30 Web Development Checklists Every Team Should Keep Handy

Building a website or app and making it available for the world is a complex business. A number of factors must come together to ensure the final product is successful. That means attracting and keeping visitors, meeting business goals, and minimizing problems. You can deliver a better product with the help of web development checklists.

As in everyday life, checklists can be a great organizational tool. They keep web development teams on track. They also ensure important tasks aren't overlooked in the rush to complete a project.

We searched the web for the most useful web development checklists. They cover everything from front-end and performance to SEO and marketing.

Launch (Pre-launch/Post-launch)

#1 The Essential Pre-launch Checklist for Your Website

A practical checklist that includes:

• design elements to look out for before launch
• functionality
• cross-browser testing
• SEO and content editing

#2 Website Launch Checklist

This is a nice checklist tool built by Glasgow developer Fraser Boag.

This tools lets you:

• check items as you complete each task
• grey out an item if it's not applicable
• reset the checklist to get it ready for the next project.

Changes will be saved using cookies, so you can easily use the checklist throughout the duration of your project.

The checklist covers content, benchmarks and performance, compatibility, accessibility, analytics, and more. Items in the list include, among other things:

• content editing
• navigation usability
• links testing
• GDPR compliance
• HTML and CSS validity
• styles and scripts minification

#3 The Essential Launch Checklist for Web Apps and Mobile Apps

Ben Cheng presents "… a simple launch checklist for web and mobile apps … for product managers to quickly test performance of their apps."

Not only does the author include important tasks to complete before launching, he also explains the why behind his choices.

The list presents items belonging to the following areas:

• performance
• security
• broken links
• compatibility
• SEO/social
• nice to haves, such as a 404 page, print stylesheets, and more.

Back-end (Database and Server) and Security

#4 Database Testing Checklist

For data persistence, you most likely need a database. The smooth running and integrity of the database are crucial to a fast and secure website or app. In this checklist, you'll find items relating to:

• database integrity
• stored procedures
• field validation
• constraints
• security
• transactions and more.

#5 Back-end Best Practices

These are stack-agnostic guidelines for best practices that encompass various back-end architectures. It’s comprehensive, including best practices on:

• data storage solutions
• security
• server environments
• application monitoring, and much more.

Towards the end of the document, you’ll find a responsibility checklist to organize your team’s work. You'll also find a release checklist for the launch of your website or app.

Front-end

#6 A Front-end Deployment Checklist

If you code landing pages, Fred Rocha's deployment checklist is what you need. It's succinct and to the point. It includes technical front-end items such as:

• checking performance
• validating the markup
• checking the console for JavaScript errors, and more.

#7 The Front-end Checklist by David Dias

It describes itself as "perfect for modern websites and meticulous developers". This is an online interactive tool that allows you to enter the project's URL and get a complete report on the following areas:

• head
• HTML
• webfonts
• CSS
• JavaScript
• images
• accessibility
• performance
• SEO

The check is thorough and reveals which items in the various areas deserve high, medium or low priority.

React App Deployment and Performance

#8 Live Readiness Checklist of a React App

This is a list of tasks you need to complete before your React app is ready for production.

#9 Death by a Thousand Cuts: A Checklist for Eliminating Common React Performance Issues

This is a six-item checklist with fun and clear explanations of how to go about implementing each of the tasks on the list for a blazing fast React app.

Cross-browser Testing

#10 Cross-browser Testing Checklist Before Going Live

Deeksha Agarwal offers a top-notch checklist to ensure your website or app works and looks as intended in all browsers and platforms on your local dev environment before the launch. Among the items you'll find in this list are:

• element alignment, and other HTML and CSS cross-browser issues
• font rendering
• API connections, and much more.

#11 Cross-browser Testing Checklist

Rajkumar offers this handy checklist where he mentions all the items you need to test on multiple operating systems and browsers.

Accessibility

#12 Checklist of Checkpoints for Web Content Accessibility Guidelines 1.0

This W3C checklist includes all the items you need to consider so that more people can access and use your site. The items are grouped according to a priority number from one to three.

It covers:

• providing text for non-text elements
• organizing documents so they can be read without stylesheets
• color contrast
• appropriate structure and elements for HTML documents
• expanding acronyms and abbreviations the first time they appear
• logical tab navigation, and more.

#13 WebAIM's WCAG 2 Checklist

This checklist presents WebAIM’s (Web Accessibility in Mind) accessibility recommendations for those seeking WCAG conformance.

#14 The A11Y Project Checklist

This A11Y Project checklist organizes items under the following headings:

• content
• global code
• keyboard
• images
• headings
• lists
• controls
• tables
• forms
• media
• appearance
• animation
• color contrast
• mobile/touch.

#15 The Definitive Website Accessibility Checklist

This checklist is presented in a great, user-friendly table where items are grouped on the basis of their accessibility priority level in accordance with WCAG 2.0 guidelines:

• Level A makes your website or app accessible to some users
• Level AA makes it available to almost all users
• Level AAA makes it available to all users.

The post 30 Web Development Checklists Every Team Should Keep Handy appeared first on SitePoint.

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

International hotel chain Marriott today disclosed a data breach impacting nearly 5.2 million hotel guests, making it the second security incident to hit the company in recent years. "At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property," Marriott said in a

Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites

Researchers found a serious security vulnerability in the WPvivid Backup plugin threatening numerous WordPress sites. Upon exploitation, this plugin vulnerability

Vulnerability In WPvivid Backup Plugin Could Expose Files Of WordPress Sites on Latest Hacking News.

Have you backed up your smartphone lately?

With World Backup Day upon us, we walk you through the ways to back up your iPhone or Android phone so that your personal data remains safe

The post Have you backed up your smartphone lately? appeared first on WeLiveSecurity

Zoom Removed Facebook SDK From iOS App To Stop Data Sharing

Zoom recently announced a change in their iOS app to ensure the privacy of the users. As announced Zoom removed

Zoom Removed Facebook SDK From iOS App To Stop Data Sharing on Latest Hacking News.

Work from home: Videoconferencing with security in mind

With COVID-19 concerns canceling face-to-face meetings, be aware of the security risks of videoconferencing and how to easily overcome them

The post Work from home: Videoconferencing with security in mind appeared first on WeLiveSecurity

Highly Critical And Easily Exploitable Vulnerability Found In CODESYS Web Server

Researchers found a critical vulnerability in CODESYS web server that could allow an attacker to conduct remote attacks. Fortunately, the

Highly Critical And Easily Exploitable Vulnerability Found In CODESYS Web Server on Latest Hacking News.

AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

These are unprecedented times, and everyone is going through a testing period, with more than 3 billion people locked down all over the world. Businesses are scrambling to stay afloat and are forced to move digital in a very short span of time without much preparation. As these businesses move digital, cyber threats are more real than ever. Every day we are hearing news about hackers taking

Critical OpenWrt Vulnerability Allowed Remote Code Execution On Target Devices

A serious vulnerability reportedly existed in OpenWrt – a Linux-based operating system. This critical vulnerability allows for remote code execution

Critical OpenWrt Vulnerability Allowed Remote Code Execution On Target Devices on Latest Hacking News.

COVID-19: Hackers Begin Exploiting Zoom's Overnight Success to Spread Malware

As people increasingly work from home and online communication platforms such as Zoom explode in popularity in the wake of coronavirus outbreak, cybercriminals are taking advantage of the spike in usage by registering new fake "Zoom" domains and malicious "Zoom" executable files in an attempt to trick people into downloading malware on their devices. According to a report published by Check

MEAN Stack: Build an App with Angular and the Angular CLI

For expert-led online Angular training courses, you can't go past Ultimate Angular by Todd Motto. Try his courses here, and use the code SITEPOINT to get 25% off and to help support SitePoint.

In this tutorial, we’re going to look at managing user authentication in the MEAN stack. We’ll use the most common MEAN architecture of having an Angular single-page app using a REST API built with Node, Express and MongoDB.

When thinking about user authentication, we need to tackle the following things:

1. let a user register
2. save user data, but never directly store passwords
3. let a returning user log in
4. keep a logged in user’s session alive between page visits
5. have some pages that can only been seen by logged in users
6. change output to the screen depending on logged in status (for example, a “login” button or a “my profile” button).

Before we dive into the code, let’s take a few minutes for a high-level look at how authentication is going to work in the MEAN stack.

The MEAN Stack Authentication Flow

So what does authentication look like in the MEAN stack?

Still keeping this at a high level, these are the components of the flow:

• user data is stored in MongoDB, with the passwords hashed
• CRUD functions are built in an Express API — Create (register), Read (login, get profile), Update, Delete
• an Angular application calls the API and deals with the responses
• the Express API generates a JSON Web Token (JWT, pronounced “Jot”) upon registration or login, and passes this to the Angular application
• the Angular application stores the JWT in order to maintain the user’s session
• the Angular application checks the validity of the JWT when displaying protected views
• the Angular application passes the JWT back to Express when calling protected API routes.

JWTs are preferred over cookies for maintaining the session state in the browser. Cookies are better for maintaining state when using a server-side application.

The Example Application

The code for this tutorial is available on GitHub. To run the application, you’ll need to have Node.js installed, along with MongoDB. (For instructions on how to install, please refer to Mongo’s official documentation — Windows, Linux, macOS).

The Angular App

To keep the example in this tutorial simple, we’ll start with an Angular app with four pages:

1. home page
2. register page
3. login page
4. profile page

The pages are pretty basic and look like this to start with:

The profile page will only be accessible to authenticated users. All the files for the Angular app are in a folder inside the Angular CLI app called /client.

We’ll use the Angular CLI for building and running the local server. If you’re unfamiliar with the Angular CLI, refer to the Building a Todo App with Angular CLI tutorial to get started.

The REST API

We’ll also start off with the skeleton of a REST API built with Node, Express and MongoDB, using Mongoose to manage the schemas. This API should initially have three routes:

1. /api/register (POST), to handle new users registering
2. /api/login (POST), to handle returning users logging in
3. /api/profile/USERID (GET), to return profile details when given a USERID

Let's set that up now. We can use the express-generator tool to create a lot of the boiler plate for us. If this is new for you, we have a tutorial on using it here.

Install it with npm i -g express-generator. Then, create a new Express app, choosing Pug as the view engine:

express -v pug mean-authentication

When the generator has run, change into the project directory and install the dependencies:

cd mean-authentication
npm i

At the time of writing, this pulls in an outdated version of Pug. Let's fix that:

npm i pug@latest

We can also install Mongoose while we’re at it:

npm i mongoose

Next, we need to create our folder structure.

• Remove the public folder: rm -rf public.
• Create an api directory: mkdir api.
• Create a controllers, a models, and a routes directory in the api directory: mkdir -p api/{controllers,models,routes}.
• Create a authenication.js file and a profile.js file in the controllers directory: touch api/controllers/{authentication.js,profile.js}.
• Create a db.js file and a users.js file in the models directory: touch api/models/{db.js,users.js}.
• Create an index.js file in the routes directory: touch api/routes/index.js.

When you're done, things should look like this:

.
└── api
    ├── controllers
    │   ├── authentication.js
    │   └── profile.js
    ├── models
    │   ├── db.js
    │   └── users.js
    └── routes
        └── index.js

Now let's add the API functionality. Replace the code in app.js with the following:

require('./api/models/db');

const cookieParser = require('cookie-parser');
const createError = require('http-errors');
const express = require('express');
const logger = require('morgan');
const path = require('path');

const routesApi = require('./api/routes/index');

const app = express();

// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'pug');

app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(express.static(path.join(__dirname, 'public')));

app.use('/api', routesApi);

// catch 404 and forward to error handler
app.use((req, res, next) => {
  next(createError(404));
});

// error handler
app.use((err, req, res, next) => {
  // set locals, only providing error in development
  res.locals.message = err.message;
  res.locals.error = req.app.get('env') === 'development' ? err : {};

  // render the error page
  res.status(err.status || 500);
  res.render('error');
});

module.exports = app;

Add the following to api/models/db.js:

require('./users');
const mongoose = require('mongoose');
const dbURI = 'mongodb://localhost:27017/meanAuth';

mongoose.set('useCreateIndex', true);
mongoose.connect(dbURI, {
  useNewUrlParser: true,
  useUnifiedTopology: true
});

mongoose.connection.on('connected', () => {
  console.log(`Mongoose connected to ${dbURI}`);
});
mongoose.connection.on('error', (err) => {
  console.log(`Mongoose connection error: ${err}`);
});
mongoose.connection.on('disconnected', () => {
  console.log('Mongoose disconnected');
});

Add the following to api/routes/index.js:

const ctrlAuth = require('../controllers/authentication');
const ctrlProfile = require('../controllers/profile');

const express = require('express');
const router = express.Router();

// profile
router.get('/profile/:userid', ctrlProfile.profileRead);

// authentication
router.post('/register', ctrlAuth.register);
router.post('/login', ctrlAuth.login);

module.exports = router;

Add the following to api/controllers/profile.js:

module.exports.profileRead = (req, res) => {
  console.log(`Reading profile ID: ${req.params.userid}`);
  res.status(200);
  res.json({
    message : `Profile read: ${req.params.userid}`
  });
};

Add the following to api/controllers/authentication.js:

module.exports.register = (req, res) => {
  console.log(`Registering user: ${req.body.email}`);
  res.status(200);
  res.json({
    message : `User registered: ${req.body.email}`
  });
};

module.exports.login = (req, res) => {
  console.log(`Logging in user: ${req.body.email}`);
  res.status(200);
  res.json({
    message : `User logged in: ${req.body.email}`
  });
};

Ensure that Mongo is running and then, finally, start the server with npm run start. If everything is configured properly, you should see a message in your terminal that Mongoose is connected to mongodb://localhost:27017/meanAuth, and you should now be able to make requests to, and get responses from, the API. You can test this with a tool such as Postman.

