with a reduced number of bugs and crashes. Also, it makes the code more readable, easy to make changes and to maintain.

Safe

Kotlin helps developers write robust and stable code. Kotlin’s smarter and safer compiler detect errors at compile itself and perform lots of compile-time checks reducing runtime errors.

Interoperable

Kotlin is fully interoperable with Java. The existing codebase can interact with Kotlin and all existing libraries in Android can be used in Kotlin as well.

Better productivity

As it requires lesser lines of code, results in better productivity.

There are other lots of features in Kotlin that will speed up the daily development tasks.

Conclusion

Kotlin has undoubtedly won the heart of developers and has become a highly competing programming language. As it is open source and bring all advantages of a modern programming language into the Android platform, it is a great fit for Android developers.

Migrating to Kotlin will really be a piece of cake for them. With all the cool features of functional programming, Kotlin is only getting brighter and better in the Android community.

However, only time can tell whether the popularity achieved by Kotlin in the Android community can be achieved in other communities.

– Susan B John

Posted on

Progressive Web Apps: The Future

What are Progressive Web Apps? 

As the name suggests, Progressive Web App is a combination of features of web and app.  It uses the modern capabilities of web and app making it very powerful, providing a user-friendly experience. Progressive Web Apps can be accessed via URL, are fully responsive and secure.

Image Courtesy: https://developers.google.com

Why Progressive Web Apps? 

Native apps are rich in user experience, but they must be deployed through app stores. The Web apps – easy to access, but as it runs over the internet and if the internet is not available, these cannot be accessed. Even though there were attempts to implement offline web apps, the attempts failed to provide solutions for complex offline app scenarios. However, the setbacks of Native and Web Apps were overcome by the introduction of “Service Workers” in Progressive Web Apps that could handle every network request even when the user is offline and provide a rich user experience. Rapid growth has now taken place in browsers.

The biggest gain of Progressive Web App is that if the mobile browser does not support the features of the web app, just nothing happens!! It will ignore the features of a Web app and it will behave like a regular app and will redirect it to Play Store to download the app – elegant fallback, isn’t it?

Features of Progressive Web Apps

1. Feel like an app

App-style interactions and navigation are provided as it’s built on app shell model.

2. Responsive

Desktop, mobile, tablet – works well in all of these.

3. Easy installation

Appstore is not required anymore to download the app. You just open the app via browser, and you get the feature “Add to Home Screen” that adds an icon to the home screen of your device.

4. Offline mode

Use of Service Worker code in Progressive web apps enables the web app to be used in offline mode or over low-quality networks.

5. Push Notifications

Push capabilities in these web apps provide native-like experience to the users.

What is required for Web Apps?

For a web app to be “progressive”, the browser must implement these three things:

1. Register a Service Worker

Service Worker is a powerful API that helps developer build site to work offline or help speed up by obstructing the network requests to deliver cached responses. Service Workers are currently supported by Chrome and Firefox. Safari does not support Service Worker code though.

2. Run on HTTPS

This is mandatory for Progressive Web Apps to prevent third-party attacks.

3. Create App Manifest file

JSON file where a developer can specify attributes like name of the app, display (full screen, browser), orientation (portrait or landscape) etc. to display the app to the outside world.

Future of Progressive Web Apps

Will Progressive Web App gain popularity and be the king in this mobile age?

This is still in question since this will have a considerable impact on the app business market and even the Google Store due to its hybrid features. Another setback is if your requirement needs access to hardware capabilities of the device and if the mobile browser does not support those features, in that case, you don’t have a choice than have to build a native/hybrid app anyway.

Also, time and amount of work needed to implement progressive web apps are quite high – due to the requirement of HTTPS in the API. However, since it bridges the gap between the performance of web and apps, it can still provide a better solution that is fast and reliable in the modern technology world and meet user expectations.

Susan B. John

Posted on

Broadcast Announcements & Broadcast Receiver in Android

Android Broadcast Receiver is a component that responds to the system’s wide broadcast announcements. It can be registered for various system or application events. Whenever those events occur the system notifies all the registered broadcast receivers and then the desired action is being done. Broadcast originates from the system as well as applications. Like the alarm notification, low battery notification etc. are the example of broadcast originating from the system. While getting the push notifications for desired application describes the example for broadcast originating from the application. 

How to make BroadcastReceiver works for the system broadcasted intents?

There are mainly two steps to make BroadcastReceiver works for the system broadcasted intents

  • Creating a Broadcast Receiver
  • Register Broadcast Receiver

1. Creating a Broadcast Receiver

public class MyBroadcastReceiver extends BroadcastReceiver {public MyBroadcastReceiver () { }@Overridepublic void onReceive(Context context, Intent intent) {

This method is called when this BroadcastReceiver receives an Intent broadcast.

Toast.makeText(context, “Action: ” + intent.getAction(), Toast.LENGTH_SHORT).show();}}

Consider a receiver class named as MyBroadcastReceiver implemented as the subclass of BroadcastReceiever class which overrides the onReceive() method. Whenever an event occurs Android calls the onReceive() method on all registered broadcast receivers. In the above code, the Intent object is passed with all the additional information required and also you have got the Context object in order to do other tasks like maybe start a service (context.startService(new Intent(this, TestService.class))

Register the Broadcast Receiver

There are two ways to register the broadcast receiver:

  • Static way (in manifest file).
  • Dynamic way (in code).

Static way

In static way, the broadcast receiver is registered in an android application via AndroidManifest.xml file.  Consider, here we are going to register MyBroadcstReceiver for system-generated event ACTION_BATTERY_LOW which is fired by the system once the android system encounters the battery low.

<applicationandroid:icon=”@drawable/ic_launcher”android:label=
”@string/app_name”android:theme=”@style/AppTheme”><receiverandroid:name=”MyBroadcastReceiver”><intent-filter><actionandroid:name=”android.intent.action.BATTERY_LOW”></action></intent-filter></receiver></application>

Now, whenever your android device will encounter battery low problem it will trigger the BroadcastReceiver, MyBroadcastReceiver and the desired action mentioned inside onReceive() method will be executed. Like, if you look into your android device you gets a dialogue message warning you that the battery is low so put it in charge.

Some other important system events are as follows:

Event Constant Description
android.intent.action.BATTERY_CHANGED Sticky broadcast containing the charging state, level, and other information about the battery.
android.intent.action.BATTERY_LOW Indicates low battery condition on the device.
android.intent.action.BATTERY_OKAY Indicates the battery is now okay after being low.
android.intent.action.BOOT_COMPLETED
 This is broadcasted once, after the system has finished booting.
android.intent.action.BUG_REPORT Show activity for reporting a bug.
android.intent.action.CALL Perform a call to someone specified by the data.
android.intent.action.CALL_BUTTON The user pressed the “call” button to go to the dialer or other appropriate UI for placing a call.
android.intent.action.DATE_CHANGED The date has changed.
android.intent.action.REBOOT Have the device reboot.

Dynamic way

In dynamic way, we use Context.registerReceiver() method. Dynamically registered broadcast receivers can be unregistered using Context.unregisterReceiver() method.

BroadcastReceivermReceiver=newMyBroadcastReceiver();
registerReceiver(this.myReceiver,newIntentFilter(“MyBroadcast”));

IntentFilter object that specifies which event/intent our receiver will listen to. In this case, it’s broadcast. This action name is used while sending a broadcast that will be handled by this receiver.

@Overrideprotected void onPause() {unregisterReceiver(mReceiver);super.onPause(); }

Once the component that had made the registerReceiver() call is destroyed sendBroadcast() will also stop working, hence the receiver won’t receive anymore be it an event generated from an app or the system. Whereas with the previous method where we registered via the manifest file, this is not the case.

Dynamically registered receivers are called on the UI thread. Dynamically registered receivers block any UI handling and thus the onReceive() method should be as fast as possible. The application may become sluggish of an “Application Not Responding” error is the worst.

Which Method to Use When for Registration

The type of preference among the two approaches is determined by the motive. Suppose you want to do some changes right on the screen (home screen, launcher, status bar, etc.) By showing up some notification or some indicator in the status bar by listening to system-wide events or maybe those sent by other apps, then it makes sense to use statically registered broadcast receivers. Whereas based on similar events you want to do changes right in your app when the user is using it or maybe it’s put in the background, then it makes sense to use dynamically registered receivers which last till the registering components are destroyed.

In fact, there are certain events like Intent.ACTION_TIME_TICK that cannot be registered in the manifest but only via registerReceiver() to prevent battery drainage.

Broadcasting Custom Intents

If one wants that the application itself should generate and send custom intents then one will have to create and send those intents by using the sendBroadcast() method inside the activity class. If one uses the sendStickyBroadcast(Intent) method, the Intent is sticky, meaning the Intent you are sending stays around after the broadcast is complete.

public void broadcastIntent(View view){Intent intent = new Intent();intent.setAction(“com.example.broadcastreceiverdemo“);
sendBroadcast(intent);}

This intent com.example.broadcastreceiverdemo can also be registered in a similar way as we have registered system-generated intent.

<applicationandroid:icon=”@drawable/ic_launcher”android:label=
”@string/app_name”android:theme=”@style/AppTheme”><receiver android:name=”MyReceiver”><intent-filter><action android:name=” com.example.broadcastreceiverdemo“></action></intent-filter></receiver></application>

You can see a working example by visiting this link.

– Deepika Bisht

Posted on

Why Testing with Jasmine is Fun?

What is Jasmine?

Jasmine is a behaviour-driven development framework, used for testing JavaScript code. To know about behaviour-driven development, we must know about test-driven development.

Test-driven development, as per definition, is a software development process that relies on the repetition of a very short development cycle: first, the developer writes an automated test case that defines a desired improvement or new function, then produces a minimum amount of code to pass that test, and finally refactors the new code to acceptable standards.

Behaviour-driven development, on the other hand, is a software development process that is emerged from test-driven development. The behaviour-driven development process can be called as a combination of general techniques and principles of test-driven development.

Why use Jasmine for testing?

Jasmine is an independent software as it does not depend on any other software development frameworks. It does not require a Document Object Model (DOM). A basic advantage that can be called of Jasmine is that its syntax is so obvious that it’s easy to understand. It also helps you to write your tests easily.

Working with Jasmine

Function

Let’s start with an example code that you want to test using Jasmine. We all know, in every programming language, we start with a Hello World program. Here also, let’s begin with a helloworld.js. A JavaScript function that returns “Hello World”.

Spec

Initially, you need to grab the latest standalone version of Jasmine on your computer. They are easily available on Google. All you need to do is search for it and download it. Unzip the downloaded file. The /src and /spec directories will have many files in it. You’ll have to empty them out as they are just examples which you probably won’t require.

Now, the function or let’s call the helloworld.js file should be put into the /src directory. We now have created the src. What we must do next is to create the spec.

The code has two parts.

The ‘describe’ part and the ‘it’ part. The ‘describe’ part will contain the main codes or functions that do the tests. ‘Describe’ is followed by the suite, which is just the English language and not any code, which helps to understand what it describes. Inside of ‘describe’, you have the ‘it’ part of the code. ‘It’ part is generally called as a ‘spec’.

The whole code might look like classes written in a function. ‘It’ describes what the code must do in general English language and in JavaScript code. You can have any number of specs in a suite.

Matchers

When a code is needed to be tested, you will definitely require a matcher. A matcher is something that will do the checking whether your code provides the required output. For beginners, we can use expect() and toEqual() as matchers. In our Hello World example program, we need the code to return the expected output – “Hello World”.

To test this, the matchers will run as expect (helloworld()).toEqual(“Hello World”); If that comes true, the program is successfully tested with no errors reported. There are many other matchers too. Matchers are selected according to the requirement of what is to be tested and what should be returned. In addition to this, you can make your own matchers too.

Example code

describe(“The ‘toEqual’ matcher”, function() { it(“works for simple literals and variables”, function() { var a = 12; expect(a).toEqual(12); }); it(“should work for objects”, function() { var foo = { a: 12, b: 34 }; var bar = { a: 12, b: 34 }; expect(foo).toEqual(bar); }); }); it(“The ‘toMatch’ matcher is for regular expressions”, function() { var message = “foo bar baz”; expect(message).toMatch(/bar/); expect(message).toMatch(“bar”); expect(message).not.toMatch(/quux/); }); it(“The ‘toBeDefined’ matcher compares against `undefined`”, function() { var a = { foo: “foo” }; expect(a.foo).toBeDefined(); expect(a.bar).not.toBeDefined(); }); it(“The `toBeUndefined` matcher compares against `undefined`”, function() { var a = { foo: “foo” }; expect(a.foo).not.toBeUndefined(); expect(a.bar).toBeUndefined(); }); it(“The ‘toBeNull’ matcher compares against null”, function() { var a = null; var foo = “foo”; expect(null).toBeNull(); expect(a).toBeNull(); expect(foo).not.toBeNull(); }); it(“The ‘toBeTruthy’ matcher is for boolean casting testing”, function() { var a, foo = “foo”; expect(foo).toBeTruthy(); expect(a).not.toBeTruthy(); }); it(“The ‘toBeFalsy’ matcher is for boolean casting testing”, function() { var a, foo = “foo”; expect(a).toBeFalsy(); expect(foo).not.toBeFalsy(); }); it(“The ‘toContain’ matcher is for finding an item in an Array”, function() { var a = [“foo”, “bar”, “baz”]; expect(a).toContain(“bar”); expect(a).not.toContain(“quux”); }); it(“The ‘toBeLessThan’ matcher is for mathematical comparisons”, function() { var pi = 3.1415926, e = 2.78; expect(e).toBeLessThan(pi); expect(pi).not.toBeLessThan(e); }); it(“The ‘toBeGreaterThan’ matcher is for mathematical comparisons”, function() { var pi = 3.1415926, e = 2.78; expect(pi).toBeGreaterThan(e); expect(e).not.toBeGreaterThan(pi); }); it(“The ‘toBeCloseTo’ matcher is for precision math comparison”, function() { var pi = 3.1415926, e = 2.78; expect(pi).not.toBeCloseTo(e, 2); expect(pi).toBeCloseTo(e, 0); }); it(“The ‘toThrow’ matcher is for testing if a function throws an exception”, function() { var foo = function() { return1 + 2; }; var bar = function() { return a + 1; }; expect(foo).not.toThrow(); expect(bar).toThrow(); }); it(“The ‘toThrowError’ matcher is for testing a specific thrown exception”, function() { var foo = function() { thrownew TypeError(“foo bar baz”); }; expect(foo).toThrowError(“foo bar baz”); expect(foo).toThrowError(/bar/); expect(foo).toThrowError(TypeError); expect(foo).toThrowError(TypeError, “foo bar baz”); }); });

(Code was taken from http://jasmine.github.io/2.0/introduction.html)

Some advantages of using Jasmine

  • Jasmine is independent. It does not depend on any other JavaScript frameworks.
  • It does not require a DOM.
  • It has a clean, obvious syntax.
  • Help maintainers understand the intention behind the code.
  • Brings validation and proper data handling concerns to the forefront.

Conclusion

There is plenty more you can do with Jasmine. Overall, Jasmine makes your testing fun. So, if you’re not yet into testing, now is an excellent time to start your JavaScript testing. It makes your testing pretty simple with Jasmine’s fast and simple syntax.

– Shekhar R

Posted on

App Store Optimization (ASO): 5 Key Considerations

App Store optimization is the process of improving the visibility of an App in an App store.

We know more than one million apps exist in the Apple Store and Google Play Store together. Making visible our app to the external world among this huge collection is not a simple task. I’m here to discuss some of the App Store Optimization techniques which can be used for the better recognition of our App. Here are some of the App optimization techniques for better visibility of the App in the store.

5 Ways to optimize your app for app stores

1. App Icons

App icons are the first impression that a user has about an app. In general, app icons should be eye-catching such that user has to either download or make him go through the description and screenshots of the app. An app icon should convey what the app is all about to the user.

Some of the best practices that can be followed for an app design are:

  • Avoid using words in the app icon.
  • The design of your icon should be consistent with your app design.
  • It is always better to add a margin to your icon so that it will look great in all backgrounds.
  • Also, research for various designs to stand unique in the crowd.

2. App Name

App name is the second thing after App icon that a user sees when he searches for something in the Store. Make sure your app name itself gives a complete description of your app and is unique. Sometimes we might have come across certain app names which not at all suits them. Always it is better if the name you put in there acts like a keyword. Avoid changing your app name often, that is stick on to one name even if there are multiple updates for your app. Finally make sure the name you selected for your app is short, attractive and catchy for all age group users.

