Is it worthwhile to make a certificate with Java

Is it worthwhile to make a certificate with Java, and if so, which one?

Many technology companies have their own certification programs to test their knowledge and ensure that the certificate holder has the right level of knowledge and skills. In addition to other well-known companies such as Microsoft, VMware, IBM or Cisco, Oracle also offers a comprehensive certification scheme for its own products and technologies. With the acquisition of Sun in 2009, Oracle also took over the Java certification program, along with the famous SCJP (Sun Java Certified Programmer) exam, to adapt the certification to its own standards, such as those used for the Oracle database.

The sense of certification

Is it worth taking exams and obtaining certificates at all? Certificates for Java programmers do not have any formal meaning. They do not give, like an engineer’s or master’s degree, higher education, nor do they give any professional qualifications required by law, such as an electrician’s degree. The certificate is simply an objective confirmation that the person knows the Java language and is able to program it at a certain level.

Java certificates may therefore be one of the guidelines for employers when it is difficult to document their competences with experience in projects and references or when the experience is related to other technologies. Acquiring a certificate is also a positive proof of commitment to one’s own development.

There are times when a certificate is required for certain grants and tendering procedures. It is worth noting at this point that the OCP certificate for Java SE is a required step before obtaining expert certificates from Java EE technology (e.g. Web Service, EJB, JPA).

We have to admit that Oracle exams do indeed test well the knowledge of Java programming. A random person, who has no idea about programming, has no chance to pass this type of exam on the principle of “chew, pass, forget”, because apart from knowing the names of different classes and methods, one has to understand programming first of all. Even the basic level will be difficult to pass to programmers of other languages who do not know the specificity of the Java language. On the other hand, programming practice itself, especially when it is based mainly on using frameworks, and rarely on working from scratch, may also not be enough, because exams refer to the most basic elements, and questions can be really detailed.

Focusing on the foundations of the Java language and platform and “details”, and the lack of reference to practice (especially frameworks, with Spring at the forefront) is the most common criticism of Oracle exams. A programmer may think: “Why do I need to know if it will be compiled, after all, I will see the bug in the editor, and the IDE will tell me how to fix it”. That’s true, but a thorough understanding of the Java mechanisms allows us to look at the operation of even larger systems in a completely different way. We have a feeling that we understand how it works and nothing will surprise us…. And the knowledge of frameworks and practical aspects of programming still has to be confirmed by working in a real project.

Article about application security

Best Practices for Web Application Security

It is said that “a chain is only as strong as its weakest link”. In terms of Web application security we might consider the end user as the main point of vulnerability.
However, there are methods that can be implemented to reduce the chance of running into web application security problems.

According to cluth these are the top five types of web app attacks.

Top 5 Types of Web App Attacks (Q2 2017)

In this post, we’ve rounded up five particularly important web application security best practices to keep in mind as you harden your web security.

XSS (Cross Site Scripting)

XSS vulnerabilities arise where web applications dynamically include data from users without proper validation. Using JavaScript embedded on a web page, a malicious user can control the victim’s browser bypassing normal security restrictions. To protect against XSS, all scripting tags should be encoded and validated on server-side. Frameworks like JSF provide components for an easy XSS protection.

SQL Injection

SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database. To mitigate vulnerability to SQL injection, every input provided by user should be escaped by special characters. Limiting the permissions on the database to only what is needed may help reduce the effectiveness of potential SQL injection attack.

Vulnerable Data

Any critical data stored in the database must always be encrypted. The same goes for communication between backend and frontend in your application. It is worth to note that confidential data should not be passed via GET requests.

Security Misconfigurations

Security misconfigurations are still common even in the enterprise environment. They occur when a system or database administrator does not properly configure framework of an application or server. Running security scans on a consistent schedule can help stop potential leaks. Also remember to run applications with least privileges and keep files for your Web application in a folder below the application root. Users shouldn’t be able to specify a path for any file access in your application. This helps to prevent users from getting access to the root of your server.