The post MEAN Stack: Build an App with Angular and the Angular CLI appeared first on SitePoint.

Many Users Hacked Via Fake Google Chrome Update From Compromised WordPress Websites

Hackers are exploiting various websites to conduct phishing attacks. These websites redirect users to fake sites prompting a malicious Chrome

Many Users Hacked Via Fake Google Chrome Update From Compromised WordPress Websites on Latest Hacking News.

Difference between Programming Language and Scripting Language

A programming language is a language used to write set of instructions to perform a task or to get an output from it, whereas Scripting language have comparatively small set of instructions which is used to produce different kinds of outputs which can be combined to some other program to perform a task. Scripting languages is a subset of programming languages.

The basic difference between both is that programming languages are compiled whereas scripting languages are interpreted, and the programming languages run independently but scripts do not. The deciding factor of the differences between these two is the environment on which they are used.

Initially, the programming languages were used to develop software/applications like Microsoft Excel, PowerPoint, Microsoft Word for example, but when the need to add new functionalities to these existing programs arose, then the need for scripting languages came into existence.

Programming Language vs Scripting Language

Programming Languages	Scripting Languages
Set of instructions to produce various types of outputs to automate a certain task.	Set of instructions to combine the outputs with different outputs to perform a task.
Compilation is necessary.	No need for compilation.
Not interpreted.	Interpretation is required.
Full- length code.	Small chunks of code.
Self-executable, no host is required.	Dependent on some other platform, host is required.
Runs independently.	Needs to be embedded to existing parent program.
Creates an .exe file.	Does not create .exe file
Used in Application/Software development.	Used in web development.
Time taken is more because of code being full-fledged.	Lesser time is taken because these are only small pieces of code.

The detailed differences between programming languages and scripting languages are:

• Programming languages use a compiler to first convert the high level language to machine level language in one go whereas, Scripting languages do not need a compiler and they use an interpreter for line by line conversion.
• Programming languages are compiled so they do not need to be interpreted by some other host, whereas, Scripts are interpreted with another program. For example: JavaScript is used within HTML and then interpreted by browser which is the host for it.
• Programming is a full-fledged code whereas script is a piece of code.
• Any development can be done from scratch by using programming languages whereas,
• Scripting languages are used to perform any specific task and gets combined to already existing programs.
• Programming languages are self-executable and run independently, whereas, A script gets combined to a parent program to make a specific task easier.
• The time taken to write a code using programming languages is relatively more because we need detailed line of code for each function whereas, A script is short and specific because it is only used to perform any function and will embed into some other host taking lesser time to write.
• An executable file can be created using a programming language, whereas, A script does not create any .exe file.
• Programming languages are categorized into: First, Second, Third, Fourth and Fifth Generation, whereas, Scripting languages are only divided into two categories: Server-side scripting languages and client-side scripting languages.
• Programming languages are primarily used for application development, whereas, Scripting languages are used to write code to perform any function in web development.
• Examples: Programming languages: C, C++, Java, C#, Scripting languages: JavaScript, PHP, VBScript, Perl, Python.

Note: Python is a programming language which is also used for scripting. It is basically a programming language but is used as a scripting language to write code to automate a certain process in a specific environment.

Conclusion

The execution time and complexity are basically the differentiating factors for programming languages and scripting languages. The difference between programming languages and scripting languages mainly depends on the environment being used and the process of execution.

Although, the difference between both is getting almost negligible nowadays due to the advanced and improved practices that are coming into existence.

The post Difference between Programming Language and Scripting Language appeared first on The Crazy Programmer.

Unpatched iOS Vulnerability Stops VPNs From Thorough Traffic Encryption

While Apple has built a credible stance regarding users’ privacy, a bug has recently made shown otherwise. As discovered, an

Unpatched iOS Vulnerability Stops VPNs From Thorough Traffic Encryption on Latest Hacking News.

Tekya Malware Targets 1 Million Android Users Through Malicious Apps On Play Store

While Google employs some tough policies for app developers to keep the Play Store safe, yet it never remains so.

Tekya Malware Targets 1 Million Android Users Through Malicious Apps On Play Store on Latest Hacking News.

Zoom iOS App Shares Data With Facebook Even For Non-FB Users

Once again, Zoom has made it to the news. But this time, it isn’t about any cyber attack or vulnerability,

Zoom iOS App Shares Data With Facebook Even For Non-FB Users on Latest Hacking News.

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

Cybersecurity researchers with Qihoo 360's NetLab today unveiled details of two recently spotted zero-day cyberattack campaigns in the wild targeting enterprise-grade networking devices manufactured by Taiwan-based DrayTek. According to the report, at least two separate groups of hackers exploited two critical remote command injection vulnerabilities (CVE-2020-8515) affecting DrayTek Vigor

Zero-Day Vulnerabilities In LILIN CCTV Cameras Under Active Exploit – Patch Now!

Multiple vulnerabilities exist in LILIN CCTV cameras that have attracted the attention of hackers. The zero-day bugs in LILIN CCTV

Zero-Day Vulnerabilities In LILIN CCTV Cameras Under Active Exploit – Patch Now! on Latest Hacking News.

Week in security with Tony Anscombe

What COVID-19 may mean for privacy rights – Managing supply-chain disruptions – Unpatched Windows zero-day under attack

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

7600 Sites Downed After Dark Web Hosting Provider Got Hacked Again

Daniel’s Hosting (DH), the largest dark web service provider, has once again been hacked. This time, around 7600 different websites

7600 Sites Downed After Dark Web Hosting Provider Got Hacked Again on Latest Hacking News.

What happens when the global supply chain breaks?

If we can’t secure the supply chain, eventually everything else will break

The post What happens when the global supply chain breaks? appeared first on WeLiveSecurity

Hackers Used Local News Sites to Install Spyware On iPhones

A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky, the "Operation Poisoned News" attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which

Cyber Security a Lenders Greatest Risk

Fraudsters can gain access to lenders system by the following ways: Backdoor hacking Backdoor is an entry to the digital

Cyber Security a Lenders Greatest Risk on Latest Hacking News.

How Aaron Osteraas Made the Content to Code Career Transition

As Aaron Osteraas can tell you, the path between discovering what you want to do for a living and actually doing it is rarely linear.

