Avoid the Most Common Mistakes Web Developers

Since the term the World Wide Web was coined back in 1990, web application development has evolved from serving static HTML pages to completely dynamic, complex business applications.

Today we have thousands of digital and printed resources that provide step-by-step instructions about developing all kinds of different web applications. Development environments are “smart” enough to catch and fix many mistakes that early developers battled with regularly. There are even many different development platforms that easily turn simple static HTML pages into highly interactive applications.

All of these development patterns, practices, and platforms share common ground, and they are all prone to similar web development issues caused by the very nature of web applications.

The purpose of these web development tips is to shed light on some of the common mistakes made in different stages of the web development process and to help you become a better developer. I have touched on a few general topics that are common to virtually all web developers such as validation, security, scalability, and SEO. You should of course not be bound by the specific examples I’ve described in this guide, as they are listed only to give you an idea of the potential problems you might encounter.

Common mistake #1: Incomplete input validation

Validating user input on client and server side is simply a must do! We are all aware of the sage advice “do not trust user input” but, nevertheless, mistakes stemming from validation happen all too often.

One of the most common consequences of this mistake is SQL Injection which is in OWASP Top 10 year after year.

Remember that most front-end development frameworks provide out-of-the-box validation rules that are incredibly simple to use. Additionally, most major back-end development platforms use simple annotations to assure that submitted data are adhering to expected rules. Implementing validation might be time consuming, but it should be part of your standard coding practice and never set aside.

Common mistake #2: Authentication without proper Authorization

Before we proceed, let’s make sure we are aligned on these two terms. As stated in the 10 Most Common Web Security Vulnerabilities:

Authentication: Verifying that a person is (or at least appears to be) a specific user, since he/she has correctly provided their security credentials (password, answers to security questions, fingerprint scan, etc.).

Authorization: Confirming that a particular user has access to a specific resource or is granted permission to perform a particular action.

Stated another way, authentication is knowing who an entity is, while authorization is knowing what a given entity can do.

Common mistake #3: Not ready to scale

In today’s world of high speed development, startup accelerators, and instant global reach of great ideas, having your MVP (Minimum Viable Product) out in the market as soon as possible is a common goal for many companies.

However, this constant time pressure is causing even good web development teams to often overlook certain issues. Scaling is often one of those things teams take for granted. The MVP concept is great, but push it too far, and you’ll have serious problems. Unfortunately, selecting a scalable database and web server and separating all application layers on independent scalable servers is not enough. There are many details you need to think about if you wish to avoid rewriting significant parts of your application later – which becomes a major web development problem.

For example, say that you choose to store uploaded profile pictures of your users directly on a web server. This is a perfectly valid solution–files are quickly accessible to the application, file handling methods are available in every development platform, and you can even serve these images as static content, which means minimum load on your application.

But what happens when your application grows, and you need to use two or more web servers behind a load balancer? Even though you nicely scaled your database storage, session state servers, and web servers, your application scalability fails because of a simple thing like profile images. Thus, you need to implement some kind of file synchronization service (that will have a delay and will cause temporary 404 errors) or another workaround to assure that files are spread across your web servers.

What you needed to do to avoid the problem in the first place was just use shared file storage location, database, or any other remote storage solution. It would have probably cost few extra hours of work to have it all implemented, but it would have been worth the trouble.

Common mistake #4: Wrong or missing SEO

The root cause of incorrect or missing SEO best practices on web sites is misinformed “SEO specialists”. Many web developers believe that they know enough about SEO and that it is not especially complex, but that’s just not true. SEO mastery requires significant time spent researching best practices and the ever-changing rules about how Google, Bing, and Yahoo index the web. Unless you constantly experiment and have accurate tracking + analysis, you are not a SEO specialist, and you should not claim to be one.

Furthermore, SEO is too often postponed as some activity that is done at the end. This comes at a high price of web development issues. SEO is not just related to setting good content, tags, keywords, meta-data, image alt tags, site map, etc. It also includes eliminating duplicate content, having crawlable site architecture, efficient load times, intelligent back linking, etc.

Like with scalability, you should think about SEO from the moment you start building your web application, or you might find that completing your SEO implementation project means rewriting your whole system.

Common mistake #5: Time or processor consuming actions in request handlers

One of the best examples of this mistake is sending email based on a user action. Too often developers think that making a SMTP call and sending a message directly from user request handler is the solution.

