To create a high-quality Web application, you have to do a lot of work before and after. What is Ata Sasmaz of a foreign developer? The Web developer creates and shares a check list, including application development, performance, security, analysis, availability, reliability, conversion policies, and competitive strategies.
DevelopmentJavaScript? Exception capture is allowed. These exceptions must be submitted to log service through Ajax requests, otherwise it is difficult to intercept errors in the Web environment.
The data layer can be separated or exchanged with another compliant data layer.
The deployment process should be automated. Project files used in the production environment should be generated by the deployment server and automatically completed without manual intervention.
The version control system saves the code change history to prevent the loss of existing code. It also helps collaborative development. GitHub is the most popular provider of this service. In addition, there is also a BitBucket. Does Microsoft have a Team that provides additional collaboration features? .
People will always have the time to write wrong code, and the code review system can ensure the high-quality production of developers. The system also familiarized more than one developer with the code. When the author of a piece of code is absent, other developers can make modifications smoothly. GitHub and Team? Foundation provides the corresponding code review function.
Each application needs to design and implement the permission and role system. Setting up a system administrator, User Administrator, and other roles requires a flexible global role system.
All errors should be recorded and used for future comprehensive checks. That is, all errors should be submitted to the global error record mechanism.
Before each deployment, the test server should run all tests. Deploy the application when the code test passes and report the application to the system administrator if the application fails to pass the code test.
The code in the business layer must be generic. Even if the code is oriented to the Web environment, it should be able to be used in different user interfaces and data layers in the desktop environment, server environment, and mobile device environment without changing the code.
A well-defined coding specification plays an important role in future project development. Do you need to write comments before the method? What are naming conventions? Where should the sample code be placed?
The most time-consuming issue during development is that different developers have different development environments. What people need to know is what software they should install, what versions they use, what components they need to install, and how to install them.
PerformanceContent? Delivery? Networks (Content Delivery Network) provides images, JS files, CSS files, and other static files for your services through servers closest to visitors to increase access speeds and reduce bandwidth usage. CloudFlare is an excellent example of the CDN service.
Should JS and CSS files use YUI? Compressor to reduce the file volume and use gzip for transmission. It is also a good practice to put the reference of JS code at the end.
Web applications should respond quickly. The system responsible for page loading analysis is responsible for identifying slow pages. A page that runs fast may encounter a problem where the loading time is too long for users to read specific data.
NoSQL databases (document-based databases) are fast in receiving and storing data and can be expanded on a large scale. Because such databases do not guarantee the integrity of the relationship, they should be used for key data. In scenarios such as user notifications and chat records, NoSQL can save costs and be used securely.
The data center address should be close to the vast majority of users. Data centers in the same country as users have a significant impact on the page access speed. If necessary, multiple data centers can be created.
The doubling of data storage results in lower application performance. The program architecture should be prepared to process large-scale data from multiple sources.
SecurityDatabase users should be restricted when accessing key information, such as obtaining even Hash passwords and Email addresses of all users. Stored procedures and views should be used for verification or custom data.
When the application contains a dependency on code with poor security, attackers May remotely execute the corresponding attack code.
It is possible to authenticate flood attacks and spam attacks initiated by users. Be sure to keep track of the last unknown operations they initiated at any time to avoid making a large number of requests.
All passwords should be hashed by salt values, and each user's salt value is unique. It is easy for people to use the same password on different services, and applications have the responsibility to protect users' passwords.
Cross? Site? The Scripting cross-site Scripting attack is a Web vulnerability that allows users to execute remote malicious scripts.
SQL injection is a common vulnerability. Attackers can construct strings to execute harmful SQL commands. Using ORM is a good precaution.
Cross-Site? Request? Forgery cross-site request Forgery is a common Web vulnerability. attackers place an iframe framework on their websites, which requests pages from programs, but users are not in applications. GET requests should not modify data. this is a rigid requirement to prevent POST requests from outside the application domain name, and protect the program from attacks. In contrast, it is better to provide a token for authentication after receiving the request in each form.
Even if the user information has been recorded on the computer and you have successfully logged on to the system a few minutes ago, you always need to verify the password when accessing or modifying key information such as password, Email, or data backup.
If you use HTTPS to transmit data, you should only use HTTPS for transmission. Otherwise, the man-in-the-middle is likely to be the transformer for HTTPS to HTTP transmission, so that users can send requests using HTTP to analyze data.