Now a Software Engineer at Tigerspike, a digital services company headquartered in Sydney, Aaron’s journey toward becoming a developer began when he was in high school, yet it wasn’t until his early 30s that he obtained his first full-time development job. The years in between were filled with starts and stops, challenges and successes, and a whole lot of tinkering.

“I was always tinkering with the family computer, which was mostly, ‘oh god I've broken it how do I fix it before I get in trouble,’" Aaron said of his technical beginnings. He had an appetite for building and modifying hardware, which he attributes to the joy that comes from doing something with your hands. He’d collect spare hardware, buy and sell parts, and at times resort to scrounging and trading. “There were computer parts strewn everywhere,” he said.

But by the time he graduated high school, Aaron had checked out academically. He wasn’t confident his grades were good enough for university, so he enrolled in TAFE, Australia’s largest vocational training provider, and spent six months learning XML before realizing that “making mobile websites for 2004’s best mobile phones in XML was pretty damn far from my idea of a good time.”

So he dropped out of TAFE and eventually found himself working in the world of content, where he stayed for seven years. Though he worked his way up to a managerial and editorial role for a handful of companies within the technical realm, Aaron found himself consistently unsatisfied.

I had this itch to solve technical problems, and working in content, I wasn't able to scratch it. That's what a lot of programming is, problem-solving. And it's not that this is unique to programming, it's just the type of problems – and solutions to them – are more enjoyable to me.

Back to School

During his long stretch in content, Aaron maintained enough of an interest in tinkering and programming to eventually enroll in a Software Engineering degree program.

I took one subject to start off, as I felt I needed to validate two things: one, that I could learn to study again, and two, that I would enjoy it.

Aaron found the validation he was after, but it wasn’t until a few years later, when he learned his company had been acquired and his job was on the line, that he decided to leave content behind and commit fully to becoming a developer. Knowing he could be let go in as little as a week, Aaron enrolled at RMIT University full-time to pursue a degree in Software Engineering.

Aaron was finally where he belonged, but it wasn’t easy.

There was a lot of frustration. I found certain languages, concepts, and themes difficult to grasp, and others came with remarkable ease. So when you're going from, ‘How easy and fun is this!’ to swearing at the computer asking why something isn't working, it can be emotionally turbulent.

In conjunction with the difficult subject matter was the overwhelming amount of career paths to choose from.

The world of programming is outrageously broad, there are innumerable paths you can take, and there's temptation to try and take them all because everyone loves the new shiny thing.

The more career paths he discovered, the less sure of himself he grew.

The post How Aaron Osteraas Made the Content to Code Career Transition appeared first on SitePoint.

6 tips for safe and secure remote working

Getting cybersecurity right in the work-from-home world can feel daunting. ESET Chief Security Evangelist Tony Anscombe shares 6 best practices that will steer you in the right direction.

The post 6 tips for safe and secure remote working appeared first on WeLiveSecurity

The Ultimate ADA Compliance Guide

This article was created in partnership with Inbound Junction. Thank you for supporting the partners who make SitePoint possible.

Based on web accessibility data, the ADA compliance-related lawsuits reached over 2,000 cases in 2019. ADA Compliance is Mandatory for Digital Agencies. The challenge, however, is knowing how to build and design ADA-compliant websites. That’s the problem we’ll help you address in this post.

In this ultimate ADA compliance guide, we’ve laid out the things your web design agency needs to know to make accessible websites.

The number of lawsuits will only keep growing if website owners, developers, and agencies continue to be non-compliant with the ADA.

If you don’t want to be a part of that statistic, you’ll need to ensure that your agency and client websites offer accessibility to persons with disabilities and adhere to ADA standards.

What is the ADA, anyway?

The Americans with Disabilities Act is a civil rights law that was enacted in 1990 to prohibit discrimination against persons with disabilities in every area of public life.

This includes non-discrimination in schools, jobs, transportation, and all private and public places for general access — and those considered as “public accommodation.”

For businesses, the required accommodations under the ADA include interface devices for the visually impaired, qualified interpreters or interpretive tools for the hearing impaired, ramp access for mobility devices like wheelchairs, and more.

In the digital space, specifically websites, ADA compliance means providing web accessibility features and functionalities that allow persons with disabilities to use sites effectively.

Originally, the ADA defined persons with disabilities as those with conditions that substantially limit major life activities — which somehow constricted what was considered as a disability.

In the 2018 amendment, however, the ADA’s scope became broader, changing the meaning of “major life activity” to include daily life functions like performing manual operations.

With this new definition, businesses will need to provide accessibility to a wide range of disabilities to adhere to ADA standards.

Why should web design agencies know about it?

If your web design agency creates websites that aren’t compliant with the ADA standards, you put your clients at risk of getting slapped with ADA-related lawsuits — and that’s not where you want to be.

By providing non-compliant sites to your clients, not only will you get some flak from them due to the legal problems they’re bound to get in, but you’ll also wreck your agency’s credibility.

It’s also worth pointing out that the ADA doesn’t specify the technical requirements for achieving compliance. Instead, it gives you the flexibility on how you can make your websites accessible.

Unfortunately, this doesn’t give you a lot to work with to comply with legislation fully.

The Department of Justice (DOJ) and the US courts previously used the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA success criteria as a standard for assessing the accessibility of websites.

The WCAG 2.1 provides layers of standards to help you achieve web accessibility, including principles, basic guidelines, success criteria, and sufficient and advisory techniques.

Although the WCAG 2.1 isn’t formally codified into US law, it’s currently the best and safest standard you can follow to comply with web accessibility requirements and the ADA.

The post The Ultimate ADA Compliance Guide appeared first on SitePoint.

HPE issues fix to stop some SSDs from self‑destructing

If left unpatched, a firmware flaw in some enterprise-class solid-state drives could make data on them unrecoverable as early as this fall

The post HPE issues fix to stop some SSDs from self‑destructing appeared first on WeLiveSecurity

Security Firm Keepnet Labs Database Leaked 5 Billion Records Of Breached Data

While most security breaches or data leak incidents involve new data, the recent event has exposed already breached data. As

Security Firm Keepnet Labs Database Leaked 5 Billion Records Of Breached Data on Latest Hacking News.

Outsourcing Your Software Development During the 2020 Pandemic – Save Work, Save Lives

Outsourcing Your Software Development During the 2020 Pandemic – Save Work, Save LivesWe are currently living through a pandemic the

Outsourcing Your Software Development During the 2020 Pandemic – Save Work, Save Lives on Latest Hacking News.

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun to take advantage of the situation to use coronavirus-related keywords in their app names,

Build a Node.js CRUD App Using React and FeathersJS

Building a modern project requires splitting the logic into front-end and back-end code. The reason behind this move is to promote code re-usability. For example, we may need to build a native mobile application that accesses the back-end API. Or we may be developing a module that will be part of a large modular platform.

