Web application development has changed. Driven largely by the rise of mobile and the growth of cloud-based applications and services, modern web application development is much different than it was just five years ago.
What’s changed? I classify these changes into two categories: Trends and realities. What’s the difference between a trend and a reality? A trend is optional. A reality is not. For instance, flat design is a trend. You don’t have to use it, but many people do. The rise of mobile users is a reality. No matter how much you may tell yourself otherwise, you can’t ignore the very real fact that smartphone and tablets are here to stay.
Today, let’s focus on the realities. How has web application development changed, and what new realities must web application developers learn to accept? We posed those questions to a few experienced developers, and they provided some excellent advice–which you will find below. Here are 5 new realities that developers must learn to accept:
1. Your application will be attacked
In a well-known urban legend, the notorious bank robber, Willie Sutton, famously said that he robbed banks “because that’s where the money is.” As more and more valuable data moves to the cloud, we’re seeing modern-day robbers (hackers) attack web applications for the very same reason. That’s where the money is. A single insecure web application can let a hacker access the personal (and financial) information needed to drain bank accounts, run up credit card bills, damage companies, and more.
The problem: Finding insecure web apps isn’t that hard. According a recent study, 49% of web applications contain a high-risk vulnerability. I’ve seen other studies that puts the number at 98% (which seems a little high). The point is…as we move more data to the web, proper security is absolutely essential–but web app developers are struggling to keep up.
“Security is the new reality for web developers – it can no longer be an after-thought and it especially cannot be something that is simply ignored,” says Josh Little, Senior Security Consultant at VioPoint and founder of OWASP Detroit. “The good news is that most modern languages have strong, tested security frameworks that can be used to develop applications both quickly and securely if implemented correctly. Web developers can improve the security of their apps by gaining a familiarity at a high level with things like the OWASP Top 10 and how built-in and 3rd-party security frameworks can be used to address these vulnerabilities at the design phase and not after their app has been compromised.”
2. There is no “typical” web user
As mentioned above, we can no longer ignore the fact that mobile devices are here to stay. What does that mean for web application development? Well, we no longer know how users will access our web apps. Maybe they’ll use a smartphone. Maybe they’ll use a tablet. Maybe they’ll use a PC. We don’t know, and we can’t control it. In other words, the concept of a “typical” user has disappeared.
“It used to be taken as a given that people were browsing with a keyboard and mouse, and 800×600 (as an example) was a reasonable test case – if the site was usable at that resolution you could consider it decent,” says Sid Savara, Technical Manager at the University of Hawaii. “Now the realities are that resolutions span from 320px on some phones to well over 2500px on desktop displays. Responsive design, and testing across more browsers and more varied hardware is the norm.”
The fact is, developers must now approach development from multiple angles. How will this look and feel on a small, touch-based screen? How will this adapt to a large, high-definition display? What happens when a tablet user switches from landscape to portrait mode? These questions drive up the importance of responsive and/or adaptive design. For those unfamiliar, here’s a brief explanation of each:
- Responsive design uses fluid grids and CSS3 media queries to adapt the app to various screen sizes and types. You can find examples of responsive design across the web, as it’s widely used in web site design. For instance, TheNextWeb site is a great example of a responsive site. You’ll notice that if you resize your browser, the site changes to fit the new size.
- Adaptive design delivers a different HTML page depending on the device. For instance, a single web application may have 3 separate presentation (HTML) layers: One for PCs, one for tablets, and one for smartphones. Logic placed in the application identifies the user’s device and displays the correct layer. For example, visit this web app from different devices and notice how it looks and acts different.
3. Integration is the new normal
Integration has become essential to web app development. In the past, developers built all the features and capabilities into the web application itself. Now, modern developers must not only focus on the application’s features, but also integrating with outside apps and services.
“API integration is exploding,” says Joshua Maag, a long-time developer and CEO of SquareHook. “Most large applications have some form of API that you can hook your applications into. Having a solid understanding of the Oauth 2.0 protocol is more important than ever to allow that interactivity between a website and tools like social media. With our application, we are using a dozen of these API’s to retrieve content from our user’s favorite platforms.”
4. Development has shifted towards the client side
These days, users expect web applications that mimic desktop applications and native mobile applications. However, the need for more powerful web applications requires a change in development methods.
In the past, the client-server model relied on the server doing the heavy lifting, and then sending the results to the client. Now, that’s changing. As users demand stronger and more responsive web applications that rival native mobile apps and desktop software, more of the application must be put in the browser.
“The challenge I often see with web developers is the difficulty for them to grasp the new normal in the web,” says Maag. “In the past, many of these developers were able to build stateless applications that relied primarily on server side technologies handling the heavy workloads of these web applications. These days however, there is much more emphasis on the client side as well as a lot of expectations that a website function more inline with what traditional desktop and now mobile apps have done.”
5. There’s no excuse for bad architecture
While the importance of solid application architecture cannot be overstated, it was always the most time consuming and difficult part of the application. Without the proper resources and knowledge, developers built insecure, inflexible applications that couldn’t scale.
However, that’s changing. With the rise of development platforms, Platform-as-a-Service (PaaS) offerings, and Infrastructure-as-a-Service (IaaS) options, developers can bypass the architecture headaches, and start every project with good architecture. In other words, there’s really no excuse for bad application architecture.
“Finally, with the increase of activity and new business in the PaaS and IaaS space, there is no longer a need for big expensive equipment to be a scalable application,” explains Maag. “Developers need to understand the architecture of their application and how they can design it for growth from the ground up. Looking at tools like Load Balancers and multiple server deployments are no longer exclusive to those larger organizations. Everyday, I help developers in a local business incubator solve these problems on any platform without a huge IT staff backing them. It is now easier than ever to build and experiment with truly scalable applications and I would devote time as a developer to learning one or more of these platforms as they seem to be the new norm in web development.”
So, what do you think? Are there any other new realities that developers must learn to accept? Feel free to share in the comments.