Essential Skills Every Web Developer Should Master

Web development encompasses many fields and technologies; this article, based on a highly up‑voted Quora answer by Ellyse Taylor, outlines the essential skills every web developer should possess.

1. Interface and User Experience

Ensure cross‑browser compatibility by testing on major engines such as Gecko (Firefox), WebKit (Safari and mobile browsers), Chrome, Internet Explorer, and Opera, and understand how different operating systems render pages.

Consider non‑standard browsing scenarios like mobile devices, screen readers, and search engine crawlers; useful resources include WAI, Section 508, and MobiForge for mobile development.

Deploy updates without disrupting users by using version control (CVS, Subversion, etc.) and automated build tools (Ant, NAnt) to manage staged environments.

Avoid displaying unfriendly error messages directly to users.

Never expose user email addresses as plain text to prevent spam.

Add rel="nofollow" to user‑generated links to deter spam.

Implement comprehensive site restrictions, which also relates to security.

Redirect after a successful POST to prevent duplicate submissions on page refresh.

Consider accessibility (WAI‑ARIA, WCAG 2) as it may be legally required.

Do not overcomplicate the design.

2. Security

Follow the OWASP Development Guide, which covers most web security topics.

Understand injection attacks, especially SQL injection, and learn how to prevent them.

Never trust user input, cookies, or hidden fields.

Store passwords with salted hashes using algorithms such as bcrypt, scrypt, or PBKDF2; avoid MD5, SHA‑1, etc.

Avoid building custom authentication systems unless you are absolutely sure of their security.

Familiarize yourself with credit‑card handling rules.

Use SSL/HTTPS on login pages and any page that handles sensitive data.

Prevent session hijacking.

Guard against cross‑site scripting (XSS).

Prevent clickjacking.

Keep systems patched with the latest updates.

Secure database connection credentials.

Stay informed about the latest attack techniques and vulnerabilities affecting your platform.

Read the Google Chrome Security Manual and the Web Application Hacker's Handbook.

Apply the principle of least privilege; run servers (e.g., Tomcat) as non‑root users when possible.

3. Performance

Implement caching where appropriate and understand HTTP caching mechanisms.

Optimize images; avoid using large images as tiled backgrounds.

Compress content with gzip/deflate (deflate often yields better results).

Combine CSS and JavaScript files to reduce HTTP requests and improve gzip compression.

Study high‑performance sites (e.g., Yahoo) and tools like YSlow and Google PageSpeed for performance analysis and image optimization.

Use CSS image sprites for small UI graphics to minimize requests.

Consider domain sharding for high‑traffic sites.

Serve static assets (images, CSS, JavaScript) from a separate domain or CDN to avoid sending cookies with each request.

Reduce the total number of HTTP requests required to render a page.

Utilize tools such as Google Closure Compiler to minify JavaScript.

Provide a favicon.ico at the site root to prevent unnecessary 404 errors.

4. SEO (Search Engine Optimization)

Use search‑engine‑friendly URLs, e.g., http://example.com/pages/45-article-title instead of query‑string URLs.

For dynamic content, replace hash fragments ( # ) with #! and handle them server‑side using $_REQUEST["_escaped_fragment_"] ; also consider history.pushState({"foo":"bar"}, "About", "./?page=1") for modern browsers.

Avoid generic link text like “click here,” which wastes SEO opportunities and harms accessibility.

Provide an XML sitemap at the default location /sitemap.xml .

When multiple URLs serve the same content, use a canonical link tag ( <link rel="canonical" ... /> ) and manage it via Google Webmaster Tools.

Utilize Google Webmaster Tools and Bing Webmaster Tools.

Install Google Analytics or open‑source alternatives such as Piwik.

Understand how robots.txt and search‑engine crawlers operate.

Use 301 redirects to consolidate www and non‑www domains.

Be aware of badly behaved spiders.

For non‑text content, refer to Tim Farley’s recommendations for accessibility.

5. Technical

Understand HTTP fundamentals, including GET, POST, sessions, cookies, and the stateless nature of the protocol.

Write XHTML/HTML and CSS that conform to W3C standards and validate correctly.

Know how browsers process JavaScript.

Understand how JavaScript, stylesheets, and other resources load and affect perceived performance; place non‑essential scripts at the bottom of the page.

Learn how JavaScript sandboxes work, especially when using iframes.

Recognize that JavaScript can be disabled; treat AJAX as an enhancement, not a requirement.

Distinguish between 301 and 302 redirects.

Familiarize yourself with the deployment platform you use.

Consider using a reset stylesheet or normalize.css .

Leverage JavaScript frameworks (jQuery, MooTools, Prototype, Dojo, YUI 3) to smooth cross‑browser DOM manipulation.

When possible, load frameworks from CDNs (e.g., Google Libraries API) so browsers can reuse cached copies.

Avoid reinventing the wheel; search for existing open‑source solutions before building from scratch.

Limit the number of libraries (ideally fewer than 20) to keep client‑side code lightweight and fast.

6. Bug Fixing

Recognize that roughly 20 % of time is spent writing code, while 80 % goes to maintenance; write maintainable code.

Establish a solid error‑reporting system.

Provide a way for others to submit suggestions and critiques.

Create thorough documentation for future support and maintenance staff.

Back up regularly and have a recovery strategy, not just a backup plan (see Ed Lucas’s recommendations).

Use version control systems such as Subversion, Mercurial, or Git.

Don’t forget acceptance testing; tools like Selenium can help.

Ensure ample logging with frameworks like log4j, log4net, or log4r to diagnose issues when they arise.

Log both handled and unhandled exceptions and analyze log output to pinpoint critical problems.

Some details have been omitted for brevity, but the above list captures the core competencies a web developer should master.

Author: Ellyse Taylor

Translator: Specs