modern day web development requirements

mikha
mikha used Ask the Experts™
on
what are some of the things, that are important in web development.

things like -
- choosing a particular platform / technologies or language  like Node js , which is very popular in modern day, for rapid development
- what  security vulnerabilities, that absolutely needs to be addressed. what are some techniques  to address those.
-  what other techniques should one keep in mind - caching techniques, load balancing etc.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Scott FellDeveloper & EE Moderator
Fellow 2018
Most Valuable Expert 2013

Commented:
Yes all that is important and so is everything else.

However, I think this question is too broad. It would be better to ask with specifics like, "I want to build a static site with about 10 pages that will get a couple thousand views per month" vs "I want to build an e-commerce site with 100000 products and millions of views per month"

In addition knowing your budget and your own skill set will be helpful to answer what you are looking for.
Dr. KlahnPrincipal Software Engineer

Commented:
Your question is rather broad.  If you can narrow down the environment and the resources available we will be able to give you a better answer.

For a home web site, straight HTML from a text editor and DDNS on an old PC could be enough.  For a small business, an off-the-shelf do-it-yourself web site kit on a shared commercial server farm might be appropriate.  For a corporate web site, a dedicated staff of 100 people using commercial cooperative tools and a room full of servers could be required.

Commented:
Be sure that you understand what you are trying to build. Keep security in your mind, check OWASP Top Ten Platform Vulnerabilities. OWASP, based on input from numerous organizations that focus on web security, has published various top 10 lists of the most common security vulnerabilities. Use a Breaker Mindset throughout the Development Process. While OWASP focuses on web and mobile apps, CWE/SANS tends to cover all types of software, include desktop applications.


To prevent security defects as you develop

• Reduce any unnecessary complexity.
• Keep your code efficient and readable while meeting requirements.
• As you code, resist adding new features that were not planned in the design process.
• Pay attention to feedback from the code analysis.
• Compile code using the highest warning level.
• Use static and dynamic analysis tools to detect and eliminate additional security defects.
• Exercise care at all input and output points.
• Review all third-party applications, code, libraries, and APIs.
• Do not allow your code to directly issue operating system commands, such as through command shells.
• Prevent race conditions.
• Use static analysis tools to identify buffer overflows and memory leaks.
• Perform a manual secure code review.
• Follow consistent coding patterns agreed upon by everyone on the development team.
• Validate input provided by all untrusted data sources.
• Sanitize data and web output you pass to other systems.
• Protect data in transit and at rest.



Guidelines for Researching Vulnerabilities and Exploits:

1. Search Vulnerabilities and Exploits Databases
National Vulnerability Database (NVD)
Offensive Security’s Exploit Database

2. Identify Common Vulnerabilities and Threat Patterns
• Command Attack Pattern Enumeration and Classification (CAPEC)
• OWASP Top 10
• CWE/SANS Top 25 Most Dangerous Software Errors

3. Subscribe to Vendor Security Bulletins and Advisories
• Microsoft Security Bulletins: https://technet.microsoft.com/en-us/security/bulletins.aspx
• Apple Security Updates: https://support.apple.com/en-us/HT201222
• Android Security Bulletins: https://source.android.com/security/bulletin/
• Ubuntu Security Notices: https://www.ubuntu.com/usn/
• Amazon Web Services Latest Bulletins: https://aws.amazon.com/security/securitybulletins/
• jQuery Updates Blog: https://blog.jquery.com
• Chrome Releases: https://chromereleases.googleblog.com

4. Follow Open Source Software Issue Trackers
• Node.js: https://groups.google.com/forum/#!forum/nodejs-sec
• Python Bug Tracker: https://bugs.python.org/
• Hadoop Issue Tracking: https://hadoop.apache.org/issue_tracking.html
• MySQL Bugs: https://bugs.mysql.com
• Docker Issues: https://github.com/docker/docker/issues