3. Keywords

Keywords are one of the most important factors for app visibility in Store. When a user doesn’t know the exact name of the app, the search will be based on certain keywords associated with the app he/she searches for.

iTunes gives an option to enter the keywords with a 100 character limit which can be separated by commas whereas Play Store takes the keywords from the App description which has a 4,000 character limit. The Keywords should appear 5 times in the app description in the Google Play Store.

App names with keywords also have a better impact on the recognition of the app. In iTunes the character limit for App name is 255 words and if there is space left make sure you enter additional keywords which are relevant. But in case of Google play the character limit for App name is 30 and choosing the right keyword is so important.

4. Description

We all know, once the user clicks on our App on a desktop, iPhone/iPad or Android device only the first three lines of our App with App icon is visible. In all the cases the user has to click on the “more” link to read the description completely.

Always make sure to put the most important information in the first three lines, which gives the user a clear idea of what your App does and why is it different from others.

Also make sure you have included a Call to Action sentence in the App description which actually invite the users to download, like “Download AA to enjoy BB now”.

Avoid using a technical sentence in the App description, let every user understand what is the app for and why it should be used.

In the Google Play store, the word which is entered a minimum 5 times in the Description will be considered as Keywords. Always make sure proper repetition of the words which can be a Key for the users.

5. Screenshots

Screenshots are one of the first visual element that is visible to the user when viewing an App.

If adding a screenshot, make sure the first two images in the screenshots convey what the app is for and why it should be used. It’s not on the number of screens you have added but the information about the app in a few screens.

Always make sure there is some description of the screens you have added. Ensure the images used for this purpose are of the same size, attractive and clearly visible to the user.

Also, it is advised to add genuine videos that describe how the interface will look like and help the potential user to get an idea of the app even before downloading it.

There are more things that are to be kept in mind while uploading an App to the App Store for better visibility of the App. The points discussed here are some of them, which are to be followed in common. So, let’s together follow these simple techniques mentioned here for better recognition.

–  Ebin J Sebastian

Posted on

Principles of Writing SOLID Code: A Guide for Beginners

This blog post will help you to understand the basic principles of writing solid code.

Key principles of writing SOLID code

  • Single Responsibility Principle
  • Open/Closed Principle
  • Liskov substitution principle
  • Interface Segregation Principle
  • Dependency Inversion Principle

These are general principles that you want to always have in the back of your mind as you design your software. For the obvious reason, the first five are called SOLID. As in “we write SOLID code”. They are not always cut-and-dried; they are rarely 100% achievable. But active awareness of these issues will help you to avoid common coding errors.

1. Single Responsibility Principle

“A class should have a single responsibility”.

I prefer to think of ‘responsibility’ here as ‘purpose’ or ‘job to do’, but it’s called SRP. This is basically just another statement about modularity. Find the logical units and encapsulate them in a class. Don’t take classes that do some of this and some of that. You’ll get greater re-use of the component since the component wasn’t bundled with several other responsibilities the upstream consumer doesn’t want or need;

An alternative conceptualization of the SRP: A class should have a single reason to change.

This principle refers to the impact of a change of requirements on the code. For example, a class should either talk to the database, or format output for the UI, not both. Classes that deal with the database won’t need to be updated if the UI changes, and vice versa. When requirements change, modification is kept to just those spots directly affected, and these changes don’t have unanticipated consequences elsewhere in classes that whose responsibilities have leaked over into ours.

2. Open/Closed Principle

“Software entities (classes, modules, functions, etc.) should be open for extension, but closed for modification.”

Construct your classes so that requirements changes can be managed by adding code, not by modifying existing code. Once you have written code that works, you should ideally never touch it again, because if you don’t touch it, you can’t break it. If you’re writing nice modular code, you probably have objects being used by other objects all over the place (code reuse = good). If you now break that class, you break everybody who is using it (==bad).

This is a very simple little pizza ordering app. There is a TPizza class with an addTopping method and a computeCost method in this application. In this example, we’re interested in the TPizza class itself.

private void button1_Click(object sender, EventArgs e) {TPizza currPizza = new TPizza(); if (ckOlives.Checked)currPizza.addTopping(ETopping.Olives); if (ckPepperoni.Checked)currPizza.addTopping(ETopping.Pepperoni); if (ckMushrooms.Checked)currPizza.addTopping(ETopping.Mushrooms); int pizzaCost = currPizza.computeCost();lblCost.Text = pizzaCost.ToString();}

Here is the button code. Again, we’re not interested in the interface code, so this is just to show how TPizza is used. So, all very straightforward. Now, let’s look at TPizza class.

enum ETopping { Olives, Pepperoni, Mushrooms } class TPizza{ETopping[] toppingArray; int nToppings; public TPizza(){toppingArray = new ETopping[10]; nToppings = 0; } public void addTopping(ETopping newTopping){toppingArray[nToppings] = newTopping;nToppings++; }

So, it’s got a nice enum type and a nice array of toppings and an addTopping method and all is good.

Here is computeCost method.

public int computeCost() { int totalCost = 15; for (int i = 0; i < nToppings; i++) { switch (toppingArray[i]) { case ETopping.Olives: totalCost += 1; break; case ETopping.Pepperoni: totalCost += 2; break; case ETopping.Mushrooms: totalCost += 2; break; } } return totalCost; } }

This works great. But the problem arises when I want to add cheese topping. I can’t add cheese without modifying existing code in the TPizza class. This gives me a chance to break the TPizza class. It could be worse, of course. If there are other places in the class where we have used the same approach (printing out an invoice, sending instructions to the pizza oven, drawing a picture of the pizza) their code will also have to be changed.

How would you have written that architecture so that you could incorporate the change in requirements (adding cheese topping) by adding code, rather than changing existing code? (Answer=> Use a topping class, who knows its cost and type. Or, if you’re really feeling elaborate, a base topping class and descendants). Not that this failure is also a violation of the SRP. It should not be the job of the TPizza to keep track of the cost of individual toppings.

3. Liskov Substitution Principle

Subclasses should be substitutable for their base class. All members of an inheritance hierarchy should fulfil the same behavioural contract. If they don’t then your “is-a” abstraction is probably wrong.

The LSP helps us to avoid misusing inheritance and consequently running into the problems that result when this occurs. A user of a base class should continue to function properly if any derivative of the base class is passed to it. Failure to follow the LSP almost always leads to problems with the OCP, as you wiggle around coding in special cases to your class family.

void runWildLifeSimulator(TDuck d) { d.swim(); d.quack(); d.fly(); }

runWildLifeSimulator is what is called a ‘consumer’ function of TDuck. That is, it uses a TDuck instance. TDuck has made a contract – it will implement swim, quack and fly. Anybody who wants to be a TDuck needs to implement those, and it should make sense.

Surely, a Rubber Duck is a kind of duck. But because a Rubber Duck doesn’t fly and a TDuck does, this isn’t a good class hierarchy. Think about what you would have to do to the consumer function.

void runWildLifeSimulator(TDuck d) { d.swim(); d.quack(); if (TDuck.getType() != TRubberDucky) d.fly(); }

Why should a function that wants a TDuck has to know anything about THE DESCENDENTS of TDuck?  What if there are other violations in the class hierarchy? A switch statement? And of course, what happens if you need to change something about these ducks.

There is a workaround for this, of course. It is? (Let TRubberDuckie override fly to { do nothing }

There are workarounds for all violations of good design. If you hit the peg with a big enough hammer, it will go into the hole.  But these sorts of problems have been showed to produce rigidity and inflexibility and general goofiness in code. Try to avoid them.

4. Interface Segregation Principle

The dependency of one class to another one should depend on the smallest possible interface. Clients should not be forced to depend on methods they do not use. This one is very closely related to the SRP: don’t stuff everything into one big garbage multipurpose class. Changes to code are isolated to those classes that are logically affected.

interface Imessage { public bool SendSms(String message); public bool SendEmail(String message); }

In this case, all the classes that inherit this interface are forced to write methods for sending email and SMS. If some clients are interested only in emails, the issue arises.

The solution is,

interface Isms { public bool SendSms(String message); } interface Iemail { public bool SendEmail(String message); } interface Imessage : Isms { public bool SendSms(String message); }

5. Dependency Inversion Principle

Program to the most abstract class possible. High-level modules should not depend on (concrete) low-level modules.

Consequences of ignoring these core principles

These core OOAD (Object-oriented analysis and design) principles will help you to write SOLID code. But, what are the consequences of ignoring these principles?

As a result of ignoring these principles, the system will be,

1. Rigid

Changing one part of the code causes or requires a change to many other parts of the code.

2. Fragile

Changes in one part of the code break other parts of the code.

3. Immobile

The components/parts of the code cannot be easily reused, because they are tangled.

 –  Albin Antony

Posted on

My Experience Working with Amazon S3

What is Amazon S3?

The Amazon Simple Storage Service (Amazon S3) is a scalable, high-speed, low-cost Web-based service designed for online backup and archiving of data and application programs.

Amazon Simple Storage Service (Amazon S3) is simple storage for the Internet. You can configure it very simply and quickly in the AWS console. In S3, there’s no initial charges, zero set-up cost. You only pay for what you utilize. Unlimited storage, unlimited bandwidth, pay as you use and full control on file privacy are the most key features of S3. Amazon S3 also provides options to host static websites.

Why I find Amazon S3 great?

Most of the Websites are having Dynamic contents which are a collection of many Images, Videos and Audio, etc. These images will be either uploaded by the Users or the Admin of the website. Some websites will be having hundreds or even thousands of images depending on the Market they are focusing on. Storing the whole images inside Server will run out of the disk space and causes server issue. So, it will be good to save it directly in the Amazon S3.

How to Configure Amazon S3?

Amazon S3 is very simple to configure and use. This can be configured from the AWS console.

In S3 you can create Buckets. Buckets are very similar to Folders in our PC. It helps us to organize the files. S3 generates random URLs for each and every file uploaded to it. Each file is objects in S3. These objects can be accessed from the Web. S3 provides you with different policies and permissions to secure the contents stored in it.

Amazon Web Service (AWS) console provides you with the ability to create an IAM user. IAM user this the centralized user account provided by the AWS in order to access the AWS service remotely or through API calls, etc.

When we are using PHP code and if we wanted to access the objects from the S3, we need to use IAM user credentials to get the object from S3 bucket, if public access to the object is not allowed.

How S3 is used with a PHP web application?

As we have already mentioned that the S3 can be used for storing static contents like Pictures, Videos, Audio, etc. Let us see how it work in a real-life scenario.

Source (awsmedia.s3.amazonaws.com)

As the Image displays, when a user is trying to access a Webpage, the requests hit the Webserver. The Webserver sends a request to the Amazon S3 asking for an Image stored in it and the S3 returns the Image that is used in that particular Webpage.

How to set up Amazon S3?

Let us assume that we have a Web server running. We have a PHP site running in it with thousands of images as part of the content in it. We need to make sure there will be no storage issue due to running out of hard drive storage space.

Choose the following steps to mount S3 on an EC2 instance.

  • Create a new directory under that Webroot of the PHP Application where you wanted to mount the static contents.
  • Now you need to download and install s3fs from the source. S3fs is used to mount the S3 bucket to the system.
  • In-order to connect to the Amazon S3 bucket we need to authenticate. For that, we need to create a password inside the user home directory and pass the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY which we got from the AWS console.
  • Now, after mounting the Drive we can start using it as a local drive that is attached to the PC.

What are the PROS /CONS of using Amazon S3?

We understood Amazon S3 and its features, also how we can configure it. Now let us discuss the Advantage/Disadvantage of using S3, in the perspective of a web application.

PROS

  • S3 is that it can be mounted to an EC2 instance and can act as a local drive attached to a system.
  • S3 can be used as a Backup Volume where we can store the backups. This can save the EBS (Elastic Block Storage) space which is the main storage.
  • S3 can be used for many servers at the same time. Whereas EBS can only be attached to an instance at a time.
  • Highly Available, Redundant. Basically, data loss is not possible (99.999999999% durability, 99.9 uptime SLA).
  • S3 storage provides up to 5TB storage space.

CONS

  • S3 is an object store it is not a file system.
  • Hence S3 is not a file system it does not have file-system permissions.
  • S3 is slower than the EBS volume which is directly connected to the instance. Hence it is good to store static contents like Photos, Videos, etc.

Conclusion

Amazon S3 is the best way to Host web sites cost-effectively. Since the price of physical drives is huge, Amazon S3 will be a good option to store static content.

– Ravi Kiran Varma

Posted on

Performance Testing Using JMeter

If you’ve ever done performance testing on a website, you know that there is not really an effective way to manually create enough load on that website.

Getting actual users to execute web application operations over and again is nearly impossible. For that, we need virtual users that can open multiple connections in parallel.

When bulk users attempt to access a website (say commercial websites) at the same time, there are high chances that the website suffers slowness and poor usability. Speed is one of the most important attributes of an application. A slow running application will lose many of its potential users.

Performance testing is done to ensure that the web application performs well under their expected workload.

In today’s competitive world, support for features and functionalities are not the only priority, the speed with which the website responds is also of great concern. The goal of performance testing is not to find bugs, but to eliminate the performance bottlenecks. A web application attributes like its response time, reliability, source usage and scalability do matter a lot. So, in order to test different aspects of a web application, we must test it in different ways. Different performance testing types are as follows:

Different Types of Performance Testing

Load

Load testing is performed to determine how a system behaves when multiple users access it simultaneously.

Stress

Stress Testing is done to ensure that the system would not crash in difficult situations.

Endurance

Endurance testing is done to evaluate how the system behaves when a significant load is applied over a long period of time.

Spike

In Spike testing, the web application is tested with extreme increments and decrements in the load.

Volume and scalability

Volume testing describes the ability of an application to handle additional user loads without affecting the performance. Scalability test is done to find the minimum and maximum loads at software, hardware and database levels. This gives the idea that the system is scalable after a load.

There are many robust testing tools available in the market that are capable to handle the various types of performance testing. Few of them have become the industry standard. The recent trend shows that most of the big players in the industry have taken tools like JMeter for all their performance testing needs.

JMeter

Apache JMeter is a load testing tool that is based on Java. This open source software is used for testing the performance of most of the web-based applications. Performance is an inevitable factor for both mobile and web application as the user strength is very huge.

Advantages of JMeter

  • Open source and built-in Java platform. It is highly extensible and platform-independent.
  • User-friendly- JMeter has got comprehensive GUI and it can easily create a test plan and configure the elements.
  • Support- Basically JMeter is designed for performance testing. But it can also be used for non-functional testing such as stress, distributed and web service testing by creating a test plan.

JMeter provides support for protocols such as FTP, SOAP, JDBC, HTTP

  • Documentation- Because of its robust documentation, user can have a clear idea on every step starting from the installation and configuration of test settings and generating the final report.
  • Recording- JMeter allows the user to record HTTP or HTTPS to create test plan using the recording facility. It uses a proxy server that allows JMeter to watch and record user actions while the user browses the web application with any normal browser. Once the recording is complete, we enter the number of threads, time and Start test. It is advisable to use the Non-GUI mode of JMeter if the user count is large.
  • Reporting- JMeter supports dashboard report generation. These reports help the user to understand test execution results.

Installation of JMeter

Before installing JMeter, it is essential to check that Java is installed in the system. JMeter is a pure Java desktop application. It needs fully compliant JVM 6 or higher to perform its tasks. User can download and install the latest version of the Java SE Development Kit.

The latest version of JMeter available is JMeter 5.1

JMeter can be downloaded from the official website Apache.

From this website, user can download JMeter PGP or zip file under the Binaries section and then unzip the zip file into the directory where JMeter is to be installed. JMeter directory structure includes the following directories and files.

  • Bin: holds JMeter script file to start JMeter
  • Docs: holds JMeter documentation files
  • Extras: related extra files
  • Lib: holds the required Java library for JMeter
  • Lib/ext: includes core jar files for JMeter and its protocols

A test plan is stored in XML format.

Elements of JMeter

Thread Group

Thread group is the collection of threads. Each thread represents 1 user using the application under test. Basically, each thread simulates 1 real user request to the server.

Samplers

Samplers indicate which type of request is sent to the server. It can be HTTP, FTP, JDBC requests.

Listeners

Listeners display the result of test execution. It can show the result in different formats such as tree, table, summary report, log files and graphs.

Configuration Elements

Config elements in JMeter are used to configure the sampler requests sent to the server. Commonly used config elements are CSV data set config, HTTP Cookie Manager, Login Config Element HTTP Request Defaults and FTP Request Defaults.

Assertions

It is used to validate the response of the request that the user sent to the server. Here user can verify the expected result with the actual result. If a user wants to check assertion of a sampler, then assertion must be added as child of that sampler. User can view Assertion result by adding Assertion Listener to the thread group.

