As Africa’s youth embrace the development opportunities presented by new technologies and infrastructure, young developers must remain cognizant of the need to build applications with the ‘bad guys’ in mind.
This is according to Nigerian full-stack developer and DevOps Engineer Neo Ighodaro, who is chief technology officer at hotels.ng, the biggest online booking platform in Nigeria, as well as Ambassador at Auth0 and the organiser of LaravelNigeria meetup.
Neo, who will travel to South Africa for the first time later this year to present at the annual developer community DevConf, says security has to be a key consideration when building applications. “And early in your application is the best time to think about security. It costs a great deal more to mitigate risk after the application is complete and becoming popular in the market,” he says.
Neo reports that in Nigeria, the development ecosystem is thriving; particularly as young innovators discover that the barriers to entry are relatively low. “All you really need is a laptop and connectivity, so we’re seeing more youth taking advantage of the opportunities. We are seeing a change in mindset, with less talk about joblessness and more people using technology to help themselves learn and develop,” he says.
But the proliferation of relatively inexperienced developers, along with the fact that few high-profile hacks have taken place in Nigeria, could mean developers have a false sense of security when they build their applications.
“Twelve years ago, developers didn’t have easy access to the developer tools and frameworks, so we built applications from scratch and we had to think about security from the outset. Now, the tools and frameworks are widely available, and developers may have a false sense of security – believing the necessary security features are already embedded. Younger developers, in particular, can be so enthusiastic about building the product that they overlook possible vulnerabilities,” he says.
“When I conduct security audits for clients, I often feel that the developers gave very little thought to security. But it’s important and costs virtually nothing to embed security features early in development,” he says.
One area that is particularly vulnerable, he says, is the server, along with a tendency to build on top of outdated software and infrastructure. “Because people are building on vulnerable systems, it only takes one idle teenager with time on his hands to exploit the vulnerabilities.”
Neo’s talk at DevConf, entitled ‘Building for the bad guys’, will outline both commonly known and lesser-known exploits and how developers can mitigate the risks. The session will target beginner and intermediate developers, showing them the low-hanging fruits that cost absolutely nothing to fix; as well as outlining more advanced measures to mitigate attacks.
DevConf 2018, South Africa’s premier developers’ conference, will see over 1100 developers participating at the events in Cape Town and Johannesburg in March this year. DevConf Johannesburg will be held at the Birchwood Hotel & OR Tambo Conference Centre on 27 March 2018, and DevConf Cape Town will be held at The River Club on 29 March 2018. The Cape Town event is sold out. DevConf has increased capacity for the Johannesburg conference. An additional 80 tickets have been made available and bookings can be made at www.devconf.co.za