Let’s say you created an online book store, and you expect to start with a few hundred orders daily. As part of your order intake process, you send confirmation emails each time a user posts an order. This will work without problem at first, but what happens when you scale your system, and you suddenly get thousands of requests sending confirmation emails? You either get SMTP connection timeouts, quota exceeded, or your application response time degrades significantly as it is now handling emails instead of users.

Any time or processor consuming action should be handled by an external process while you release your HTTP requests as soon as possible. In this case, you should have an external mailing service that is picking up orders and sending notifications.

Common mistake #6: Not optimizing bandwidth usage

Most development and testing takes place in a local network environment. So when you are downloading 5 background images each being 3MB or more, you might not identify an issue with 1Gbit connection speed in your development environment. But when your users start loading a 15MB home page over 3G connections on their smartphones, you should prepare yourself for a list of complaintsand problems.

Optimizing your bandwidth usage could give you a great performance boost, and to gain this boost you probably only need a couple of tricks. There are few things that many good web deveopers do by default, including:

  • Minification of all JavaScript
  • Minification of all CSS
  • Server side HTTP compression
  • Optimization of image size and resolution

6 Reasons for using a Professional Web Developer to Build your Site

They make it look and sound so easy, don’t they? The ads you see on social media offering a DIY website platform for free or for a low monthly fee. They make you believe it is a fraction of the cost of a professionally built website and have you believe that building your own website is so simple, a child could do it. It’s often not until you start to actually use your site that the shortcomings of this way of creating your online presence become apparent. This post explores the world of the DIY website and provides you with 6 reasons why you should think twice before building one.

First, let’s be clear – there are plenty of people running blogs, not for profit organisations and the like, for whom a DIY site is perfect. Blogger, and those who read their work, don’t care if their site looks very similar to a host of other blogs. People who visit the websites of volunteer organisations are less likely to be deterred by a less than professional looking site and appreciate that the money the organisation saved by building its own website will be spent instead on the activities they care about. So for these people, a DIY site can be a perfect solution. But if you’re in business, relying on your website to attract and keep customers, a DIY site can be a disaster. Here’s why:

  1. Time: Web design is among the fastest changing elements of modern business. However bright you may be, it’s going to take you a substantial amount of time to master the necessary skills. Now a professional developer is applying his skills across their client base. By contrast, as your own web developer, you have a client base of 1! Accordingly, your business must bear the time cost alone. Properly accounted for, that makes your time extremely expensive, even if you have all the necessary skills.
  2. Design: it’s easy to fool ourselves that because we know what we like to see in a website, we’ll easily be able to turn the telescope around and create a compelling design at the drop of a hat. In reality, professional and qualified web developers have been through a good deal of training and more than a little trial and error, to equip themselves with the skills and knowledge needed to create designs that speak to the client’s customer-base.
  3. Coding: We’ve all been irritated by sites that take ages to load or refresh – that’s bad for the site-owner’s business. Behind every web page lies a blizzard of code. It’s in every website operator’s interests to keep the code as “slim” as possible. Professional web developers have a bag of tricks for achieving this. By contrast, many of the drag-and-drop DIY platforms that look so appealing are notorious for delivering bloated code and code which is not “liked” by the search engines – a disastrous outcome for the online presence of any business.
  4. Search engine optimisation: a lot of people, even if they are familiar with the concept of SEO, think that it’s just about writing copy that the search engines “like”. And it’s true that optimised content is, in itself can be a persuasive reason to use a pro. However search engine optimisation goes a lot deeper than the published text. There are meta tags, image attributes and links that must be correctly constructed and applied, if a site is to succeed in its primary function – to grow your customer base and transact business with them. SEO is fast moving that depends on keeping abreast of developments that may radically affect the success of your site. Few people in other areas of business can devote the resources needed to stay current. “A man who is his own lawyer has a fool for a client” is an old saying that has a lot of truth for the development of successful websites!
  5. Cross-platform compatibility and responsiveness: Most of us use just one browser to visit sites. Perhaps we just assume that all browsers work the same – but in reality this is not the case. The truth is that we need our sites to work equally well on all the browsers and on difference devices. With the rise of smart phones and tablets, it’s increasingly important that your website is “responsive” – meaning that they detect the platform being used to display them and adapt automatically to display optimally. Having a responsive website is now more important than ever with the latest Google algorithm update which you can read more about here.
  6. Functionality: most businesses’ sites exist not merely to advertise and inform – they are there to take orders. It’s essential that your website’s secure payment facility is set up properly, and that, should it ever break down, you have someone to call on who can fix it in short order. There is nothing worse for your business than to turn away paying customers because – they can’t pay.