Testing in non-GUI method

In non-GUI mode, JMeter can handle more requests per second. Increasing threads after a certain limit will result in JMeter crash in GUI mode. The following command is used to run the test plan in non-GUI mode.

jmeter -n -t -l -e -o

Report Generation

A result log file can be generated in CSV or JTL format after running the load test.

Hope this article gave a real insight into the importance of performance testing in today’s web world and how modern testing tools like JMeter helps you to execute performance testing efficiently.

Happy Performance testing!

Sneha Mohan

Posted on

How to Handle NSOperation in Your Mobile App?

Each day at our work consists of a sequence of tasks that fill our working hours. Same way, when you create an application, all the interface components (table views, UI controls, alerts, etc.) are run inside the main thread of your application. At some point in your application, you will want to populate these views with data. And this data can be retrieved from the disk, the web, a database, etc.

The issue that we face when we want to populate or handle a huge amount of data is

‘How would you efficiently load this data into your application interface while still allowing the user to have control of the application without any disturbance?’

Many applications in the app store simply ‘freeze’ while their application data is loaded. This will disappoint the user interaction. The secret to making apps without this problem is to move the unnecessary work (the activities which can take place without user interaction) to the background as possible.

The iOS developer has two options here.

  • Grand Central Dispatch
  • NSOperation

Let me explain about NSOperation.

NSOperationQueue

NSOperationQueue manages the concurrent execution of code operations in Xcode. It acts as a priority queue because operations are executed in a First-In-First-Out manner, with higher-priority (NSOperation.queuePriority) ones getting to the lower-priority ones.

NSOperation

NSOperation is a single unit of work. It’s an abstract class that provides a useful, thread-safe structure for programming.NSOperation will perform network requests, text processing, or any other repeatable long-running task that produces associated state or data.

There are two different operations you can create, which are prebuilt in once which are NSInvocationOperation and NSBlockOperation.

Priority

All operations may not be equally important. Setting the queuePriority property will promote or defer an operation in an NSOperationQueue according to the following rankings:

NSOperationQueuePriority

typedef enum : NSInteger { NSOperationQueuePriorityVeryLow = -8, NSOperationQueuePriorityLow = -4, NSOperationQueuePriorityNormal = 0, NSOperationQueuePriorityHigh = 4, NSOperationQueuePriorityVeryHigh = 8 } NSOperationQueuePriority;

The following enumerated values are used to denote the priority of operation. Operations are considered based on priority.

NSQualityOfService

typedef enum : NSInteger { NSQualityOfServiceUserInteractive = 0×21, NSQualityOfServiceUserInitiated = 0×19, NSQualityOfServiceUtility = 0×11, NSQualityOfServiceBackground = 0×09, NSQualityOfServiceDefault = -1 } NSQualityOfService;

Implementation

NSBlockOperation always executes a block. NSInvocationOperation executes an NSInvocation ( a method defined by selector, target or object).

NSInvocationOperation

NSOperationQueue *myQueue = [[NSOperationQueue alloc] init]; NSInvocationOperation *operation1 = [[NSInvocationOperation alloc] initWithTarget:self selector:@selector(printNumbers) object:@”operation1″]; operation1.queuePriority = NSOperationQueuePriorityLow; operation1.qualityOfService = NSOperationQualityOfServiceBackground; [myQueue addOperation:operation1]; NSInvocationOperation *operation2 = [[NSInvocationOperation alloc] initWithTarget:self selector:@selector(PrintAlphabets) object:@”operation2″]; operation2.queuePriority = NSOperationQueuePriorityHigh; operation2.qualityOfService = NSOperationQualityOfServiceBackground; [myQueue addOperation:operation2]; -(void)printNumbers { for (int i = 0; i<10; i++) { NSLog(@”%d”,i); } } -(void)PrintAlphabets { for (char a = ‘a’; a <= ‘z’; a++) { NSLog(@”%c”,a); } }

Output

a

0

b

1

c

2

d

3

.

.

NSBlockOperation

NSOperationQueue *myQueue = [[NSOperationQueue alloc] init]; NSBlockOperation *operation1 = [NSBlockOperation blockOperationWithBlock:^(void){ [self PrintAlphabets]; }]; operation1.queuePriority = NSOperationQueuePriorityLow; operation1.qualityOfService = NSOperationQualityOfServiceBackground; [myQueue addOperation:operation1]; NSBlockOperation *operation2 = [NSBlockOperation blockOperationWithBlock:^(void){ [self printNumbers]; }]; operation2.queuePriority = NSOperationQueuePriorityHigh; operation2.qualityOfService = NSOperationQualityOfServiceBackground; [myQueue addOperation:operation2];

Output

a

0

b

1

c

2

d

3

.

.

CompletionBlock

When an NSOperation completes, it will execute its completionBlock only once. This provides a way to customize the behaviour of operation when used in a model or view controller.

NSOperation *operation = …; operation.completionBlock = ^{ NSLog(“Completed”); }; [[NSOperationQueue mainQueue] addOperation:operation];

I hope the above tips shared based on my experience help you when you need to handle NSOperation in your next project.

Happy Coding!

Bibin Binny Mathew

Posted on

Why Should You Use Syntactically Awesome Style Sheets (SASS)?

Sass is the most mature, stable, and powerful professional CSS extension language in the world initially designed by Hampton Catlin and developed by Natalie Weizenbaum. Sass is completely compatible with all versions of CSS. We take this compatibility so that you can use any available CSS libraries. Sass boasts more features and abilities than any other CSS extension language out there.

There is an endless number of frameworks built with Sass. Compass, Bourbon, and Susy just to name a few.

Sass is an extension of CSS3, adding nested rules, variables, mixins, selector inheritance, and more. It’s translated to well-formatted, standard CSS using the command-line tool or a web-framework plug-in.

SASS Syntaxes

Sass has two syntaxes. The main syntax (as of Sass 3) is known as “SCSS” (for “Sassy CSS”) and is a superset of CSS3’s syntax. This means that every valid CSS3 style sheet is valid SCSS as well. SCSS files use the extension .scss.

The second, older syntax is known as the indented syntax (or just “Sass”). Inspired by Haml’s terseness, it’s intended for people who prefer conciseness over similarity to CSS. Instead of brackets and semicolons, it uses the indentation of lines to specify blocks. Although no longer the primary syntax, the indented syntax will continue to be supported. Files in the indented syntax use the extension .sass.

Pros and Cons of Syntactically Awesome Style Sheets (SASS)

SASS Pros

1. Clean Code

If you are coming from Python, Ruby (you can even write props with symbol-like syntax) or even CoffeeScript world, it will come very natural to you – writing mixins, functions and generally any reusable stuff in sass is much ‘easier’ and readable than in scss(subjective).

2. Shorter Development Time

With Sass, you can save a lot of time if you know how to use it well. In addition to CSS, sass lets you write functions, mixins, you can import styles and many such time-saving bits. With proper naming of classes, you can create your own common styles which can be used whenever you want instead of calling the same styles repeatedly. This saves a lot of time just like bootstrap does when you need a ‘text-centre’ class or a ‘pull-right’ to position your element.

3. Consistency

It is always easier to reuse what we have already written than to write new patterns. Along with the fact that this saves a lot of time, you can also have a consistent pattern throughout your page. You won’t have to scale through each element while continuing through the website development.

4. Reduced HTTP requests

Unlike the regular CSS, Sass lets you to breakdown your style sheet into several bits or parts and can be called using @import keyword. The Sass compiler will then combine your style sheet into a single CSS file, which will not only get your style sheet organized but also will reduce the HTTP requests passed and thus allow it to load much faster.

SASS Cons

1. Space Sensitive

Sass is space sensitive. Sass does not support the use of extra unnecessary spaces. If we, even accidentally leave extra space or forget to include a semi-colon, sass compiler will show an error which sometimes gets really annoying.

For example:On the below image, you can find an error on line 3057 that happened due to missing braces.

An error on line 3057 due to missing braces

2. Need to write all styles initially

One of the advantages of using sass is that we can reuse the same styles more easily. But to do that, we initially need to write up all the necessary styles which are to be later imported or included and which can be considered time-consuming. Nevertheless, it’s worth it.

In general, there are many advantages and disadvantages to using sass. If you know to use it well, you could get the best out of it. Even some of the disadvantages can be considered as an advantage.

Like a small mistake in the syntax will make the compiler to show an error message. This may be annoying but there might come certain situations when this could actually help you to save a lot of time. For example, in CSS, we make a small mistake like forget a space. But we won’t notice it and the compiler will show no error. But we won’t get the expected result either. So, we might actually spend lots of time researching what went wrong until we figure out that it was a small space issue. In sass, the compiler will immediately show the error even if a small space is missing and could be helpful.

Quick Tips

When you’re starting a project and you intend to do it in sass, these tips may come handy:

– Keep your sass style sheet structured so that it will be easy to maintain.

For example,

.logo { Float: left; Width: 240px; img { margin:0; vertical-align:middle; @media (max-width: $x-minimum-width) { width:100%; height:auto; } } @media (max-width: $x-minimum-width) { width:190px; } }

Sass variables must be effectively used. It might look difficult in the beginning but when you get used, it will be really helpful.

For example,

$x-minimum-width:480px; h2 { font-size:24px; @media (max-width: $x-minimum-width) { font-size:18px; } }

Avoid using mixins. Mixins are more like copying and pasting. Not much effective though.

For example,

@mixin transition($property) { transition: $property .3s ease-in; -webkit-transition: $property .3s ease; -moz-transition: $property .3s ease; -o-transition: $property .3s ease; -ms-transition: $property .3s ease; } a { color:$primary-color; cursor:pointer; @include transition(color); &:hover { color:$secondary-color; text-decoration:none; } }

Compiling a SASS file

To create a sass file, first, you need to create a normal CSS file. Save it as ‘file-name’.scss in your CSS directory where your normal CSS files are saved. Also, create a normal CSS file in the same directory. The styles you write in your scss file will be automatically added to your CSS file by the sass compiler.

To compile the sass file, you need to perform the following steps:

Open command prompt

2. Navigate to the location where your CSS files are saved.

For example: cd C:\wamp\www\example\wp-content\themes\example\css

3. Write the SASS command

Write the SASS command to start compiling the SASS file. Command: sass –watch custom.scss:custom.css

– Shekhar R

Posted on

Stuck In The Middle of A Project? What’s Next?

Do you get stuck with a line of code very often?

Are you someone who always find it difficult to write the next line of code during the development process?

Do you need help in development, designing or coding domains?

How often have you stuck while coding as you have no idea on how to achieve the required function?

I know the answer may be a big ‘Yes’ from so many.

Stuck while coding. It’s the programmer’s worst enemy – it hurts your productivity, your confidence, your happiness and your peace of mind. It doesn’t mean that you are a failure or inefficient. It’s just that the problem you are facing is complicated and you need help. So, take this situation as a learning opportunity.

First, make sure that you do not get angry and frustrated on the situation, these will not guide you to the proper destination. So just take a break or do something else for a while and back with a fresh mind. You can make wonders with fresh eyes and a cool mind.

A good developer comes through proper practice and experience. They utilize all possible resources including Google search, Forums and any other available resources.

Seeking help from other resources doesn’t make anyone a bad or lazy developer. But, a worse developer is one who didn’t know where to look for help for resolving a problem.

There is a wide range of problem-solving tools and Forums available today. The most crucial thing is how we use it once information been found. Ideally, we should avoid copy and pasting and instead we must read and understand the code before incorporating int into the program we are developing. 

Well, let’s see some excellent forums and sites which help to wipes out the obstacles in your work!

Top resources to solve your coding deadlocks

Stack Overflow

If you are a developer or designer, can you imagine days without Stack Overflow? Obviously, it’s difficult, right? If you are getting stuck, the best ever destination will be none other than Stack Overflow. So, this is one of the most active technical Question &Answer sites and it was evoked by Jeff Atwood and Joel Spolsky in 2008.

Today the Stack Overflow can be rated as Programmer’s Heaven with its excellent tips on problem-solving.  There are thousands, if not lakhs, of programmers who can help us to resolve a problem.  

If you are going to ask a question, first, you should do a proper search since a similar question may be answered by someone already on the platform. If you need an answer to something new, then you can ask a question. So, when you get stuck with an error, invest time to convey the question in a proper way. For example, you can post the exact text with the error or post the code you have already tried. Also mention the software version you are using along with the question.

Before going to ask a question, keep on mind about:

  • Invest Time
  • Be on Topic
  • Start questioning yourself
  • Be prepared to communicate

In short, Stack Overflow is extremely helpful, and it’s absolutely fit to be declared as ‘Programmer’s Heaven’.

Quora

Quora is an excellent question/answer (Q&A) forum permitting its members to post questions and answers. Users can also search for questions and answers for a quick fix.

You can get the best code written by the experts on Quora. It’s a huge treasure with millions of fascinating answers on each and every topic that may be interesting to you. Quora can be used as a quick reference for any kind of programming doubts you have in your mind.

One of our team implemented coco3D with guidance from an expert on Quora and we made it a great success. It’s not only used as a helping forum by people, but also it’s a popular platform to share your valuable knowledge. So, get ready to share some of your great ideas. Maybe it would help others who may be looking for an answer or idea that they need in their life.

GitHub

GitHub is awesome for finding info on coding related topics. I’ve used it for a lot of research purposes and got excellent bits of help on many topics. GitHub helps you to find that perfect set of code that will help you to solve the programming problem you are facing.  It provides its users with a platform to discuss the problems that they are trying to solve.

GitHub’s tagging system can be considered as a great advantage. Another advantage is the GitHub repository.   People can surely reap benefits from it. Availability of the complete code is the highlight of this site. In this competitive programming world, GitHub will surely help to win the race.

Creator’s own Forums

Are you a kind of person who likes to seek help from the creator’s domain? Here creator means the expert(s) who is the founder of a technology. I know some of my colleagues who usually choose this path whenever they get into any kind of deadlocks in programming. Finding solutions from the creator’s page will surely outrank the benefits of referring to any other resource.

Be sure to first visit WordPress own forum for any support on WordPress related problems. On this platform, every question are answered quickly. If you are facing any issues related to Android Development, then you must visit Android Support center and for iOS, you can get expert advice from iOS professional support team. So, start referring to Creator’s forum and solve your programming related issues with ease and in the most perfect way.

General Forums

Just like the listed resources above, there are many other knowledge treasures on the web as well.  Let’s have a look at some helpful websites which may help you with solving your programming related queries.

Site Point

Site Point is one among the most popular online forum for developers and designers today. It is recommended as the best place to get expert solution for your problem and it has around 250,000 members.

Digital Point

Digital point is an excellent forum which is professionally managed by experienced technical leaders. It is one of the biggest webmaster communities for web developers and designers.

MacRumors

MacRumors provides the latest news related to Apple along with rumours related to the same topic. It is also an active iPhone and iPad development Forum. Every thread is replied to and there exist a wide variety of topics. It is worth to post your programming related queries there.

Experts Exchange

We can meet thousands of experts on Experts Exchange to answer every technical question, and it contributes to the success of professionals all over the world.

Dynamic Drive Forum

Dynamic Drive Forum is described as the programmers’ favourite place on the web because it helps them to find fault in their code and also the solution for the same.

So, next time you are stuck with an issue during the development of a program, don’t get depressed but explore these resources. You will surely find the light to come out of the cave you are trapped in.

– Jisna Mathew

Posted on

How to Integrate Google Ads API in .Net

First, let’s take a look at how Google Ads work –

Google Ads in action:

You might see the Ads with the top row results in the Google search. What are they, why they differ from the other results?

Those are Google ads that a company paid for so that people will notice their business whenever they’re searching Google. And, the company only have to pay whenever someone clicks on the ad. This is known as cost-per-click advertising (CPC).

How to show your Ads on Google

Go to  http://tinyurl.com/pevnb3j and create your own Google ads account. Then you can create your Ads with your preferred locations, keywords, etc. For help on creating managing your Google ads account go to http://tinyurl.com/qy6kuq7

Google ads API

The Google ads API allows applications to interact directly with the Google ads platform. You can build applications to more efficiently manage large or complex Google ads accounts. If you want to use Google ads API in your applications, first you will have to create an MCC account.

What is an MCC account?

MCC (My Client Center) Account

An MCC account -manager account- is a Google ads account that lets you easily view and manage multiple Google ads accounts –including other manager accounts– from a single location.

You can create a new MCC account here – http://tinyurl.com/q9n7gsh

Learn more about MCC accounts here – http://tinyurl.com/q9f8tv8

The following information should be submitted for making Google ads API calls,

  • Developer Token,
  • Client Customer ID,
  • oAuth2 Client ID,
  • oAuth2 Client Secret,
  • oAuth2 Refresh Token.

Where do you find all these?

