How Yalantis Approaches

Backend Challenges
A guide to some of the most common challenges of backend development
Yalantis Value Proposition

Backend challenges

[ Why we created this
Our clients often ask how we build
applications. More specifically, they want to
know what challenges we face and what
actions we take to overcome them.
Reasonable enough – they want to make
sure they’ll get stable and quality products.
Yalantis Value Proposition
01 / 23
[ [
Questions about backend challenges are probably the most
common. So we’ve brought together all our expertise and prepared
this guide to some of the most common challenges associated with
backend development.
We’ll describe the nature of these challenges and suggest possible
ways to solve them, spicing our explanations with real-life examples.
Backend challenges

[ What’s the backend? [
In general, the backend is the part of a software product that
exists behind the scenes. By contrast, the frontend is what an
end user sees and interacts with – a website, web app, or mobile
app.
The frontend is also referred to as the client side of an
application, whereas the backend is often called the server side.
The frontend is where UI/UX design and client-side scripting
usually happen.
Yalantis Value Proposition
02 / 23
[
The backend supports the frontend of a
product. In other words, the backend is
responsible for an app’s business logic and
calculations and for storing and retrieving data.
The backend usually consists of a backend
application (or backend script), a server, a
database, and APIs (which make
communication between the server and client
possible).
Backend challenges
 03 / 23

1 A site is loaded in a browser from the server

2 Client-side scripts run in the browser and process

requests without call-backs to the server

3 When a call to the database is required JavaScript

and AJAX send requests to the back end

4 The back-end server-side scripts process the request,

pull what they need from the database then send it
back

5 Server-side scripts process the data, then update the

site - populating drop-down menus, loading products
to a page, updating a user profile, and more
Yalantis Value Proposition

[Backend server scripts process requests initiated by a user on the client side, pull information from a
database, and then send results back to the user.]

Backend challenges
 04 / 23

[ Backend challenges and wins [ [

There are a number of challenges associated with building the server side of
an app. We’re going to explain what these backend challenges are and how
we approach them at Yalantis.
Yalantis Value Proposition

Backend challenges
 05 / 23

Security

In most cases, information on the backend is stored on cloud servers.

But without the proper backend infrastructure and security, a server-
side program deployed to a remote server may be exposed to cyber
attacks, which can seriously damage a business and its customers.

Some of the most common security pitfalls according to the Open

Web Application Security Project (OWASP) include injection, broken
authentication and session management, cross-site scripting, and
exposure of sensitive data.
Yalantis Value Proposition

Backend challenges
 06 / 23

How Yalantis approaches security challenges

We follow industry best practices to secure applications and protect businesses and their customers from
possible threats:

• We use only credible, tried-and-tested frameworks • We always apply the latest security updates to
and libraries when developing products. libraries and frameworks.

• We use only the latest versions of frameworks and • We use Amazon Web Services (AWS) as our
libraries. trusted hosting solution.
Yalantis Value Proposition

Backend challenges
 07 / 23

We also carefully follow security guidelines for the services and frameworks that we use to build the backend.
Examples of such guidelines are the Ruby on Rails Security Guide, PostgreSQL Security Guidelines, Angular.js
Security Guide, and AWS Security Best Practices.

Additionally, we follow an established access control procedure that involves setting up a hierarchy of users with
different levels of access to a project and its data as well as to a client’s live servers.

Our DevOps team deploys a secure and healthy server infrastructure for each project.
Before releasing an app, our developers conduct a thorough code security audit – both automated and manual – to
make sure that we deliver a secure product. This is especially important when it comes to apps for domains like
healthcare and finance.
Yalantis Value Proposition

Backend challenges
 08 / 23

( ( We’ve recently been working on a large healthcare project called Optima Curis. Optima is an app that connects doctors with patients so
they can communicate and share sensitive health information. Security was one if the most important concerns for this app.

As part of our compliance with FDA standards for medical app data security, we had to make sure that users only have access to appropriate data
layers in the app. We also needed to make sure that our access control system allows users to access their information both on the web and in the
mobile app. To ensure smooth operation of the access control system, we created a separate module based on the open-source component
CanCan. Other modules request data from this module to understand what level of access users have.

Sometimes, user roles overlap (a doctor in one hospital can be a patient in another hospital), and we had to account for this as well to make sure
the app was HIPAA-compliant (HIPAA, the Health Insurance Portability and Accountability Act, sets standards for protecting patient data). We also
had to store all error tracking and logs on our servers to ensure the security of sensitive data.

Before the release, we carried out a code security review to make sure that Optima didn’t have any security flaws.

