Web Development¶
Web Glossary¶
- Web Page¶
A web page is a single (“static”) HTML page.
Sometimes, when people say web page they really mean the whole website (as composed by e.g. a web application backed by a database or a static page generator with support for managing collections of interlinked HTML pages (e.g. Sphinx, Tinkerer).
Wikipedia: https://en.wikipedia.org/wiki/Web_page- Website¶
- Web site¶
A website is a set of interlinked HTML pages. Also used to refer to a web page.
Wikipedia: https://en.wikipedia.org/wiki/Website- Web Application¶
A web application is a software application running on a server which returns responses to specific requests and may interact with a database, email services, etc.
Like all systems, a web application works with variable data inputs and outputs.
- Web Hosting Service¶
A web hosting service offers virtual or physical server resource space for a web page, web site, or web application.
Shared, Dedicated, Virtual Private, Cloud (Virtual Instance)
Managed (24/7 Supported // n hours a month), Unmanaged (file a support request and wait)
- MAC address¶
A MAC (Media Access Control) address is a 48-bit identifier.
NIC cards have a MAC address.
Wireless cards a MAC address.
Many Wireless Access Points (AP) MAY all have the same text
SSIDbut different MAC addresses (e.g. for wireless mesh networking or WDS)DHCP IP address leases are tied to a MAC address.
A MAC address identifies a node to the nearest packet routing link segment (e.g. AP, Switch, Hub, Bridge).
Some IPv6 addresses contain the link Mac address.
UUID version 1 128-bit identifiers contain a link MAC address and the date/time. (Python
import uuid; print(uuid.uuid1()))
Wikipedia: https://en.wikipedia.org/wiki/MAC_address- ARP¶
Address Resolution Protocol
- TCP¶
Transmission Control Protocol
- IP¶
Internet Protocol
- IP Address¶
A IP identifier number identifying a particular network entity (e.g.
127.0.0.1)We are running out of 32-bit IPv4 addresses (
127.0.0.1), and are now moving toward 128-bit IPv6 addresses (0000:0000:0000:0000:0000:0000:0000:0001,::1)Certain IP addresses are locally-routable (e.g.
192.168.0.1within a home LAN) while others are globally-routable (e.g.8.8.8.8)
Wikipedia: https://en.wikipedia.org/wiki/IP_address- IPv4¶
IPv4 (IP version 4) is a web standard protocol defined by IETF.
Wikipedia: https://en.wikipedia.org/wiki/IPv4Docs: IPv4 Address- IPv4 Address¶
IPv4 addresses are 32-bit IP Address identifiers.
Standard: https://tools.ietf.org/html/rfc1918## Local IPv4 Addresses 127.0.0.1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ## Global IPv4 Addresses 8.8.8.8
- IPv6¶
IPv6 (IP version 6) is a web standard protocol defined by IETF.
Wikipedia: https://en.wikipedia.org/wiki/IPv6- IPv6 Address¶
IPv6 addresses are 128-bit IP Address identifiers.
Wikipedia: https://en.wikipedia.org/wiki/IPv6_addressStandard: https://tools.ietf.org/html/rfc4291Docs:IPv6 Address Examples:
## Local IPv4 Addresses 0000:0000:0000:0000:0000:0000:0000:0001 == ::1 # 127.0.0.1 0001:0000:0000:0000:0000:0000:0000:0001 == 1::1 ::/128 # unspecified (~IPv4 0.0.0.0/32) ::1/128 # localhost (~IPv4 127.0.0.0/24) ::/0 # unicast default route (~IPv4 0.0.0.0/0) ::ffff:0:0/96 # IPv6-mapped IPv4 ::96 # IPV4 compatible IPv6 addresses (deprecated) 2002::/16 # 6to4 2001::/32 # teredo fc00::/7 # unique local address fe80::/10 #MAC # link-local address (~IPv4 169.254.0.0/16) fec0::/10 # site-local address (deprecated) 3ffe::/16 # 6bone (returned) ## Global IPv6 Addresses # 8.8.8.8
- DHCP¶
DHCP (Dynamic Host Configuration Protocol) is a standard for acquiring an IP address, DNS, and NTP settings.