Developer Token

After creating your MCC account successfully, you can see your Developer Token here http://tinyurl.com/pov4xwa

Client Customer ID

Client Customer Id is your Google ads account ID. You can see this on the right-top position in the MCC or Google ads website.

oAuth2 Client ID & oAuth2 Client Secret

Do you already have an account in Google developer console? If yes you can see this information here – http://tinyurl.com/qcunww3

New to Google developer console? learn how to use and manage it here – http://tinyurl.com/kl2vqxo

oAuth2 Refresh Token

You can download the Adwords API libraries with examples in this link – http://tinyurl.com/nntrpyu.

After downloading go to the following path? “..\utilities\OAuthTokenGenerator\bin\Debug\”. There you can see a file named ‘OauthTokenGenerator.exe’. Run the file and you will get the following screen:

Submit Client ID and Client Secret you have handy then click OK, and it will show you the Refresh Token for your account.

Like to know more about Refresh Token? Go to – http://tinyurl.com/noqeloa

Sample Code

Following is a sample code for creating a new AdWords account in our MCC account,

Download “Google.Adwords.dll” and “Google.Ads.Common.dll” from http://tinyurl.com/nntrpyu

Find the .dll files inside – “..\examples\AdWords\CSharp\bin\Debug\”.

Please note: You can use the Developer Token only after your MCC account is verified by Google Team. This process is done by humans and it needs long time so. (sometimes it takes more than two months!)

Want to start coding right away?

MCC test Accounts comes for help.

MCC Test Account

MCC test accounts allow developers to execute AdWords API requests against the production environment for development and testing purposes. The MCC Test Account will not server the Ads on real Google search.

You must use a production (non-test) MCC account’s developer token to make AdWords API calls against a test account. You can use the production developer token against a test account even when the production developer token is pending approval.

You can create a new MCC Test Account here – http://tinyurl.com/nqlaymn

Download AdWords API libraries and sample codes from here – http://tinyurl.com/nntrpyu

– Anver Ali

Posted on

Working with Apache Solr: A Developer’s Insights

The search module is a vital component in today’s web applications. Its importance, as well as user-friendliness, is very critical in the growth of the business.

Two most important, most discussed, and widely used Search Engines are Apache Solr and Amazon CloudSearch. Both Solr and Amazon CloudSearch are search platforms that enable you to search your data by submitting HTTP requests and receive responses in either XML or JSON.

Apache Solr is open-source software. It is written entirely in Java and uses Lucene as the “engine” but adds full enterprise search server features and capabilities. Highly specialized search solution companies like lucid works, search technologies etc may prefer creating plugins and modules using open source code which gives more flexibility and control. The current, released, stable version of Apache Solr is 3.3.

Why need search engines?

So, why we really need a search engine?

Do the direct search in the database is not enough?

This is the first question that came to my mind when I was about to integrate Solr to one of our projects. I went on with some researches based on these questions.

What the search engines actually do?

Search engines go through each and every data and find a match if exist. If for a small web application direct database search is fine. But for applications with huge data, if we do a direct database search it will be a heavy process to perform a search.

What search engines like Solr do is, they read the data from database and keep a local index with that data. Periodically or when some data update occurs, we update the index also. And, when we perform the search, the search is done in the index and matching results are fetched from the index. Since the index and the code lie on the same location, search becomes tremendously fast and easy.

Courtesy: viblo.asia

Solr setup

First, download the latest version of the Service from the official site. Solr is written in Java so you also need Java Runtime Environment to run it.

$ cd solr-4.1.0/example/
$ java -jar start.jar

Once JRE is installed and started, Solr will be available with a web interface on port 8983. Open a web browser and go to http://localhost:8983/solr/(assuming Solr is installed in your local server). You can see something similar to the following image:

If you look at the left-hand side navigation you will find “collection1″. Collections in Solr are something similar to a database table. You can query it. Click on the collection and choose “query” from the submenu.

The first option is called “Request-Handler (qt)” with default value “/select”. Request handlers are sort of pre-defined queries. Next parameter is a query and its default value “*:*” selects everything. If you execute the query, it will select all data from the index. For now, since the index is empty, it will give zero results.

Now, we need to insert some data to the index from our database, right? First, include the Solr service.php (the config file that reads and writes data to the Solr Index). Now, fetch the current index and save it to a new array say $results_old. So $results_old->response->docs shall contain all the data in the Solr index (if there is some data, for now, no value will be there). Fetch whatever data we want to index from the database and map it to the Solr index fields. Once all data are mapped, write them to the index in a key->value pair format.

If you do a normal select query from the web interface, you will get a result similar to the following:

{ “responseHeader“: { “status“: 0, “QTime“: 1, “params“: { “indent“: “true”, “q“: “*:*”, “_“: “1406616999120″, “wt“: “json”, “rows“: “2″ } }, “response“: { “numFound“: 258, “start“: 0, “docs“: [ { “id”: “1”, “field_a”: “abcd”, “field_b”: “xyzz”, “field_c”: “43234” }, { “id”: “2”, “field_a”: “efgh”, “field_b”: “xyzz”, “field_c”: “76545” } ] } }

Now how to use Solr with your PHP project? You shall be having the PHP library called solr-php-client. It offers an object-oriented interface to Solr, somewhat like the PHP Solr extension. This library is however fully implemented in PHP so it can easily be used on any PHP environment. You may download it from : http://code.google.com/p/solr-php-client/downloads/list .

Once the library is added along with your project files, go to the file SolrPhpClient/Apache/Solr/Service.php . This is the main configuration file.

To connect your project with Solr, include the service.php file in your code. Then you will be able to access the Solr object as:

$solr = new Apache_Solr_Service(SOLRHOST, SOLRPORT, SOLRNAME);

Now, we need to write our data retrieved from the database to the Solr index. First initialize the Solr document as:

$document = new Apache_Solr_Document();

Save each of your data as a key-value pair (if multiple tables, using multidimensional array structure so that, the table names fall on the parent key-value pair.). After adding all your data to the Solr document,

if(!empty($documents))
{
$solr->addDocuments($documents);
$solr->commit4();
$solr->optimize4();
}

You have written your data to the Solr index.

Now simply to retrieve results from Solr,

$results = $solr->search(“*”,0,0);

So, if you need to make a search in your code to Solr, do it like:

$results = $solr->search(your_search_query, start_val, no_of_rows, query_conditions);

These are the basic steps, to integrate Solr with your project. You have connected your project with Solr, added your data to it and performed search too.

Distinctive advantages of Solr in my experience

Solr is one of the most widely used Search Engines in the current world. Here follow the major reasons for why Solr is most opted.

  • Apache Solr has multilingual support. So, you can make it useful for your websites which are not necessarily in English.
  • Faceting is one of the important features used in eCommerce website search modules. Faceting allows you to categorize your results into sub-groups, which can be used as the basis for another search. Solr supports Faceting to a minimal level.
  • When you do a search, as you type you will be able to see suggestions of popular queries in relevance to the input are presented as shown in the following image like what we see in Google Search.

This feature is called Auto Suggest. This feature can be implemented at the Search Engine level or at the Search Application level. Apache Solr has the native support for the autosuggest feature. It can be facilitated in many ways using – NGramFilterFactory, EdgeNGramFilterFactory or TermsComponent. Usually, you can find this feature of Apache Solr is used in conjunction with jQuery for creating powerful auto-suggestion experience in applications.

  • Ecommerce sites can benefit from the “Find Similar” feature as research suggests that users typically compare products before making a transaction and are likely to buy a product which is better. Apache Solr implements the “Find Similar” feature using handlers/components like MoreLikeThisHandler orMoreLikeThisComponent.
  • Sometimes when we type the search term spellings go wrong, then the search engine automatically corrects the spelling and present you with even the search result. This feature of presenting the user with spelling corrected suggestions is called “Did you mean…” feature. Apache Solr implements the “Did you mean…” feature with the Spellcheck search component.
  • Apache Solr has many algorithms including cache implementations such as LRUCache and FastLRUCache. Solr, being open-source, it can be extended by adding your own algorithms.
  • Solr is a free service. All you need to do is install the Solr to your server, add the Solr-php-client library, and write some small codes to connect your project to Solr.

– Radha R Krishnan

Posted on

Collaborating with Remote Teams: Do’s and Don’ts

Often in our work, we do not get managers, designers, developers, research experts etc. working in the same office premises. To get the right skills and experiences, we must expand our teams beyond within the same premises to locations in different cities, states of the same country and sometimes even to continents.

Managing spread apart teams is a very responsible task and even great managers struggle to establish successful collaboration among remote teams. To develop mutual understanding and trust among teams, to bring all team members to team’s objectives, to keep them stay on track, to give a fair deal to all teams irrespective of their locations etc. is a huge challenge that if not considered carefully can lead to disastrous results. There are some key criteria that need to be practised in order to have a successful set up for remote teams.

Courtesy – architexa.com

Collaborating with a remote team: The Dos

Define the team’s objective

All team members must unite on the team’s objective. Everyone must be clear on the common purpose and the team’s goals.

Team Charter is a great solution to this. Team Charters are documents that describe the team’s goals, resources, roles and responsibilities, deliverables, desired end results etc. Contents of Team Charter might vary from situation to situation, find out the right contents that will help you convey team objectives. This will help teams to stay focused on the right things and in the right direction. It also helps the team to get a big picture of their mission.

Use proper and consistent communication methods

Communication is a key factor in building up successful remote teams. 

Make sure all your team members report their work status regularly, train other team members as needed, share knowledge, inform if they are stuck with their work so that proper guidance can be provided, and goals are met.

50 years back it was almost impossible to think of remote communication, but with all advanced technologies in the market today, remote communication and collaboration have become such an easy task.

There are so many free and paid online tools for chat, calls, video conferencing etc. that can be used efficiently to communicate requirements, discuss, share ideas and see results. Make sure all your teams use a common medium to chat, call, attend meetings etc. Skype, Instant Messenger, Google Hangouts etc. are some good tools to stay connected with the team through text, video and voice chat. Basecamp, Trello, BusyFlow, Asana are some of the good Project/Task Management tools. Dropbox, Google Docs, GlassCubes etc. can be used for File Management/Sharing with the team.

Arrange weekly status calls

Schedule team meetings and 1:1s on a regular basis. Schedule a time that works for everyone. Sometimes it might be difficult to find a common time among people working in different time zones and work schedule, talk to the team and make sure you come up with a time that suits all your team members and everyone attends the status call so that you can ensure tasks set for each milestone is successfully met.

Reward them

Be willing to reward your team for their good work! Before you decide on a perk, understand how your team want to be recognized. Learning how your team want to get recognized for an achievement will help you make sure your efforts to reward them is successful.

For example, married people might want a few days off so that they spend time with their families, tech addicts might be interested in gadgets. Some people might just want a sincere “thank you” note that gives them that feeling of recognition. Understand your team’s interests and reward appropriately. Don’t forget they are the ones who worked sincerely, taking all pressure, keeping aside their families and other priorities and bring your company the success and money you looked for.

Whatever way you do it will only help build up the team and people will remember for a long time thus, strengthening the bond of trust and loyalty.

In-person gatherings

Team retreats may not always be possible especially if the teams are in different cities or continents but if you can make it happen once a while, it will help people know each other, build connections and friendship that would, in turn, help build better and strong teams.

Collaborating with a remote team: Don’ts

Don’t be too bossy

Don’t put strict rules. Managers have to closely monitor work progress, but if you impose strict rules about working hours etc., people maybe not be able to bring desired results. This may demotivate them from their work bringing failure to your project plan.

Trust your team

Best and most productive teams are built from trust. Unified culture and solid trust build understanding among each other.

However, trust is a big problem in many parts of the world. Managers are not sure if they can rely on remote teams to produce results. There is a deep-rooted apprehension that absence in office (and working from home etc.) means neglecting work and becoming less productive.

Trust is a key factor to decide if you want remote teams or not.

Do not be unfair to teams

People get a feel of isolation or being left out or unrecognized if one team gets more appreciation/recognition than other teams. Recognize every team and every individual’s work however small it may be. Tomorrow that team/person may be the one contributing most to your company.

Conclusion

Remote Working – boon or bane is in our hands. Challenges are there for sure in remote working, but with little carefulness, commitment and planning, remote working can become a wonderful thing and I believe you can reap substantial benefits in the long run. Giving the flexibility to work at home or remotely greatly boosts employee morale, increases productivity and help staff retention. Making sure the right processes are in place and the right policies are applied, you can have successful communication and collaboration among remote teams.

– Susan B John

Posted on

When to Use Parallax Scrolling in Your UI?

Market research has shown that 95% of users assess the value of your website based on its visual appearance. Websites must be creative and innovative enough to keep users attracted to your website.

When someone visits your website, their first question would be “Why must I access this site when I have other real worth websites? What is so different about this site?” and that’s where your website must stand out from the crowd dominantly, clearly and convincingly answering user’s queries and making them stay on your website.

Parallax Scrolling is one such hot design technique used in most of today’s websites providing its users close interaction with the site and making browsing more interesting. Parallax effect was more popular in 2D video games in earlier days, but with the advancement in JavaScript, one can successfully use effects of Parallax in their website to give completely unique experience.

How Parallax Scrolling works

Parallax scrolling is achieved by having the background image (or elements) move slower than the foreground image giving an impression of 3D depth. Different elements move at a different speed, creating a sense of animation and enhanced interactive user experience. Content is marked up using HTML tags, while jQuery checks how far the user has scrolled and move different elements at a different speed.

The Parallax movement started in the web using two simple layers. Thanks to advancement in JavaScript, HTML5 and CSS3, now foreground and background elements can be grouped into different layers and speed of these elements can be controlled based on their layers.

Pros of Parallax Scrolling

Holding visitor interest

As a user scrolls down the page, he is taken to the next level of information without having the user to click anywhere to see the information. This feature keeps user attracted to your website, stirring their interest and wanting them to view more of the information.

Better product display

Instead of just displaying your product as a static image, Parallax scrolling can help the user explore your product in a totally new and different way. It gives 3D view presentation controlled by their own scrolling behaviour.

Bagigia is a classic website where user gets totally different experience of viewing products. 3D presentation of the product is shown with the user controlling the scrolling behaviour.

Visual narration (Storytelling) made more efficient

Storytelling is the best way to communicate a message to a human mind. A well-designed, one-page website can prove powerful storytelling equipment because scrolling through it will be like reading an interesting book that you cannot put down unless complete.

With the right amount of animation and scrolling, Parallax scrolling can effectively communicate your message about your product, their effects and the audience. Parallax provides a nice overview of your website by letting the user visualize the website through scrolling efforts.

Unique Design

Using the Parallax effect, you can design a website that is visually appealing and user-friendly and make your website more fun place and interactive thus, making it stand out from the crowd.

Cons of Parallax Scrolling

Parallax site takes longer to load

JavaScript/JQuery is used to calculate the position of every element in the page and every time there is a scroll, position of all elements needs to be re-calculated that could slow down page load.

Parallax Scrolling does not always work

Parallax effect does not always work well with mobile technology. You might need to make sure you have a separate mobile-optimized version of your website if your parallax scrolling website does not play well on mobile devices.

Too much scrolling

Too much scrolling may irritate the user that would tempt them to leave the site before viewing the main contents of your website.

Conclusion

Parallax scrolling is just sweeping the entire web community and is expanding across the web. Parallax scrolling websites are the future of tomorrow’s website design. It has become the biggest trend in the design world today and when done right and with the right amount of Parallax scrolling, it can no doubt, put your website ahead of the curve providing that extra edge over your competition.

–  Susan B John

Posted on

What is Key to an Effective Mobile Device Management (MDM) Strategy?

There are too many devices and applications flooding in the market by different businesses. These businesses need to transmit and access a huge amount of data every day across multiple devices. With the advancement in device technology, we have to make sure that the data transmitted and accessed do not fall into wrong hands.

In order to overcome this fear, most of the companies are using a Mobile Device Management software that helps to keep the data under vigilance. So, in general, Mobile device Management helps organizations to keep control of the various connected devices to avoid any possible security issue and improve better productivity.

Mobile Device Management software are tools that are used for deploying, monitoring, securing and managing the smartphones, tablets and laptops in the workplace that are involved in the distribution of application data and configuration settings.

With the advent of this tool, the main authority of an organization has now complete control over the devices that are connected to the network.

Mobile Device Management applications are either implemented as in-house deployed and managed applications or externally deployed via “SaaS” (cloud-based) or online hosted models.

Some of the Mobile Device Management tools are carrier-specific. Carrier hosted MDM application control only devices offered by the carrier. Most of them are Original Equipment Manufacturer (OEM) versions of MDM applications that are modified with specific carrier features.

In general, the main aim of MDM is to optimize the functionality and security of mobile devices. One of the popularly increasing approaches in MDM is the “Bring Your Own Device” (BYOD) approach which allows the employees to bring mobile devices of their choice with access to internal networks. These devices are remotely managed with minimum disruption to the employees.

