Monthly Archives: May 2017

Choose the most secure CMS from Drupal, Joomla, WordPress

If you are planning to create a website for your business, you might feel overwhelmed by the options available. Most small and medium business owners usually prefer a website where they can update the content without contacting a developer team every time, hence a Content Management System (CMS) is a logical choice.
When it comes to PHP CMS’s, there are three most popular : WordPress, Joomla and Drupal. Choosing a CMS is an important decision that can have huge repercussions for your website. All three of them have a lot in common, but they still have their own pros and cons. Here’s a comparison of WordPress, Drupal and Joomla to find out which is the best for your website.
Drupal
Drupal has always been very much serious about security. They say that Drupal is designed to handle the gravest of internet vulnerabilities. It’s security has the capability to prevent the website from crashing under vulnerable circumstances. Many leading brands, corporations, and even governments rely on Drupal to build critical applications and websites.
Drupal has a very large developer community across the globe, ensuring a faster response to any issues supported by a dedicated security team and efficient service provider system. Robust coding standards and a diligent process of community code review also help in preventing many security issues. Here are some features that make Drupal the undeniable winner when it comes to security.
User Access Control
Drupal gives the administrator complete control over who can access their website. The administrator can create a role for the users and provide permission for the specific purpose.
Password Access
The passwords for Drupal accounts are encrypted well before they are stored in their database. Drupal supports a wide range of password policies like complex, minimum length, expiration, etc. Standard authentication practices in the Industry, which include 2-Factor Authentication and SSL, are also supported by Drupal. Single Sign-on systems including LDAP, SAML, OpenID, and Shibboleth are combined with Drupal in its production applications.
Database Encryption
The Database Encryption is also available in Drupal to increase the security of the platform. Also you can encrypt the database partially to protect only specific information leaving genral information unencrypted to reduce the load. This is helpful if you want to protect some specific information only.
Brute Force Detection
Drupal can detect and provide protection against the brute-force attacks on passwords. This is done by limiting the login attempts from a single IP address over a definite period of time. The administrator can view all the failed attempts. Also Drupal can be configured to ban individual IP’s and range of addresses.
Malicious Data Entry
Drupal’s API ensures that every data entered into the database is validated before storing. Drupal prevents CSRF (Cross Site Request Forgery) attacks as it injects tokens into forms when they are generated.
Reduced Possibility of DoS Attacks
Denial of Service attacks is reduced due to the extensible cache layer that is preconfigured with CSS caches, javascript, and basic page. Performance technologies like Redis, Memcache, etc can be deeply integrated with the system. A common feature is a granular expiry. A multi-layered cache framework is suitable for a website that receives high traffic.
WordPress
WordPress is undoubtedly the most popular CMS on the planet, and for this reason it is exposed to a constant attention from hackers. The WordPress security team is made up of 25 experts, including lead developers and security researchers. A number that seems low, given the number of sites running off WordPress is around 75 million and accumulates up to 27% of the entire net.
WordPress offers enhanced security for members for their paid service – WordPress VIP. By paying for the VIP treatment, a dedicated group will do an in-depth code review to seek out vulnerabilities. They will also guide customers with suggestions for best practices in development to make sure that the site will continue to live on without significant maintenance costs or major issues.
The major security vulnerability with WordPress, and most CMS, is the entry points created using third party plug-ins and extensions, which make up 56% of known vulnerabilities in WP. Overall, the security is at the level it needs to be to protect such a vast number of sites, and security suggestions are updated frequently by the maintenance team to guide users on the best security practices.

Joomla
Joomla is an easy-to-use CMS that appeals to those who may have limited experience and knowledge in managing content online, or who may be looking for a simple CMS solution. This means that even though Joomla’s core is highly secure, there is pitfalls users can fall into when implementing their system without appropriately configuring all system components.
Documentation made readily available by Joomla encourages users to focus on what they can do to improve their system security, as opposed to just relying on the system itself. It is worth noting that Joomla has the least amount of individuals on their security team with just 13 people, but provides solid information to individuals using their services to configure security in the appropriate way.
Conclusion
You can conclude from this comparison that Drupal does take solid care of the security of its users. Although Joomla and WordPress are serious about security as well, Drupal is suitable for the websites that require tough security. This is the reason that many government websites trust Drupal for website development. The system updates help to provide better protection, so make sure you keep your PHP CMS updated. Joomla and WordPress use commercial plugins that are known to be insecure. Drupal’s dedicated team for the purpose ensures better security.
Watch our work at http://www.supertroninfotech.in/showcase.php and get customised solution for your business.

