Latest Posts

The Web Is Not Tomorrow But Today


Over the past 20 years, the web has evolved from a basic document sharing network to a platform capable of doing things we didn’t even know to be possible at the time of its creation. The web has struggled in adapting to its users needs since its inception, and as the web grew many mistakes were made only to be solved later on. Plugins such as Flash and Silverlight were given the chance to dominate the market because the web itself was still crawling and not ready to walk yet. The landscape changed completely when the smartphone revolution had people leaving their desktops (and plugins) behind and settling for a far smaller and less powerful device instead.

What about Mobile?

Nearly 10 years after the original iPhone had people lining up outside of stores, the web has still not conquered the mobile front completely. The ‘mobile’ web’s capabilities are behind that of native apps or even desktop browsers. Flash might have been killed but that didn’t made HTML5 king yet. However, more and more developers are choosing it to develop their mobile experiences. Gartner says by the end of 2016, more than 50 percent of Mobile Apps deployed will be hybrid.

Tools such as React Native and Phonegap (Cordova) offer a great alternative for web developers to use web technologies to build native apps. Hybrid approaches are time- and cost-effective: Rather than build an app from the ground up for each mobile platform, developers can write HTML5-based code once and tweak it to redeploy for iOS, Android, Windows Phone, etc.

Google has also been pushing the web platform forward in many ways. Their own operating system initiative Chrome OS is a prime example of what the web can do, and possibly what the App Store could have been. Chrome OS relies entirely on the web and doesn’t have any sort of native alternative apart from the browser’s JavaScript API’s, which you can use in Chrome Apps. But Chrome OS doesn’t count as mobile, especially since it comes with a desktop grade browser and is only shipped on small laptops, which is why Google has been backing a movement for more usable and native like web apps coined Progressive Web Apps. In theory these work great and this is definitely the direction in which the web should be heading in in the coming years but, for now this is an ideal vision that only really works on Google’s own Chrome for Android browser, so there’s still work to be done there.

The JavaScript Revolution

Although most people still associate JavaScript with Front End Web Development, JavaScript has conquered almost every corner of modern computing. In my opinion, Node is the PHP of the future. Node is easy to learn, easy to install and easy to develop. The only thing lacking for Node.js is widespread hosting options. Web hosting is still just PHP most of the time, but Node.js offer a good opportunity for hosting companies to try something new.

JavaScript is also used in IoT (Internet of Things) and even VR. Johnny Five is a well known JavaScript library that works with nearly all new microcontrollers (or whatever you wish to call them). Tessel is another great example of what JavaScript can achieve. It is not just a library but a whole device that relies on JavaScript.

Around this time last year Mozilla release A-Frame. Although it didn’t get the attention it deserved it is truly an amazing library. Built on top of Three.js A-Frame allows developers to create web based Virtual Reality experiences. I’ve played around with it myself and I have to say that it is a great library. The problem is, VR wasn’t as big as everyone thought (hoped?) it would be. VR may one day become very normal, but it will never get people that excited.


Companies and individuals will always need the web; an app usually contains less content than a website. Take mobile banking for example. You can probably do a lot in the app, but usually not everything. Websites are affordable, accessible and relatively easy to make, and the open source community behind the web has made the web increasingly better in recent years.

Frameworks like jQuery and Bootstrap have made the web more accessible for developers of all skills levels. For a while it looked like Angular was going to be the next big thing. However, the second backwards incompatible installment hasn’t reached the same heights set by its predecessor. There are plenty of other excellent MV* libraries out there; Backbone, Knockout, Ember and Vue just to name a few, so developers have no need to stay with Angular, especially if their old code doesn’t work anymore anyway.

I think it is fair to say that the future of web development will mostly rely on React. The Facebook powered library has taken the web development community by storm and has solidified itself as the go-to library, without overdoing itself like Angular. I think the biggest challenge React will face in the future is widespread adoption. So the real question is, do websites really need React?

Forever Growing

The web is still growing at a steady rate and will continue doing so for a long time to come. As of now an estimated 3.4 billion people use the internet, that is nearly half of the world’s population. As the other half comes online the web will be faced with its biggest demon one more time; browser support. Most of the new users getting online these days live in emerging economies and even third world countries, so they won’t be coming online on a brand new Macbook with Chrome 53 installed. If they’re lucky they’ll have a Samsung Galaxy S2 with an old Android browser.

