Scala

linkedin-c-3

What is Scala?

Scala was created in 2001 at the École Polytechnique Fédérale de Lausanne (EPFL) by German computer scientist and professor Martin Odersky. The name Scala is an acronym for “scalable language” because of the intention of the language to grow with the demands of its users. Scala was released for public use in early 2004 under a BSD license which “imposes minimal restrictions on the redistribution of covered software.”

 

As a general purpose programming language, Scala has a very strong static type system and includes support for functional programing. While Scala is object-oriented like Java, Scala also includes many features of functional programming languages such as Scheme, Standard ML and Haskel.

 

Why Was Scala Created?

Many of Scala creator Martin Odersky’s design decisions was inspired by criticism of Java’s shortcomings which included Java restrictions placed on combined functional and object-oriented programming. In a 2006 blog post, Martin Odersky describes how he was initially inspired by the programming language Funnel which featured “a beautifully simple design, with very few primitive language features,” but wasn’t very user friendly for the people using it. Scala is interoperable with Java without being an extension of it.

 

Benefits of coding in Scala

The biggest benefits of the Scala language include the fact that its small vocabulary of 20-50 methods makes it easy to use since coders do not need to grasp complicated looping structures or recursions. In addition to its ease of use, Scala is also concise since what once took several loops to accomplish now can be achieved with a single word. Scala is also known for being fast and universal since collection operations are tuned and optimized for libraries and developers are able to accomplish quite a bit with a small vocabulary of operations.

 

Who uses Scala?

[Have the best of both worlds. Construct elegant class hierarchies for maximum code reuse and extensibility, implement their behavior using higher-order functions. Or anything in-between.]

Scala-lang.org

 

Since it’s launch, Scala has played a major role in powering features on major websites including:

LinkedIn’s social graph

Business critical aspects on Électricité de France Trading (France’s largest energy company), Twitter’s main message queue

The Guardian’s Open Platform API used for accessing their giant media repository

Hello world

object HelloWorld extends App {

  println(“Hello, World!”)

}

 

Scala Language Benefits

 

Checkmarx and Scala

Checkmarx is the first static analysis tool to support Scala. While Scala has no known unique vulnerabilities, since Scala runs on JVM, JVM issues are also relevant to Scala developers. Not only is Checkmarx able to scan Scala source code for the vulnerabilities listed below, CxSAST is also able to categorize the code within the scan results.

 

For example, if an application that has between 100,000 and a million lines of code (LoC) and is built using Java and Scala, if Checkmarx detects vulnerabilities within the code, it supports flows between Java and Scala code and vice versa. This allows the Java Developers to focus on fixing the security concerns in their code and the Scala developers to do the same on their Scala.

 

Checkmarx scans code for the 26 Scala specific vulnerabilities including:

 

High Level Scala Vulnerabilities:

Code Injections

Connection String Injections

Reflected XSS

SQL Injections

Stored XSS

 

Medium Level Scala Vulnerabilities:

Absolute Path Traversals

Dangerous File Inclusions

DB Parameter Tampering

DoS by Sleep

Improper Locking

Privacy Violations

Stored LDAP Injections

Cross-Site Request Forgeries(XSRF)

 

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.