Modern Apps : Native Apps vs. Hybrid Apps vs. HTML5


Screens are small, apps are big, and life as we know it is on its head again. In a world that’s increasingly social and open, mobile apps play a vital role, and have changed the focus from what’s on the Web, to the apps on our mobile device. Mobile apps are no longer an option, they’re an imperative. You need a mobile app, but where do you start? There are many factors that play a part in your mobile strategy, such as your team’s development skills, required device functionality, the importance of security, offline capability, interoperability, etc., that must be taken into account. In the end, it’s not just a question of what your app will do, but how you’ll get it there.

  • Native apps are specific to a given mobile platform (iOS or Android) using the development tools and language that the respective platform supports (e.g., Xcode and Objective-C with iOS, Android Studio and Java with Android). Native apps look and perform the best.
  • HTML5 apps use standard web technologies—typically HTML5, JavaScript and CSS. This write-once-run-anywhere approach to mobile development creates cross-platform mobile applications that work on multiple devices. While developers can create sophisticated apps with HTML5 and JavaScript alone, some vital limitations remain at the time of this writing, specifically session management, secure offline storage, and access to native device functionality (camera, calendar, geo-location, etc.)
  • Hybrid apps make it possible to embed HTML5 apps inside a thin native container, combining the best (and worst) elements of native and HTML5 apps.

Native Mobile Applications :
In a nutshell, native apps provide the best usability, the best features, and the best overall mobile experience. There are some things you only get with native apps:
Multi touch – double taps, pinch-spread, and other compound UI gestures
Fast graphics API – the native platform gives you the fastest graphics, which may not be a big deal if you’re showing a static screen with only a few elements, or a very big deal if you’re using a lot of data and require a fast refresh.
Fluid animation – related to the fast graphics API is the ability to have fluid animation. This is especially important in gaming, highly interactive reporting, or intensely computational algorithms for transforming photos and sounds.
Built-in components – The camera, address book, geo-location, and other features native to the device can be seamlessly integrated into mobile apps. Another important built-in components is encrypted storage, but more about that later.
Ease of use – The native platform is what people are accustomed to, and so when you add that familiarity with all of the native features they expect, you have an app that’s just plain easier to use.
Documentation – There are over 2500 books alone for iOS and Android development, with many more articles, blog posts, and detailed technical threads on sites like Stack Overflow.
HTML5 Mobile Applications :
An HTML5 mobile app is basically a web page, or series of web pages, that are designed to work on a tiny screen. As such, HTML5 apps are device agnostic and can be opened with any modern mobile browser. And because your content is on the web, it’s searchable, which can be a huge benefit depending on the app (shopping, for example).
An important part of the “write-once-run-anywhere” HTML5 methodology is that distribution and support is much easier than for native apps. Need to make a bug fix or add features? Done and deployed for all users. For a native app, there are longer development and testing cycles, after which the consumer typically must log into a store and download a new version to get the latest fix.
In the last year, HTML5 has emerged as a very popular way for building mobile applications. Multiple UI frameworks are available for solving some of the most complex problems that no developer wants to reinvent. iScroll does a phenomenal job of emulating momentum style scrolling. JQuery Mobile and Sencha Touch provide elegant mobile components, with hundreds if not thousands of plugins that offer everything from carousels to super elaborate controls.
So if HTML5 apps are easier to develop, easier to support, and can reach the widest range of devices, where do these apps lose out? We already reviewed the major benefits of native development, so we’ll just reiterate that you can’t access native features on the device. Users won’t have the familiarity of the native look and feel, or be able to use compound gestures they are familiar with. But strides are being made on all fronts, and more and more functionality is supported by browsers all the time.
Hybrid Mobile Applications :
Hybrid development combines the best (or worst) of both the native and HTML5 worlds. We define hybrid as a web app, primarily built using HTML5 and JavaScript, that is then wrapped inside a thin native container that provides access to native platform features. PhoneGap is an example of the most popular container for creating hybrid mobile apps.
For the most part, hybrid apps provide the best of both worlds. Existing web developers that have become gurus at optimizing JavaScript, pushing CSS to create beautiful layouts, and writing compliant HTML code that works on any platform can now create sophisticated mobile applications that don’t sacrifice the cool native capabilities. In certain circumstances, native developers can write plugins for tasks like image processing, but in cases like this, the devil is in the details.
On iOS, the embedded web browser or the UI Web View is not identical to the Safari browser. While the differences are minor, they can cause debugging headaches. That’s why it pays off to invest in popular frameworks that have addressed all of the limitations.
You know that native apps are installed on the device, while HTML5 apps reside on a Web server, so you might be wondering if hybrid apps store their files on the device or on a server? Yes. In fact there are two ways to implement a hybrid app.
Local – You can package HTML and JavaScript code inside the mobile application binary, in a manner similar to the structure of a native application. In this scenario you use REST APIs to move data back and forth between the device and the cloud.
Server – Alternatively you can implement the full web application from the server (with optional caching for better performance), simply using the container as a thin shell over the UI Web view.
Looking for developing your Mobile App? Just have a look at our work.