Advantages of Mobile Device Management

Nowadays, Mobile Device Management tools are growing in number. By optimizing the mobile devices, security risks, and the support costs are lowered along with protecting the data and the configuration settings.

With the help of an efficient Mobile device management tool, users can trace the connected devices and can send messages to different devices simultaneously without any additional charges.

Whether it’s a company-owned or personal device, Mobile Device Management solutions can control and protect the data and configuration settings of any mobile device. With the arrival of MDM tools, it encourages more productivity by making the employees of an organization work any time and any place securely.

Some tips that have to be kept in mind while creating an MDM strategy.

  • Always make sure what device the workers use, whether it’s a corporate-issued device or bring your own devices (BYOD) issued by the company.
  • Make sure the chosen device can handle the security level as per your business requirement.
  • Device usage policies and Security related issues should be communicated with the employees from the beginning. Make sure the device has remote wiping capabilities and remote alert facilities if an unauthorized user tries to access the device.
  • Always give the employee clear information about what applications is permissible on the employee device.
  • Implement strong passwords to keep the data safe.

Smartphones and mobile devices nowadays are very similar to desktops and notebooks regarding communication power, data storage and accessibility. MDM applications can be used to control these devices together and preventing the data to reach the wrong hand. Since there are too many devices in the market along with with a lot a greater number of applications, the MDM is becoming a mandatory addition to the IT infrastructure.

–  Ebin J Sebastian

Posted on

Testing iOS & Android Applications: Our Thoughts on MonkeyTalk!

Mobile Application Market is gaining so much popularity now. With so many innovations happening in the field of mobile technology, mobile application testing is becoming a very essential part of the Software Development Life Cycle.

Excellent quality and highly efficient application have become a great challenge. To meet this challenge in a fruitful way, thorough and repeated testing of the system is required. Thorough testing can ensure that the application runs smoothly and meets user expectation. Effective test strategy and a combination of manual and automated testing tools are required to ensure a high-quality app.

Automated tests increase effectiveness and productivity and help maximum code coverage. Automated testing is sometimes considered as high cost, but if utilized effectively with balanced manual testing, the end result is overwhelming.

Why Test Automation?

There are many advantages to using Test Automation. It is fast and can be efficiently used for repeated testing. It can quickly find out the defects that occur due to the code changes thus, ensuring stability to the system. Repetition of tests can be effectively achieved using automated testing.

What is MonkeyTalk?

MonkeyTalk is one such automation tool used for efficient functionality testing of iOS and Android mobile applications. It is a cross-platform testing tool that record and playback functional test suites for iOS and Android applications running on real devices, emulators or simulator. Monkey Talk supports both native and hybrid iOS and Android apps.

MonkeyTalk has basically three components:

  • MonkeyTalk IDE – is an Eclipse-based tool that helps in the record, playback, manage, edit test suites for iOS and Android apps.
  • MonkeyTalk Agent – are the libraries that must be included in the mobile application under test. These Agents help the application to record and play MonkeyTalk commands.
  • MonekyTalk Scripts – describe different activities that need to be performed while testing.

Benefits of MonkeyTalk tool

  • A free, Open Source and simple to use tool.
  • Can be used for both iOS and Android applications.
  • Easy to understand and learn.
  • Testers need not be expert programmers to use the tool.
  • Support almost all iOS (iPhone, iPad, iPod etc.) and Android devices, either tethered or over the network.
  • Unlike other automation tools, MonkeyTalk uses Object-based recording. Object-based scripting is more flexible and unbreakable when compared to Image-based scripting.
  • Touch and gesture-based operations are easily captured by this tool. Actions like swipe, drag, move etc. can be efficiently recorded and played back.
  • MonkeyTalk is a cross-platform tool. For logically identical apps, MonkeyTalk commands recorded in one OS can be played in another OS.

Limitations of MonkeyTalk

  • Mobile app under test must be instrumented with MonkeyTalk Agent which means access to source code is required or help from the developer is needed. Also, 3rd party apps (like Camera, Map etc.) cannot be tested as the source code is not available.
  • Currently, it can be used only for iPhone and Android applications testing.

Conclusion

MonkeyTalk is a simple yet tremendously powerful test automation tool for iOS and Android applications.  There are so many exciting things yet to happen in MonkeyTalk world and with all the upcoming features to test desktop apps, flex mobile apps, more reliable tests for game engines of mobile games etc., MonkeyTalk has a great future ahead of it!

– Susan B John

Posted on

Top Five Software Security Threats You Must Know!

With the emergence of advanced technologies, there is an increase in information sharing through social networking sites and using the web for doing business. As a reason, websites are being hacked more than often. Majority of website attacks happens due to imperfection in coding and failure to sanitize input to and output from the web application. Here are some of the software security issues that we face today.

1. SQL injection

An SQL injection is one of the mechanisms used by hackers or attackers to steal data from organizations. SQL injection as the name suggests it is the process of injecting malicious SQL statement into the application where the hacker or attacker has the access to back end database.

It helps the attacker or hacker to create, update, read, alter or delete the data stored in the back-end database. Once the attacker understands the system is vulnerable to SQL injection the hacker or attacker can inject SQL commanhds through an input field, which helps an attacker to take control of the database where he can execute various Queries.

SQL injection can be prevented by providing validation for the fields where the user input is authenticated for specific length type and business requirements.

Also, remove all the stored procedures that are not in use to improve your software security.

2. Cross-Site Scripting (CSS or XSS)

XSS allows the attacker to inject client-side script into Web pages viewed by other users. These may be used by attackers to bypass access controls. By using cross-site scripting the attacker or hacker can inject malicious Javascript, VBScript, Flash, ActiveX into a dynamic web page to gather all the data executing these scripts. Mainly web server applications that generate the page dynamically are vulnerable to Cross-site Scripting if there is no proper validation for user input and to ensure that pages generated are encoded properly.

Two types of Cross-Site Scripting are Persistent and Non-Persistent.

Persistent

A persistent type of CSS is done when the attacker enters the malicious data to the web application and the entered data is permanently stored in the database. In this case, each and every person visiting the page will be a victim of Cross-site scripting. This affects every user of the website as it is stored in the database permanently.

Non Persistent

The malicious code injected by the attacker is executed on the users’ browser and the code is not stored anywhere it is executed along with the response from the server.

3. Cross-Site Request Forgery

A malicious website will send a request to a web application where the user has already entered the credentials through a different website. Like this a hacker can access all the functionalities in a target web application via the victims already authenticated browser.

In these cases, the malicious request is sent from the attackers’ website to another site the user has validated against.

The malicious requests are sent to the target site through the victim’s browser, which is authenticated against the target site.

Cross-Site Request Forgery can be prevented by inserting unpredictable challenge tokens to each request and associating with the user’s session. Each token created will be unique for each session. By including these tokens, the programmers can be sure that the request is valid and not coming from other sources.

4. URL redirection

URL redirection happens when a user clicks on a link on the vulnerable website takes him to an untrusted website. This way an attacker can redirect web user to other websites which are used for phishing and similar attacks. These URL redirections can pass the applications access control check and make the attacker use the privileged functions that they would normally not able to access.

These kinds of URL redirection can be prevented by

  • Do not use users’ input for URL
  • If dynamic URLs are used Make a list of the valid URLs and never accepts invalid URLs
  • Always make sure that the accepted URLs are located on the accepted domains.
  • Make all the redirects to first go through a page notifying users that they are going off your site and have a confirmation link to click.

5. OS Command Injection

OS command injection is a technique used to inject the OS command through the web interface to execute it on the Server.  Any web interface that is not properly coded will be subject to this attack. With these, the user can upload malicious programs or even obtain passwords if the attacker is successful in executing OS commands. These threats occur because the application fails to validate and sanitize the parameters invoking shell functions such as system() or exec() to execute system commands.

Types of command Injection

  • Direct command injection
  • Indirect command injection.

Direct Command Injection

In this case, the attacker understands the application invokes a system command as an argument to the command. Then passes the malicious command as a part of the expected arguments.

Indirect Command Injection

In this case, the additional commands are indirectly supplied to the vulnerable application through a file or environment variable. Once the attacker deducts that the application invokes a system command from an external source, then he modifies the contents from the external source to add a malicious command.

The best way to prevent OS Command injection is to sanitize the URL and form data for invalid characters. Also, a list of allowable characters should be created to validate user input. Characters that are misused and unwanted threats should be eliminated by this list.

Computer security is a vast topic that is becoming more important as all the transactions taking place are interconnected. If given proper attention to the coding standards and necessary validation for the field, we can have control over the main security threats happening.

– Ebin J Sebastian

Posted on

Codeception: Efficient Key to Kill Bugs!

In 1985, Canada’s Therac-25 radiation therapy machine malfunctioned due to software bug and delivered lethal radiation doses to patients, leaving 3 people dead and critically injuring 3 others.

During the first Gulf War, an American Patriot Missile system in Saudi Arabia failed to intercept an incoming Iraqi Scud missile due to a software rounding error in calculation. The missile destroyed an American Army barracks and 28 soldiers dead, 100 injured.

In May of 1996, a software bug caused the bank accounts of 823 customers of a major U.S. bank to be credited with 920 million US dollars.

Do you realize, how Testing is vital?

Do you think, understanding a product and testing the same against functionality, performance, security, GUI and many others is an easy task?

We can implement new & better choices for a product’s quality and security. There are lots of ways to test our product.

The most accepted deal is unit testing. Also, we should need to write functional or acceptance tests as well. For all these Codeception is the right choice! The Codeception testing framework figures out all these levels of testing and it is a multi-featured testing framework for PHP.

Codeception can handle unit, functional, and acceptance testing of web applications.

Major types of Tests

It was evoked in November 2011 and released the first stable version 1.0 in January 2012. Codeception tries to simplify and combine the process of writing tests, plugging different testing suites with the use of modules and it opens the way to anyone to extend and sharpen it. Codeception is testing framework in which all tests are written in a single descriptive manner.

What variety of tests & How?

Major types of Tests covered and its Pros & Cons

Acceptance Test (WebGuy)

Acceptance testing can be performed by a non-technical person. That person can be your tester, manager or even client. It allows us to test our applications using the normal website viewing process i.e.; visit a webpage, fill in a form, and submit the form to see the desired result.

The difference is with Codeception, we don’t have to waste time going to the browser each time we want to test a new feature out, instead, we can just run our acceptance tests to see its passes or not.

Try a sample scenario;

Probably the first test you would want to run would be signing in. In order to write such a test, we still require basic knowledge of PHP and HTML.

This scenario can probably be read by non-technical people. Codeception can even ‘naturalize’ this scenario, converting it into plain English:

It can be done by command:

The Want To section describes your scenario in brief. The $I object is used to write all interactions. The methods of the $I object are taken from the PhpBrowser and Db modules. We assume that all am commands should describe the starting environment. The amOnPage command sets the starting point of a test to the /login page. With the PhpBrowser you can click the links and fill the forms. That will probably be the majority of your actions.

Functional Test (TestGuy)

We can check our application without running it on a server, this is what done on Functional tests. These tests are written in the same way as Acceptance tests with PhpBrowser module enabled. It’s tested by a technically advanced guy i.e., TestGuy. The TestGuy knows how the application works, passes different $_GET, $_POST and $_REQUEST variables to assure the functionality. Codeception can connect to numerous web frameworks Symfony2, Laravel4, Yii2, Zend Framework and others which support functional testing.

We can open a web page with amOnPage command.

We can click links to open web pages of the application.

Functional tests will perform much better if we use powerful frameworks. It allows us to access and manipulate their internal states and this helps our tests shorter and faster. On the other hand, if we do not use frameworks there is no practical reason to write functional tests.

Let’s allow our application tested by this technically advanced guy for better results.

Unit Test (CodeGuy)

“Unit” casually refers to low-level tests and the developer understands how and what is tested here, though some would say a better name is DeveloperTest. The person testing, CodeGuy, knows the internals of the application and tests database operations and anything else that might need proof of concept. Codeception provides some well-built tools to make your unit tests simpler and cleaner. Even inexperienced developers should understand what is tested and how.

We can start with generating a classical PHPUnit test by this command:

We can use another command to create Codeception-powered unit tests.

Both tests will create a new ExampleTest file located in tests/unit directory.

A test created by generate:test command will look like this:

This class has predefined _before and _after methods to start with. We can use them to create a tested object before each test and destroy it afterwards. All Codeception tests are written in a descriptive manner. We can easily catch it from the test body. Its aim is to make tests easy to read, easy to write and easy to debug.

After all, this is how the Codeception works and you should give it a try on yourself.

Go ahead, use Codeception skillfully.

(Reference: codeception.com)

– Jisna Mathew

Posted on

Big Data: The Next Big Thing Is Already Here

The last decade was a victim of a big blast in the tech-Industry by the introduction of technologies like Wearable Computers, Ultra-private devices, Devops, Software-defined data centres, Big Data, Smart Mobiles, Cloud Computing, etc. Out of this, Big Data is becoming the next big thing in the IT world.

There is something that is so big that we can’t avoid it, even if we want to. “Big Data” is one of those things.

The Big Data is not just a group of data, but different types of data are handled in new ways. Big Data is nothing but a collection of vast and complex data that it becomes very tedious to capture, store, process, retrieve and analyze it with the help of on-hand database management tools or traditional data processing techniques.

Giant companies like Amazon and Wal-Mart as well as organizations such as the U.S. government and NASA are using Big Data to meet their business. Big Data can also play a role for small or medium-sized companies and organizations that recognize the possibilities to capitalize upon the gains.

Why Big Data?

Big Data is demanded for:

  • Increase of storage capacity
  • Increase of processing power
  • Availability of Data (different data type)

The three V’s in Big Data

The three V’s “volume, velocity and variety” concepts invented by Doug Laney in 2001 to refer to the challenge of data management. Big Data is high-volume, velocity and variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight and decision making.

3 V’s of BIG DATA

1. Volume

Volume refers to the vast amount of data generated every second. (A lot of data, more than can easily be handled by a single database, computer or spreadsheet)

2. Velocity

It refers to the speed at which new data is generated and the speed at which data moves around.

3. Variety

It refers to the different kinds of information in each record, lacking inherent structure or predictable size, rate of arrival, transformation, or analysis when processed.

Additionally, a new V, “Veracity” is added by some organizations to describe it.

4. Veracity

Veracity refers to the reliability and difficulty of the data. The quality of the data being captured can vary greatly. Accuracy of analysis depends on the veracity of the source data.

Big Data Analysis: Some recent technologies

Companies are depending on the following technologies to do Big Data analysis:

  • Speedy and efficient processors.
  • Modern storage and processing technologies, especially for unstructured data
  • Robust server processing capacities
  • Cloud computing
  • Clustering, high connectivity, parallel processing, MPP
  • Apache Hadoop/ Hadoop Big Data

9 ways to build-up Self–Assurance in Big Data

The various process  to build up courage in Big Data

1. Data Exploration

Big Data exploration permits to discover and mine Big Data to find, Visualize and understand all Big Data to improve decision making.

2. Application Consolidation and Retirement

File the old application data and update new application deployment with test data management, integration and data quality.

3. Enhanced 360-degree view of the customer

It allows customer-facing professionals with improved and accurate information to involve customers to develop trusted relationships and improve loyalty. To gain that 360-degree view of the customer, the organization needs to force internal and external sources with structured and unstructured data.

4. Security and Intelligence Extension

The increasing numbers of crimes – cyber-based terrorism and computer interruptions posters a real threat to every individual and organization. To meet the security challenges, businesses need to enhance security platforms with Big Data technologies to process and analyze new data types and sources of under-influenced data.

5. Operations Analysis

It analyzes a variety of machine data for improved business results.

6. Data Warehouse Augmentation

Data Warehouse Modernization (formerly known as Data Warehouse Augmentation) is about building on an existing data warehouse infrastructure, influencing Big Data technologies to ‘augment’ its capabilities. It integrates Big Data and data warehouse capabilities to increase operational efficiency.

7. Improve Application Efficiency

Manage data growth, improve performance, and lower the cost for mission-critical applications.

8. Efficiency Application Development and Testing

It creates and maintains right-sized development, test and training environments.

9. Security and Compliance

It protects data, improves data integrity, and moderate opening risks and lower compliance costs.

If you arrange a system which works through all those stages to arrive at this target, then congratulation!!!

You’re in Big Data.

And hopefully, ready to start reaping the benefits!

– Anupa Thomas

Posted on

Mobile is Eating the World: Is Your Mobile App Tested Enough?

“Mobile Is Eating the World “

In November 2013, Benedict Evans, a well-respected and widely followed analyst, said: “Mobile is Eating the World”. He foresaw the new revolution in the business and predicted it most accurately.

