Kotlin is short, simple, easy to debug — and, now, Kotlin security is easy to secure with Contrast’s new, Kotlin-tuned AppSec testing.
Kotlin — which originated in 2010 at JetBrains and has been open source since the year 2012 — is a statically typed programming language that runs on the Java Virtual Machine (JVM) and Android and the browser.
The appeal of Kotlin is that it gives you the ability to essentially create a web app with one language on both front and back end.
Here are some unique qualities of Kotlin:
Interoperability — Kotlin is designed with Java interoperability in mind: It can effectively call existing Java code. In many applications, Kotlin and Java are used interchangeably and, as well, coexist.
Readability — Developing software is a complex process. It requires a variety of tasks, including coding, designing and testing. Kotlin has taken a lot of boilerplate code away from developers and put it into classes, which leads to more concise code.
NullSafety — One of the most common pitfalls in many programming languages, including Java, is that accessing a member of a null reference will result in a null reference exception. In Java this would be the equivalent of a NullPointerException, or an NPE for short. Kotlin’s type system aims to eliminate the danger of null references: what have been referred to as The Billion Dollar Mistake.
Generics — Generics can be confusing, even to a developer. Kotlin has improved upon Java: For instance, there is no relation between Car<Int> and Car<Number>, Car<Unique> or Car<Nothing>. This prevents a possible runtime failure, which is one of the issues faced in Java.
Exceptions — Java has a unique concept of checked exceptions that were designed to solve the problem of error-prone error-handling. Kotlin eliminated that problem by assigning every checked exception with a message, stack trace, and an optional cause that extends the same Throwable class.
Smart Casts —The idea of a smart cast is to help you avoid using cast operators (Unsafe cast operator “as” or Safe cast operator “as?”) to explicitly cast something that was already checked. When we perform an “!as” or “as” check on a variable in Kotlin, the compiler will automatically cast the variable to the target type where the “!as” or “as” check is true in the scope rather than using the “instance of” operator and then casting it to the target type in Java.
Singletons — A singleton class is a class that can have only one object (an instance of the class) at a time. In Java, a singleton class is made by making a class named Singleton. But in Kotlin, singleton is made with an object declaration, including companion object. The object class can have functions, properties and the init method.
In short, Kotlin has come a long way, even if it is still in the early stage of version 1.6. Kotlin code has less security issues, is more concise than Java code, and it does away with the need for a lot of boilerplate code. Kotlin is not just useful for new apps; its files can also coexist with Java files, even for existing applications.
Kotlin is just getting started. Don’t ignore it!
Contrast Security certainly hasn’t. Given all the Kotlin goodness outlined above, there are plenty of reasons to consider application security testing that’s tuned and optimized for the language. Despite capabilities designed in Kotlin to prevent application developers from getting into trouble, security bugs — including injection vulnerabilities, misconfigurations and other issues that could potentially lead to exploit — will inevitably get into code. Finding and fixing these Kotlin security risks early in the development cycle is critical.
In order to find and fix those Kotlin security issues, Contrast has provided the first instrumented — inside out — solution for detecting vulnerabilities in Kotlin applications, expanding Contrast’s application security platform capabilities to cover this valuable language and to ease the work of those who use it. Contrast’s new Kotlin application security offering enables AppSec & dev teams to instrument and thus test Kotlin apps during runtime, with higher accuracy and reduced manual intervention.
Contrast provides a suite of products — including Interactive Application Security Testing (IAST), Static Analysis Security Testing (SAST), Runtime Application Self-Protection (RASP), Software Composition Analysis (SCA) and more — that will deal with Kotlin application security issues and help you ship better and more secure applications.
If you’re not yet a Contrast customer, please contact us to discuss participation. If you are an existing Contrast customer, please ask your support or customer success representative for access.
Get the latest content from Contrast directly to your mailbox. By subscribing, you will stay up to date with all the latest and greatest from Contrast.