- Domain Name¶
A human-readable textual name for a network entity (e.g.
example.org)Wikipedia: https://en.wikipedia.org/wiki/Domain_name- DNS¶
Domain Name System. Converts a domain name (e.g.
localhostorwrdrd.github.io) into an IP address (e.g.127.0.0.1(IPv4) or::1(IPv6)).Initial DNS hosting costs are often covered by Web Hosts.
There are DNS record types for different types of services.
Surfing to a website in a browser may utilize
A,AAAA, and/orCNAMErecords to lookup the IP address of the web server (or least busy load balancer).Sending an email utilizes an
MXrecord to lookup the IP address and sender information for the mail host.Updates to DNS settings can take as long as 86400 seconds (one day) to propagate, depending upon the DNS TTL.
Docs: DNS ConfigurationDocs:wrdrd.tools.domain- URL¶
A URL (Uniform Resource Locator) is a string of characters that identify a resource location.
Where
hostis an IP address, hostname, or domain name, a URL is of the form:scheme://host:port/p/a/t/h https://wrdrd.github.io/docs/ # https, wrdrd.github.io, port 443, /docs/
- URI¶
A URI (Uniform Resource Identifier) is a string of characters that identify a resource.
scheme://host:port/p/a/t/h?query#fragment https://wrdrd.github.io/docs/#wrdrd
- URN¶
A URN (Uniform Resource Name) is a string of characters that identify a named resource in a namespace.
urn:namespace:key urn:isbn:0-486-27557-4 urn:uuid:6e8bc430-9c3a-11d9-9669-0800200c9a66
- Magnet URI¶
A Magnet URI is a URN containing an key to retrieve from a network (such as a DHT).
Web browsers can be configured to open Magnet URIs with other programs.
- UUID¶
A UUID (Universally Unique Identifier) is a 128- bit identifier for a resource.
IETF RFC 4122 defines 5 different algorithms for generating UUID:
- UUID 1
A UUID 1 identifier contains a mac address and a datetime with 100- nano-second resolution.
- UUID 2
A UUID 2 identifier contains a mac address and a POSIX UID or GID.
- UUID 4
A UUID 4 identifier contains a random identifier as determined by the configured source of random.
- Web Browser¶
A software program which visually renders resources identified by a URL and interprets scripts.
Examples: Internet Explorer, Mozilla Firefox, Google Chrome
Some web browsers support WebSocket.
Some web browsers support WebRTC.
Many web browsers support image formats like GIF, JPEG, PNG, and SVG Scalable Vector Graphics.
Many web browsers support Javascript scripts.
All web browsers work with a DOM (Document Object Model) which is parsed from HTTP and transformed by Javascript.
A number of example web browser extensions: Browser Extensions
- DOM¶
Document Object Model. Can be thought of as a layout outline of the objects in a particular document (e.g. text, shapes, images, videos).
Different web browsers interpret the DOM differently, depending on Web Standards and individual implementations.
Docs: Web Design- Web Standard¶
An agreed-upon standard specification for web things like data interchange, structure, and presentation.
Wikipedia: https://en.wikipedia.org/wiki/Web_standardsDocs: Web StandardsDocs: Semantic Web Standards- Open Web Standards¶
Open Web Standards are Open Source Web Standards (e.g. HTTP, HTML, XHTML, HTML5, CSS, Javascript, SVG, RDF)
Web Content¶
Media Resources: Copy, Text, Photos, Images, Videos (things with HTTP URLs)
Web Design¶
CSS¶
CSS (Cascading Style Sheets) define the presentational aspects of HTML and a number of mobile and desktop web framworks.
CSS is designed to ensure separation of data and presentation. With javascript, the separation is then data, code, and presentation.
Web Layout¶
A web layout is a box-model composition of DOM objects, their styles, and their behaviors at various screen sizes and resolutions.
Different browsers implement the DOM, HTML, CSS, and Javascript differently. It is necessary to test a web layout in the browsers which are utilized by the target audience.