Mobile devices have witnessed a phenomenal growth in the past few years and on this Mobile-Era, people use mobile in Work, Gaming, Networking, Business, Education, Shopping and all day-to-day activities.

What about Mobile Apps?

As we all know, Mobile apps are software applications structured to run on Smartphone, Tablets, Computers and other mobile devices.

Every organization needs to ensure that the application meets a high-quality level in all circumstances. I think effective testing will help to achieve this eminent quality bar. Hence excellent testing is essential for addressing the challenges and complexities of a mobile application.

Mobile app testing: Elemental checklist

We’re seeing the current booming stage of Mobile apps; it is necessary to test apps carefully in all possible ways to reach a larger audience. Suppose if you are going to test a mobile app, we need to ensure our business goals, customer expectations and also follow up to the updated industry practices as well. The most important thing while you are testing a mobile app or even the web-based app is to make a checklist and test accordingly.

The major checklist categories are as follows:

Mobile App Checklist Categories

Device-specific checks

  • Installation, Uninstallation, Re-Installation and Updations: Verify whether the application can be installed, uninstalled, re-installed and updated successfully.
  • Verify that buttons/ keys which have no un-defined function & unexpected behaviour on the app when activating.
  • Verify the app behave as designed/desired if the sound on the device is turned off.
  • Verify whether the app behaves as designed/desired if the device is in aeroplane mode?
  • Verify that the app is found in the app store? (Check after go-live)
  • Verify whether the app switches properly to different applications on the device through multitasking.
  • Verify whether all touch screen positions (buttons) working when a screen protector is used.

Network-specific checks

  • Does the app behave according to specification if connected to the internet through Wi-Fi, 3G, and 2G?
  • Verify the behaviour of the application when there is a Network problem.
  • User should get a proper error message like “Network error. Please try after some time”
  • Resource Downloading: Verify whether the app handles the ‘Pause’ & ‘Resume’ to downloads.
  • Does the app resume work when it gets back into network reach from outside reach of the network?
  • Does the app use standard network ports (Mail: 25, 143, 465, 993 or 995 HTTP: 80 or 443 SFTP: 22) to connect to remote services, as some providers block certain ports?

App-specific checks

  • Has the app been tested on a different type of devices and different versions of OS?
  • Integration: Does the app connect correctly to the different social networks (LinkedIn, Twitter, Facebook, etc).
  • Is downloading of the app prevented in case it’s bigger than the OS allows downloading when connected to cellular networks?
  • The app does not interfere with other apps when in background/multitasking mode
  • Check if any payment gateway occurs like PayPal, Chargify, etc.

App UI checks

  • The main function of the app should be apparent immediately. It should speak for itself.
  • If there is a long list of data to scroll through, provide a search option above the list.
  • If performance is slow, indicate a progress status icon (“Loading…”), preferably with a specific message
  • Users should be warned of the consequences of deleting a document
  • All inactive buttons were clearly distinguished from active buttons
  • Check for navigation, tabs, page scrolling etc.

Store-specific checks

  • The app should not access information on the device outside the app without the user’s permission
  • The app cannot download code to be installed without the users’ consent.
  • The app can only get new functionality by way of an upgrade through the app store.
  • An app can’t be a “trail”, “beta”, “demo” or “test” version.
  • You cannot mention other app platforms in your app (for instance: “Also available on android!”)
  • Functionality should be in sync with the functionality described in store.
  • The app can’t use the user’s location without permission.

Interrupt Handling

Call

  • User should be able to accept/reject a call without any problems.
  • Sound of application should stop when the user is on the line.
  • The application should resume after user rejects/ends a Call.

SMS, MMS

  • User should get a Message alert while the application is running.
  • Messages should be received without any problems.
  • The application should resume after receiving Message.

Alarm Handling

  • Alarm should work without any problems while the application is running.
  • The application should resume after the Alarm is turned off.

Other elements of mobile app testing

  • Other app notifications should not affect app performance.
  • Storage low: Check the app by filling the memory and emptying it, and then compare the application performance.
  • Battery low: Check the app performance on low battery.

Have a Happy Testing.

– Jisna Mathew

Posted on

Your Web Application’s Security: What You Must Not Ignore

Securing data always remains a challenge while we are witnessing the growth of technology at an amazing pace. The more secured your website, the more the chances of users accessing your website.

Whether it is an e-commerce website, social media websites or any other company website, every website existing online is prone to one or the other form of security threat. It is very important to be aware of the web application security threats and be prepared for handling it.

Organizations now use advanced technologies and heavy security testing to keep their website safe and protect customer privacy. Security testing is not just restricted to the testing team, the development team also plays an important role in ensuring security constraints.

What’s the risk?

Hackers are increasing day by day who are in continuous search of the vulnerable website. It’s essential for an individual or an organization to take steps for protection of their data by improving the web application security. Although various tools and technologies are available to handle security threats, protecting your website is possible only by continued effort.

Hacked website is a terrible thing that causes a lot of distress to both the owner and the customers. A website that is a victim of abuse will poorly reflect on your business and brand.

Enough proactive measures must be taken to ensure all preventive steps are taken for better web application security in the long run.

Sources of web application security risks

The security threat to websites web apps and mobile apps come in many forms today. While online threats are continuously evolving, following are very popular among hackers:

Malware

Malware is nothing but short computer programs that attempt to get access to a computer without user consent. It can be virus, worm or Trojan.

Virus

Virus is a program written to damage or delete your files/contents from your computer.

Worms

Worms do not cause any harm to your data but replicate it again and again. Due to its replication nature, it takes lots of memory space degrading computer performance and consuming more network bandwidth.

Trojan

A Trojan horse is a destructive program (not a virus) that looks like a genuine application. Trojan horses do not replicate, but it enters your computer, can give access to your confidential information to unwanted users.

Spoofing

Computer or a user pretends to be another, usually, one who has higher privileges to attack system to damage data or to deny access. Many of the TCP/IP protocols do not provide a mechanism to authenticate the source or destination of a message. When extra precautions are not taken by applications to verify the identity of sending or receiving host, it becomes vulnerable to spoofing attacks. Firewalls can help prevent spoofing attacks.

Spamming

Electronic spamming is sending of messages repeatedly. There are many forms of Spamming like mobile phone-messaging spam, internet forum spam, junk fax transmissions, social spam, search engine spam etc. E-mail is the most widely recognized Spam.

Phishing

Hacker sends emails that look legitimate to the recipient asking for confidential information. Recipient falls into such tricks and provides the login information or other important banking details thus; hacker gets access to their confidential information.

SQL Injection

SQL Injection is a Code Injection technique in which malicious SQL code is inserted into an entry field for execution. Top websites are vulnerable to Injection flaws especially, SQL Injection Flaws. By employing injections, a hacker can have your code run unintended commands or accessing unauthorized data.

How to ensure web application security?

SQL Injection

Here, the hacker makes use of web form field or URL parameter to manipulate data or to get sensitive data. For example, consider the following query to get login credentials:

ELECT * FROM Users WHERE user_id = ‘my’ and password=’test’;

Now, the hacker enters ‘OR 1 = 1; /* in Email id text field and */– in the password, the query on execution would look like:

SELECT * FROM Users WHERE user_id =’ ‘OR 1 = 1; /* and password=*/–

This will display all users in Users Table.

There are several automated scanning and detection tools available in the market to handle SQL Injection, however, the best way to avoid such attack is proper code review as complete coverage involves manual code review and manual testing along with usage of detection tools.

Cross Scripting

Cross Scripting (XSS or CSS) is one of the most common application layers hacking technique. Here, hacker attempts to insert JavaScript, VBScript, ActiveX, HTML etc code into the dynamic pages in an attempt to run malicious code.

The use of XSS might compromise private information, manipulate or steal cookies, execute malicious code to generate undesirable results, create request taking others’ identity. This is the most prevalent form of security attacks.

One way of protecting from XSS attack is to have all the code pass through some kind of filter that will omit keywords like <script> tags, JavaScript commands, CSS tags and other notorious HTML Markup (the ones that contain event handlers).

There are many libraries available to implement a filter mechanism, which one you choose will depend on your back-end technology. Ensure you always use updated filters for better security as XSS techniques keep changing and new ones keep emerging all the time.

Error Messages

Be careful about the error messages that get displayed when a user enters incorrect data. Always give generic messages. For example, when a user fails to enter the correct username/password, give a message like “Invalid username/password”. Giving exact information about what went wrong can give the hacker the clue that he has reached halfway correctly and need to focus only on the rest of the part.

Server/Browser side validation

Validation must be used at both browser and server end for better security. Simple failures like invalid phone format, numbers only, blank field etc. can be found by form validation itself; however, using stronger server-side validation can help prevent malicious code that can bring undesirable results in your website.

Password

Always practice for using stronger passwords. Your password must be a combination of special characters, numbers and upper-case letters. Passwords must be hashed while storing in database.

In case your data get stolen, damage can be minimized if the password is encrypted as decrypting them would not be possible. Plain hashing is not enough for the security of passwords. You can make encryption more secured by adding salt to your password.

Salt is a randomly generated string inserted before or at the end of the password to generate randomized hashes. As shown in below example, it makes a password hash into a completely different string every time. Salt is stored in user account database along with hash, or as part of the hash string itself. Salt must not be re-used; new random salt must be generated every time the user creates a new account or change password.

File Uploads

In today’s modern web applications, it has become necessary to provide an option for file uploading. Various social networking applications like Facebook, Twitter etc, blogs, forums, and other websites provide the option to upload files, pictures, avatar, videos and several other kinds of files. The more this feature is available on the website, the more the website is prone to malicious attacks.

Sometimes an uploaded file may contain a malicious script that can just open up the entire site. Below are mentioned some best practices if implemented while uploading a file can help you have secure file uploads:

  • Define a .htaccess (Hypertext Access) file  – A configuration file used by Apache-based web servers that has the ability to password protect folders, deny access to unwanted users, redirect users to another page, change the way files with certain extensions are utilized etc.
  • Do not place .htaccess file in the folder where your uploaded images will be preserved. Save it in the parent folder.
  • Provide a list of acceptable extensions for a website in the .htaccess file with proper deny/allow permissions. That way only allowed files can be uploaded by any user and can also limit access to each file type.
  • Always store files in a different folder outside of the webroot.
  • Avoid overwriting of files (to prevent .htaccess overwrite attack)
  • Create a list of acceptable mime-types
  • Generate a random file name and add the previously generated extension. Use a unique file name to uniquely identify each file name.
  • Implement both client-side and server-side validation for extra security.

SSL

SSL (Secure Sockets Layer) is a protocol used to provide security to websites over the Internet. If the communication channel is not secured while transmitting confidential information between website and web server or database, a hacker can easily get access to user accounts and personal information. SSL helps overcome this security threat by establishing a secured connection between browser and web server.

SSL allows confidential information like SSN, Credit Card details, login information etc to be transmitted securely over the network. SSL certificates have a key pair – public and private key. These keys work together to establish an encrypted connection.

The certificate also contains the identity of the website owner. Once the webserver has SSL Certificate installed and the communication between client and server is secured, it gives a trusted environment to the visitor indicating that their connection is secured. Browser assures visitors that their connection is secured by displaying a lock icon or a green bar and URL starts with https:// than “http:”

Conclusion

Do everything you can to improve web application security. Stay up-to-date, limit access to resources, use strong passwords and password storing techniques, and constantly monitor your site. These are some simple steps that if carefully considered can protect your data and website from hackers.

– Susan B. John

Posted on

JavaScript: Evolution, Dominance and the Future

JavaScript is the popular choice for frontend developers. Web development is ever-changing and if we take the list of programming language that has kept up with the latest trends, JavaScript will rank in the first position in the list.

Why JavaScript?

JavaScript was mainly developed as a client-side scripting language to be used across multiple web browsers in various web applications. JavaScript has the inbuilt behaviour that lets developer validate each field as the user inputs data in it and provide immediate feedback for incorrect entries without needing to load another web page to process their request.

Using JavaScript, you can provide an immediate response to various actions taken by the user without the need to load new web pages to respond. This interpreted programming language also helps web pages to be more interactive using animations without involving forms. You can even load new images, objects, or scripts into the web page without reloading the entire page.

JavaScript can efficiently handle requests being passed to the server and interpret results coming from the server. Most common areas where JavaScript can be used are Form Validation, Alerts, Image rollovers, advertising pop-ups and AutoComplete feature. With the advent of Node.js framework, JavaScript has become even more powerful and is widely used for server-side and networking applications.

Origin of JS

JavaScript originally known as Mocha was developed in May 1995 by Brendan Eich, then working at Netscape. The name Mocha was chosen by Marc Andreessen, founder of Netscape.  In September, the name was changed to LiveScript and in December, upon receiving Trademark License from Sun and for marketing reasons, the name was changed to JavaScript.

In 1996-1997, JavaScript was handed over to ECMA (European Computer Manufacturers Association) to set standards that could be used by other vendors. Series of standards were applied to this language and ECMAScript 3 was introduced in 1999, which is the baseline for today’s JavaScript.

While all these events happening, in 2005, with the combined efforts by Open Source Developer Communities, JavaScript got a new touch by the introduction of a new concept called AJAX –set of technologies, using which data can be loaded in the background without the need to reload the entire page resulting in more dynamic applications. This resulted in the popularity of JavaScript and several libraries such as Prototype, jQuery, Dojo, MooTools, etc were released.

In July 2008, various browser vendors and other interested parties met to hammer out a new language based on JavaScript. Work began on a proposal called ECMA4 and ultimately got renamed to ECMA 5 and got standardized pretty quickly. As soon as ECMA5 was finalized, work began around code called Harmony. Harmony brought some basic changes to ECMAScript and closed a few of the open gaps in functionality. Main goals of Harmony included improve language for writing complex application and libraries used by those applications, keep versioning as simple as possible and adopt de facto standards (as much as possible).

Popularity of JavaScript

The different website provides a different ranking of JavaScript based on different measures like popularity, Search Index, Code hosted etc.

Tiobe Programming Community Index has rated JavaScript at 11th position based on the language’s popularity compared to other popular languages indicating only 1.37% internet searches were made for JavaScript language. Github Code Sharing site indicates that JavaScript is the most popular language accounting for 21% of JavaScript code hosted on the site.  PYPL Popularity of Programming Language index has ranked JavaScript at 7th position.

JavaScript is more about client-side scripting language. JavaScript code can be written using any text editor (like TextEdit) and just a supporting browser is needed to run the code. Such simplicity of code is really useful for beginners to write their code. With the advanced framework of JavaScript called Node.js (server-side), it can now be used to develop an entire website.

Different Framework of JS/Popularity of JS

Some of the popular JS Framework are Node.js, Angular JS, Backbone.js, CanJS, Ember.js, SproutCore, Knockout.js, Spine, Meteor.js, Yahoo!Mojito, etc.

Node.js

Node.js is a cross-platform run-time environment for server-side networking applications. Node.js Framework is gaining high adoption rate as it can now be used to develop real-time applications. Big Giants like Microsoft, PayPal, Walmart, LinkedIn, SAP etc. are popularly using Node.js to create websites.

Node.js was created and published by Ryan Dahl in 2009. It was initially developed only to run on Linux, but after his presentation at JSConf EU Conference, it gained momentum, the package manager for Node.js libraries-npm was developed in 2011. In June 2011, Microsoft partnered with Joyent (where Dahl worked while creating Node.js) and released first build to support Windows in the month of July 2011.

JavaScript has no unified API for I/O providing ability to build modern I/O interface in its best way and this was considered the main factor that Ryan chose JavaScript to define series of asynchronous, event-driven I/O. The major advantage of Node.js is that it can keep alive many socket connections alive and can accept a request for new connections as well.

Node.js application runs in single-threaded environment; multi-threaded execution also supported in Node.js 0.10+ versions. Node.js applications maximize throughput and efficiency using the non-blocking I/O and asynchronous events. Node.js applications have great performance, and huge flexibility to implement both high end and low-end functionality.

Future of JavaScript

Third-party plugins that were used to develop the videos and other UI visuals using Flash are now replaced by JavaScript giving the same user experience. This programming language has made a unique position on the browser side, dominating almost everything a client computer does. With addition like Node.js, jQuery, JSON, JavaScript is conquering the server-side and the internet of things. In the world of mobile apps, JavaScript using Node.js help customers build incredible and responsive cloud-powered mobile apps.

With all the innovation and standardization applied to JavaScript, the JavaScript is prepared for a completely new cycle of evolution and for an exciting future. With the development of Node.js platform, making JavaScript to be used on the server-side, we can have web applications with two-way communications – both client and server can initiate communication and data can be exchanged between them freely.

