SecurityThis is my favorite topic, if you ask me what is my best advice about security this is it: Never trust user input (that means cookies too!) Other advices mentioned were... Avoid cross site scripting Avoid cross site request forgeries Know about SQL injection and how to prevent it Make sure your database connection information is secured. Keep yourself informed about the latest attack techniques and vulnerabilities affecting your platform. Use SSL/HTTPS for login and any pages where sensitive data is entered (like credit card info) Hash and salt passwords rather than storing them plain-text. Read The Google Browser Security Handbook
InterfaceBe aware that browsers implement standards inconsistently and make sure your site works reasonably well across all major browsers. At a minimum test against a recent Gecko engine (Firefox), a Webkit engine (Safari, Chrome, and some mobile browsers), your supported IE browsers (take advantage of the Application Compatibility VPC Images), and Opera. Also consider how browsers render your site in different operating systems. Staging: How to deploy updates without affecting your users. Don't display unfriendly errors directly to the user Don't put users' email addresses in plain text as they will get spammed. Build well-considered limits into your site Learn how to do progressive enhancement Always redirect after a POST.
SEOConsider URLs, a URL design with REST in mind could make exposing APIs easier in the future. Definitely much easier to get your URLs right the first time then to change them in the future and deal with the SEO consequences. Avoid links that say "click here". Use "search engine friendly" URL's, i.e. use example.com/pages/45-article-title instead of example.com/index.php?page=45 Have an XML sitemap Use <link rel="canonical" ... /> when you have multiple URLs that point to the same content Use Google Webmaster Tools and Yahoo Site Explorer Install Google Analytics right at the start Know how robots.txt and search engine spiders work Redirect requests (using 301 Moved Permanently) asking for www.example.com to example.com (or the other way round) to prevent splitting the google ranking between both sites Know that there can be bad behaving spiders out there
Manteinance and ProductivityUnderstand you'll spend 20% of the time coding and 80% of it maintaining Set up a good error reporting solution Have some system for people to contact you with suggestions and criticism. Document how the application works for future support staff and people performing maintenance Make frequent backups! (And make sure those backups are functional) Don't forget to do your Unit Testing. Get it looking correct in Firefox first, then Internet Explorer. Code from the beginning with maintainability in mind I hope you learn something new from this list the same way I did. Thanks to all the people from Stack Overflow community that contributed in such a rich discussion of web development practices. We will focus on some of those topics in upcoming posts.
By Juan Pablo