Using Components With Known Vulnerabilities

Vulnerabilities in third-party libraries and software are extremely common and could be used to compromise the security of systems using the software. Since it is virtually impossible to write all the code by yourself, keep in mind that regularly upgrading components to new versions is critical. Tools like OWASP Dependency-Check will help you identify project dependencies and check if there are any known, publicly disclosed, vulnerabilities.

Article about outsourcing in IT

Here is why You should consider Java

When you decide to develop a robust software which is going to be used and maintained for many years, it is important to choose proper technology stack. Having that in mind, experienced developers often choose Java for enterprise applications like web banking systems. Compared to other languages, Java definitely stands out in many aspects.

Here are five reasons why Java is a great fit for enterprise application development.

Statically typed

Static typing enables earlier detection of programming mistakes, better documentation in the form of type signatures, increased runtime efficiency and a better design time developer experience. Statically typed nature is advantageous in huge projects that many people work on.

Platform independent

Java is cross-platform as the compiled Java program can be run on all the platforms for which there is a Java Virtual Machine (JVM). What is JVM and why is it needed? JVM is a special software that serves as a translator from bytecode to the language of machine codes. Different devices speak different dialects of machine codes. With most languages you have to translate the program into each dialect separately. With Java it is not a problem anymore.


A program written in Java runs inside virtual machine, hence it is isolated from the operating system. The platform provides a security manager which allows users to run untrusted bytecode in a “sandboxed” environment designed to protect them from malicious or poorly written software by preventing the untrusted code from accessing certain platform features and APIs.

Mature ecosystem

Enterprise applications facilitate a wide range of business processes including data and operations management and resource planning. Java offers a lot of tools, libraries and ODEs that are contributed by Google and other organizations, enabling developers to easily design and implement anything. Many great frameworks like Spring, Struts, JSP, JSF and so on can be used while developing a Java project. That combined with awesome dev tools such as IntelliJ or Android Studio makes whole development process a great experience.

Large talent pool

According to Stack Overflow Java is the fifth most popular programming language and the second if we exclude CSS, HTML and SQL. Java is over 20 years old and is used by millions of developers and billions of devices worldwide.

The most popular programming languages according to Stack Overflow.

The most popular programming languages according to Stack Overflow.


All Android apps are based on Java and majority of Fortune 500 companies use Java as a server-side language for backend development. With new versions released frequently, Java is an obvious choice for forward-thinking enterprise.

5 tips how to make smart outsourcing in IT

5 tips how to make smart outsourcing in IT

  1. Look at the company’s experience.

One of the most important aspects is the company’s experience and its presence on the market. If a software house has a long lasting experience in both big and small projects for the most significant institutions, as well as for small businesses, it can also be a reliable partner in outsourcing.

  1. Programists’ experience and skills

The key in making good projects are people. Always ask the company for CVs of programmers and analyse who will be the best to join for this project.

Review if people you are going to take for a project have enough experience.  Software companies often offer: Junior, Medior and Senior developer to outsource so it is worth to analyse if a programmer who is classified as a Senior actually has these competences . Focus on personality and communication skills, check if a person will easily adapt to your current team.

  1. Distance and time zones.

It is also worth to look at the distance and time zone of your potential contractor. You have to take into account if your working hours are flexible enough to work with somebody from different time zone. Think about your needs. Do you need to have personal meetings with a whole team? Maybe you want to have all the hired people in your office?

  1. Tools

Ask the company about the tools which they are using. Redmine, Basecamp, Slack, Facebook etc. – there are many  tools which can be used to communicate in IT world and it also matters in cooperation between two companies. If one company is using only Basecamp and the other one is using Redmine and Slack it can take some time to get used to new tools.

  1. Wages

Do not overpay. In software development costs of two identical IT systems made by two different companies can vary by nearly 100%, so make an in-depth research if paying extra money will bring higher quality.