CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Importance of backing up data for smal...

Data is essential to any business - regardless of the size. And with the recent ransomware attacks, it is important to keep backups regularly. A loss of your business’s data, from a down server or a ransomware attack, can cost a company a lot of money. Types of backups You can either back up online to an out of network cloud server, to a physical storage location or to an offline drive. Either should have you secured from a network attack and will enable you to be up and running after-the-fact. Having a backup strategy cannot be stressed enough, here are some strategies that you could follow:

  1. Cloud backups - keeping data offsite is helpful should you experience a natural disaster.
  2. Encryption of data in transit.
  3. Multiple backups offsite - ensuring 2 or 3 backups are kept.
  4. Testing of backups - ensuring that all backups taken are viable for use should the need arise.
Regular backups can be a life saver - ransomware attacks, natural disasters, corrupt hardware can strike at any moment. Being prepared can save your business money in the long run. Some other tips that you can consider following include
  • Having a file organization standard. Develop a standard way of organizing your files so that you or your users will always know where data belongs.
  • Determine critical files or data. Organize and sort through the files to ensure critical data or files are kept secure and regularly backed-up.
  • Create a local backup solution.
  • Create an offsite backup.
  • Automate your backup procedures.
How do you get started? Its key to create a backup routine, which includes the following information
  • A checklist for the file or data that you need to backup;
  • A backup schedule for times that your backup system will run;
  • Verify the backup to ensure the data is intact.
Also remember, for your website and hosted applications, to check with your local hosting provider as they usually offer backups. For local development work, always use a repository for code and documents, like git, while for binaries, use cloud storage so all you lose, if your hard drive was to crash, is the work of the current day.

With the latest ransomware attack, her...

With the latest attack, Petya, fresh in our minds, we thought it would be a good time to discuss what exactly a ransomware attack is and how you, as a business, can protect yourselves from such. These cybersecurity attacks not only attack individuals and small to medium sized business, but also large multinational enterprises from around the world. What is clear is that the attack from the past week, Petya/GoldenEye while similar, is a lot more serious than the attack of the previous month - the WannaCry worm attack that struck hundreds of thousands of computers.   Have we gotten your attention? Good! The first real way to protect yourself, and your business, is to know what the attacks are and what they look like. And then to move onto how to set yourself up so that you are secured against such an attack. With the latest ransomware worm, the ransomware infects computers and locks down their hard drives. Then demanding $300 ransom in digital currency Bitcoin.
The email account associated with the ransomware will have been blocked, so even if victims pay, they won't get their files back. Many experts are calling for people to not pay the ransom. The virus or worm is spread by infecting multiple computers on a network, and is initially contracted via an outside source, commonly an email. Many companies were hit severely this time round, as they did not update their Microsoft packages, leaving them vulnerable to the attack.  Am I at risk you may be asking yourself? Well potentially. The great news is that if you have a Windows machine, and it is up to date with security updates, then you are fine. The bad news is that if you are on a network with a machine that is not up to date, then this will cause a problem for you should they get the virus. Top tips for keeping you and your network secure:

  1. Keep all servers and network connections up to date with the latest security updates;
  2. Be sure to backup your computer regularly and keeping a recent backup copy off-site.
  3. Brief all network users on what phishing emails look like, the importance of not on links;
  4. Make sure your antivirus software is up to date.

More into Cybersecurity - what do you ...

As technology becomes more and more entrenched into our daily lives, we become more dependent on it. This dependence may lead to vulnerability - especially if the technology fails. As we move further into 2017, we are seeing even bigger cybersecurity threats than before - more deceptive and creating more vulnerability than ever. Hackers (and their associated threats) are forever evolving and changing, we need to be constantly aware. There are of course simple rules that we need to keep note of:

  • Update your passwords regularly and use different characters and symbols each time.
  • Set up security questions with answers that hackers can’t guess based on your public information. The city you were born in or the name of your prom date aren’t exactly iron-clad secrets.
  • Avoid downloading suspicious links and delete your cookies every month.
A hack threat can cause more than just a crashed server or spam sent through your systems. From basic phishing through to fundamental security flaws on your website, it is important that you align yourself with a development partner that is up to date with security. Phishing refers to the fraudulent practice of sending emails pretending to be from reputable companies in order induce individuals to reveal personal information. Another important thing about cybersecurity and potential hack threats, is that it is not limited to bigger corporations - small businesses are under attack as well. Cybersecurity topics can be subdivided into two complementary areas: cyber attacks, which are essentially offensive and emphasize network penetration techniques; and cyber defenses, which are essentially protective and emphasize counter-measures intended to eliminate or mitigate cyber attacks. If you are getting a website or web application developed, don’t be shy to ask about how your application is being built and considered against the current and past security threats. Ask about how updates will work and about continued support to ensure that you web application is kept secure and up to date. As a business, you can institute solid network security protocols to keep information secure in both the present and future. Keeping ahead of attacks and creating a secure environment are fundamental steps in protecting your assets. Another key component is training your staff, such training is particularly important for companies that rely heavily on cyber communication due to having remote employees. Some of the security protocols that you can implement can start with these simple steps:
  • Protect every end point
    All devices that are connected to your network, should be secured - every connected item, including wearable technology.
  • Build for scale and flexibility
    A key consideration when developing a web application, but have you thought about it?
  • Prepare for new sources of data
    As technology is evolving so are the sources of new data. Make sure that you are planning ahead of the curve.
Concerned about the security of your web application? Chat with us! Also be sure to check out online tools that provide free webscanning on your site. There are also online resources where you are able to track the security issues in cakephp. Other resources to look at include OWASP’s web application security testing cheat sheet and OWASP testing project.  

A quick guide to agile development - w...

Agile has been around for a while, but recently it has come back into focus. But what is agile development and why has it become such an important concept? It has become such a buzz word but do you really know what it means or why it could be a great addition to your development process? Agile is a project management term that uses short development cycles, or iterations, to focus on continuous improvement in the development of a product or service. Agile was originally developed to improve the development process - allowing it to rapidly identify and adjust for issues and defects. A major benefit is that it allows development to keep ahead of customer expectations, competition etc.  There are 12 key principles that guide an agile project

  1. Customer satisfaction is always the highest priority; achieved through rapid and continuous delivery.
  2. Changing environments are embraced at any stage of the process to provide the customer with a competitive advantage.
  3. A product or service is delivered with higher frequency.
  4. Stakeholders and developers closely collaborate on a daily basis.
  5. All stakeholders and team members remain motivated for optimal project outcomes, while teams are provided with all the necessary tools and support, and trusted to accomplish project goals.
  6. Face-to-face meetings are deemed the most efficient and effective format for project success.
  7. A final working product is the ultimate measure of success.
  8. Sustainable development is accomplished through agile processes whereby development teams and stakeholders are able to maintain a constant and ongoing pace.
  9. Agility is enhanced through a continuous focus on technical excellence and proper design.
  10. Simplicity is an essential element.
  11. Self-organizing teams are most likely to develop the best architectures, designs and meet requirements.
  12. Regular intervals are used by teams to improve efficiency through fining tuning behaviors.
 Many industries actually make use of an agile development process and follow these key principles. It is highly collaborative and is seen to be more efficient. Some of the more popular agile methods used are
  • Scrum
  • Kanban
  • Lean (LN)
  • Dynamic System Development Model, (DSDM)
  • Extreme Programming (XP)
  • Crystal
  • Adaptive software development (ASD)
  • Agile Unified Process (AUP)
  • Crystal Clear methods
  • Disciplined agile delivery
  • Feature-driven development (FDD)
  • Scrumban
  • RAD(Rapid Application Development)
While agile development has many advantages, it also has a few disadvantages - it certainly is not for every project or project team. It also favors developers, project teams and customer goals, not necessarily the end user’s experience.

Quick glossary: DevOps

Has your team gotten you down with the use of so many terms that seem so unfamiliar? Don’t despair! The ability to rapidly develop, deploy and integrate new software is essential to success - but you should be aware of the terms that the dev ops team will be using! First starting off with devops - which is a mash-up of two terms: "software development" and "information technology operations. But there are more A/B testing A technique for testing new software or new features whereby two or more versions are deployed to users for testing. The metrics from each variant are then compared and assessed based on the testing criteria. Acceptance testing The testing performed near the end of the development cycle that determines whether software is ready for deployment. Agile development Agile development refers to a methodology that emphasizes short iterative planning and development cycles. The idea is that iterative development affords more control and establishes predictability.   Behaviour driven development A development methodology that asserts software should be specified in terms of the desired behavior of the application, and with syntax that is readable for business managers. Build Automation Tools or frameworks that allow source code to be automatically compiled into releasable binaries. Usually includes code-level unit testing to ensure individual pieces of code behave as expected. CA Release Automation CA Release Automation is an enterprise-class, continuous delivery solution that automates complex, multi-tier release deployments through orchestration and promotion of applications from development through production. Continuous delivery Continuous Delivery is a set of processes and practices that radically removes waste from your software production process, enables faster delivery of high-quality functionality and sets up a rapid and effective feedback loop between your business and your users. Deployment Manager Cloud Deployment Manager allows developers to easily design, deploy, and reuse complex Cloud Platform solutions using simple and flexible declarative templates. From simple web servers to complex highly available clusters, Deployment Manager allows teams to spend less time managing, and more time building. Delivery pipeline A sequence of orchestrated, automated tasks implementing the software delivery process for a new application version. Each step in the pipeline is intended to increase the level of confidence in the new version to the point where a go/ no-go decision can be made. A delivery pipeline can be considered the result of optimizing an organization’s release process. Functional testing Testing of the end-to-end system to validate (new) functionality. With executable specifications, Functional Testing is carried out by running the specifications against the application. Gitlab GitLab is a web-based Git repository manager with wiki and issue tracking features. GitLab is similar to GitHub, but GitLab has an open source version, unlike GitHub. Github GitHub is a web-based Git repository hosting service, which offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a web-based graphical interface and desktop as well as mobile integration. Lean “Lean manufacturing” or “lean production” is an approach or methodology that aims to reduce waste in a production process by focussing on preserving value. Largely derived from practices developed by Toyota in car manufacturing, lean concepts have been applied to software development as part of agile methodologies. The Value Stream Map (VSM), which attempts to visually identify valuable and wasteful process steps, is a key lean tool. Micro services Microservices is a software architecture design pattern, in which complex applications are composed of small, independent processes communicating with each other using language-agnostic APIs. These services are small, highly decoupled and focus on doing a small task. NoOps A type of organization in which the management of systems on which applications run is either handled completely by an external party (such as a PaaS vendor) or fully automated. A NoOps organization aims to maintain little or no in-house operations capability or staff. Non-Functional•Requirements (NFRs) The specification of system qualities such as ease-of-use, clarity of design, latency, speed, ability to handle large numbers of users etc. that describe how easily or effectively a piece of functionality can be used, rather than simply whether it exists. These characteristics can also be addressed and improved using the Continuous Delivery feedback loop. Orchestration pipeline Tools or products that enable the various automated tasks that make up a Continuous Delivery pipeline to be invoked at the right time. They generally also record the state and output of each of those tasks and visualize the flow of features through the pipeline. Whitebox testing A testing or quality assurance practice which is based on verifying the correct functioning of the internals of a system by examining its (internal) behavior and state as it runs.  

We Bake with CakePHP