In general, a simpler page renders faster and more consistently.
Some users may be browsing without Javascript (either because their very classic web browser doesn’t support it, or, optionally, because of security concerns introduced by active page scripts). Because of this, it’s usually best to not rely upon Javascript for page layout and instead work with pure-CSS implementations.
CSS framework developers specialize in developing CSS grids and layouts which work across browsers, devices, and various screen sizes.
Image Based Layouts¶
At first glance, it may seem that an image-based layout with fixed dimensions (as might be developed in a traditional graphic design program) would be simpler and easier; however:
an 800px wide image layout is hardly usable on a mobile device
search engines and screen readers are unable to read text embedded within images; necessitating
alt=attributes on<img>tags andtitle=attributes on<a>tagswhen scaled (by zooming in), raster images like JPEG, PNG, and GIF look blocky and pixelated
Practically, it is not possible to develop a responsive web layout which supports diverse screen sizes and resolutions with traditional graphic design tools. It is far more consistent and reproducible to start with an HTML web page and a CSS framework and then develop a template from there.
Screen Captures¶
There are many tools and services for collecting screen captures (or screen shots) of web layouts.
Features to look for:
Capturing the visible area of the page
Capturing the whole page
Setting the browser resolution
Ways to collect screen captures and movies at various points in a testing workflow:
Browser: Web Browser testing tools (e.g. Javascript)
Browser: Browser Extensions
Web Service: multi-platform browser testing grid services
Build Script: record the [X] buffer with the test sequence
See: Video Production
Bootstrap¶
What is Bootstrap?
A responsive HTML and CSS (LESS, Sass SCSS (4.0)) Framework.
Bootstrap Web Site Styles / Themes / Templates
https://expo.getbootstrap.com/resources/
Custom:
Templates:
https://themes.getbootstrap.com/ (Updated, Free, Official)
https://bootswatch.com/ (Free)
https://wrapbootstrap.com/theme/deusone-responsive-one-page-template-WB0271X52
Examples:
Web Development Checklist¶
A checklist for building a modern website with structured data; for search, social web, sharing.
See also: http://webdevchecklist.com/
[ ] Pick a CSS framework
[ ] Create page layout template
[ ] Create or acquire static template
Helps if it already includes a CSS framework
[ ] Create or acquire dynamic template
[ ] Create static HTML page from layout template
[ ] Port content from existing site
[ ] Add HTML formatting
[ ] Add CSS #id deep link anchors and classes
[ ] Add structured data markup to page
See: Knowledge Engineering, Semantic Web Standards, Schema.org
[ ] Add standard header tags
[ ]
metatags: description[ ]
link rel="canonical"[ ]
lang="en"
[ ] Add OpenGraph meta markup
og:titleog:typeog:image(:width,:height,:type)og:url
[ ] Section: Navbar
[ ] Choose top-level links
[ ] Indicate current location
[ ] Section: Above the fold
schema:ImageObjectschema:VideoObjectschema:MusicVideoObjectText
HTML/CSS/JS
[ ] Add an
<h1>tag with a page title[ ] Section: About
[ ] Add textual description
[ ] Organization (
schema:Organization)[ ] Business (
schema:Organization>schema:LocalBusiness> {…})
[ ] Section: Products / Services
[ ] Acquire product/menu/service offering information
[ ] Products (
schema:Product,schema:ProductModel)[ ] Services (
schema:Service<schema:Intangible)
[ ] Format product/menu/service offering information as HTML + RDFa
[ ] Section: Media / In the news
[ ] Research media profile
[ ] Articles