The popular way of building a server-side API is to use Node.js with a library like Express or Restify. These libraries make creating RESTful routes easy. The problem with these libraries is that we'll find ourselves writing a ton of repetitive code. We'll also need to write code for authorization and other middleware logic.

To escape this dilemma, we can use a framework like Feathers to help us generate an API in just a few commands.

What makes Feathers amazing is its simplicity. The entire framework is modular and we only need to install the features we need. Feathers itself is a thin wrapper built on top of Express, where they've added new features — services and hooks. Feathers also allows us to effortlessly send and receive data over WebSockets.

Prerequisites

To follow along with this tutorial, you'll need the following things installed on your machine:

• Node.js v12+ and an up-to-date version of npm. Check this tutorial if you need help getting set up.
• MongoDB v4.2+. Check this tutorial if you need help getting set up.
• Yarn package manager — installed using npm i -g yarn.

It will also help if you’re familiar with the following topics:

• how to write modern JavaScript
• flow control in modern JavaScript (e.g. async ... await)
• the basics of React
• the basics of REST APIs

Also, please note that you can find the completed project code on GitHub.

Scaffold the App

We're going to build a CRUD contact manager application using Node.js, React, Feathers and MongoDB.

In this tutorial, I'll show you how to build the application from the bottom up. We'll kick-start our project using the popular create-react-app tool.

You can install it like so:

npm install -g create-react-app

Then create a new project:

# scaffold a new react project
create-react-app react-contact-manager
cd react-contact-manager

# delete unnecessary files
rm src/logo.svg src/App.css src/serviceWorker.js

Use your favorite code editor and remove all the content in src/index.css. Then open src/App.js and rewrite the code like this:

import React from 'react';

const App = () => {
  return (
    <div>
      <h1>Contact Manager</h1>
    </div>
  );
};

export default App;

Run yarn start from the react-contact-manager directory to start the project. Your browser should automatically open http://localhost:3000 and you should see the heading “Contact Manager”. Quickly check the console tab to ensure that the project is running cleanly with no warnings or errors, and if everything is running smoothly, use Ctrl + C to stop the server.

Build the API Server with Feathers

Let's proceed with generating the back-end API for our CRUD project using the feathers-cli tool:

# Install Feathers command-line tool
npm install @feathersjs/cli -g

# Create directory for the back-end code
# Run this command in the `react-contact-manager` directory
mkdir backend
cd backend

# Generate a feathers back-end API server
feathers generate app

? Do you want to use JavaScript or TypeScript? JavaScript
? Project name backend
? Description contacts API server
? What folder should the source files live in? src
? Which package manager are you using (has to be installed globally)? Yarn
? What type of API are you making? REST, Realtime via Socket.io
? Which testing framework do you prefer? Mocha + assert
? This app uses authentication No

# Ensure Mongodb is running
sudo service mongod start
sudo service mongod status

● mongod.service - MongoDB Database Server
   Loaded: loaded (/lib/systemd/system/mongod.service; disabled; vendor preset: enabled)
   Active: active (running) since Wed 2020-01-22 11:22:51 EAT; 6s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 13571 (mongod)
   CGroup: /system.slice/mongod.service
           └─13571 /usr/bin/mongod --config /etc/mongod.conf

# Generate RESTful routes for Contact Model
feathers generate service

? What kind of service is it? Mongoose
? What is the name of the service? contacts
? Which path should the service be registered on? /contacts
? What is the database connection string? mongodb://localhost:27017/contactsdb

# Install email and unique field validation
yarn add mongoose-type-email

Let's open backend/config/default.json. This is where we can configure our MongoDB connection parameters and other settings. Change the default paginate value to 50, since front-end pagination won't be covered in this tutorial:

{
  "host": "localhost",
  "port": 3030,
  "public": "../public/",
  "paginate": {
    "default": 50,
    "max": 50
  },
  "mongodb": "mongodb://localhost:27017/contactsdb"
}

Open backend/src/models/contact.model.js and update the code as follows:

require('mongoose-type-email');

module.exports = function (app) {
  const modelName = 'contacts';
  const mongooseClient = app.get('mongooseClient');
  const { Schema } = mongooseClient;
  const schema = new Schema({
    name : {
      first: {
        type: String,
        required: [true, 'First Name is required']
      },
      last: {
        type: String,
        required: false
      }
    },
    email : {
      type: mongooseClient.SchemaTypes.Email,
      required: [true, 'Email is required']
    },
    phone : {
      type: String,
      required: [true, 'Phone is required'],
      validate: {
        validator: function(v) {
          return /^\+(?:[0-9] ?){6,14}[0-9]$/.test(v);
        },
        message: '{VALUE} is not a valid international phone number!'
      }
    }
  }, {
    timestamps: true
  });

  ...

  return  mongooseClient.model(modelName,  schema);
};

Mongoose introduces a new feature called timestamps, which inserts two new fields for you — createdAt and updatedAt. These two fields will be populated automatically whenever we create or update a record. We've also installed the mongoose-type-email plugin to perform email validation on the server.

Now, open backend/src/mongoose.js and change this line:

{ useCreateIndex: true, useNewUrlParser: true }

to:

{ useCreateIndex: true, useNewUrlParser: true, useUnifiedTopology: true }

This will squash an annoying deprecation warning.

Open a new terminal and execute yarn test inside the backend directory. You should have all the tests running successfully. Then, go ahead and execute yarn start to start the back-end server. Once the server has initialized, it should print 'Feathers application started on localhost:3030' to the console.

Launch your browser and access the URL http://localhost:3030/contacts. You should expect to receive the following JSON response:

{"total":0,"limit":50,"skip":0,"data":[]}

Test the API with Postwoman

Now let's use Postwoman to confirm all of our endpoints are working properly.

First, let's create a contact. This link will open Postwoman with everything set up to send a POST request to the /contacts endpoint. Make sure Raw input enabled is set to on, then press the green Send button to create a new contact. The response should be something like this:

{
  "_id": "5e36f3eb8828f64ac1b2166c",
  "name": {
    "first": "Tony",
    "last": "Stark"
  },
  "phone": "+18138683770",
  "email": "tony@starkenterprises.com",
  "createdAt": "2020-02-02T16:08:11.742Z",
  "updatedAt": "2020-02-02T16:08:11.742Z",
  "__v": 0
}

Now let's retrieve our newly created contact. This link will open Postwoman ready to send a GET request to the /contacts endpoint. When you press the Send button, you should get a response like this:

{
  "total": 1,
  "limit": 50,
  "skip": 0,
  "data": [
    {
      "_id": "5e36f3eb8828f64ac1b2166c",
      "name": {
        "first": "Tony",
        "last": "Stark"
      },
      "phone": "+18138683770",
      "email": "tony@starkenterprises.com",
      "createdAt": "2020-02-02T16:08:11.742Z",
      "updatedAt": "2020-02-02T16:08:11.742Z",
      "__v": 0
    }
  ]
}

We can show an individual contact in Postwoman by sending a GET request to http://localhost:3030/contacts/<_id>. The _id field will always be unique, so you'll need to copy it out of the response you received in the previous step. This is the link for the above example. Pressing Send will show the contact.

