What should a developer know before building a public website?

Do you think that creating a public website is so easy for a developer? Not at all. There are certain technical stuffs, which a professional web developer needs to be aware of, while building a public website.

Security

• Filter and validate incoming user input (‘amount’ does not need to accept alphabetical characters) and escape outgoing user input (a ‘ in user input, is NOT the same as SQL ‘).
  Never trust any data given by the user.
• And the above will help with protecting against SQL injection.
• Understand SSL
• Keep your systems up to date with the latest patches
• Protect yourself from cross site scripting
• How to resist session hijacking
• Find out about HTTP Only cookies
• How to handle authentication/permissions
• Understand PKI (public keys)
• Keep up to date! This is the most important thing, make sure to follow all the latest information about possible security issues and vulnerabilities that affect your platform.
• Make sure your database connection information is secured.

SEO

• Create SEO friendly URLs – example.com/articles/rampaging-bull-tramples-unicorn NOT example.com?article=45
• Use an XML sitemap so that site engines can crawl your site more intelligently
• Set up Google Analytics (or another analytics package) from the start
• Don’t use links that say “click here”. You’re wasting an SEO opportunity and it make things harder for people with screen readers.
• Set up a robots.txt file

Performance

• How to cache
• What not to cache
• How to gzip
• Make regular backups. Don’t just rely on your hosting provider – have another backup source, in case something is critically destroyed (like a database table)
• Look into performance monitoring

Productivity

• Documentation!
• Code from the beginning with maintainability in mind
• Have a good deployment strategy – don’t save it to the very end to figure this out.
• URLs designed with REST in mind could save you a headache in the future.
• Use patterns like MVC to separate your application flow from your database logic.
• Be aware of the many frameworks out there, that will speed up your development
• Use staging and a version control system to deploy updates so that your users won’t be affected
• Set up an error logging system. No matter how well coded, your website will have errors when it is released. Don’t wait for the user to let you know; be proactive in identifying errors and bugs
• Have a bug tracker
• Know your environment. Your OS, language, database. When you need to debug it will be important to understand how these things work at a basic level in the least.
• Don’t forget to do your Unit Testing.
• Document how the application works for future support staff and people performing maintenance.

Interface and User Experience

• Be aware that browsers implement standards inconsistently and make sure your site works reasonably well across all major browsers.
• Consider how people might use the site other than from the major browsers: cell phones, screen readers and search engines
• Be aware of accessibility. This is a legal requirement for some programmers in some jurisdictions. Even if it’s not, you should bear it in mind.
• Never put email addresses in plain text, or they will be spammed to death.
• Have some method for users to submit their comments and suggestions
• Catch errors and don’t display them to the user; display something they can understand instead
• Remember that cell phones and other mobile devices with browsers are becoming more common. Sometimes they have very poor JavaScript support. Will your site look okay on one of these?

Core Web technologies

• Understand HTTP, and things like GET, POST, cookies and sessions.
• How to work with absolute and relative paths
• Realize that web applications are inherently multi-threaded, you will have lots of visitors (typically much more than in non-public websites), and threads are not unlimited.