Summary: As web application development plays an increasingly important role in the business world, many companies aren’t keeping up. They’re stuck using old development standards and haven’t yet adapted to modern principles. In this article, you’ll learn which rules developers should follow, and which mistakes they must avoid.
In a growing trend, we’re seeing software development play an increasingly important role in a company’s sustainability. According to a Forrester study, “The software you deploy, and especially the custom software you create, will increasingly be part of your competitive edge.”
So, what rules must web application developers follow when building modern web applications? What mistakes should they avoid? We’ve compiled a list of 7 “do’s and don’ts” of modern web development, and explained each point below:
1. Don’t: Build applications from your point of view
The longer you work with any piece of software, the more intuitive it becomes. This effect gets multiplied for developers, as they understand their code inside and out. This creates a dangerous trap, as applications they view as intuitive may actually confuse users. Of course it’s intuitive to them–they built it! As a result, it’s often impossible to step back and view their application through the user’s eyes.
“The biggest mistake that most developers make is that they do not adopt a User-Centered Design approach,” says Bennett Lauber, Chief Experience Officer at The Usability People. “They design a system that seems to work well from their (engineering centric) design philosophy. Remember the first HP Calculators? They were great for mathematicians, but everyone else thought they were horrible. Software Engineers end up creating something that might work well for experienced users, but is very hard for most others to understand.”
Do: Create user stories
“We work from user stories all the time,” says John Locke, Principal at Freelock. “When we create them, we start with defining who the user is, and what their goal is. Then we write out the steps that user needs to take to get the desired result. That’s half of this equation. With a good user story, you can test that the application does what it’s supposed to do.”
Now, why is this so important to modern web development? After all, building for the user isn’t new development advice. I mention it because it is critically important in this day and age. With the rise of available software options, users have choices. They won’t waste their time trying to figure out your confusing application when they have dozens of available alternatives.
2. Don’t: Build only for PC users
Despite the fact that 20% of all web traffic now originates from mobile devices, the vast majority of web applications in the business world are still built solely for PCs. While building responsive (or adaptive) web applications adds another layer of complexity to the project, it’s quickly becoming a necessity in modern web development.
Do: Build for a multi-screened world
“Arguably the biggest and most important change is the introduction of thousands of new devices with varying screen sizes,” says Nick Comito, UX Designer at Astonish Design. “The web application development landscape has shifted dramatically because there are a plethora of new devices hitting the market every day. Many countries around the world rely solely on mobile devices for their primary source of internet access. Developers must accommodate this change into their workflows. ”
3. Don’t: Use the “latest and greatest”
Do: start with a reliable technology stack
Now, I’m not saying that developers should never try anything new. In fact, experimentation with new technologies is necessary for advancement–and developers have plenty of new options to play with.
However, don’t opt for unproven, new technology when building business applications. Not only might you experience the problems listed above, you run the risk of choosing a technology that might never catch on. Opting for proven technology in your development projects promotes stability, security, and maintainability–and the overall success of your applications.
4. Don’t: Access a database directly with user supplied information
One of the most common mistakes found in web applications, accessing a database directly with user-supplied information opens you up to security breaches. If unprotected, users can use input fields to inject malicious scripts into your application or access proprietary data from your database. Of course, most users will never attempt anything malicious, but you must approach user input with a defensive mindset.
Now, this has been an issue for years. However, I include it in this article for two reasons: First, it’s still a problem. Despite calls to sanitize user input, many developers still ignore this critical step. Secondly, web application attacks are on the rise. As more attackers attempt to compromise your applications, basic security principles can make all of the difference.
Do: Sanitize user inputs
“If you’re writing modular code, you need to make sure that whatever your inputs are, that you’re getting what you expect,” says Locke. “That means verifying that stuff coming into your code can’t do something wrong and cause more damage. Typically, this means using database abstraction layers to sanitize any user input before passing it into the database, to prevent SQL injection attacks. For web applications, this often means running all fields through an HTML encoding function, so that scripts get converted to harmless text instead of executing.”
5. Don’t: Make your users waitDo you ever get the feeling that attention spans are declining? Well, here’s some facts to back up your feelings. According to these statistics, attention spans have decreased by 4 seconds over the past 13 years.
What does this mean for developers? Users are increasingly intolerant of slow applications. Why does matter? This infographic shares some startling statistics relating to how page speed affects user retention, and the bottom line.
Do: Optimize for best performance
“Cut the fat wherever you can so that whatever you build will be as fast as possible,” says Kevin O’Keefe, Creative Director at SmartFile. “Minify all your code, asynchronous loading, delayed content rendering, or whatever it takes to trim milliseconds off your render. People love fast.”
6. Don’t: Build applications from scratch
With the available open source code, frameworks, and development tools, there’s very little reason to code any web application from the ground up. Not only does coding from scratch waste time, it generally results in inferior solutions.
Do: Use frameworks and tools
“The goal of any development project is delivering a quality solution in an efficient manner,” says Tyler Wassell, Software Development Manager at mrc. “Coding everything from start to finish is often unnecessary, and will just slow down your project. The best web developers understand that the right frameworks and tools will not only eliminate repetitive coding tasks, they will also fill gaps in their skillset–letting them accomplish more than they could coding from scratch.”
7. Don’t: Store sensitive data in plain text
One of the most common developer mistakes: failing to secure user authentication credentials. Rather, many developers still store user data in plain text inside the database. Why is that bad? Well, if/when an attacker breaks into the database, all of that sensitive data is immediately compromised–which not only harms your customers, it can cause irreparable damage to a company’s reputation.
Do: Encrypt sensitive user data in the database
Here’s a good security rule of thumb for the modern developer: Assume you will get hacked. It’s not a matter of “if” a hacker will gain access to your database. It’s a matter of “when”. When a hacker accesses your database, how easily can they steal your data? Encryption will help protect your sensitive user data from intruders when your database is compromised.
So, what do you think? Is there anything you would add to this list? If so, please share your thoughts in the comments.
If you enjoyed this article, sign up for email updates
We value your privacy. We will not spam you or share your email address with anyone. You're free to unsubscribe at any time.