– Susan B. John

Posted on

Android: World’s Most Popular Mobile Platform – But why?

Android is the most used Mobile OS and it has gained so much popularity today that there is no single place where Android is not used. Especially popular with Smartphones, Android supports most of the applications in smartphones without the support of any third-party applications.

Life has become much easier and advanced through these applications. Now, you can get everything (weather updates, latest news, sending e-mails, messaging, video chatting, conference calls, downloads, navigation, deals, nearby locations, entertainment and what not!) at a single place and within your comfort zone.

Why Android became so popular?

Android (owned by Google) is a Linux based Operating System designed for touch screen mobile phones. There are so many Android devices available in the market today. Companies like Samsung, HTC, and Motorola are few of the major competitors that make (or made) use of Android platform in their devices. Ability to customize the code (Android is based on the open-source platform) is the major advantage of Android that makes it outstanding when compared to other OSs.

Android phones give a real-life experience to the end-user. Faster multitasking, better system performance by optimizing memory, improved touchscreen, fresh design, quick response and ease of use are some of the features that gained Android its popularity.

The Adoption rate of Android into Smartphones and other devices

Android is the most used mobile OS today. As of July 2013, around 1 million Android Apps were published in Google Play store and there were around 50 billion downloads of only Android Apps. Selling figures indicate that Android devices were mostly sold in 2012, 2013, and 2014 than any other mobile devices.

Google revealed that there were around 540 million active users (who are using the Android mobile for the last 30 days) in 2013 which rose to almost 1 billion by 2014. A developer survey conducted in May 2013 indicates that 75% of mobile developers developed using Android OS.

By December 2019, the market share of Android OS stands at 74% of the total market. Android’s competitor, iOS stand at the second position in the list with a market share of 24%.

Among various Android versions, Android 9.0 Pie has the most market share with a percentage of 41.86 (January 2020). 8.1 Oreo stands in the second position.

Reference: Statista

Reference: Statcounter.com

The Open Source Linux Community let developers build powerful and innovative applications using the latest mobile technologies.

Android is not only widely used in field of smartphones, it has also gained popularity in various other areas like Gadgets (example, wristwatch that incorporates MP3 player, GPS tracker, breath and heartbeat rate), Home Appliances (example, television, refrigerators, washing machine etc), and Automobiles (example, carmakers have designed Android-based Infotainment systems that have voice-controlled navigation system, browser and an app store)

The evolution of Android

Google always tried to introduce more powerful and user-friendly features in every release of Android. New Interface, better runtime for apps and more security are some of its major features that always got un upgradation during every new release.

Better Visual Appearance

The visual appearance of Android has become more colourful and animated throughout the past years. The transition between screens, clicks, and navigation buttons have become more user-friendly.

Improved Notifications

The overlay notification has helped users to keep an eye on what’s new on their devices. It not only helps them to read new messages and call details but also easily access notification from the application of their choice. Due to the expansion of Android OS into other devices like a smartwatch, now notifications can be read just by looking at a watch on your wrist.

Battery Improvement

Battery life has much improved in every version of Android. Battery drain can be tracked with the battery saver mode and non-essential services can be turned off or run in set intervals for extended battery life.

Monitoring Health

Google’s framework “Google Fit” lets you keep track of your physical activity and food intake and give you alert regarding heart rate, breathing etc.

Security

Unlocking your device in a secured environment is faster now. A feature called “personal unlocking” unlocks your phone automatically if you are in a pre-programmed location or if it recognizes your voice.

Google Assistant

With the introduction of Google Assistant, Android smartphones have become more popular among users. Google assistant enable users to ‘command’ their smartphones without even touching it. The interactive workflow adopted by this virtual assistant made it superior to any other assistant, for example like Siri, which is less interactive in comparison.

Android in the last 10 years

Here are 4 powerful features that kept Android on the top list among competitors in the past 10 years.

Messaging

Messaging has become even more friendly by unifying different features like emailing, SMS, instant messaging, video calling into a single platform. The transition between different methods of calling would be so smooth without having the hassles to handle different apps for each feature.

Google Maps

The latest version of Google Maps provides a greater level of customization based on input provided and recent searches made. Google Now and Google Latitude track your every step, you will find your favourite fun spot every weekend (based on your previous visits tracked by the app). With handy features, with few layers of polishing though, it will still be the best free solution available on mobiles.

Payments and Security

Payments, money transfer etc. has become easier in the last few years. The Google Authenticator communicates with your device’s NFC Chip to make automatic payments at your favourite restaurant or log you in to your Facebook account when you sit down at your laptop or even verify your identity using basic face recognition combined by fingerprint or retina scanning built into your device’s camera app.

Hardware

Optimized displays, extended battery life, advanced mobile processors, better security are few of the major hardware innovations that played a big part in making Android the popular OS.

With the invent Google Assistant, you can just speak to make a call using voice recognition. It also helps in automatically finding the contact number and make the desired call or you can just mention to order some food from your favourite restaurant at a set time and it will take care of placing the order and making payments.

Not just that, you do not even need to check what you want to eat today as Google will track your entire day’s events and what you have been eating all day and based on this, it will suggest a menu. You don’t even need to take pictures, as Google will simply pick the best pictures based on its collection of your entire day’s activities.

Conclusion

With all the new exciting features and enhancements coming up, Android is ready to take things to a whole new level making the world even smaller and more comfortable place to live.

– Susan B. John

Posted on

Agile Testing: 10 Principles to Follow While Testing Your Web and Mobile Applications

Having worked in various organizations for many years in the area of Software Testing, I could firmly say that an Agile based testing approach is becoming a critical factor in bringing superior quality to today’s web and mobile applications.

Agile testing process by Ayal Shimoni

Though there are several testing approaches available, it is high time to come out of traditional approaches and adopt more rigorous and iterative testing practices that make testing more real and bring more effective results.

Agile testing is becoming very crucial while delivering quality results to the customer. I thought I will share with you some basic principles if followed that can bring drastic value additions to your test approach and make your client happy.

Agile Testing: Top 10 principles

Deliver value to the customer

Ensure that each prototype delivered to customer meet their expectation. Example: Is the layout of the website as expected by the customer, are the messages meaningful and user-friendly, does the click on button work, are there any broken pages etc.

Enable face-to-face communication

Direct communication with the client is very important to get a clear picture of the requirements. There might not be proper documents for the change requests as change occurs in a rapid manner in agile environment, however, if a representative from each team (developer, tester, program manager) meet together on a regular basis to discuss the amount of work done, it can help measure the work progress, determine bug status (how many severe bugs still exist, how many were re-opened etc.) and where we stand when compared to customer needs.

Keep it simple

Make a note of changes happening. Organized documents might not be available for every change that comes from the customer, but if you have a record of all changes (with date and comments) preserved at a commonplace, it will help you refer in future in case any confusions arise.

Also, when you report issues to the developer via bug tracking tool (or any other means like a simple spreadsheet), give a precise description of the issue that gives clear idea about the issue, if possible always attach a screenshot as the saying goes “A picture is better than 1000 words”.

Keep a big picture in mind

Although in agile testing methods, prototypes are delivered in short intervals, testers must not get distracted from the big picture of the overall product. Continuous change in code and implementation can sidetrack you from the original requirement of the client. Ensure that rigorous code change does not alter the output from the original agenda.

Provide continuous feedback

Testers must be proactive enough to provide timely feedback to developers and program managers about the quality (bugs founds, requirement missing etc.) of each prototype being delivered to client as each prototype is developed in short time spans and the early the feedback, the sooner the developers can fix those bugs, thus, ensuring delivery of quality product to the client. Focus more on people – make sure all teams (including developers, program managers, and testers) and the customer has the same understanding about a requirement.

Have courage

Sometimes a customer might not have an exact idea of what fits best for his/her requirement. Asking questions and offering ideas can help them choose the best fit for their requirement. Also, it gives you better insight into customer expectations.

Sometimes implementation must be questioned as it might not be the exact way customer is expecting. So, dare to question implementation and the way in which system is behaving as a developer who has developed that piece of the product might not have enough understanding about the requirement and your question can help them build the right piece of product.

It might create friction among teams as you cross-question their code; however, a friendly approach and the right attitude can lead to a fruitful discussion to build a product that fulfils customer needs. Ensure that your team is not intimidated by developers.

Picture by Dave Gray on Flickr

Practice continuous improvement

Always strive to improve your testing skills. Evaluate your testing skills at each delivery. How closely you tested customer requirements?

Were any of the areas left out while testing?

Did customer raise issues that you missed while testing?

Learn from your past experience, make a note of mistakes happened, list out how testing could have been improved at your side and try to implement new steps in your next project.

Respond to change

Change is a constant part of agile testing. Requirements change continuously, code change continuously. If you are having difficulty in keeping track of changes, make a practice of writing down each change (with date and comments that will help you remember why the changes were made etc.). Sometimes this kind of documentation is also helpful to other teams while re-visiting requirements or you can also show it to the customer when they say your product does not match their requirements.

Self-organize

Plan beforehand how your day is going to be. Be prepared to handle an unexpected situation. In an agile environment, there will be constant changes; so, keep a note of what tasks are to be tested on a daily basis and on what priority.

Keeping your work organized and a planned approach to handle your testing tasks can help you to test better and finish tasks in a more efficient and productive way.

Enjoy your work

Knowingly or unknowingly you are doing a very responsible part of bringing the world to a better place, so take this responsibility with great enthusiasm and passion. It gives a great sense of satisfaction to see the product you tested is the built-in right way that makes your customer happy, thus, bringing joyous results to your hard work.

– Susan B. John

Posted on

Not Sure About the Quality of Your Mobile App? 5 Key Considerations

The success of your app is directly proportional to its quality. If a user’s initial experience is positive, then they’ll want to use the app again. Here are a few major points that if taken care of can help your app stand out from the crowd:

Visual Design and User Interaction

Few key areas that your app must have:

  • Alignment of buttons, labels, text etc.
  • Color combination used in header, footer, various elements, links etc.: Color combination can be used to focus user’s attention to important or actionable elements. Make sure not to highlight too many elements otherwise important elements might lose focus.
  • Spelling: Ensure that your app does not have any spelling mistakes. This is something that can also adversely affect your search ranking. Spelling and grammar play an important role in the evaluation of the quality of a site and its content.
  • Auto Focus on Input: This will speed up things because the user does not have to click on individual input fields to type. This may be implemented in input submission, search forms etc.

Speed

Does your app load quickly? Everybody expects a fast web experience. A fast site increases the overall quality of the app and increases user satisfaction.

Courtesy: www.techcrunch.com

A major reason that can severely affect the performance of your app is:

  • Size of individual files and images: Huge files and high-resolution images can take double the time to load and can drastically affect the performance of the app. Ensure that your high-resolution images are first compressed using default compressor and re-load these compressed images instead of uncompressed ones.

Scalability

Ask yourself following questions

  • How many visitors are accessing my app every day?
  • What is the peak number of visits that my app can support?
  • What areas of my app are most accessed by visitors?
  • What is the average response time of most popular pages of my app?
  • How efficiently can my hardware/software support the current volume of visitors?
  • How much infrastructure (hardware/software requirements) is required to handle these volumes?

Slow apps will frustrate the customer tempting them to leave soon.

Standards

Is your app built on provided standards? You have to understand who would be using your app. Identify their key tasks and key priorities that they want to accomplish through your site. Find out their goals and focus on how it relates to your business’ goals. Interacting with end users by conducting Surveys, User Testing sessions etc. can help you understand how closely user’s needs have been met by the app.

Also, your app must be built on a platform that is supported by standard skill sets across the organization and in the public domain. It must be flexible enough that is capable of integrating various systems for development and also the common set of functions and features must be sharable by different applications.

Security

Since mobile apps are running outside the security of your internal networks, you always have to make sure that the app is not vulnerable to security threats. One basic thing you can do is to encrypt traffic to the backend—at a minimum, by using Secure Socket Layer (SSL) encryption. However, SSL by itself isn’t enough because of the nature of how mobile devices connect. One solution would be to rely on WebKit to handle SSL.

Susan B. John

Posted on

Always Do This: Top 10 Things to Market Your Apps Well

Before getting into the details of app marketing strategies, we must understand the purpose of mobile app marketing & what is the relevance of implementing the best marketing practices for your application?

Marketing a mobile app is equally important as developing the app itself. According to the current statistics, there are approximately 2.2 million apps in the Apple App Store and 2.8 million apps in Google Play store (reference). This may give you an idea about how strong the competition is and how critical it is to market your application well!

It would be difficult for users to notice your app if you are not using appropriate app marketing strategies. Here comes the importance of app marketing strategies. However, marketing a mobile app requires careful thought and planning.

Here are some of the best and simple strategies you can follow to market your apps well.

10 Strategies to market your app

1. Target your audience

The first and most important step in marketing your mobile app is to find your target audience. Understand your niche market and their needs well. This will help you to attract more customers.

Create a blog/website for your app

Blogs and Websites are the best places to advertise your app. Here you can explain about your app as much as possible by elaborating its importance and how it is beneficial to the customers.

You can also invite customers to download the app.

Another way to market your app is Print Marketing. Along with digital marketing efforts, you can promote your app with print marketing materials like:

  • Postcards – engage your customers with direct mailing postcards.
  • Stickers – creative stickers will work for you in a cheaper way.
  • Banners – you can get the job done with the help of large banners placed near busy interactions or high traffic areas.
  • QR Codes – include QR Codes on postcards, stickers or even on your website/blog.  It will be easy for your customers to access/download your app.

As an example, you can check out how AlignMinds has designed an amazing website for our own mobile app – Apprikot

Social media marketing for your app

It is very important and necessary to have strong social media presence to promote your app. It is important to spread the word about your app infamous social networking platforms like Facebook, Twitter, LinkedIn, etc. You can offer promotion & advertisements, offer gifts/rewards to download the app through social media.

According to Forrester Research, 19% of iOS & 15% of Android downloads come from people finding apps on social media.

Demo your app

Videos always help users to understand things easily. Most of the users like to watch rather than read the content. Create a video that explains how to use your mobile app. In the video, you must clearly explain what the app is all about & how it is useful in a real-life scenario.

Already, there are a number of mobile app demo videos in the market. A short, creative and clear demo will give a good mileage to your application. Video demos are one of the easiest ways to display the value of your mobile app.

Don’t forget to place your demo on your blog/website.

Animated explainer video

Animated explainer videos are another way to market your mobile app. They help you to explain the benefit of using your mobile app and the value it will add to the life of its users.

If you can make an interesting animated explainer video describing your app along with some storytelling touch and humour to it will really show the result. Experts say about 90% of the apps that have explainer video increases their reach around 4-5 times.

Check out this wonderful explainer video from one of our clients.

PingStamp Subbed

Network with other app developers

Networking with other mobile app developers will help you with marketing your mobile app. Find out some of the top-rated app developers from App Store; be sure that the developers have a good rating. You could propose a mutually beneficial marketing opportunity that helps you increase your downloads. There is a possibility that the users may end up downloading both the applications.

The old marketing tactics still work

Yes, it still works! Even though we have progressed in the world of digital media, the old marketing strategies still proved good enough for your app.

You may publish ads on websites or publications or print out business cards and distribute them.

You can even attend relevant business meetings and events so that you may spread the word about your app.

Radio and television ads, brochures and fliers also do a great deal in marketing the concept.

All these different marketing techniques can help you to promote your app.

Put the links to download everywhere

This is one of the easiest ways of app marketing. Put links to download your mobile app on your blog, your website’s home page, in your marketing emails, and on your social media accounts – you can even add a custom tab to your Facebook page.

Take a look at WhatsApp’s page below, which includes four calls-to-action on just one page, all of which is to download their mobile app.

Availability of your app on various platforms 

Make sure that your app is accessible to everyone. The main question is – Is it available for all platforms – iPhone, Android, Blackberry, Windows? Don’t forget to mention your app’s compatibility.

Monitor feedback and encourage reviews

Last but not the least, the most important point is to collect your user’s feedback and encourage them to post reviews. This process will help you identify bugs that you may otherwise miss out and can make quick changes to improve the user experience to make your app greater. 

It would be advisable to respond to feedback and comments without delay. This gives the users a reassurance that you are listening to their comments and making appropriate modifications. It’s an unwritten rule that the app with best reviews gets the most visibility and downloads.

Conclusion

In the present state of things, having an app is very important for your business. However, if you don’t market your app properly in the market, it may be lost out in the crowd. It is vital to understand the specific business need and plan accordingly. Prepare the best strategies for app marketing and spend the extra time making sure your app is visible, accessible and integral to your customers.

– Pratiksha R. Prasad

Posted on

Building Social Networking Apps for Communities: Tips from Experience

Are you one among the lucky people who have spent their childhood in the 90’s?