schema:Article>schema:NewsArticle
[ ] Acquire news media assets
[ ] Media Objects (
schema:MediaObject)
[ ] Section: Contact
[ ] Email
[ ] Name, Address, Telephone (
schema:LocalBusiness>schema:Organization>schema:Place)[ ] Locations (
schema:LocalBusiness)[ ] Embed map thumbnail/widget
[ ] Link to Directions
schema:Organizationnameurladdress<schema:PostalAddress>hasMap(map) URLDirections
telephonefaxNumberemaildescriptionlogoimagesameAs(~= URL)legalNamefounderfoundingDatetaxID(TIN)memberOf
schema:LocalBusiness<schema:Organizationnameurladdress<schema:PostalAddress>hasMap(map) URLDirections
telephonefaxNumberemailimage(s)branchOf<schema:Organization>openingHourscurrenciesAcceptedpaymentAcceptedpriceRangeschema:FoodEstablishment<schema:LocalBusinessacceptsReservationsYes/No/URLmenutext/URLservesCuisinetext
[ ] Social Media
[ ] Google+
[ ] Twitter
[ ] Facebook
[ ] LinkedIn
[ ] […]
[ ] Section: Footer
[ ] Copyleft:
© <year> <business name>[ ] <location>
[ ] Feedback
[ ] Terms
[ ] Privacy
[ ] Section: Post-load JS scripts
[ ] JS libraries (CDN, cdnjs, jQuery, Bootstrap, underscore, Backbone, Angular, React)
[ ] JS Analytics loaders (Data Science > repro:ObservationalStudy)
[ ] JS Optimization loaders (Machine Learning > repro:ControlledTrial)
Hosting / DNS¶
DNS Configuration¶
DNS Domain Name Information (A, AAAA, CNAME,
TXT, MX, SRV)
DOMAIN="<domainname>"
IP=$(nslookup $DOMAIN)
Date of Registration / Expiration
Registrant (Name, Address, Email)
Privacy / WhoisGuard
DNS Registration Service Provider
Linux/OSX DNS Commands:
nslookup DOMAIN dig $DOMAIN dig +qr any $DOMAIN dig -t mx $DOMAIN whois $DOMAIN whois $DOMAIN | egrep 'Registrar|Date|Domain Status|Registrant|Admin'
Online Whois Tools
See: wrdrd.tools.domain
Web Hosting¶
Web Hosting Information
Reverse IP (How many sites are hosted from the same IP address?)
WebSec¶
WebSec (web security) is Information Security for web applications.
Security at W3C :
Responsible Disclosure¶
Bug Bounty Program¶
Hacker One:
Professional integrity:
SANS/CIS Consensus Audit Guidelines:¶
“SANS Top 20”: https://www.sans.org/critical-security-controls/
“SANS Top 25”: https://cwe.mitre.org/top25/
CIS:
CWE¶
CWE (Common Weakness Enumeration)
OWASP¶
WebSec Forums¶
Internet Forums for WebSec (“Web Security”)
Responsible Disclosure / Vulnerability Disclosure
IRC, Slack, Mattermost
HTTP¶
See:
HTTPS¶
See:
HTTP STS¶
HTTP STS (HTTP Strict Transport Security) is a standardized extension for notifying browsers that all requests should be made over HTTPS indefinitely or for a specified time period.
See also:
Knowledge Engineering > HTTP STS
ACME Protocol¶
ACME (Automated Certificate Management Environment) is a protocol for Web PKI with X.509 Certificates and HTTPS (TLS/SL).
ACME Spec Introduction: https://tools.ietf.org/html/draft-ietf-acme-acme#section-1
LetsEncrypt implements the ACME spec.
Letsencrypt¶
“A free, automated, and open certificate authority.”
Certs are valid for 90 days
Use the staging server to avoid the certificate roll rate limit
There are many ACME clients (that work with letsencrypt):
https://letsencrypt.org/docs/client-options/
Certbot is an official, packaged Python client.
Web Development Requirements¶
[ ] Web Hosting
User Stories¶
User Stories are an Agile technique for capturing structured requires on cards (or as issues in e.g. GitHub).
User Stories are, in general, less complex than Use Cases which are often more highly specified (in terms of e.g. UML diagrams).
User Stories can be grouped in epics. An epic story is a long and arduous journey; often with multiple parts.
User Stories can be estimated and assigned arbitrary but relatively relevant point values with e.g. Planning Poker and/or a Kanban web application.
See also: