Do we do vulnerability testing?
The short answer is yes, but the real question is, is that enough? After all, you, as a developer, create software with the help of our tool and add your code, so eventually, the absolute safety of the application is a combination of both. PHsPeed has a lot of protection built in. There are several tokens, like CSRF, and there is protection against XSS and SQL injection. We try to keep up with the libraries we use to avoid introducing vulnerabilities.
Automated vulnerability tools of commercial parties can scan your website. Some parties can scan your code, and you pay per line of code. That makes it quite expensive, and it never replaces the work of a real ethical hacker. But there are ways that you can use to verify the created project for vulnerabilities, and I like to show you the results of ZAP, an open source and free tool from the OWASP community. This tool is able to scan your project and I will explain the result of one of our applications here.
This is the customer portal that you find on our website. In the next screenshot you see the result of a ZAP scan:
If you want to do something similar then download ZAP from the OWASP website, and use localhost:8010/your application to scan. So what does the scan tell us?
There are 18 notifications. So let's look into them one by one:
Conclusion. The application we tested has no High-risk items, a few medium risks (due to the fact that the web server used is configured for development and testing and a library with a newer version), and a few low-risk items. Considering the result, updating the libraries fixes all issues here.
The main question is now, is the application safe? Well, to a certain extent. No application is 100% safe, and this is an automated test. It is helpful, but an actual penetration test by an ethical hacker is always advised, especially if you manage critical data. But it is obvious that we do our checks often and are continuously aware of threats. But in the end, you, as a user, are creating applications. Therefore you have your own responsibility to verify the quality of the result. No 2 applications will be the same; therefore, ALWAYS do your own testing! If you have vulnerabilities that you believe are the result of some mishap in our code, report these, and we will do our utmost best to fix them with #1 priority.
Happy coding!
The release of PHP 8.2 is prosponed until half of December, and PHsPeed 3.0 is getting mature for release.
As we already support PHP 8.2, it is not an official PHP release yet. But you can use it for testing purposes, and we recently upgraded our runtime to replace some deprecated functions. The official support for PHP 8.2 within PHsPeed will be PHsPeed version 3.0. This version is currently under test and is planned for release in early 2023. But if you write your application for PHP 8.2, then deploying should not bring issues.
We are working hard on our 3.0 release, which brings a new ribbon-based user interface among some cool new features. In this post, we will mention the most important. With a small disclaimer, it is always possible that we have to skip a feature if our test procedure brings issues. But, so far so good.
To start with the new user interface, look at the next screenshot.
The new ribbon is context-sensitive and will change depending on the action you select and replaces all (sub) menus. Some items have been relocated, and the double functions removed. Our internal developers are quite enthusiastic as they believe that the user interface is more modern, and clean, and functions are more easily found. We hope that you will have the same experience.
The form reveals one of the new features you can expect, an N:M lookup. In this sample, we have a few tables containing persons, pets, and persons with pets. By defining a master-detail between the persons and persons with pets, you can define a lookup on pets. Here we use a multi-select. PHsPeed will apply the changes to the detail record depending on the checkboxes. In this case, you do not need a dedicated toolbar for the detail, as you can define the component to 'listen' to the master data source. You can do similar things with a double-select box.
The definition is done the same way, this is only a different component.
Another feature that is in high demand is an editable grid. Currently we are still building on this, but we expect to be able to release this feature in version 3.0, but for sure in version 3.1.
This feature is implemented as a new feature within the database grid. It also allows the user to add several records at the same time. We are excited about these new features as we close the gap(s) that many of our users reported and were the highest in demand. But please inform us what features you miss and would like to see implemented in release 3.1.
Then a small notice about some questions we got from a few potential users. As you can find elsewhere on our website, we do not provide promotions. If we did so, for instance, around black Friday, we would annoy customers who might have bought the product for a higher price. Or prevent customers from buying and waiting for a better bargain. We want to provide the best product for a fair price, and we need the revenues that PHsPeed brings us. No surprises. When you buy PHsPeed, you know what you are buying and how much it costs. For now and in the years to follow. We believe it is not the art of finding new customers but keeping them!
Final beta tests are running...
Now the final test is in progress, we can announce that we will release PHsPeed version 2.3 shortly. As written before, this is a major maintenance release, and the focus was to make the product more future-proof. The applied changes allow us to update parts of the software without creating the full package. Thus making it possible to have more intermediate updates when applicable.
An overview of the new release can now be found in a new section of our website: release notes.
PHP 8.2
Version 2.3 also deploys an initial release of PHP 8.2. Because PHP 8.2 is in development, and the same goes for XDebug you can expect issues. Currently, you can select PHP 8.2 and test your application(s). But PHPMyAdmin, currently does not run under PHP 8.2, and XDebug is not functional. But we will update the modules when they come out. Formal support of PHP 8.2 is expected in the release in January.
Customer Portal
Soon we will deploy our customer portal. This will enable you to view your registration and licenses and to buy/upgrade PHsPeed. In the near future, we will add more functionality.
Roadmap
In the bug tracker are a number of feature requests. We will move them into a separate section, and try to address them. The fact is that we will continue to work on the wizards that allow you to create code-less applications. It is well known that our policy remains to work on applications that require as less code as possible, but that we still believe that developers are needed to finetune and model an application around the business rules. Yes, many managers believe that the users have to learn to adapt to what the application brings, and that software development is too expensive to maintain. But when end-users are not working efficiently, or in an 80-20 model, this will easily lead to less motivation, complaints, ill employees, and can lead to increasing costs. With PHsPeed we try to increase the productivity of developers, with full focus on your end-users.
Customer connection
We are very interested in your opinion about PHsPeed, the good and the bad. We welcome ideas from our customer pool to make the product better. Our increasing customer pool is a real motivation to continue improving the product. If you are a customer and reading this, our forum is a good place to communicate. Consider using the forum if your question could help the community. For fast response, the service desk will always be available.
Happy coding!