- Work within application design architectures. In other words, try to use as much of their HTML and CSS as possible, or replace just the CSS. Most good applications have a nice hierarchical CSS and template organization. Learn to work with it. Many application allow the addition and removal of widgets and tools from the admin interface. Accomodate that and support it. Its is extremely valuable.
- Use icon sets. They will allow you to provide a beautiful interface in a fraction of the time. http://www.everaldo.com/crystal/. Support these projects if possible, ask your employer.
- Keep the layout and colors separate in the CSS. That way, you can reskin an application in different ways, easily. Use browser specific overrides where necessary.
- If you are building an application use a hierarchical template structure and create components that can support the whole system, instead of just one page.
A web site is the most visible part of a companies Internet presence, but not the only part.
The following issues must be continually addressed and frequently monitored:
- Content Maintenance This includes all content changes. It may also require navigation changes. Many sites use content management systems such as eZ publish, Drupal, or Joomla. These make editing content easier, but still require some training. The content itself is important, but its presentation must also be considered. Web pages should be easy to read, and informative. They should be attractive and consistent with the other pages on the site. The content should be consistent with the language of the target site visitors. If it is a professional site, everything should be spelled properly, cased properly, and with valid grammar. Slang language should be avoided.
- email Careful use of email accounts and forwarders is important. Forwarders allow the same address to deliver messages to multiple people. In addition, a forwarder can ease personnel transitions, the email address does not have to change if a different person is handling it. email accounts must be budgeted. Disk space is cheap, but it isn’t free. In most cases, the disk space used by email is deducted from the available space for the site. For that reason, one must keep track of the number of accounts and how big each mailbox is. Notification should be set up to ensure people are alerted when their mailbox is full. Issues that can take alot of time include recovering if the domain or server is blacklisted, blocked emails for various reasons, client configuration issues.
- Contact mechanisms First, one must comply with the anti-spam laws http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm. Newsletter content can also be a valuable part of a site. In addition, contact mechanisms must be protected from abuse. Tools available include CAPTCHA http://www.captcha.net/, Akismet http://akismet.com/, http://ostermiller.org/contactform/, and custom code.
- Logs Error and access logs should be checked at least weekly for any unusual entries, for example missing pages or images. Some hacking attempts will show up in the error logs, as file not found errors - usually with distinct URLs, repeated requests into forbidden areas. Restricted areas should not be served, if they are, the web server configuration should be updated to protect them. IP address patterns should be observed to see if requests (potential attacks) are from a specific area. These can be blocked with a firewall. If you have access to the email logs and the server level logs, particularly the SSH and MySQL logs, they should be reviewed as well.
- Application Management It is extremely important to ensure the applications are up to date. Application upgrades range from a simple button click with Fantastico to complex database and patch or upgrade sequences. As a rule, the cost of these upgrades should be included in maintenance allowances.
- Security In the unfortunate instance when an application is hacked, it must be cleaned up, and usually the application must be upgraded. These tend to be emergencies and often result in outages. Careful Application Management (above) can greatly reduce these. Credit card and personal data must be handled very carefully (ideally by someone well-qualified ). https://www.pcisecuritystandards.org/
- External Interfaces Many sophisticated sites have complex interfaces into payment gateways or web services. This type of code usually requires strong engineering skills.
- SSL Certificates To support HTTPS for ecommerce and secure access to information, certificates must be purchased, approved, installed, and then renewed as required. Renewal requires reinstallation.
- Web stat checks Periodic review of the web stats allows an evaluation of the site’s search engine positioning, sources of traffic, keywords, and pages accessed.
- Custom code Custom code should be carefully audited for security. http://phpsec.org, http://www.fortify.com/security-resources/rats.jsp. It should be protected by a web application firewall such as http://modsecurity.org.
- Quality Assurance Time must be taken to check the site for problems like broken links to external resources, and any problems within the site itself.
- Technical Quality The quality of code used on a site is visible to all visitors. How it looks in the browser, and the code that delivers it should be high-quality, with current technologies applied properly. Poor displays and bad code can harms a companies reputation and professional image.
It can be difficult to determine the title assignments within a company. However, there are two definite indicators that can be used to assign titles - time spent on production work (as opposed to time spent leading/managing), and the number of employees the person is responsible for.
With this in mind, the following are recommended guidelines:
- President - Responsible for entire company. 95% of time spent on management.
- Vice President - Responsible for portion of company. 90% of time spent on management.
- Director - Responsible for 25 or more people. 85% of time spent on management.
- Manager - Responsible for 10 or more people. 75% of time spent on management.
- Supervisor / Team Leader - Responsible for 5 or more people. 50% of time spent on management.
Every company is different, and there are times when people must assume different roles. Although the numbers may be adjusted, permanently or temporarily, they should be identified and used. Small companies do not need all these positions.
Title inflation is silly.
*** Scam was stopped ***
This phishing attempt was delivered through email, with the above link - claiming maintenance was scheduled. Has some nice text, doesn’t tell you to login, but provides a link so you can.
It looks great.
The code below is the phishing code, it catches the login validation and sends it to the sys82.net server, where it can capture your data.
Page is slow. Would be good to take a screenshot and use that as a background while the real page loads.
There are times when an anonymous report is appropriate. It is usually when you are reporting something and don’t need to be involved further.
In that case, completing a contact form with bogus information and an email address at anonymous.com or example.com should pass validation to deliver the message.
I don’t think email validation should discard anonymous reports, unless they are attempts to spam.