This leaves web developers with a different problem. How can they make websites accessible to these new users that don’t have the latest features and top speed internet connections? A lot of businesses are probably missing out on a lot of potential users because of this. It is estimated that by 2020 another 350 million people will be using the web in India, that is more than the population of the United States.

From here on

In order to reach these new users, websites will need to be made more lightweight and accessible than ever. Even though it is not a website, a great example of this is YouTube Go, a new lightweight version of YouTube made especially for users like those in India who don’t have access to high speed internet. Notice how they’ve optimized their app to be more usable in these situations through small changes that didn’t cost a lot of time to make. The hardest part is seeing these small details that need to be changed in your app, without being in this position yourself. Google CEO Sundar Pichai recently explained how “solving [problems] for India is inspiring new Google innovations” around the world, so maybe less is more after all. Which why I don’t think React is going to get the widespread worldwide adoption that jQuery has. Not because it isn’t good, but because it just isn’t needed yet.

Future Thoughts

One thing’s for sure, the web is here to stay. The web is an ever-expanding digital realm that has become a huge part of our lives. For post-millennials (the Igen) the web is no longer just a technological innovation, it is a part of who they are. The next war is going to get fought on the web. The next revolution is going to take place on the web. The next leader of the free world is getting chosen on the web right now. However, the web’s best quality is that it is open for everybody. Nobody owns the web, or in contrast, everybody owns the web. But not everybody is cashing in on their ownership rights.

Maybe one day some time from now the difference between being illiterate and literate won’t just be about being able to use words, but being able to code (writing), or at least understand code (reading). It is scary how many people rely on something they don’t even remotely understand. Like Steve Jobs once said, “The smallest company in the world can look as large as the largest company in the world on the web,’ and that is true till this day. More than ever, the web is full of potential. With more and more logic on the client-side, as JavaScript is the language of the Web, you also need to find ways to protect the websites as more threats will come from there.

Recap OWASP AppSecUSA 2016

OWASP’s 13th Annual AppSecUSA Security Conference (held at the Renaissance Washington, DC Downtown Hotel in Washington DC, USA) was an amazing opportunity to discuss security with developers and security experts from across the U.S. and around the world. If you were unable to attend AppSec USA 2016, don’t worry, OWASP recorded all of the sessions, which will eventually be posted on the OWASP YouTube channel. In the meantime, take a look at the major highlights we picked from the event:

1. Fascinating talks

At the conference, we had the chance to watch some compelling talks which followed the 2-days training session. We highlight the talk by James Wickett from Signal SciencesServerless Security: Doing Security in 100 milliseconds”. Very interesting indeed!

Kunal Anand from Prevoty also gave a great talk about Language-theoretic Security (LANGSEC) and how it can be used to protect against threats. Namely, by walking us through the creation of ksql, a minimalistic query language protected by LANGSEC.


2. Jscrambler Booth and Demos

Jscrambler was at Booth #S27 discussing security and demoing our technology to an audience of developers, security and tech professionals. We had the opportunity to speak with over 200 people about topics such as client-side RASP (Runtime Application Self-Protection), JavaScript Application Security, MiTB and DOM-tampering attacks. We had two Demos running at the same time that surely impressed our visitors! If you would like to know more about what we’ve shown there, do contact us here.


3. Ninja Challenge

We were also thrilled to have the opportunity to launch the second OWASP AppSec edition of our Ninja Challenge, an online hacking competition aimed at finding a supreme breed of JavaScript Ninjas. The participants were challenged to show their JavaScript abilities in cracking challenges related with browser security and code protection. They got to try our first level – Shroud of Concealment – adapted especially for this edition of AppSec USA.

Lots of participants showed their skills in reverse-engineering, obfuscation and minification by solving our exercises but the top 3 submissions proved to be the elite Ninjas. At the end of the conference, the grand prize winners of Ninja Challenge were revealed. Congratulations to the winners, who received an awesome drone each from Jscrambler’s CEO, Rui Ribeiro (on the left).


  1. Li-Wey Lu from Illinois, USA
  2. Alex Campos from Buenos Aires, Argentina
  3. Kim Seong from California, USA

4. Space Invaders Giveaway

We had plenty of giveaways to offer at booth S27 during OWASP AppSecUSA 2016. We offered our visitors a chance to be the master of one of our Space Invaders!


