Do you think that creating a public website is so easy for a developer? Not at all. There are certain technical stuffs, which a professional web developer needs to be aware of, while building a public website.
- Filter and validate incoming user input (‘amount’ does not need to accept alphabetical characters) and escape outgoing user input (a ‘ in user input, is NOT the same as SQL ‘).
Never trust any data given by the user.
- And the above will help with protecting against SQL injection.
- Understand SSL
- Keep your systems up to date with the latest patches
- Protect yourself from cross site scripting
- How to resist session hijacking
- Find out about HTTP Only cookies
- How to handle authentication/permissions
- Understand PKI (public keys)
- Keep up to date! This is the most important thing, make sure to follow all the latest information about possible security issues and vulnerabilities that affect your platform.
- Make sure your database connection information is secured.
- Create SEO friendly URLs – example.com/articles/rampaging-bull-tramples-unicorn NOT example.com?article=45
- Use an XML sitemap so that site engines can crawl your site more intelligently
- Set up Google Analytics (or another analytics package) from the start
- Don’t use links that say “click here”. You’re wasting an SEO opportunity and it make things harder for people with screen readers.
- Set up a robots.txt file
- How to cache
- What not to cache
- How to gzip
- Make regular backups. Don’t just rely on your hosting provider – have another backup source, in case something is critically destroyed (like a database table)
- Look into performance monitoring
- Code from the beginning with maintainability in mind
- Have a good deployment strategy – don’t save it to the very end to figure this out.
- URLs designed with REST in mind could save you a headache in the future.
- Use patterns like MVC to separate your application flow from your database logic.
- Be aware of the many frameworks out there, that will speed up your development
- Use staging and a version control system to deploy updates so that your users won’t be affected
- Set up an error logging system. No matter how well coded, your website will have errors when it is released. Don’t wait for the user to let you know; be proactive in identifying errors and bugs
- Have a bug tracker
- Know your environment. Your OS, language, database. When you need to debug it will be important to understand how these things work at a basic level in the least.
- Don’t forget to do your Unit Testing.
- Document how the application works for future support staff and people performing maintenance.
Interface and User Experience
- Be aware that browsers implement standards inconsistently and make sure your site works reasonably well across all major browsers.
- Consider how people might use the site other than from the major browsers: cell phones, screen readers and search engines
- Be aware of accessibility. This is a legal requirement for some programmers in some jurisdictions. Even if it’s not, you should bear it in mind.
- Never put email addresses in plain text, or they will be spammed to death.
- Have some method for users to submit their comments and suggestions
- Catch errors and don’t display them to the user; display something they can understand instead
Core Web technologies
- Understand HTTP, and things like GET, POST, cookies and sessions.
- How to work with absolute and relative paths
- Realize that web applications are inherently multi-threaded, you will have lots of visitors (typically much more than in non-public websites), and threads are not unlimited.