We can update a contact by sending a PUT request to http://localhost:3030/contacts/<_id> and passing it the updated data as JSON. This is the link for the above example. Pressing Send will update the contact.

Finally we can remove our contact by sending a DELETE request to the same address — that is, http://localhost:3030/contacts/<_id>. This is the link for the above example. Pressing Send will delete the contact.

Postwoman is an very versatile tool and I encourage you to use it to satisfy yourself that your API is working as expected, before moving on to the next step.

The post Build a Node.js CRUD App Using React and FeathersJS appeared first on SitePoint.

Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploit

Microsoft recently issued an alert for all Windows users regarding a serious vulnerability under attack. This zero-day vulnerability primarily threatens

Microsoft Alerts Users Of Zero-Day RCE Vulnerability In Windows 7 Under Active Exploit on Latest Hacking News.

Public health vs. personal privacy: Choose only one?

As the world turns to technology to track and contain the COVID-19 pandemic, could this sound the death knell for digital privacy?

The post Public health vs. personal privacy: Choose only one? appeared first on WeLiveSecurity

Hackers Spread Malware With Fake COVID-19 Info App Via DNS Hijacking Routers

A new malicious campaign is in the wild where hackers are hijacking DNS records to spread malware. The malware aims

Hackers Spread Malware With Fake COVID-19 Info App Via DNS Hijacking Routers on Latest Hacking News.

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called "TrickMo" by IBM X-Force researchers, is under active development and has exclusively targeted German users

General Electric (GE) Indirectly Suffered Data Breach After Service Provider Hack

The American tech giant General Electic (GE) now emerges as the latest victim of a security incident. Although, the issues

General Electric (GE) Indirectly Suffered Data Breach After Service Provider Hack on Latest Hacking News.

How to Debug a Node.js Application: Tips, Tricks and Tools

Software development is complex and, at some point, your Node.js application will fail. If you’re lucky, your code will crash with an obvious error message. If you’re unlucky, your application will carry on regardless but not generate the results you expect. If you’re really unlucky, everything will work fine until the first user discovers a catastrophic disk-wiping bug.

What is Debugging?

Debugging is the black art of fixing software defects. Fixing a bug is often easy — a corrected character or additional line of code solves the problem. Finding that bug is another matter, and developers can spend many unhappy hours trying to locate the source of an issue. Fortunately, Node.js has some great tools to help trace errors.

Terminology

Debugging has its own selection of obscure jargon, including the following:

Term	Explanation
breakpoint	the point at which a debugger stops a program so its state can be inspected
debugger	a tool which offers debugging facilities such as running code line by line to inspect internal variable states
feature	as in the claim: “it’s not a bug, it’s a feature”. All developers say it at some point during their career
frequency	how often or under what conditions a bug will occur
it doesn’t work	the most-often made but least useful bug report
log point	an instruction to a debugger to show the value of a variable at a point during execution
logging	output of runtime information to the console or a file
logic error	the program works but doesn’t act as intended
priority	where a bug is allocated on a list of planned updates
race condition	hard-to-trace bugs dependent the sequence or timing of uncontrollable events
refactoring	rewriting code to help readability and maintenance
regression	re-emergence of a previously fixed bug perhaps owing to other updates
related	a bug which is similar or related to another
reproduce	the steps required to cause the error
RTFM error	user incompetence disguised as a bug report, typically followed by a response to “Read The Flipping Manual”
step into	when running code line by line in a debugger, step into the function being called
step out	when running line by line, complete execution of the current function and return to the calling code
step over	when running line by line, complete execution of a command without stepping into a function it calls
severity	the impact of a bug on system. For example, data loss would normally be considered more problematic than a UI issue unless the frequency of occurrence is very low
stack trace	the historical list of all functions called before the error occurred
syntax error	typographical errors, such as console.lug()
user error	an error caused by a user rather than the application, but may still incur an update depending on that person’s seniority
watch	a variable to examine during debugger execution
watchpoint	similar to a breakpoint, except the program is stopped when a variable is set to a specific value

How to Avoid Bugs

Bugs can often be prevented before you test your application …

Use a Good Code Editor

A good code editor will offer numerous features including line numbering, auto-completion, color-coding, bracket matching, formatting, auto-indentation, variable renaming, snippet reuse, object inspection, function navigation, parameter prompts, refactoring, unreachable code detection, suggestions, type checking, and more.

Node.js devs are spoiled for choice with free editors such as VS Code, Atom, and Brackets, as well as plenty of commercial alternatives.

Use a Code Linter

A linter can report code faults such as syntax errors, poor indentation, undeclared variables, and mismatching brackets before you save and test your code. The popular options for JavaScript and Node.js include ESLint, JSLint, and JSHint.

These are often installed as global Node.js modules so you can run checks from the command line:

eslint myfile.js

However, most linters have code editor plugins, such as ESLint for VS Code and linter-eslint for Atom which check your code as you type:

Use Source Control

A source control system such as Git can help safe-guard your code and manage revisions. It becomes easier to discover where and when a bug was introduced and who should receive the blame! Online repositories such as GitHub and Bitbucket offer free space and management tools.

Adopt an Issue-tracking System

Does a bug exist if no one knows about it? An issue-tracking system is used to report bugs, find duplicates, document reproduction steps, determine severity, calculate priorities, assign developers, record discussions, and track progress of any fixes.

Online source repositories often offer basic issue tracking, but dedicated solutions may be appropriate for larger teams and projects.

Use Test-driven Development

Test-driven Development (TDD) is a development process which encourages developers to write code which tests the operation of a function before it’s written — for example, is X returned when function Y is passed input Z.

Tests can be run as the code is developed to prove a function works and spot any issues as further changes are made. That said, your tests could have bugs too …

Step Away

It’s tempting to stay up all night in a futile attempt to locate the source of a nasty bug. Don’t. Step away and do something else. Your brain will subconsciously work on the problem and wake you at 4am with a solution. Even if that doesn’t happen, fresh eyes will spot that obvious missing semicolon.

Node.js Debugging: Environment Variables

Environment variables that are set within the host operating system can be used to control Node.js application settings. The most common is NODE_ENV, which is typically set to development when debugging.

