Posts

Using Feature Switches for Code

Code

Using feature switches fore code development is a technique used by software developers or DevOps professionals to turn portions of code on or off without requiring a rebuild of the application.  There can be many reasons for using this technique. Often, a feature may need to be released but is in the same build as a feature that cannot be released.  In other cases important code releases require customer notification that may not have happened yet.  Releasing the code with the ability to turn certain features off can clear it as a work item for the IT team while leaving the business with the flexibility to release the feature at a later date.

Feature switches for the Clearent back end development team typically come in two parts: a configuration setting indicating the state of the feature and a dependency swap or IF statement to switch the behavior out based on the configuration setting.  Here is a simple example of what a feature switch could look like:

Read more

How Our Hosted Payments Page Is Different

Hosted Payment Page 1

Generally, a hosted payments page is a web page your payments provider hosts for you. They aren’t hosting your payments page but rather a generic payments page that your website will use for the payments processing of your eCommerce store, shopping cart, or checkout page. In this case, your customers will come to your website, add products to their shopping cart, pay for their goods and get a confirmation of the completed sale and pending shipment.

The image below shows the typical flow when using a hosted payments page.

Hosted Payments Page Flow

There are many benefits to using a hosted payments page:

  • Reduced PCI scope
    • Because you are not sending financial data to your server your PCI scope is greatly reduced.
  • Ease of implementation
    • Hosted payments pages generally offer much less coding and development time to start accepting payments. This allows you to start accepting payments much faster.
  • Reduced development costs
    • Because development and implementation time is reduced, so is the cost associated with developing a payments solution.

But not all hosted payments pages are created equal. There are also some downsides with using typical hosted payments solutions:

Read more

Why We Use TDD

Love Test Drive Development

Ever since I started working as a developer for Clearent, I’ve been an adamant supporter of Test Driven Development (TDD).  I adopted this development practice a very long time ago and have seen its benefits over and over again.

What is TDD?

Test Driven Development is a coding practice where a developer writes a failing unit test before writing the production code to make the test pass.  Ideally, the unit test is built up slowly, adding a failing test condition that drives the next incremental feature in the code being created.  (We achieve this incremental build-up by practicing a coding pattern called red-green-refactor.)  The design of the code is “discovered” as the test is built-out, and the end product is a well-designed piece of functioning code.  A by-product of this practice is a unit test that can be repeatedly run to ensure future changes don’t break the existing code base.
Read more

PCI Check Up

Clearent PCI

At Clearent, we are starting preparations for our annual PCI audit.  One of the components of the PCI audit is ensuring that web applications guard against the OWASP Top 10 Web Application Vulnerabilities.  I thought this would be a good time to review that list.

The OWASP.org_PDF is the best source of information if you are creating web applications.  Below is a listing of the 10 vulnerabilities and a brief explanation of them.

Top Ten Web Application Vulnerabilities:

  1. Injection: This vulnerability covers all kinds of injection attacks, including SQL injection.  Applications need to ensure that user-entered data can’t modify execution paths of the application itself.  It is important to guard against data coming into the application, as well as data being retrieved by the application.
  2. Broken Authentication and Session Management: Quite often developers create all of their application’s functionality themselves, and introduce bugs.  Authentication and Session management are no different.  If possible, use tried-and-true third party applications to handle these functions.
  3. Cross-Site Scripting (XSS): XSS is a nasty vulnerability that typically hijacks a user’s browser to access a malicious website or to steal data.  Applications generally protect against this flaw by properly escaping data entered through the browser.
  4. Insecure Direct Object References: This vulnerability typically happens when a developer exposes file names, unique identifiers or other “internal” data that would allow an attacker to directly manipulate the system, bypassing data validation checks.
  5. Security Misconfiguration: Not locking down systems, changing default passwords, or keeping software up-to-date causes this vulnerability.  All of these things seem obvious, but if they are obvious to us, they are obvious to attackers as well.
    Read more

My first eCommerce Meetup

eCommerce

I was so excited that I recently received a notification from Meetup.com informing me that an eCommerce meetup had been organized here in St Louis!

It didn’t surprise me that there wasn’t an eCommerce group overview or agenda, because I thought the person who registered the meetup might have been new to the process. It was listed as a technical meetup, so I was excited to see what I could do to help establish the eCommerce groups goals, help formulate future agendas and help line up future sponsors. Initially, only three people had signed up for the eCommerce meetup, as it was a fairly narrow interest, but I had grand hopes of building up the membership.

I thought it was a little unusual that the meeting was going to be held in a higher end neighborhood at the local Hilton, which sounded cool since most of the meetup’s I attend are low budget. So I figured whoever started this meetup had some sponsorship already and was going high-end. Cool, high-end meetup!

Read more

Switching to Distributed Version Control

Distributed Version Control

One of the best parts of being a developer at Clearent is being part of a culture of constant improvement and growth. This culture allows us to consistently improve our payments platform and the products we as developers create for other developers to accept payments. We are not a company that refuses to change simply because “that’s the way we’ve always done it”. Every day is an opportunity to try something new, whether it’s a new framework, a new platform, or a new toolkit. All of this, in the name of creating the best possible payments platform.

A couple years ago, we decided to make the transition from a centralized version control system (subversion) to a distributed version control system (git).  And in that transition was a real opportunity to change the way we use source control.

We started with three assumptions:

  1. Branches are Cheap
  2. Merges are Easy
  3. Conflicts are Rare

If you have only used centralized version control systems (VCS), those first two assumptions sound crazy.  Most of the popular centralized VCSs are either incredibly slow to branch or make it very difficult to manage to multiple branches. We had actually built our own internal tool to help us manage merging our long-lived development branch into our testing and release branches. Version control systems are supposed to be a tool that helps developers do their jobs, but for us it almost more of an obstacle.

Read more

Working Toward Continuous Delivery

continuous delivery

One of the biggest difficulties in software development is deployment.  Figuring out how to package an application, transfer it around, install it, etc. has been a challenge from the dawn of programming.  Continuous delivery is a term used to describe an environment where software flows from a developer into production, through all of the necessary gates, with minimal manual work.  Clearent has always worked to simplify the software deployment process so that we can deliver new features to our customers quickly and efficiently with minimal disruption.  As the underlying technology stack evolves, we are able to move toward a true automated continuous delivery system.

 

Software is typically difficult to release.  The process flow is generally:

  1. A developer creates or makes changes to a piece of software and tests it on a local system.
  2. The software is moved to an integration system to ensure it works with the rest of the software available.
  3. The software is moved into an environment where quality assurance testing can be performed.
  4. The tested software is moved into the production environment.

Read more

10 Common Mistakes in Web Development

 Web-Development

10 Common Mistakes in Web Development

Carl Armbruster

Senior Software Engineer, Clearent LLC.

I began my web development career in 2001. Back then FrontPage was still a thing (although no one actually liked it), websites used “mystery-meat” flash navigation and someone everyone though a splash screen for your website was a good idea. A lot has changed but I still see too many common mistakes web developers make. Here are 10 of the most common mistakes I have noticed when browsing the web and in my own work experience.

Trying to make your company website the next social media sensation

I get it . . . we all have big egos. You are really proud of your bookstore (café, clothing store, candle shop, etc.) – and you should be! It takes a lot of effort to run your business. But your customers generally come to your website for information, not to hang out. You are not Facebook (unless you work on Facebook’s website in which case you are Facebook). Stop it with the animations. Quit with the music automatically playing in the background. Stop making me register just to browse your website.

Not eating your own dog-food

Read more