Coding

As a developer, knowledge of web application security vulnerabilities is essential in order to build software that is both resilient to attacks and protected through a layered approach of defense. The cybersecurity landscape is constantly shifting, however a good understanding of the most common vulnerabilities is a great place to get started with security. Before reviewing the articles below, be sure to look at 10 Most Common Security Vulnerabilities. The list that follows are a handful of articles I’ve written over the years both in my graduate and professional work. They focus on application security specifically as well as an understanding of the people behind such attacks. ...

You’ve decided it’s time to start solidifying ideas for your ideal website. You have no doubt spent countless hours in the planning phase identifying your target audience, design considerations, and of course you have a solid idea of your overall content strategy. If you haven’t, then do yourself a favor and take a look at The Complete Guide to Building Your Personal Brand, What Makes an Effective Website? and How to Design a Website for a Specific Target Audience? before reading on. ...

Fundamental to all modern web development is a strong foundational knowledge of version control. In recent years Git has emerged as the go-to choice for many developers and continues to gain popularity. Github is a platform that uses Git for source control. It provides an environment that encourages and fosters community open source development. It is a great platform to publish and use for version control on your own web sites and projects. Below I have listed several resources for getting started with Git, Github, Github Pages and Open Source. ...

The HTML5 and CSS learning resources provided here supplement classroom materials for my CMST 386 class taught at the University of Maryland University College. Please report any broken links in the LEO classroom. If you have any suggestions for additional resources that could be added here, let me know. To access some of these resources you will need to sign up for a free account, which I cannot mandate in class. ...

Like other top web servers, Nginx lets webmasters enable Gzip compression for their websites. It can compress scripts and stylesheets in a web page on the fly. The Gzip file’s size is significantly lower than the original file. Nginx supports 9 Gzip compression levels.1 is the lowest and 9 is the highest. To gzip a file, Nginx will use invoke a function and the function will use system resources during the file conversion process. The function will take few milliseconds to execute. ...

After Googleweblight, AMP aka Accelerated Mobile Pages is the new initiative from the search engine giant Google to make the web fast. As of today, over 900K sites are powered by AMP. I’ve used AMP on my site for a month. Below, I’ve shared the Pros and Cons of Google AMP. Pros of Google AMP (Advantages) Easy to implement Google has published a detailed documentation which covers the HTML markup/CSS code you should use while implementing AMP. It also covers tutorials, news, case studies and demos of AMP. If you’re a developer, go through the documentation before writing the code of your website. ...

Over the last few months my team has been developing microsites to accompany our main website. The requirements for these sites included having their own domain, theme and separate content. After reviewing options in Drupal 7, I decided the best approach given our situation was to use the Domain Access Module. The Domain Access Module provides a very solid and powerful framework for developing additional sites within your existing Drupal CMS, but it can also be somewhat complicated to setup for any given use case. I have documented some of the lessons learned over the last few months as we implemented Domain Access in our own project. ...

Yesterday, I was checking the performance of one of my sites with GTmetrix and Pingdom tools. Although my site takes about 1 second to open in any browser, the tools were reporting remove query strings from static resources warning. Anything that follows after the question mark i.e “?” is called a query string. You’ll find URLs with query strings on dynamic sites. If the site serves static content, it doesn’t make sense to use them. The website I’m talking about is a small blog. Hence, I decided to get rid of the warning. ...

As mentioned in my earlier blog post, I am using LetsEncrypt free SSL certificate on one of my sites. The certificate was due to expire in few weeks. The CertBot dispatched an alert message for the same on my official email address. As I’m using SSL for the first time and having several doubts in mind, I decided to renew LetsEncrypt certificate immediately. I fired the following command in the Linux terminal (10 days prior the certificate’s expiry date) and restarted Nginx. ...

After Google declared HTTPS as a ranking signal, thousands of sites have switched to HTTPS from HTTP. To secure your site with HTTPS, you must install an SSL certificate on the server and configure the web server to redirect HTTP traffic to HTTPS. Before Let’s Encrypt Certificate Authority was launched in 2016, companies used to charge a hefty amount for providing SSL certificates. Now, you can easily get free SSL certificates to secure your personal or business portal, thanks to Let’s Encrypt. ...