I want to share with you a compilation of topics you should know if you are planning on developing a successful web application. This list is just a collection of the best suggestions I read from this discussion on Stack Overflow. All credit goes to all the people who contributed on that thread, I’m just picking the best topics from there.
All the practices mentioned fall into the following categories: Security, Performance, Interface, SEO, Maintenance and Productivity.
This is my favorite topic, if you ask me what is my best advice about security this is it: Never trust user input (that means cookies too!)
Other advices mentioned were…
- Avoid cross site scripting
- Avoid cross site request forgeries
- Know about SQL injection and how to prevent it
- Make sure your database connection information is secured.
- Keep yourself informed about the latest attack techniques and vulnerabilities affecting your platform.
- Use SSL/HTTPS for login and any pages where sensitive data is entered (like credit card info)
- Hash and salt passwords rather than storing them plain-text.
- Read The Google Browser Security Handbook
Techniques on making our site lighter and faster.
- Optimize images – don’t use a 20 KB image for a repeating background
- Learn how to gzip/deflate content
- Combine/concatenate multiple stylesheets or multiple script files to reduce number of browser connections and improve gzip ability to compress duplications between files
- Take a look at the Yahoo Exceptional Performance site, lots of great guidelines including improving front-end performance and their YSlow tool. Google page speed is another tool for performance profiling. Both require Firebug installed.
- Use CSS Image Sprites for small related images like toolbars (see the “minimize http requests” point)
- Busy web sites should consider splitting components across domains.
- Be aware that browsers implement standards inconsistently and make sure your site works reasonably well across all major browsers. At a minimum test against a recent Gecko engine (Firefox), a Webkit engine (Safari, Chrome, and some mobile browsers), your supported IE browsers (take advantage of the Application Compatibility VPC Images), and Opera. Also consider how browsers render your site in different operating systems.
- Staging: How to deploy updates without affecting your users.
- Don’t display unfriendly errors directly to the user
- Don’t put users’ email addresses in plain text as they will get spammed.
- Build well-considered limits into your site
- Learn how to do progressive enhancement
- Always redirect after a POST.
- Consider URLs, a URL design with REST in mind could make exposing APIs easier in the future. Definitely much easier to get your URLs right the first time then to change them in the future and deal with the SEO consequences.
- Avoid links that say “click here”.
- Use “search engine friendly” URL’s, i.e. use example.com/pages/45-article-title instead of example.com/index.php?page=45
- Have an XML sitemap
- Use <link rel=”canonical” … /> when you have multiple URLs that point to the same content
- Use Google Webmaster Tools and Yahoo Site Explorer
- Install Google Analytics right at the start
- Know how robots.txt and search engine spiders work
- Redirect requests (using 301 Moved Permanently) asking for www.example.com to example.com (or the other way round) to prevent splitting the google ranking between both sites
- Know that there can be bad behaving spiders out there
Manteinance and Productivity
- Understand you’ll spend 20% of the time coding and 80% of it maintaining
- Set up a good error reporting solution
- Have some system for people to contact you with suggestions and criticism.
- Document how the application works for future support staff and people performing maintenance
- Make frequent backups! (And make sure those backups are functional)
- Don’t forget to do your Unit Testing.
- Get it looking correct in Firefox first, then Internet Explorer.
- Code from the beginning with maintainability in mind
I hope you learn something new from this list the same way I did.
Thanks to all the people from Stack Overflow community that contributed in such a rich discussion of web development practices.
We will focus on some of those topics in upcoming posts.