HTTPS is a world-wide encryption standard, and there is no additional overhead after the first handshake. All pages and resources should be transmitted over HTTPS. When using HTTPS, the recommended information source is HTTPS. Otherwise, the browser will not be displayed for security reasons.
Sessions and Cookies can be hijacked. The browser header information and the location information of the user's last IP address can be compared with the original user session information. An active defense method is to bind a session to the user's IP address, but it may cause problems in the case of dynamic addresses and mobile devices.
AnalysisEvery data, every request, and every event should be recorded in the storage of "big data. This data will be useful in the future, and data mining technology will present useful analysis reports.
For future plans, it is very important to identify the reasons behind the use of applications by users.
Nowadays, data analysis is critical. The analysis report reveals the future business direction. Excellent applications not only facilitate users, but also allow users to generate reports as needed.
ReliabilityIf the application server directly accepts connections, it is better to build a reverse proxy server that distributes requests internally. In this way, some servers can also be used as servers to provide services.
Data should be backed up at least on a daily basis, and more backup tasks should depend on specific storage and application servers. if necessary, a disaster recovery solution for the data center should also be prepared.
The test should cover all the code at the business layer and data layer. Disrupting user data, calculating incorrect results, providing incorrect data, and storing errors can result in loss of users and loss of money.
Currently, there are many third-party services that detect the server's online duration. They also provide customized services to check the server status at specified intervals.
AvailabilityCompared with Ajax technology, refreshing pages is slower, and users are also lost when pages are redirected. Single-page applications (like Gmail) have a good user experience and are more difficult to develop, making it easier to produce bugs. If resources (manpower) are sufficient, you can choose to develop a single-page application. otherwise, Ajax technology should be used.
The detailed error prompt page outputs any information related to the error, which is required by every developer. Applications in the production environment can still record the information logs, so it is necessary to hide the information.
The era of "learning to use programs" has passed. Before you get familiar with it, the program should be simple enough. After you are familiar with it, advanced operations will be displayed. Complex interfaces can discourage users.
The tendency to use search has gradually increased in recent years. Google, Facebook, and Twitter all have search functions. All software giants provide global search systems that can filter search results. To make your applications have consistent functions.
When an error occurs or a password is entered, you must specify the direction and direction of the user. remember this.
The general approach of uidesign is to first consider the desktop and then adapt to mobile devices. This method is costly in adaptation. The UI should first consider mobile devices and then adapt to the desktop.
Developers and testers cannot predict the problem from time to time. The best solution is to set a feedback mechanism on every page that allows users to access.
Users may use Windows, Mac, Linux, mobile devices, or an unknown device. In these environments, the UI behavior must be consistent. To achieve this, follow the standards and do not use nonstandard components. At the same time, using a framework such as Bootstrap or Foundation is also helpful.
Although Web applications are not targeted at organized visitors (from search engines), people always want to know what appears after clicking when sharing addresses in emails or IM. There are usually few interpretations of this, so the URL itself can provide at least relevant information during sharing.
Conversion PolicyInviting registration is the oldest and most effective conversion strategy for new users. The successful invitation system not only rewards the invitee, but also benefits the invitee.
Users will always have problems, and every application needs to support the system. The lack of support systems can discourage users. Here are some external solutions: ZenDesk, Desk, Freshdesk, Zoho? Support ......
It is important for users to go back and use the software. Users often do not remember the software and will not come back after they forget it. Regular sending of emails with message notifications can retain users. Do not forget to keep the switch of this type of option, otherwise it will become spam.
No matter how many users you have, even one or even thousands of users, you always have to do better. This will cover up the flaws of every software.
Visitors, even paying users, have a hard time sharing their applications on social networks. An incentive mechanism should be set up for this purpose. This requires that you use social network APIs such as Facebook and Twitter to disseminate relevant information.
It is important to keep users updated. When users use the software, they will be happy to know that you will support it and do better. Create a mail list to let users know that every month's improvement is a responsible attitude.
Don't expect users to come here. you have to fight for it. Although there are many high-quality advertising solutions, it is better to spend a small amount of money on the Internet or even provide the corresponding value for free, and then direct it to the corresponding products.
It is very important to know why the user leaves. A good system will send an email when the user leaves, provide a discount, and ask for feedback.
Competitive StrategyThe demand for software products has never been created out of thin air. Requirement Analysis allows developers and product managers to follow suit. Try to understand the customer's real needs by analyzing the most commonly used parts of the user.
No product is born perfect. One company developed, and other companies improved; the first one was improved. This is a development process in every industry. Each product has its competitors.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