( (
We used a proven Rails security scanner called Brakeman to automatically scan our code and detect typical security vulnerabilities such as
SQL injection or SCRF. After that, we carried out a manual code review to identify minor and atypical mistakes. That’s how we confirmed
that Optima is secure.
Yalantis Value Proposition

Backend challenges
 09 / 23

Scalability
In the most general sense, scalability refers to the ability of a system
to successfully adapt to changes over time. In terms of application
development, these changes may, for example, be unexpected spikes
in demand or fluctuating user activity. However, even in such
situations, a product should be capable of meeting demand and
handling the increased workload.

Sometimes, however, it’s hard if not impossible to predict demand

spikes and properly configure your system to respond to them. This is
especially true for startups, as it’s hard to say when exactly they’ll
attract the first huge wave of users.
Yalantis Value Proposition

Backend challenges
 10 / 23

How Yalantis approaches scalability

When defining scalability requirements is impossible, we recommend scaling a system on-demand. By doing
so, we avoid the unpleasant situation when a client throws away lots of money on server capacity that may be
left unused. We take three basic approaches to scaling systems:

1 Using the autoscaling feature

offered by a hosting provider,
which automatically scales server
Yalantis Value Proposition
2 Performing manual code
optimization,
which involves manually analyzing code
3 Application server cloning,
which involves using a load balancer
and creating clusters of application
servers that contain the same codebase

resources as demand grows; to define poorly performing parts and

optimize them; to distribute the workload.

Backend challenges
 11 / 23

Autoscaling gives instant results but costs more money for additional resources. Manual code optimization
doesn’t require additional expenses for server optimization but requires more time and effort to define and
refactor bottlenecks in code. Server cloning requires additional time and resources as well to properly
reorganize the application architecture and ensure scalability.

( ( For several years, we’ve been partnering with a US-based startup that asked us to build a dating app from scratch. The application, called
Bro, has been quite successful, and we still support it.

To our client’s surprise, Bro quickly attracted a significant user base – around 100,000 active users almost instantly after its release – which
affected the overall performance of the product since the app wasn’t prepared for such a load.

To solve this unexpected issue, we used a combination of the first two approaches – instant server scaling and manual code refactoring.
Since we used Amazon Web Services for hosting, we used its amazing Auto Scaling feature. Auto Scaling monitors an application and automatically
adjusts capacity to maintain steady, predictable product performance without affecting users. This bought us some time to carry out code
refactoring.
Yalantis Value Proposition

Backend challenges
 12 / 23

Using Apache JMeter – a tool that’s used to simulate server loads in order to analyze performance – we identified the slowest features in
the project. We then manually analyzed these features to determine why they were so slow. After that, we refactored our code and
deployed optimized code to the server. After achieving stable performance, we stopped using AWS Auto Scaling to save money. ( (
We choose our approach to scaling based on how urgently a product needs to scale. We can mix and match
approaches or use only one – it all depends on you and your business needs.
Yalantis Value Proposition

Backend challenges
 13 / 23

Real-time features
Real-time functionality has become an integral part of many
applications that we use on a regular basis: Twitter, whose feed is
updated when something new is published; Uber, which lets us track
our location as we move; Google Docs, which offers multi-user real-
time collaboration; WhatsApp, which literally made instant
messaging mainstream.

Real-time features have worked their way from fancy to must-have.

Take real-time messaging, for example – today, this feature is
present in almost every app. Even Google Docs lets collaborators
chat with each other without having to leave the app.
Yalantis Value Proposition

Sometimes, however, live chats serve not as an edge feature but

rather as a key functionality. Dating apps are probably the brightest
examples of this.

Backend challenges
 14 / 23

How Yalantis develops real-time features

( So, most dating apps are built around a real-time chat. Take Bro, for example – a dating app you’re already familiar with – where real-
time chat is necessary to provide smooth communication between users.

( To integrate real-time chat in Bro, we used a third-party service called Layer. With Layer, we could implement chat functionality quickly and with
minimal effort. Very soon, however, Bro’s user base started to grow, so we faced a little challenge...

Layer is priced based on an app’s monthly active users and the number of messages they exchange. So as your app’s user base grows, the cost
grows as well (at some point, it reached around $1,000 per month for Bro). We had to help our client avoid this expense.

We decided to integrate our in-house real-time messaging solution built on the Phoenix technology. We prepared a detailed estimate on how
much it would cost to migrate to our Phoenix-based chat, got the green light from the client, and successfully integrated it. As a result, our
(
Yalantis Value Proposition

client now saves up to $1,000 a month.

(
Backend challenges
 15 / 23

Integrating third-party services

Integrating third-party services (i.e. APIs) has become common
practice. APIs let smaller apps benefit from solutions that a startup
couldn’t create on its own. For example, companies can turn to Stripe
or Braintree for payment functionality or use Layer or Pusher to equip
an app with live chat.

Moreover, these third-party integrations may play a significant role in

delivering better user experiences. For example, integrating login via
Facebook, Twitter, or Google+ may significantly save your users’ time
since they can authenticate in just a few clicks.

