Oleg Sotnikov, AppMaster: “there is a lot of outdated software around the world that cannot be updated easily”


It’s not only just the first stages of the software development process that require a great deal of effort and attention – developers have to stay attentive and be ready to provide updates and patches to make sure their software is immune to emerging threats.

There’s no denying that the most important and the most challenging parts of software development are the early stages. Developers around the world put in countless hours just to make sure the foundations are strong, however, the quality of the technical tools needed is just as important as the human input. Therefore, a reliable development platform is essential.

To learn the basics of software development and what factors are essential for long-term success, the Cybernews team has reached out to Oleg Sotnikov, the Founder and CEO of AppMaster – the enterprise-level no-code platform.

What has your journey been like? How did the idea of AppMaster come about?

We had been creating software for over 10 years. And as a software development company, we struggled to find professional developers, architects, and engineers. Due to the competitive pressure in the market, we were constantly looking for ways to optimize our internal processes — from hiring and training to customer acquisition. Over the past couple of years, the salaries of software engineers have started to grow at a breakneck pace. At the end of 2019, we brainstormed with our leadership team on what we can do to make software development faster and much more efficient. So we came up with the idea of the AppMaster.io no-code platform, where we can create a real backend, frontend, and mobile applications without having to write a single line of code. From the very beginning, we set our requirements as “no humans involved” and “no code needed” to create even sophisticated software. At the start of our AppMaster journey, we thought of AppMaster as a no-code platform for everyone. But step by step, we made our platform more flexible and more powerful. At some point, AppMaster became a professional tool with a lot of cool features and scaling options. After nearly 2.5 years of development, that crazy idea has evolved into the AppMaster.io no-code platform.

Can you introduce us to what you do? What are the main challenges you help navigate?

AppMaster is a unique no-code platform for professional developers backed by code-generation. AppMaster is an all-in-one platform that lets developers create backend, web, and mobile applications with tight integration between components.

The platform generates the actual source code for backend applications with the Go programming language, compiles, and deploys automatically. Just like software developers usually do. We use any PostgreSQL-compatible database as a primary database for server applications. AppMaster can create web admin panels and customer portals with VueJS. There is no full-featured website editor yet, but we are working on it.

We use our custom mobile framework with Server-Driven UI and logic for mobile applications. Screens and logic are delivered in real-time from the generated backend to the mobile application. This technology allows developers to change apps without publishing updates to the AppStore. Mobile applications generated by AppMaster are fully native and written in Swift with SwiftUI for IOS and Kotlin with JetPack for Android.

If you don't want an MVP, but a production app that can run on AWS or your servers, scales well with Kubernetes or docker swarm, with multi-threading and transactions, hardware-accelerated cryptography, and source code, AppMaster is your best bet. We have a lot of professional stuff inside: External API designer to integrate with any REST API compatible systems, REST Endpoints, WebHooks, WebSocket Server, Scheduler, Automatic Database Migrations, Global In-memory Variables and Structures, and state of the art business processes. I bet we have the best business process editor on the market in terms of flexibility. And no technical debt ever!

Why do you think certain companies are unaware of their software's risks?

While most modern solutions are built with security by design, there are usually many overlooked processes that pose significant security risks, and the 3 main ones are:

Lack of observability is one of the technical challenges of any organization due to the need to gather, store and respond to millions of events across all company software across multiple departments and locations. Usually, this challenging task can be solved with a particular class of systems and organizational administration, but only if all software supports monitoring tools.

One of the most challenging security threats to address is human-level software errors that can very easily be overlooked during the development phase and can go unidentified for years, even decades. Open-source software with many contributors is less suspicious of such threats. Medium and enterprise software can be full of security issues. While good software development and management practices, such as code review and static code analyzers, can greatly improve the situation, not all problems can be identified. The heterogeneous level of experience among team members further exacerbates the situation.

Much has been written about patch management, and we see a lot of news about vulnerabilities in popular software libraries. Most companies have very effective patch management strategies in place, and it's working as long as your software receives official support. But there is a lot of outdated software in medium and enterprise companies around the world that cannot be just updated or changed without huge investments. I bet you've seen badly outdated software everywhere if you're in the software industry.

How did the recent global events affect your field of work?

The last couple of years have been rough for most companies around the world — the COVID pandemic and the industry's massive shift to a work-from-home model, and now with the horrific war in Ukraine. As a truly international company with team members in many countries around the world, we were struck by these events. However, we have used them as an opportunity to improve the efficiency and resilience of our operations.

The pandemic has caused the software development market to grow even faster around the world: every company needs the tools to work remotely and automate more when human resources are no longer widely available. High demand has led to a significant increase in the shortage of software developers and engineers, and salaries have reached record levels. Software development has become an expensive necessity.

Historically, the wealthiest regions such as the US and Europe have outsourced software development to Mexico, Eastern Europe, Belarus, Ukraine, Russia, Central Asia, India, and China. After Russia launched military aggression, the entire region of Belarus, Ukraine and Russia became unavailable for outsourcing. This situation has created an even bigger deficit in the software development market and increased the growth of the no-code/low-code market as a relief. Over the past four weeks, the number of applications to the AppMaster Partner Network has almost tripled. We see much more interest from investors and VCs.

What are the most common vulnerabilities nowadays that, if overlooked, can lead to severe problems for a company?

As I mentioned earlier — outdated and unpatched software is the most dangerous vulnerability since the oldest known software issues are widely accessible. A person does not need to be a trained security engineer or pentester to use exploits and gain access to a vulnerable system. Typically, the vulnerability ranges from denial of service to disclosure of sensitive information and remote access. There are many outdated versions of web servers, websites, and CMSs on the Internet. Some of them have already been hacked and pose a serious threat to users.

What are some of the best practices organizations should follow when developing applications?

Control and audit can significantly reduce the risks in application development. Depending on the size of the team and the type of software, it's always a good idea to have a security engineer or analyst on the core development team who can help with security best practices throughout the development cycle.

At AppMaster, we have made four key security features available to our customers at any stage:

What would you consider the most severe security issues surrounding mobile apps today?

One of the most critical mobile app security issues today is the security of mobile ecosystems and the review process for new and updated apps. Today, we rely entirely on the security of mobile operating systems for mobile apps and devices — how iOS and Android handle safety and security across all devices. The second point of mobile security is how well and thoroughly the verification process of applications in the Google Play Market and the Apple Store goes. It is unfortunate to hear the news about how many malicious apps have been identified in stores that have passed the verification process, especially in the Google Play Market.

As the world gets more connected, what safety tools do you think everyone should have to keep their devices safe?

The most obvious way to protect your device is to have an updated operating system, updated software, and only official software sources. The chances of getting malware are much less if you use official stores without sideloading apps on your devices. A good antivirus will help too.

What does the future hold for AppMaster?

We will grow to the entire app factory ecosystem - for all platforms, all operating systems, and all types of devices. We will add RPA, microservices, IoT applications, and more.

Many analytical agencies predict that in the next 5-7 years, most software will be produced on low- or no-code platforms. And there are already many mass-market platforms on the market — Bubble, WebFlow, Adalo, and others. But there's a catch: you can't build enterprise-grade software with AirTable or Google Sheets as your primary database without being able to get the source code for your solution. You need a real application with source code, enterprise database, and features.

We believe that while humans are excellent at creativity, we are terrible drivers on the road and fail to create and improve application source code. Just as fully autonomous driving for autonomous vehicles will become the standard, code generation will become the standard for software development. And we need to be ready for an era when developers will not write source code - they will only create architecture and business logic. AppMaster will take care of the rest.