References you might also use for this purpose include

• Threats and Countermeasures, Microsoft Developer Network
https://msdn.microsoft.com/en-us/library/ff648641.aspx
• Application Threat Modeling, OWASP
https://www.owasp.org/index.php/Application_Threat_Modeling
• Top Ten Lists, OWASP
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
• Cheat Sheets, OWASP
https://www.owasp.org/index.php/Cheat_Sheets/Roadmap
• Developer Guide, OWASP
https://www.owasp.org/index.php/OWASP_Guide_Project
• Code Review Guide, OWASP
https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project
• Application Security Verification Standard, OWASP
https://www.owasp.org/index.php/
Category:OWASP_Application_Security_Verification_Standard_Project
• Computer security, Wikipedia
https://en.wikipedia.org/wiki/Computer_security
• SEI CERT Oracle Coding Standard for Java—https://www.securecoding.cert.org/confluence/display/java/Java+Coding+Guidelines
• SEI CERT C Coding Standard—https://www.securecoding.cert.org/confluence/display/c/SEI+CERT+C+Coding+Standard
• Microsoft https://docs.microsoft.com/en-us/dotnet/standard/security/secure-coding-guidelines
• EE https://www.experts-exchange.com/articles/33288/Secure-SDLC-Principles-and-Practices.html
• EE https://www.experts-exchange.com/articles/33330/Threat-Modeling-Process-Basics-and-Purpose.html
• EE https://www.experts-exchange.com/articles/33356/Internet-of-Things-Guidelines-to-prevent-common-IoT-security-risks.html
• CVE database  https://www.cvedetails.com
• OWASP https://www.owasp.org/index.php/Secure_SDLC_Cheat_Sheet
• SANS https://www.sans.org/reading-room/whitepapers/securecode/paper/1846
• Github https://github.com/OWASP/CheatSheetSeries
• TM https://docs.microsoft.com/en-us/windows-hardware/drivers/driversecurity/threat-modeling-for-drivers
• Read Enterprise Software Security: A Confluence of Disciplines (Addison-Wesley Software Security)
• Read Advanced API Security: Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE  (I've read it lately)
Hi,

You may want to check to best practice and security of a specific programming language, because each language have their own security issues.

Desktop, mobile or web applications (with or without web services)  are very different and deal with specific hardware and different way.

Database design, coding, documentation, server side validation, localisation, UI, testing are very important...

Get the code organised, clean, documented and tested is probably the best advise.

Work with experienced programmer so they teach you the good way, or having a good mentor.

First decide what kind of software you want to code (web, mobile, desktop) , what programming language you want to learn then start a little project this is the best way to learn...

There are a lot of topic you can learn for free on Udemy.
Be active in open source community this can be a way to learn a lot very fast...
A site is just for businesses, regardless of if they're of small or huge corporations with global reach. They are windows through which customers may contact with your brands and vice versa.

They are spaces that do not just increase the presence of the brand but are also a station for selling and promoting the services and products provided by an organization, therefore a well-established site is what every other company desire.

Layout: The simpler, the better, a site must be in size, simple and easy to read, i.e. instinctive; shouldn't be saturated with multimedia content (flash cartoons, videos, photographs, etc.) as these can make the webpage late in loading and thus end up getting the customers on their nerves.

Content: The info that's supplied and published must be according to this turn of the company, this must be a faithful representation of the picture of their business; the contents have to be coherent and must offer extra value for people who read them, these should be a tool of use for your clients. Creating classes is vital, as is a touch section.

Mobility: The use of mobile devices is a trend that is turning into a habit, even if a webpage does not have a suitable format which could be read properly, most likely miss the chance to approach a potential client. So, be masters in web development and embrace mobility.

Feedback: Listen to clients, you are able to formulate small surveys that will supply information that is too useful about your solutions, a sea of information of your intended audience that if used correctly, will have extremely significant benefits for the business.

Whether you hire a web design development company to build a website for you or you DIY, all the above points must be kept in mind.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial