Category: website Development

Website Development – Webpage Migration ”; Previous Next Webpage Migration is a process of moving a webpage from one host to another. This process is done for various reasons, some of which are − You are not satisfied anymore with the support of the Hosting Company Prices are cheaper to another hosting Your actual hosting plan doesn’t fulfill your needs anymore Technology offered is not competitive anymore, etc. As migration is a process, the following steps are needed to complete it in a minimal downtime of your webpage. We must fully backup our webpage as discussed in the previous chapters. Upload the backup file in the new hosting. Unzip files in the Public folder. Import the database file. Configure files with the credentials of the new database. Point your new domain name servers with your current registrar and wait for the new records to be propagated. Print Page Previous Next Advertisements ”;

Website Development Tutorial PDF Version Quick Guide Resources Job Search Discussion A website can be defined as a collection of several webpages that are all related to each other and can be accessed by visiting a homepage, using a browser like Internet Explorer, Mozilla, Google Chrome or Opera. In this tutorial, we will explain the concept of website development, from the simplest to the most advanced. It will help novice users to learn all about websites and how they are designed and maintained. At the same time, this tutorial has enough material to help even system administrators to broaden their knowledge about websites. Audience This tutorial is meant for all those readers who would like to understand the entire process of setting up a well-designed website. We strongly believe that this tutorial will help almost everyone who wants to set up a website, without having to take professional guidance from a technical person. Prerequisites We have designed this tutorial, keeping in mind the requirements of beginners, especially those who come from a non-technical background. Hence, we don’t assume any existing knowledge of website development from the readers. Print Page Previous Next Advertisements ”;

Website Development – Required Skills ”; Previous Next The skills required to set up a website can vary from very basic to the most advanced. If you are going to set up a professional website for a global audience, then you should have the following set of skills or you would have to hire a group of people to do this job for you. Content Experts Content experts supply the content that is to be published on the website. They design the content as per the requirement of the target audience and then, edit and polish the content before it gets published. Content experts normally rely on the expertise of the site designer and the webmaster. Note that the content can be text, data, images, audio or links. Website Designer A web designer is a technical person who designs and maintains the Graphical User Interface (GUI) of the website. For example, where the buttons should be placed, how the images are to be displayed, etc. Graphic Designers Graphic designers develop image files that are to be included in the website. These professionals have a keen understanding of developing suitable graphics for the web environment. Web Developers Web developers create the program codes to manipulate the supplied content, based on the site design established by the website designer. A web programmer should use a set of programing languages to compile specific functions that the webpages should do in the background. Here is a set of important programing languages that a web programmer must be good at − HTML / XHTML − These are the markup languages which you will use to build your website. A web programmer must have a good understanding of HTML and XML. PHP − It is a popular programming language to develop webpages. You can collect more information on PHP on − https://www.tutorialspoint.com/php/ . PERL Script − PERL is another language which is being used to develop interactive Web Applications. If you are planning to use PERL to develop your website, then please browse our tutorial – https://www.tutorialspoint.com/perl/ to know more about PERL. Java or VB Scripts − These scripts are required to perform user-level validations and to add more interactivity to your Website. So, a web developer is required to have adequate knowledge of any of these client-side scripts. AJAX Technology − AJAX is the latest technology on the Web. Google and Yahoo are using this technology to give a better browsing experience to their website visitors. ASP or JSP − Web developers are required to be well-versed with ASP or JSP to develop interactive websites. To get more information, you can go through our tutorials on ASP and JSP at − https://www.tutorialspoint.com/asp.net/ and https://www.tutorialspoint.com/jsp/. Macromedia Flash − You can use Macromedia Flash to build a Website. It can be a little time-consuming to learn this technology, but once you learn how to use it, then you can develop attractive websites using Flash. Web Researcher You should research on new tools, trends and issues affecting the web technology. Web researchers report to the webmaster regarding new techniques that can be integrated in the website. They optimize appropriate site traffic and evaluate site development tools, which can be either hardware or software. Hardware and Software Support Resource The Support Resource upgrades the hardware and software as and when needed. They play a crucial role in keeping the system up and running in a flawless manner. Marketing and Promotion Marketing professionals mostly use popular Social Media Platforms such as Facebook and Twitter to promote the content and resources available on the site. They reach out to the target audience and create awareness among them. System Administrator A System Administrator knows how to set up and point the protocols as HTTP, FTP, SMTP and DNS records. System administrators are those experts who look after every aspect of website development and its maintenance. Print Page Previous Next Advertisements ”;

Website Development – Introduction ”; Previous Next A website can be defined as a collection of several webpages that are all related to each other and can be accessed by visiting a homepage, by using a browser like Internet Explorer, Mozilla, Google Chrome, or Opera. For example, the website address of Tutorialspoint is − www.tutorialspoint.com. Each website has its own URL which is a unique global address called domain name. A URL comprises of − The protocol used to access the website, which in this case is http, meaning port 80. It can also be https; port 443. The subdomain which by default is www. The domain name; domain names are normally chosen to have a meaning. Like in our case “tutorialspoint”, we can understand that this website offers tutorials. The suffix name which can be .com, .info, .net, .biz, or country specific. For detailed information, please refer the following Wikipedia link − https://en.wikipedia.org/wiki/List_of_Internet_top-level_domains. The directories or in simple words, a folder in the server that holds this website. The webpage that we are looking at, in our example, it is “about_careers.htm”. Why Do We Need Websites? Websites primarily act as a bridge between one who wants to share information and those who want to consume it. If you are running a business, then it is almost imperative for you to have a website to broadcast your offerings and reach out to potential clients at a global stage. The following points explain why it is important to have a website − A website is an online brochure where you can advertise your business offers. It gives you a platform to reach out to a far-and-wide global customer base. If you are a blogger, you have the possibility to influence your readers. You can show all your ideas and publish them on a website. If you have a business idea, then you don’t have to wait. You can straightaway open an online shop and sell your products or services online. An added advantage is that the online shop will be open 24/7 for your clients, throughout the year. You can communicate with your customers, giving them an opportunity to express themselves. You can provide valuable customer support by having a trouble-ticket system. If you have an official website with a domain, then you can have your personalized email. For example, info@tutorialspoint.com (it is much better than florjan.llapi@yahoo.com). How to Setup a Website? A website is composed of several elements and while setting up a website, you would have to take care of each of them. To set up a website and make it live, you should first purchase a hosting plan. Select a domain name for this website. Point the DNS records to the server or the hosting provider. Develop the content that you want to publish on the website. Check if you need to purchase a public certificate and install it. Publish the webpage on the Internet. In the subsequent chapters of this tutorial, we will discuss each of these steps in detail. Print Page Previous Next Advertisements ”;

Website Development – Security ”; Previous Next Securing your webpages is as important as developing it, because any threat which can compromise the security can harm your business reputation, damage you financially (by stealing your online deposits), damage your clients that visit your website, etc. As per security experts, they will suggest to do the website security check based on the OWASP TOP 10, which is a powerful awareness document for web application security. The OWASP Top 10 represents a broad consensus about what the most critical web application security flaws are. SQL Injections Injection flaws, such as SQL, OS and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or a query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Solution − To secure your webpage from iSQL, you must validate inputs and filtering symbols. Broken Authentication and Session Management Application functions related to authentication and session management are often not implemented correctly, which allows attackers to compromise passwords, keys, session tokens or even to exploit other implementation flaws to assume other users’ identities. Solution − To secure your site from this flaw, you must make cookies and sessions with expiration time. Cross-Site Scripting (XSS) XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser, which can then hijack user sessions, deface websites or redirect the user to malicious sites. Solution − Protection from this is on the same lines as it is for iSQL. Insecure Direct Object Reference A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory or a database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data. Solution − You should implement specific protection mechanisms such as passwords to safeguard such files. Security Misconfiguration Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server and the platform. Secure settings should be defined, implemented and maintained, as the defaults are often insecure. Solution − Software should be kept up to date. Sensitive Data Exposure Many web applications do not properly protect sensitive data, such as credit cards, tax IDs and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft or other crimes. Solution − Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser. Missing Function Level Access Control Most web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests to access functionality without proper authorization. Solution − You should check the levels of authentication. Cross-Site Request Forgery (CSRF) A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests which the vulnerable application thinks are legitimate requests from the victim. Solution − The most commonly used prevention is to attach some unpredictable challenge based tokens to each request that comes from a website and associate them with the user’s session. Using Components with Known Vulnerabilities Components, such as libraries, frameworks and other software modules almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts. Solution − Check if that component version has vulnerabilities and try to avoid or change with another version. Invalidated Redirects and Forwards Web applications frequently redirect and forward users to other pages and websites. These applications use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites or use forwards to access unauthorized pages. Solution − Always validate a URL. Secure Used Protocols This is the case where you have a VPS plan and you manage everything on your own. When the services are installed they use default ports. This makes the job easier to a hacker because he knows where to look at. Some of the main service ports which are used in hosting of websites are given below − SSH – port 22 FTP – port 21 MySQL – port 3306 DNS – port 53 SMTP – port 25 The port changing of those services varies depending on the Operating System and its different versions. In addition to this, you have to install a firewall. If it is a Linux OS, we will recommend IPtables and block all the other unneeded ports. In case your OS is Windows, you can use its incorporated firewall. To block brute force logins in your services, you can use Fail2ban, which is a Linux based software and block all the IP addresses which makes many failed login attempts. Print Page Previous Next Advertisements ”;

Public Authority Certificates ”; Previous Next Digital Certificates are a standard of security for establishing an encrypted link between a server and a client. This is generally between a mail server or a webserver that protects data in transitions by encrypting them. A Digital Certificate is also a Digital ID or a passport which is issued by a Third-party authority, which verifies the identity of the server’s owner. For example, the following screenshot shows the eBay public certificate. Components of a digital certificate All these components can be found in the certificate details − Serial Number − Used to uniquely identify the certificate. Subject − The person or entity identified. Signature Algorithm − The algorithm used to create the signature. Signature − The actual signature to verify that it came from the issuer. Issuer − The entity that verified the information and issued the certificate. Valid-From − The date a certificate is first valid from. Valid-To − The expiration date. Key-Usage − Purpose of the public key (e.g. encipherment, signature, certificate signing…). Public Key − The public key. Thumbprint Algorithm − The algorithm used to hash the public key certificate. Thumbprint − The hash itself, used as an abbreviated form of the public key certificate. Types of Validations There are three types of validations, which are as follows − Domain validation SSL Certificate. Organization Validated SSL Certificates. Extended Validation SSL Certificates. Let us now discuss each of them in detail. Domain validation SSL certificate It validates the domain that is registered by a system administrator and he has the administrator rights (authorization or permission) to approve the certificate request. This validation is generally done by an email request or by DNS record. Organization Validated SSL Certificates It validates the domain ownership and business information like the official name, City, Country. Validation is done also by email or DNS record entering. The certificate authority also needs some genuine documents to verify your Identity. The Organization Validated SSL Certificates display the company information in the certificate details as shown in the following screenshot. Extended Validation SSL Certificates It validates the domain ownership, organization information and the legal existence of the organization. It also validates that the organization is aware of the SSL certificate request and approves it. The validation requires documentation to certify the company identity plus a set of additional steps and checks. The Extended Validation SSL Certificates are generally identified with a green address bar in the browser containing the company name like the one shown in screenshot below. Print Page Previous Next Advertisements ”;

Website Development – Setup ”; Previous Next After understanding most of the important factors of Website Development, it is now time to set up a webpage. For setting up a webpage, we should adhere to all the steps given below. Step 1 − Firstly, we purchased a domain name at GODADDY. Step 2 − We chose the hosting provider based on the analysis of the hosting plans that we needed. Step 3 − We configured the DNS records and the DNS servers of the registrar that in our case was GODADDY again. Step 4 − Now that we are done with all the above-mentioned steps, it is time to upload the files of the webpage through CPanel → File Manager. Step 5 − After opening it, upload the files in the folder named public_html as shown in the following screenshot. Step 6 − If you have a dynamic website, then you must configure the database too. To do it, go to MySQL Databases. Step 7 − Click on Create New Database and then write the database name that your website will have and then click on Create Database as shown in the screenshot given below. Step 8 − In the Add New User section type the Username and the password and then click on Create User. Step 9 − We must add the user that we created for this database to give rights or permissions to manage it. Print Page Previous Next Advertisements ”;

Flat & Dynamic Webpages ”; Previous Next A Static or Flat Webpage means a webpage in which all the information and material is presented in front of the users as it is stored in it. A Static Webpage shows the same information and data to all users. In internet technology, Hyper Text Markup Language (HTML) was the first language or channel by which people started to create static web pages. HTML offers the style of text, paragraphs creation and line breaks. But the most important function and feature of HTML is link creation option. Static webpages are useful for their material and content, which rarely need to be revised or updated. Advantages of Static Websites Quick to develop Cheap to develop No need to have a big hosting plan Disadvantages of static websites Requires web development expertise to update site Site not that useful for the user Content can get stagnant The file structure of the static website with one page is as shown below. Dynamic Webpages Dynamic Webpages is the latest trend at present because they can produce different content for different visitors from the same source code file. The website can display different content based on parameters like − What operating system or browser the visitor is using. Whether the user is using a computer or a mobile device. The source location that referred the visitor. If the visitor has done a purchase before from an online shop, etc. Dynamic webpages can have a variety of purposes. For example, websites run by content management systems allow a single source code file to load the content in many different possible pages. We should mention that all these dynamic webpages use databases. Content creators use a gateway page to submit the material for new pages into the CMS” database. The dynamic page loads the material for any page in the database, which is based on the parameters in the URL. This is done when a visitor requests for a webpage. Dynamic pages let users log into websites to see personalized content. All Content Management Systems (WordPress, Joomla and Drupal) that we mentioned before are dynamic websites. The following illustration shows a schematic view of a dynamic webpage. Print Page Previous Next Advertisements ”;

Commercial & Free Themes ”; Previous Next A theme is a personalized design of a website often including its layout. Changing your theme, changes the view of how your website looks on the front-end. Usually CMS platforms have both free and commercial versions. These themes are categorized as per their functions like Business IT industry Hosting, etc. Free themes are found in theme providers and they are free of charge, but sometimes the features are more limited than that of the commercial ones. Let us take the free WordPress themes as an example. These themes are found on the following link – https://wordpress.org/themes/, you can find and install them as per your business profile or needs. On the contrary, for the commercial themes, you must pay. WordPress commercial themes are found on the following link – https://wordpress.org/themes/commercial/. Print Page Previous Next Advertisements ”;

Website Development – Adwords ”; Previous Next This is an advertising program from Google, where you can register and can pay them based on the number of clicks on your website link or based on the number of page impressions. Webpages from Google and from partner websites are designed to allow Google to select and display the advertising. How to Create an AdWords Campaign? To create an AdWords Campaign, you should follow the steps given below. Step 1 − To create an AdWords campaign, you must first create an account by clicking on the following link – https://adwords.google.com/um/signin Step 2 − After logging in, click on Campaigns, select the type of load and location as shown in the following screenshot. AdWords is like Facebook Advertisements. Step 3 − Click on the Radio button for the target that you want as shown in the picture below. Also, you have to bid the budget. How much do you want to spend per click? Step 4 − Put a group name and then fill the Headlines and Description Fields for the AdWords that have to be created. While you are filling in the details, you can see on the left preview pane how the AdWords are going to look once they are created. Step 5 − Select such Keywords that the search engine will show when people do searching. Print Page Previous Next Advertisements ”;