Environment variables can be set on Linux/macOS:

NODE_ENV=development

Windows cmd:

set NODE_ENV=development

Or Windows Powershell:

$env:NODE_ENV="development"

Internally, an application will enable further debugging features and messages. For example:

// is NODE_ENV set to "development"?
const DEVMODE = (process.env.NODE_ENV === 'development');

if (DEVMODE) {
  console.log('application started in development mode on port ${PORT}');
}

NODE_DEBUG enables debugging messages using the Node.js util.debuglog (see below), but also consult the documentation of your primary modules and frameworks to discover further options.

Note that environment variables can also be saved to a .env file. For example:

NODE_ENV=development
NODE_LOG=./log/debug.log
SERVER_PORT=3000
DB_HOST=localhost
DB_NAME=mydatabase

Then loaded using the dotenv module:

require('dotenv').config();

Node.js Debugging: Command Line Options

Various command-line options can be passed to the node runtime when launching an application. One of the most useful is --trace-warnings, which outputs stack traces for process warnings (including deprecations).

Any number of options can be set, including:

• --enable-source-maps: enable source maps (experimental)
• --throw-deprecation: throw errors when deprecated features are used
• --inspect: activate the V8 inspector (see below)

By way of an example, let’s try to log the crypto module’s DEFAULT_ENCODING property, which was deprecated in Node v10:

const crypto = require('crypto');

function bar() {
  console.log(crypto.DEFAULT_ENCODING);
}

function foo(){
  bar();
}

foo();

Now run this with the following:

node index.js

We’ll then see this:

buffer
(node:7405) [DEP0091] DeprecationWarning: crypto.DEFAULT_ENCODING is deprecated.

However, we can also do this:

node --trace-warnings index.js

That produces the following:

buffer
(node:7502) [DEP0091] DeprecationWarning: crypto.DEFAULT_ENCODING is deprecated.
    at bar (/home/Desktop/index.js:4:22)
    at foo (/home/Desktop/index.js:8:3)
    at Object.<anonymous> (/home/Desktop/index.js:11:1)
    at Module._compile (internal/modules/cjs/loader.js:1151:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1171:10)
    at Module.load (internal/modules/cjs/loader.js:1000:32)
    at Function.Module._load (internal/modules/cjs/loader.js:899:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:71:12)
    at internal/main/run_main_module.js:17:47

This tells us that the deprecation warning comes from the code in line 4 (the console.log statement), which was executed when the bar function ran. The bar function was called by the foo function on line 8 and the foo function was called on line 11 of our script.

Note that the same options can also be passed to nodemon.

Console Debugging

One of the easiest ways to debug an application is to output values to the console during execution:

console.log( myVariable );

Few developers delve beyond this humble debugging command, but they’re missing out on many more possibilities, including these:

console method	description
.log(msg)	output a message to the console
.dir(obj,opt)	uses util.inspect to pretty-print objects and properties
.table(obj)	outputs arrays of objects in tabular format
.error(msg)	output an error message
.count(label)	a named counter reporting the number of times the line has been executed
.countReset[label]	resets a named counter
.group(label)	indents a group of log messages
.groupEnd(label)	ends the indented group
.time(label)	starts a timer to calculate the duration of an operation
.timeLog([label]	reports the elapsed time since the timer started
.timeEnd(label)	stops the timer and reports the total duration
.trace()	outputs a stack trace (a list of all calling functions)
.clear()	clear the console

console.log() accepts a list of comma-separated values. For example:

let x = 123;
console.log('x:', x);
// x: 123

However, ES6 destructuring can offer similar output with less typing effort:

console.log({x});
// { x: 123 }

Larger objects can be output as a condensed string using this:

console.log( JSON.stringify(obj) );

util.inspect will format objects for easier reading, but console.dir() does the hard work for you.

The post How to Debug a Node.js Application: Tips, Tricks and Tools appeared first on SitePoint.

Make Working from Home Successful: Resources for Remote Teams

If you're a designer or developer, chances are you've made the shift to working from home in the past couple of weeks.

To help manage the change, we thought we'd share some of our best resources on working remotely — starting with some books …

The Art of Working Remotely

If you work from home, a co-working space, or coffee shop, this book is for you. Discover how to set up a quality workspace. Learn the behaviors and practices that contribute to remote worker success. You, too, can thrive in a distributed workplace.

Influencing Virtual Teams

Learn the psychological secrets of persuasion that influence your remote employees to do what you need them to do. In "Influencing Virtual Teams" you'll get step-by-step tactics that you can implement straightaway with your team to improve your team's engagement and commitment to doing their work.

The Project Book

Projects are the lifeblood of organizations, but many projects fall short of expectations because of poor project management and/or poor project sponsorship. In The Project Book, Colin D Ellis teaches you the skills and behaviors required to make your projects succeed, every time.

Articles

Remote Work: Tips, Tricks and Best Practices for Success

Make WFH a productive, happy work experience and avoid endless hours of misery, loneliness, and frustration.

The Real Future of Remote Work is Asynchronous

Kate Kendall looks at how remote work has drifted from its asynchronous potential – and what we can do to get it back there.

Productive Remote Work (When Your Mental Health Says “No”)

Daniel Schwarz explores the downsides of remote work and offers tips for aligning your mind and body to make remote working work for you.

How to Prepare for a Remote Job Search

Joshua Kraus explores how to conduct a remote job search, impress remote employers, nail interviews and land a remote job that best fits your needs.

Want access to our 400+ books and courses for just $3/month?

Join SitePoint Premium today and get access to all these books, PLUS over 400 other books and courses for just $3/month for your first three months! ($9/month thereafter, cancel anytime).

Get access now for just $3!

Need a Remote Job?

Search hundreds of remote jobs on SitePoint Remote, with over 20 new jobs posted each day!

Find a Remote Job Now!

Happy Learning!

The SitePoint Team

The post Make Working from Home Successful: Resources for Remote Teams appeared first on SitePoint.

PwndLocker Transforms Into ProLock Ransomware Barring Free Decryption Tools

PwndLocker ransomware recently emerged as ransomware threatening businesses with huge ransom demands. However, soon after its emergence, the cybersecurity community

PwndLocker Transforms Into ProLock Ransomware Barring Free Decryption Tools on Latest Hacking News.

Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

A cybersecurity researcher today disclosed technical details and proof-of-concept of a critical remote code execution vulnerability affecting OpenWrt, a widely used Linux-based operating system for routers, residential gateways, and other embedded devices that route network traffic. Tracked as CVE-2020-7982, the vulnerability resides in the OPKG package manager of OpenWrt that exists in the

UK Fintech Company Finastra Went Down After Ransomware Attack

Amidst lockdown due to the global pandemic, UK-based firm Finastra has suffered a ransomware attack. The fintech company halted its

UK Fintech Company Finastra Went Down After Ransomware Attack on Latest Hacking News.

