Web Applications: Striking a Balance Between High Performance and High Security
6 May 2020
All business in 2020 is digital. If you're operating a business of any kind today, some part of your operations happens digitally. From payroll architecture for newsagents and supermarkets to developers of mobile games and even the gamers themselves, our work and our play rely heavily on the proper functioning of applications. We no longer live an era where people can afford to wait for information to transfer and we've got so much choice too that we don't even have to accept applications that don't look exactly how we want them to look. But with all this choice and with all this information travelling about faster than we have time to think about, how can we be sure we're really getting the most out of our day-to-day applications?
Relatively speaking, these isn't much you can't program an application to do. In the financial sector, even the simplest applications can run searches on massive amounts of data to pull up information on transactions in real time while also anonymising data and encrypting the search activity itself to ensure no untoward eyes are watching. In the online games industry, they can be used to promote positive player interactions by issuing auto-bans to players who are using abusive language or trying to scam other gamers. The point is, the possibilities are endless. With a whole universe of possibilities laid out in front of you before you even begin to develop an application, sometimes it's tough to know where to begin. Well, why not start with two absolute fundamentals.
The motto for all good application developers should be 'don't settle'. Whether building an application for personal use or for corporate use, technology changes and new things become possible at such a lightning-fast pace that not thinking of how your app's health and performance will compare to its closest competitor as it ages is frankly lazy and irresponsible. It's so important to always be thinking of the next upgrade, but more important still to aim to make that upgrade before its even necessary.
Simply put, forget limitations of devices in the past, you're developing for the future. Hardware and CPU power now is greater than ever before and Moore's Law ensures that upward trajectory in operational functionality will only continue. With server-side hardware no longer required to carry the weight of the functions APIs are required to perform, thanks to front-end frameworks like Angular and React, the door is open to really play in the space creatively while ensuring your application can always function smoothly without fail.
Even if your application is solely for personal use and doesn't technically live online, as long as your device is connected to the Internet, it's at risk of being compromised. It seems obvious to say it but security should never be something you implement as an 'add-on' to your application's function - as the creators of Zoom found out only recently.
Security measures should always be implemented as part of the initial development process. Fortunately, security practices have evolved right alongside development practices and many frameworks even support best security practices. Front-end frameworks can sanitise user input by protecting against XSS attacks while some back-end frameworks can help protect against SQL attacks.
With the shift from RESTful APIs to GRPC-web APIs, this process will become even more effiecient as information will be serialised, making it smaller and therefore even easier for architecture to process and interact with. This process also makes interactions more secure as serialised requests and responses are harder for hackers to tamper with.
How Can I Be Sure My Application Has Both?
The short answer is 'build it yourself'. Without proper proof of penetration testing, you can't be 100% sure an application is that secure or even that highly performant. You wouldn't buy a car without a guarantee that it's passed all relevant tests, software and applications are no different. The easiest way to be sure your day-to-day applications are secure and functioning at maxmimum efficiency is to build them yourself or to find a partner with a specialisation in development and security.
The benefits of this go far beyond security. Having your own custom applications and software means having something that is sculpted around the way you do business, not how the world says you should do it. Maybe some applications have one element of what you need but lack a function that another application has. Maybe you're paying a monthly subscription to a software bundle that you only really need one element of. Custom software means all your interests are combined in one secure bundle in an environment shaped by your needs.