News

WaveMaker Boosts Security in RAD Platform

• By David Ramel
• July 18, 2016

WaveMaker Inc. added a security feature to its rapid application development (RAD) platform designed for quickly creating and deploying mobile and Web apps.

The Mountain View, Calif., company announced its namesake RAD platform now supports the development of apps featuring Single Sign-on using Central Authentication Server (CAS), so users need only provide a UserID and password once to access multiple applications.

In announcing the additional security measure, WaveMaker emphasized the already built-in security in its platform, as opposed to a complete bolt-on-afterward approach. That emphasis on security, the company said, puts it in a unique position.

"Unlike other vendors of RAD platforms, WaveMaker's focus on security extends beyond the application and to the APIs (Application Programming Interfaces) that allow multiple applications to link and interoperate," the company said in a statement last Thursday. "WaveMaker is the only RAD platform that allows developers to build native microservices-based applications, and today's release introduces token-based authentication for APIs, allowing API keys to be generated rapidly for consumption by other applications."

Furthermore, the company indicated, its emphasis on security means the platform now meets the standards set by the Open Web Application Security Project (OWASP) to address the top 10 Web app vulnerabilities.

"For its part in pinpointing major network vulnerabilities, OWASP has become a critical, yet often overlooked, asset to application developers," WaveMaker said. "The OWASP Top 10 represents a broad consensus of the most critical Web application security flaws -- gaps in security that are often easy for malicious actors to detect and exploit. By certifying compliance with the OWASP Top 10 list, WaveMaker assures developers that the applications they create with WaveMaker will comply with the directives of OWASP."

That list, currently being updated, features the following in its 2013 rendition:

• Injection
• Broken Authentication and Session Management
• Cross-Site Scripting (XSS)
• Insecure Direct Object References
• Security Misconfiguration
• Sensitive Data Exposure
• Missing Function Level Access Control
• Cross-Site Request Forgery (CSRF)
• Using Components with Known Vulnerabilities
• Unvalidated Redirects and Forwards

"Security was once an afterthought in application design, but those days are long past," said CEO Vijay Pullur in a statement. "Still, vestiges of those days remain, as the primary objective of application design, in the eyes of most developers, is to ensure that the application performs continuously and under heavy demand. But security cannot be exempted from that objective. That's why WaveMaker believes that security must be a cornerstone of good application design, and a major component in ensuring software quality before an app goes live."

The WaveMaker platform leverages templates, themes and "prefab" reusable micro apps to help developers create responsive hybrid mobile apps through the use of Apache Cordova cross-platform technology. On the back end, developers can visually create new data models or edit existing models, and use REST and SOAP Web services for API integration. The tool also facilitates creating responsive Web apps.

The WaveMaker platform is available as an online hosted service or as licensed on-premises software, with a single-developer online plan starting at $99 per month.