Our experience shows that your app will likely need at least one third-
Yalantis Value Proposition

party service, whether

Our experience shows a popular
that solution
your app like those
will likely needlisted above
at least one or a
third-
niche
party API.
service, whether a popular solution like those listed above or
a niche API.

Backend challenges
 16 / 23

How Yalantis integrates third-party services

( ( We’ve worked on two projects with particularly tricky integrations. The first project, which was developed for the Gulf region, used a local
payment system. The second, developed for the US, used a special real estate database to parse information.

While the payment gateway had poorly organized public API documentation, the real estate database service didn’t have any public documentation
at all. But the payment gateway also lacked several necessary libraries. On top of that, we had to quickly estimate the scope of work for both of
these projects before starting.

We thoroughly researched how to integrate both of these services at the project planning stage – a time when we elicit requirements, design the
technical architecture, and come up with estimates. This stage usually comes before the actual start of the project.

At the planning stage, we created a prototype of the first project and developed necessary libraries for it. For the second, US-based,

( (
Yalantis Value Proposition

project, we reached out to the payment gateway team and got necessary documentation. This helped us accurately estimate the scope of
work associated with integrating these services and properly plan each project. As a result, we met our budgets and delivered both
projects on time.

Backend challenges
 17 / 23

Working with legacy code

Very often, we have to work with existing projects. As a rule of thumb,
these projects are for businesses that want to either add new features
or completely rework their products and launch new versions.
Sometimes, however, businesses simply want to fix minor bugs.

All of these scenarios require coping with so-called legacy code. And
the quality of this code may vary from excellent to good to terrible or
even barely maintainable.
Yalantis Value Proposition

Backend challenges
 18 / 23

How Yalantis works with legacy code

Before starting work on a project, we always conduct a thorough code audit to understand the
condition of the code. We analyze project requirements (whether for bug fixes, new features, or a
new version), taking into account the budget and deadlines as well as the nature of the project.
This helps us make an informed decision on what approach to choose.

There’s no standard approach to working with legacy code. The decision of which approach to take
is based on the code quality and the specific needs of your business.
Yalantis Value Proposition

Backend challenges

No refactoring
is possible for applications with excellent code quality.
This option assumes that we can easily work with legacy
code while integrating new features.
Partial refactoring and support of legacy code
is suitable for apps with relatively good code quality. We review
code, identify parts that require urgent refactoring (often, these
are small), develop a refactoring plan, and align this plan with
the general scope of work; we then refactor and develop new
features simultaneously.
Yalantis Value Proposition
19 / 23
Ongoing support of legacy code and
development of a new version
is advisable for projects with poor quality code. This option assumes
that minor refactoring won’t deliver desirable results. We start by
making minor bug fixes to provide relatively smooth operation of
the existing product while at the same time we develop a second
version of the product from scratch.
Development from scratch
is needed to replace temporary solutions that were
designed as prototypes. In this case, we completely
rewrite the app code, sometimes partially using old parts.
Backend challenges
 20 / 23

[ Conclusion [ [
This list gives you a basic understanding of some unexpected situations that may occur while
developing software products. We’ve provided examples of challenges that Yalantis has
successfully coped with. This list may grow further though, since we never know what
bleeding-edge crazy feature our clients will want us to integrate next. However, we’re always
ready to deal with something testing.
Yalantis Value Proposition

Backend challenges
 21 / 23

[ Yalantis services [ [
We offer design, iOS, Android, and web development services together with quality assurance
and project management. We have all the expertise you need to produce a fully-fledged,
stable product. At Yalantis, we find the most efficient ways to create software by combining
the strong points of different technologies, choosing the right methodology, and putting
together the best team.
Yalantis Value Proposition

Backend challenges
 22 / 23

Software development Design

We use both traditional (Objective-C and Java) and We offer prototyping, branding, and UI/UX design for
modern (Swift and Kotlin) programming languages to web and mobile applications. We focus on how actual
build highly performant native mobile applications for people will use our client’s products in order to deliver
iOS and Android. We also provide backend positive and lasting results.
development using modern, tried-and-tested
frameworks including Ruby on Rails, JavaScript, PHP,
AngularJS, React, Node.js, and Elixir.

Quality assurance Support

We support and maintain products after they’re
Our quality assurance team verifies that developed
launched to constantly improve quality and meet our
Yalantis Value Proposition

functionality meets business objectives and ensures

clients’ precise needs.
that code is relatively bug-free prior to launch.

Backend challenges
 23 / 23

[ Contact us [ [
Send us a message at hello@yalantis.com if you want to team up or if you have some
questions.

twitter.com/yalantis yalantis.com/blog dribbble.com/yalantis github.com/Yalantis

Yalantis Value Proposition

For the latest news For insights For design works For open-source projects

Backend challenges