10 Projects to Get You to Your First Dev Job in 2020

For those of you looking to break into the world of web development with your first dev job, the amount of things you are expected to know can be overwhelming: HTML, CSS, JavaScript, version control, build tools, frameworks, the command line. The list goes on …

But never fear! In this post I'd like to offer you a little guidance by outlining ten skills that will help you land your first dev job in 2020. For each skill, I’ll suggest a hands-on project to get you started and point you to appropriate resources on SitePoint Premium for further reading.

Let's dive in.

1. Get to Know Your Code Editor

As a coder, you're going to be spending a lot of time in your editor of choice. That's why you should make the effort to learn what it can do and how to configure it properly. The subject of which editor to use can quickly become controversial, but if you’re just starting out, I would encourage you to check out VS Code (or VSCodium if you care about privacy).

VS Code ships with a lot of cool features, such as Emmet abbreviations, intellisense, various keyboard shortcuts and Git integration. There are also hundreds (if not thousands) of extensions that you can install to customize your workflow.

Project Idea

Install VS Code on your machine and commit to using it. Spend some time researching popular extensions for your language of choice and install at least three of these. You should also install Prettier and configure it to format your code on save, as well as ESLint, which will display JavaScript linting errors in VS Code's console. For bonus points, you can print out the keyboard shortcut reference sheet for your platform and attempt to memorize two or three shortcuts per week.

Further Reading

By way of a reference, I would recommend Visual Studio Code: End-to-End Editing and Debugging Tools for Web Developers. This up-to-date guide covers all of the essential VS Code components, including the editing features of the workspace, advanced functionality such as code refactoring and key binding, and integration with Grunt, Gulp, npm, and other external tools. Chapter Two, which introduces you to the user interface, and Chapter Nine, on working with extensions, should be of particular interest.

2. Build a Contact Form

If you’re building a web application, it's only a matter of time until you encounter HTML forms. They’re a big part of the web experience, and they can be complicated. For example, you need to make them accessible, and you need to make sure they render well on different browsers and on smaller screens. It can also be a challenge to style them consistently without breaking their usability.

Forms are a critical part of a visitor's journey on your site. Even if your visitor is sold on what you have to offer, a broken or even a badly laid out form could be enough for them to abandon ship. That means you lose the conversion.

Project Idea

Build and style a contact form. Concentrate on the alignment of the form fields, a prominent CTA, and make sure the form previews well across browsers and devices. Try to include various form controls, such as <select> elements and check boxes, while keeping the layout simple and elegant.

You might also like to upload your finished form to CodePen, an online community for testing and showcasing user-created HTML, CSS and JavaScript code snippets. When applying for a job, a well-curated CodePen account could potentially serve as a mini portfolio.

Further Reading

Form Design Patterns offers ten recipes for different kinds of forms — registration forms, booking forms, login forms and more. Learn from the pros and find out how to make your forms both engaging and accessible to all. If you're looking for a quick start with this project, I recommend reading the first part of the first chapter, which covers things such as labels, placeholders, styling and input types.

3. Become Acquainted with Client-side Validation

You won't get far as a web developer in 2020 without knowing JavaScript: it's one of the most popular programming languages in the world and, frankly, a must-have skill.

On the front end it's used for a wide variety of tasks, such as making interactive elements for web pages (sliders, maps, charts, menus, chat widgets, etc.) and generally enhancing the user experience. One rather nice feature of the language is that it can manipulate the DOM, so as to offer users instant feedback on an action without needing to reload the page. This makes web pages feel snappier and more responsive.

Project Idea

In this project, you should take the contact form you built in step two and augment it with client-side validation.

Using the correct input types will get you a lot of the way there, but also try to add some custom validation. You should display error messages in an intuitive way and avoid using alert boxes. And if all that sounds a bit too easy, why not add a field which asks a question to ensure that the user isn’t a bot.

Further Reading

If you’re new to the world of JavaScript programming, or would just like a quick and easy desk reference, then check out JavaScript: Novice to Ninja, 2nd Edition. This step-by-step introduction to coding in JavaScript will show you how to to solve real-world problems and develop richer web applications. You'll want to pay particular attention to Chapter Eight, which shows you how to use JavaScript to interact with an HTML form.

4. Make a Currency Converter Using the Fixer API

In the past, JavaScript had a reputation as being a toy language — good for menus and animations, but not a lot else. And while that might have been the case in the early 2000s, in 2020 nothing could be further from the truth.

Nowadays, entire apps are written in JavaScript. New tools and frameworks are introduced and developed at a rapid rate, and the language itself has undergone big changes since the arrival of ES2015 (aka ES6). It's important you stay abreast of these changes, and have a good idea of what JavaScript is capable of and where it fits into the web development picture as a whole.

Project Idea

Make an app that allows users to convert one currency to another. Users should enter an amount, select the actual currency, select the desired currency and then the app should fetch the exchange rate from the Fixer API. The user interface should be updated dynamically without any kind of page refresh.

Use modern JavaScript features where you can. Complete the project using either vanilla JavaScript, or a library like React to handle the UI updates.

Further Reading

JavaScript: Best Practice is a collection of articles which take a look at modern JavaScript and how the language has evolved to allow you to write clean, maintainable, and reusable code. I would recommend reading the “Anatomy of a Modern JavaScript Application”, “Using Modern JavaScript Syntax” and “Flow Control in Modern JavaScript”.

5. Design Your Own Portfolio Website

In your career as a web developer, you’ll likely find yourself working alongside a designer on the same project. And while design and development can be considered separate disciplines, having a firm grasp of the design process will ease that relationship and stand you in good stead with your colleagues.

Or perhaps you want to go it alone as a freelancer, taking projects from design to deployment. In this case, a generic-looking website won't cut it. You'll need to offer the client an eye-catching but also highly functional design that helps them achieve their business goals.

Project Idea

Design your own portfolio website — your place on the internet to present yourself and showcase your skills. Spend some time researching what makes a good portfolio design, then mock up a design of your own either with pencil and paper, or using a wireframing tool of your choice.

Design-wise, pay attention to the layout, the colors you’ll use, and the typography. Content-wise, consider which pages you’ll need (hint: you could include a contact form) and how to present both yourself and your work. There are lots of sites around the Internet that will give you tips on what to include.

Further Reading

Ok, I get it. Design is hard. But it doesn't need to be …

The Principles of Beautiful Web Design is a fantastic book if you’re struggling with the design process. It will walk you through an example design, from concept to completion, teaching you a host of practical skills along the way.

Start in Chapter One by reading about what makes good design and take it from there. Personally, I read the book from cover to cover in the course of a week, but you could also dip into the other chapters and learn about layout, color, texture, typography and imagery at your leisure.

The post 10 Projects to Get You to Your First Dev Job in 2020 appeared first on SitePoint.