Application Security Testing: An Integral Part of DevOps
This article is an expansion on the editorial I wrote for the November 2, 2004 CodeGuru eNewsletter.
You've heard me say in the past that you should separate your application's logic from the user interface. Never has it been clearer as to how important this separation is going to be than when you look at what is happening in the mobile device market, more specifically the cell phone market.
I attended the CTIA conference in San Francisco. This conference focuses on mobile and wireless technologies. While you might believe that mobile development is not an area that impacts you, I continue to recommend that you consider it anyway. You may find that within the next two to five years that this area could impact you as the computer industry evolves.
As I mentioned in my editorial, the cell phones being built today have equivalent power and storage to a desktop PC from 1998. The speed of the phone's processor is at the 1998 desktop level. The amount of memory and storage space are potentially greater.
With the next evolutions of these devices (approximately one to three years), the power is going to be even greater. It was even mentioned at CTIA that future phones will most likely be dual processor devices with even more overall power. There is expected to be a low-powered processor for standard phone functions and for standby mode, and a second, high-powered processor (think 1.0 GHz or greater) for the more intense applications being run on the phone.
Wireless technology is evolving also. In the next few years, we should see wireless transmitters that work across miles instead of across yards. As wires go away and as numerous options open for user interfaces, we are going to see some interesting applications being built.
One thing is for sure: Phones are small devices with big potential for developers. After all, after an ID and keys, the cell phone is the next thing most people always take with them. This makes a potentially large market for applications that can interface with them.
Learning from Today's Games
The two areas where cell phones have gotten the most attraction today is SMS and games. In the United States, the use of simple messaging is not as popular as in other countries. Games, however, seem to be popular everywhere. The average developer isn't going to be building games. Regardless, games are pushing what is being done in phone applications today.
I mentioned two games in my editorial in the CodeGuru newsletter. I'll mention them again here because they indicate the level that applications have already reached in phones today. Additionally, the Swordfish application indicates things that can be done with a cell phone that can't be done in a "desktop" application. I'll leave it for you to ponder how features of these applications could be applied to other, more enterprise applications.
SwordFish: Fishing with a Cell Phone
I listened to a description of a fishing game that is becoming popular in Canada. My conclusion after hearing the description was that words alone cannot always describe something!
Swordfish is played using a cell phone that contains GPS (global positioning). The fish are virtual and are all around you. It is interesting hearing this game described without any visuals, but seeing is believing. Fortunately, I've included two images for you that were provided by Blister Entertainment.
Figure 1: Schools of virtual swordfish in the area.
To catch a fish, you need to locate schools of fish. You locate them by moving and using your phone. The cell phone acts similarly to a standard (real) fish finder in that it will show where there are groupings of fish. Figure 1 shows this. You are located in the center of the screen. The dashed circle shows your range. You have to move (physically) to get schools of fish into your range. The image shows a school of small fish is in range. It also shows several other schools of fish around.
The fish will move around as well as act like a real fish would regarding intelligence. If you are moving towards a virtual school of fish, you would expect them to move as well.
Once you find some fish, you can try to catch one. You can cast out your hook and try to catch a big fish. You can choose how far to cast. When you hook a fish, you can use the keys on the phone to reel in the virtual fish. You can control the tension in the "line" from your fishing pole. When you are reeling in a fish, you can expect it to fight a little harder as it gets closer to you in your virtual boat. The tension in your line will adjust accordingly. If your browser supports Flash, the following figure illustrates the display you will see in the game:
This is just a brief overview of the game. You can see the biggest fish that have been caught by checking the high scores online. You can also find more details on the game at www.Blisternet.com. You can find additional details of some of the underlying API technology at wwww.Knowledgewhere.com.
Did I mention that the game can use the phone's vibrate feature as well?
While the fishing game is a bit hard to explain without visuals, a second game is much more straightforward. It was a 3D snowboarding game playable on a Nokia phone. The snowboarding game is a full-fledged 3D game that controlled quite nicely. The graphics, while small, were as good as anything on a Game Boy Advance TM.
Snowboarding is a full-fledged, graphical 3D game on a phone. Not just 3D graphics, but 3D movement. I've seen a number of 2D sidescroller games that have 3D graphics. Just having graphics that look 3D does not make a game 3D!
As developers, it is time to step out of the "desktop monitor" box that we tend to think about when designing application user interfaces. Cell phones are computing devices and they are relatively inexpensive. More importantly, most people carry their phones with them all the time.
Creating games such as the two I've described requires an infrastructure for tapping into the device's features and more. The APIs and standards exist today, or will be publicly available very, very soon. When you combine this with the state of the hardware, it should become obvious that phones have become more than just single-purpose devices for transferring sound across distances.
Developing for cell phones and mobile devices is evolving and will continue to evolve. Whereas applications for phones used to be an area for embedded programmers, this is no longer the case. The tools and APIs have reached a point where they will not seem foreign to you. For Java developers, you'll find that J2ME is just an extension of what you already know. For Microsoft developers, the .NET Compact Framework uses a subset of the .NET Framework that is being used for Web and desktop applications. There are other tools and APIs that are similar as well. You will find that, in a lot of cases, your application logic will be directly portable to a mobile application. Overall, it is no longer a leap to create applications for these devices; rather, it is just a small step.
While the snowboarding game is a pretty standard 3D game, the thing to consider is the power required to run such a game and the device it is running on. 3D is a relatively intensive process to program and run, yet today's cell phones can do it. Additionally, they can do it interactively. This same power and graphics ability can be applied to your applications as well.
The Swordfish game illustrates even more that can be done with these small, portable computing devices. Not only can you present graphics and track information, but you also can do things based on location. When you start thinking about ways to apply GPS technology, there is a ton of additional applications that can be done. Many applications could be personalized to a greater level if you know the location of the user. Just think—when the user causes an error, rather than just popping up an error message, on a cell phone you can cause the whole machine to shake!
Cell phones are computers in a very small, portable package. They do have their limitations; however, many of these are being overcome. With a majority of people having their phones with them, it only make sense that as developers we should tap into this market. As we are building our applications, we should consider new ways to interact with these devices. As external wires go away and as the power of cell phones grow, so too will the available number of applications for these devices grow.
In the meantime, you should be working to disconnect your current applications' logic from the interface. This will increase the likelihood that you'll be able to adapt your applications logic quicker and easier as interfaces change.
# # #