5. Top 10 Tweets from AppSecUSA

To recap the event, Signal Sciences have captured what they think are the Top 10 tweets of the event. Check them out here:

Huge thanks to the local OWASP AppSecUSA 2016 organizing team and OWASP staff for delivering such a stimulating conference! It was a pleasure to again sponsor the premier application security conference for developers and security experts and be inspired to continue tackling security challenges in more and more innovative ways.

Getting Started with Angular 2 End To End Testing


There have been many reasons I have held out on adding automated testing to my applications in the past. One of them was not knowing the benefit vs cost ratio. Another is the thought that they would be hard to integrate into existing production applications. How do we go about testing our applications without rewriting them from scratch just to introduce testing into them? Read More

Optimizing React Rendering through Virtualization

Optimizing React Rendering-through Virtualization

Even though React is fairly performant out-of-the-box, sometimes you need to tune it. The most common trick is to implement shouldComponentUpdate lifecycle method so that React can skip rendering based on a custom check. This can be convenient if equality checks against the data happen to be cheap (i.e. you are using some library providing immutable structures).
Sometimes this isn’t enough. Consider rendering thousands of lines of tabular data. It can quickly become a heavy operation even if you have nice checks in place. That is when you need to be more clever and implement a context specific optimization. Read More

The Most Effective Way to Protect Client-Side JavaScript Applications

Protecting JavaScript Applications with Client-Side RASP

There are many useful features in a client-side technology like JavaScript. That’s what made it the most popular programming language in the world. It features many advantages, immediate parsing being one of them. This has benefits, for example, as the browser executes code right as it downloads content. But, with this level of freedom comes responsibility. Read More

How to Store Passwords Safely

how to store passwords safely

Security of users’ passwords is one of the most important aspects of developing your web application. Unfortunately, making a good authentication script, which will safely store your data is not a piece of cake. It’s incredibly easy to get it wrong. The best way is not to store passwords at all, but… sometimes you have to. Let’s think how to make it as safe as possible. Read More

Angular 2 and Typescript conference browser application

Angular 2 and TypeScript logos


Angular 1 has been a phenomenal success in the world of Single-Page Applications (SPA). This was in part due to its simplicity and easy to understand syntax. It was also aided by the fact that it is a Google backed product which instills some level of confidence in developers. After the team at Google decided to come up with version two of the popular framework, they decided to change things drastically. Angular 2 takes a very different approach in building single-page applications. Let this not stop you from diving into it because Angular 2 is geared towards using some of the best tools out there in the industry from some of the most brilliant companies. For example, Angular 2 fully supports typescript as a first class citizen. Even though typescript is not required to use the framework, I must admit that the framework feels easier and more intuitive to use when used with typescript. In addition to that, you tend to write less code. Also, a lot of the examples and blog posts out there are mostly written in typescript, so that alone is a reason to stick to using it when just starting out. Another adoption is the new angular-cli which is based on the already brilliant ember-cli. The command line helps with rapid development and shields you from having to make many small decisions upfront.

In light of that, we will be using typescript and the angular-cli to build a conference browsing application. Read More

Practical data visualization concepts in D3.js

If you’ve ever used Microsoft Excel to visualize data into charts and graphs, you’ve probably also encountered some frustration with popular spreadsheet software. The strategic use of accessible data visualization is not only common sense but also provides a significant competitive advantage. There are entire startups dedicated to building Web Applications that create compelling visual representations based off metrics and various KPI’s. Big data isn’t only valuable to accountants and C-Level executives. Metrics can provide insight into a company’s performance but they really shine when you add a layer of interactivity as you visualize your data. Thanks to Mike Bostock, developers now have an Open Source option for crafting Excel-like data visualizations. We can use D3.js for manipulating documents based on our data and visualizing that same data using SVG’s, HTML and CSS.

At the core of D3 we have a framework that allow us to associate any object or array of data with elements on a page, binding them together for further manipulation. Update data and we visually update the object tied to that data within our document, in real time. We can use any number of visualizations to interpret data, display it as a graph, a chart, an eye catching animated SVG, or as patterns and gradients. These are just the most common examples. Once the data and the object are linked, the possibilities of visualizing them are endless. We’ll cover D3.js version 3, but it has since been updated to 4.0.

Read More