If your answer is Yes, then you have all the reason to consider yourself lucky.

We are part of a generation which has transformed tremendously over a period of 2 decades. The magnitude of this transformation has touched almost all aspects of our lives. One of the most crucial aspects that underwent mutation was “communication and networking”. During my childhood, there were days when we had to wait for weeks for a person’s letter to reach you from abroad. The times have changed and so did the means of communication.

Starting with the mobile phone revolution, people started getting addicted to the concept of Mobility and Social networking. Interestingly, these are two of many domains that AlignMinds Technologies has expertise on.

I am sure you would be remembering the legendary “Orkut” which sparked the Social networking concepts worldwide. Then came Facebook which overthrew all existing social networking platforms and service.

Have you ever imagined what is the core concept of Social networking?

Undoubtedly, it is the users and the user communities that the networking platform caters to. Every social networking platform has a focus group who would utilize the platform to its entirety. The success of any social networking platform lies in identifying and customizing the services to satisfy this focus group.

Now that we have discussed about social networks in general, let’s dwell more into the types and peculiarity of each type of social networks.

Type of social networks

Social networks can be broadly divided as Open and Closed networking platforms.

As an example, let’s consider Facebook since it’s the most successful social networking platform in the IT industry now. Facebook is an open networking platform where users from all demographics ( location, language, culture etc.) connect, communicate and contribute to each other. This openness has been one of the key reasons for the success of Facebook. On the other hand, we have closed networking platforms which is aimed at a restricted set of users who are particularly interested in a domain of activity.

Not a long time ago, we built a social networking application called “TieIn” which is a closed community network that caters to the Sports community. The application creates an excellent platform for sports fans, teams, coaches, players and enthusiasts to create private or public communities. The app provides the ability to these users to share information inside these private or public communities. Information is shared in the form of a normal text post, video or image. This privacy and closed nature are considered to be the success mantra of TieIn application.

In fact, there is no specific thumb rule which ascertains the success of a social network. But from the experience of dealing with clients in the social networking industry, here are a few tips that may come in handy during the conceptualization and development of social networking applications:

How to conceptualize and develop a social networking app?

  • Analyze well and be sure about the focus group that the social networking application is being built for!
  • Make sure that you know the real “problem” that the application is solving – It may be connecting families or people in the same field of interest!
  • Make sure the application is not “overloaded”. Be simple and straightforward in the initial launch. Ramping up may be considered once the focus group has accepted the app.
  • Figure out what is that “extra thing” that can be gifted to your focus group. This extra concept should be something that is tough or practically impossible without using the application.
  • Trust your inner self – Evaluate the application by putting yourself in the shoes of the end-user and make sure you are overwhelmed!

Applications are built for a global audience and hence, nothing lesser than the best gets the chance to survive. So, it’s the responsibility of each team member to think out of the box and built apps that will make users fall in love.

– Anand Krishnan

Posted on

AlignMinds Hails Glory: DBS Hackathon at Singapore

We are immensely happy to share our glorious success at the global hackathon event conducted by DBS Bank, Singapore in association with Ideatory, which is one of the most promising technology startups in Singapore. AlignMinds has elevated a notch higher in its global rating and positioning with this consecutive success.

The success we experienced at both these Hackathons helped us to underline our belief that victory is a result of persistent hard work, impeccable process patterns and a highly focused mindset that was mutually shared and resonated by each of the team members. Each of us put in our best effort to follow the best practices with reference to Rapid prototyping and this helped us in spotting the right areas to focus and execute during the three-day session.

Preparation for the event!

The news about the event reached us on the third week of October when Ideatory team member, Sudhanshu and Amrith contacted us and invited us for the event since we were the winners of the first hackathon event held on August 2014 (details can be read here). Once again, we wish to convey our gratitude to Ideatory team – Sudhanshu and Amrith in special for all their support and assistance.

It was a cold windy morning on 20th, October when we received the confirmation that AlignMinds was formally invited to participate in the DBS hackathon event scheduled on 29th, 30th and 31st of October at DBS Asia Hub, Singapore. We were quick to respond and formed our hackathon team without delay.

We had a couple of unanticipated setbacks since a few of our team members who participated in the first hackathon event were not available due to other international on-site assignments. However, this did not abate our interest to participate as we quickly restructured the team by collecting the best talents in the organization.

We were led by Devanarayanan who is the CEO of AlignMinds Technologies and the mastermind behind each of our successes so far. The team also included Vishnu and Divya who handles Android development, Juny George, Jaigel Jose and Jackson Jacob who are veterans in User experience and User interface tasks and Sowmya Sarath who is our Senior technology evangelist and project coordinator.

Last but not the least, I was fortunate to be able to take up the role of Business Intelligence analyst which gave me the chance to interact with the DBS team and build a smooth communication channel between the team members.

Day 1: The first glance of Singapore!

Our backpacks were ready on October 27th and we boarded our dream flight to Singapore from Cochin International Airport by 11 30 PM. The whole team was bubbling with excitement, anxiety and hopes for a great event in Singapore.

We landed at Singapore the next day and we were welcomed by a gorgeous city which mixed the right combination of technological and architectural excellence with an equal amount of greenery and cleanliness. We headed directly to our boutique hotel since we badly wanted some personal time to put ourselves in place and prepare for the pressure that was about to face on the next three days during the rapid prototyping session.

We were also invited to the ice-breaking session that was scheduled at 5 PM that evening.

After a quick nap, we started off to DBS Asia hub where the 5 other competitors, DBS team and Ideatory team members had gathered. It was a fun event where we met and interacted with our mentors and team members from DBS.

Our team was being mentored by Francesca, and was accompanied by an awesome team that included Fen, Dong, Claren and Chew. During the evening session, we also had the opportunity to select the team name, team number and the challenge to be solved. Our team was named “Dream Catchers” and we were team number 2 on the list. The challenge that was assigned to us was to build a pre-launch application for DBS that would popularize DBS bank in India and help gain maximum visibility among the users.

Day 1 at Singapore was fairly smooth as we returned back to our couches to take rest and be ready for the first day of the hackathon.

Day 2: Hackathon was officially flagged off!

The first day of the DBS hackathon saw the official flag-off of the events by Raju Nair, Laurence and Cade.

The agenda for the day included multiple short sessions which helped the teams to get the feel of how a rapid prototyping session and also helped us ingest the concept of “Customer Centric” development which was considered as the prime focus by the global CEO of DBS Bank, Piyush Gupta.

On the other hand, our team was already brainstorming about the topics that had the “fire” to capture the Indian smartphone users. We came across many different thoughts and opinions ranging from games to quiz applications.

It was then that the concept of a Private social networking application was put up by our CEO, Dev. Within the next few minutes, we could feel the acceptance of each of the team members towards the topic and we decided that this is going to be our “success sutra” for this hackathon event. Without delay, we had started our preparations in the form of mind maps, sketches and basic functionality listing which helped us to visualize the scope of the application. We followed the concept of “Lean Loop” as per the instructions from the team mentors and this proved to be a great approach for the rapid prototyping process.

By the end of the day, we had prepared a detailed idea about what the app would do and how would be designing the app to do it. We wound up our tasks for the day with a wrap-up session by Arjay and Cade. We finished our dinner and headed back to our room in the SMRT (Singapore Mass Rapid Transit).

Day 3: The actual “Hackathon” begins!

It was the day next critical task in our hands was to design a visually appealing user interface which has a highly optimized user experience flow. As this process required a high level of coordination between the design team and the functional and technical implementation team members, we decided that our team can take roles and split up.

Based on this suggestion, the DBS team members in our team decided to share the tasks related to preparing and documenting the early customer feedback based on quick surveys. They also decided to work out the financial figures which would allow the DBS decision makers to visualize the ROI statistics of the app.

We, on the other hand, had started working on full swing on the user interface and user flow aspects. Juny who is our lead UX architect was available on Skype conference call wherein he guided us through each and every design item in the app screens.

By lunch, we were ready with the initial set of flows that marked the foundation of the application.

The rest of the day was kept aside for designing the remaining design items and preparing a structured flow based on the user action.

By the end of day 2, we were prepared with the designs and pages that allowed the Android developers to take over.

Towards the end of the day, we took our status checks and listed out our tasks. At that point, we realized that we were going to have an exciting D day. On that expectation, we wrapped up for the day and returned to our rooms.

Day 4: The D Day!

We reached early on Friday (31st October) which was the D day of the event. We started working on the final touch-ups and tweaks on the prototype to make sure that everything is in place.

In the meantime, Fen, Claren, Chew and Dong had completed the surveys and come back with awesome news for us. It was reported that around 92.5% of the people surveyed expressed their acceptance of the app concept. This was a huge boost for us, and we made sure that every aspect related to aesthetics and functionality was optimized to the best of our ability.

Finally, at 16: 15 Singapore time, we submitted our prototype for review along with all the other team members. We presented the app together and answered all the questions that were put in front of us. We were happy to see that the judges were able to realize the value of the concept.

A flawless prototype and the right pitching of the app concept from our DBS teammates made it a wonderful presentation! By 18: 30 Singapore time, the results were out and Dream Catchers were confirmed as the Winning Team in DBS hackathon 2014.

Conclusion

This event, DBS Hackathon conducted at Singapore, was surely a great one for AlignMinds as we got yet another opportunity to prove our skill in solving a business problem with limited time without limiting the quality standards.

We also got the chance to work with some wonderful teammates and each of those moments will be treasured by our team AlignMinds.

We wish to thank each of the staffs at DBS Singapore and Ideatory for providing us with this great chance to build a concept that will surely be a game-changer for DBS in India! After the 4 days of unlimited fun, excitement, productivity and a great result, we have taken home a lot of learning from this event and we are sure that this will help us nail the next challenge put across to us by DBS!

– Anand Krishnan

Posted on

Our Success Mantra: AlignMinds at DBS Hackathon

The Beginning

All the fun and excitement began on a cold Wednesday morning when we got the news that my team at AlignMinds Technologies was shortlisted among hundreds of mobile app development companies in India. It was a pleasant surprise to know that we were taking part in one of India’s prestigious Hackathon events that was being hosted by Development Bank of Singapore (DBS Bank), Singapore.

For those who are less aware of DBS (the way I was, two weeks back), it is one of the largest banks in South East Asia led by the CEO, Mr Piyush Gupta.

Within a moment’s notice, AlignMinds team was ready for the technology warfare as we call it. We were being led by our top management that includes our CEO, Devnarayanan G Nair, our Head of Technology, Madhusoodanan M P, our Head – Execution and Delivery, Sowmya Sharath and our Head – UI/UX, Juny George. Our development team comprised of three Android developers who had a “bring-it-on” attitude towards the event! They were Muhamed Riyas, Divya and Vishnu. The team would not have been complete without our technical support gurus who ensured that there were always connected to the network. Ravi Varma led this team with the utmost confidence. Finally, it was me who took care of connecting and bridging the communication and analysis between the two groups.

The event was held at the Startup Village, Kochi which is currently the biggest and best incubation centre for technology entrepreneurship. Ideatory, a reputed Singapore based technology startup was in charge of ensuring that the event was a grand success. Ideatory team, headed by Sudhanshu Ahuja, did exactly this by ensuring perfect coordination and management of activities throughout the event.

The best part of the event was that my team would get the opportunity to work with the DBS team and technology innovators who have scaled the organization to its current glory. However, all this excitement came with an equal share of challenges which was to prove my team’s worth and this is exactly what we urged for throughout the 2-day extravaganza!

Day 1

The event was flagged off on 22nd August 2014 at Cherai in a magnificent beach-facing resort. My team and I reached the venue at sharp 6 PM and quickly finished the ice-breaking session with the program coordinators. In between, we were introduced to our wonderful mentors from DBS Bank. This included Ms Elizabeth Chapman, Executive Directors, Akhil Doegar, VP-Product Development and Harish S, Senior Product Manager at DBS. Harish was the primary point of contact from DBS for the 4 days of telephonic discussions with me before the event. During these calls, I could extract as much information as possible regarding the requirements.

During the inaugural event, we were keen to utilize every moment that was at our disposal in understanding the requirements and proactively involved in discussions which would ease our journey in the next two days. Once the initial ice-breaking and socializing was over, we met Harish at his resort cottage and had a detailed brainstorming which brought our ideas much more into alignment.

Interestingly, the whole team was so immersed in the conversation and did not realize the two hours went through! The next two days at the event can be summarized in three words: Excitement, Energy and Determination.

We started the day at 9 AM on Saturday. After a quick post-breakfast meeting, we rushed to our workstation and began our fight for success. The proactive attitude and functioning of the team were greatly appreciated at various incidents by most of the top management from DBS. For us, the question was not “who will do it”, but it was “how well can we do it”!

I wish to re-quote our CEO’s statement given to The New Indian Express, “We were aware of the challenges but we were more focused on the goal which was possible only with sincere hard work, impeccable teamwork and proactive analysis”.

Our CEO says,

“We were aware of the challenges, but we were more focused on the goal, which was possible only with sincere hard work, impeccable teamwork and proactive analysis”

Intermediate Demo

Although the start was perfect, we had our fair share of complexities and challenges in store during the second half. We developed our initial prototype within a record time frame of 6 hours using our rapid prototyping and collaboration tools including InvisionApp. This gave a much clearer picture to our mentors who decided to take a different route. This was followed by a 90 minute stand up meeting where each team member did their best to visualize and ensure that the iterations were bringing us closer to winning the championship. The meeting concluded with great applause which was an immediate reward for the amount of thought we put in to redesign the concept and conceptualize their requirement.

Final Hours

Sunday was reserved for redesigning, prototyping and ensuring that each functionality and layout that was requested for was working in the Android app. My team did this with so much passion and attention to detail, that the quality of the prototype was in par with a live Android application.

Our CEO coined an interesting name for the app – DBS Mongo! Mongo referred to “Money on the Go” since our prototype aimed at easing out the payment procedures and transactions to the bank customers.

We worked and worked till 18: 59 as we had to submit our app at 19: 00. And the rest is history. AlignMinds triumphs in winning the confidence and acceptance from our judges who were the top officials at DBS who had flown down from Singapore. The judging panel included the Group Head – Digital Banking – Olivier Crespin, Chief Innovations Officer, Neal Cross and the Head – Customer Journey Design, Raju Nair.

3d Printed Hackathon Memento

We believe that the success mantra of my team’s triumph was teamwork, speed and determination! We worked together with a single aim and focus which led us to our destination. I believe that our success was destiny but reaching it was our decision. I personally look forward to being part of such events which helps my team and me to take up challenges and prove that we are the best!

Anand Krishnan

Posted on

Engineering Knowledge in the Digital Age

Often it requires unique teams to practice the philosophy of engineering knowledge. And I’m glad to state that this is what differentiates AlignMinds.

What is knowledge engineering?

Knowledge Engineering is conventionally associated with methodologies to build knowledge-based systems or ‘Expert Systems’. However, in today’s dynamic digital world, it applies to almost all the technology systems that we build, deploy and use.

What is Knowledge?

Our CEO often quotes David Weinber to define ‘Knowledge’ and I always felt that it’s a beautiful summary – “Knowledge results from a far more complex process that is social, goal-driven, contextual, and culturally-bound. We get to knowledge — especially “actionable” knowledge — by having desires and curiosity, through plotting and play, by being wrong more often than right, by talking with others and forming social bonds, by applying methods and then backing away from them, by calculation and serendipity, by rationality and intuition, by institutional processes and social roles”

“Knowledge results from a far more complex process that is social, goal-driven, contextual, and culturally-bound.”

For us, ‘Engineering Knowledge means’ acquisition of knowledge and this process is transformed beyond the conventional specification process used to capture most business requirements. We engage in meaningful conversations, research and follow a dynamic approach towards solving the problem in front. This is particularly relevant since we work with a lot of startups building Minimum Viable Products (MVPs).

Why ‘Engineering Knowledge’?

There are several reasons why such a process makes sense:

  • Unprecedented simplicity has become a crucial success factor of today’s applications compared to conventional software systems
  • Without adequate knowledge acquisition and involvement from key stakeholders, the application has a high likelihood of failure
  • Most of today’s applications – especially in mobility and cloud – have a social role to play.

Speaking a bit about me –After my Masters, I’ve been associated with other verticals in the previous episodes of my career before becoming a part of AlignMinds.

However, what made it enjoyable and inspiring despite my lack of exposure to a technology development environment was our acceptance of the dynamic nature of things around – fellow team members, customers, technology, and always, the business problems we were trying to solve.

Hence in a digital age that is so evolving and changing, we need to constantly seek to build systems based on actionable knowledge – which will excite people and transform the way we do things – compared to monotonous pieces of code that deal with just data and information.

– Sreenivasan K V