Supertron flaunts Bangaliyana in style


It was a new Bengali year and as always, when it comes to celebration, who better than Supertronites? The Supertronites with their Super energy can pull off any occasion in a much better way. It was 15th of April, 2017 and it was the day of Bangaliana for Supertronites.
Freshly printed calendars with the scent of ink and new paper, boxes of sweets and the forbidden cold drinks on the lap of an indulgent foodie, this is what the personal nostalgia of the Bengali New Year’s Day is. Poila Boishakh/Baisakh celebrations are usually on full swing all over Kolkata. Non-Bengalis also take a dig as it is the best time of the year for some sinful and scrumptious gourmet indulgence.So Supertron made sure they keep no cards unturned when it comes to Poila Baisakh celebration.
It was the morning of poila baisakh, when the ladies, clad in sarees and the gentlemen looking dapper in kurta, entered the office premises. The whole office was chirping with joy and the work for the day took the backseat as everyone was pumped up for the events of the day. The ladies in the office manage to have a pizza party at the stairs as well. It was very evident that celebrations were doing the rounds in the office floor. As the time passed, people became busy to wrap up their work. The HR, Ms. Payeli Sen Majumdar had announced that there will be enough games to make it up for everyone. And as the clock struck 5, it was a prolonged “peeeeeeeep” sound around the office as everyone was shutting down their workspace. Our CEO, Mr. Sanjay Chaudhary was present with his whole family. His daughter and son, Shrachi and Akshat has planned few games for the employees while ma’am, Mrs. Nidhi Chaudhury helped them with the procedure. The set of game comprises of “Guess the Movie Name”, “Crossword” and “Housie”. The employees had to guess the movie names by seeing a shot from that movie. It was one hilarious task when the employees were looking for option to cheat but Nidhi Ma’am and Shrachi was keen to supervise that no one is looking over anyone’s shoulder. The Digital Marketing Associate, Ms. Madhumita Dutta won the game with a score of 18 out of 20. And both the Web Designer Ms. Sinchita Chaudhury and Ms. Sudipa Sengupta shared the 2nd place with a score of 16 out of 20. Then it was the turn for the crosswords to be solved. 4 groups were made. They were put in a group, alphabetically. All the clues were set against some technological terms and funnily the winning team won it with a margin of 0.5 marks as they had written a half term. And at last, it was turn for the biggie, The Housie. The game tested everyone’s luck as the Business Development Manager, Mr. Ajay Kanodia and Senior Web Developer, Proenjit Paul walked away with 2 prizes and the HR Manager, Ms. Payeli Sen Majumdar and Andriod Developer Mr. Avik Sutar got one each.
Next it was the turn for Mr. Supertronite and Ms. Supertronite pageant, which was won by Graphic Designer Mr. Mukund Jha and jointly by again the beautiful Web Designers, Ms. Sinchita Chaudhury and Mrs. Sharmistha Adhikari Chatterjee. As the time was nearing towards the ending, it was time for appraisal. The employees, who have completed more than a year at Supertron, were greeted with a gift and certificate of appreciation. All the new employees as well as the old ones, shared their experience with Supertron and then it was turn for our CEO, Mr. Sanjay Chaudhary, to share his experience of working with such a bunch of talented yet humble employees. It was a very emotional moment when he did not even left the office boy apart. This is the essence of Poila Baisakh and this is the spirit of Supertron family that binds us together. The evening ended with snacks, cold drinks and music and a promise of seeing many such events together.