Mistakes could happen to anyone.The best in the industry could make the worst of mistakes.In this article,we are going to discuss about some of the common mistakes made by web developers and designers:
Going through the website, users need to know where they are at any point in time.Correct and consistent navigation allow the user to traverse through the website smoothly. Dead links should be avoided.The internet promises speed. If surfers can’t figure out where to go next quickly and get there easily, they’ll simply surf on to the next website–your competitor’s! It’s very frustrating to be forced to go back two or three pages to get to other areas of a site. It’s also a waste of time. There should be a navigation bar on every page that guides visitors to other areas of the site.
Not optimizing bandwidth usage
Since most development and testing takes place in a local network environment.,when you are downloading background images each being 3MB or more, you might not identify an issue with 1Gbit connection speed in your development environment. But when your users start loading a 15MB home page over 3G connections on their smartphones, you should prepare yourself for a list of complaints and problems.Optimizing your bandwidth usage could give you a great performance boost, and to gain this boost you probably only need a couple of tricks. There are few things that many good web deveopers do by default, including:
- Minification of all CSS
- Server side HTTP compression
- Optimization of image size and resolution
- Cross browser incompatibility
Authentication without proper Authorization
Before we proceed, let’s make sure that we are familiar with these two terms Authentication and Authorization.
Authentication: Verifying that a person is a specific user, since he/she has correctly provided their security credentials (password, answers to security questions, fingerprint scan, etc.).
Authorization: Confirming that a particular user has access to a specific resource or is granted permission to perform a particular action.
Stated another way, authentication is knowing who an entity is, while authorization is knowing what a given entity can do.
Let me explain this issue with an example:
Consider that your browser holds currently logged user information in an object similar to the following:
When doing a password change, your application makes the POST:
In your /changepassword method, you verify that user is logged and token has not expired. Then you find the user profile based on the :username parameter, and you change your user’s password.
So, you validated that your user is properly logged-in, and then you executed his request thus changing his password. Process seems OK, right? Unfortunately, the answer is NO!
At this point it is important to verify that the user executing the action and the user whose password is changed are the same. Any information stored on the browser can be tampered with, and any advanced user could easily update username:’bob’ to username:’Administrator’ without using anything else but built-in browser tools.
So in this case, we just took care of Authentication making sure that the user provided security credentials. We can even add validation that /changepassword method can only be executed by Authenticated users. However, this is still not enough to protect your users from malicious attempts.
You need to make sure that you verify actual request or and content of request within your /changepassword method and implement proper Authorization of the request making sure that user can change only her data.Authentication and Authorization are two sides of the same coin. Never treat them separately.
Not developing for different screen sizes
Bad links–hyperlinks that do nothing when clicked or lead to “404” error pages are the bane of any web surfer. Test your site and do it weekly to ensure that all links are working properly . Include a “Contact the Webmaster” link in your site’s footer so users can quickly let you know if they find a broken link or other mistake on your site and fix those errors immediately.
Not planning for portability
Assumption is the mother of all problems! When it comes to portability, this saying is more true than ever. How many times have you seen issues in web development like hard coded file paths, database connection strings, or assumptions that a certain library will be available on the server? Assuming that the production environment will match your local development computer is simply wrong.
- Can the website be viewed in different environments?
- Is the design layout consistent in all browsers?
Incorrect or missing SEO
The main cause of incorrect or missing SEO best practices on web sites is misinformed “SEO specialists”. Many web developers believe that they know enough about SEO and that it is not especially complex, but that’s just not true. SEO mastery requires significant time spent researching best practices and the ever-changing rules about how Google, Bing, and Yahoo index the web. Unless you constantly experiment and have accurate tracking + analysis, you are not a SEO specialist, and you should not claim to be one.
Ideal application setup should be maintenance-free:
Make sure that your application can scale and run on a load-balanced multiple server environment.
Allow simple and clear configuration–possibly in a single configuration file.
Handle exceptions when web server configuration is not as expected.
There are also other common mistakes that can be made by even the most experienced web designers such as using too many images and animations, cluttering the pages and leaving white spaces and the most irritating of all background music. Conducting proper testing to ensure usability of the website will best benefit the business and the user.So keep it simple.If it’s simple, it’s usable. All great websites keep it simple and usable