With modern email service providers, it’s easier than ever to create a first-class transactional email experience for your users, but, for most of us, the challenge lies in the fact that you don’t know what you don’t know. If you’re sending transactional email for your application, you’ve probably got the basics down, but you may be missing out on some of the more advanced best practices without even knowing it. With this guide, Garrett Dimon will help you make sure that you haven’t overlooked anything and aren’t unwittingly doing something wrong that could be hurting your delivery or user experience for your recipients.
Read more…
More than 70% of all WordPress sites carry some kind of vulnerability according to research Is WordPress insecure? No, it’s not. WordPress core is constantly being updated and fixed, and most reported WordPress hacks aren’t from WordPress itself. Is the culture surrounding WordPress insecure? You betcha! Last year, WordPress was responsible for 83% of infected content management sites. Make sure you’re not contributing to those infections and learn how to securely manage WordPress. By having security in mind with every line of code you write, every user you add, every plugin you enable and every hosting bill you pay, you can at least ensure that you’re running a secure website that keeps your reputation intact and your data safe.
Read more…
Debugging data ranges from simple things like API response latency to monitoring a user’s network health. Without the right framework and tools, the debugging process can be a nightmare. That’s why Akhil Labudubariki developed his own in-house Central Logging Service tool (CLS) to record all important events logged during a session. In this article, Akhil walks through a number of steps and considerations his team made when developing their own in-house Central Logging Service (CLS) tool.
Read more…
GDPR requires you to be more thoughtful about the sites and services you build, more transparent about the ways you collect and use data, more considerate of your users, and more thorough in your development and documentation processes. In this article, Heather Burns will explore what you, as a developer, need to know about the new data protection regime. At the end, you’ll understand how the challenges posed by the privacy overhaul will ultimately help to make you a better developer.
Read more…
The most important step anyone can take to make sure that a site is secure is to keep in mind that no single process or method is sufficient to ensure nothing bad happens. WordPress itself provides a sizable library of functions, some of which can be dangerous. Beyond that, there are lots of PHP functions that a WordPress (PHP) developer will use with some frequency that can be dangerous when used. Before deploying a new plugin in WordPress, it’s a good idea to keep a list of easy-to-misuse functions by your side. In this article, David Hayes will take a closer look at some functions which you can and should use as part of a broader security strategy.
Read more…
Does your site still send password reminders via email? This should be a red flag to you, as both a user of the website and as a developer. Either your password is stored in plain text or it can be decrypted, instead of having the much stronger, more secure one-way encryption. In this article, Jamie Munro will demonstrate how to use JSON Web Tokens (JWT) to generate a URL-safe token. The JWT contains encoded information about the user and a signature that, when decoded, is validated to ensure that the token has not been tampered with. Jamie will focus on the password-reset process by securing the password-reset flow with a URL-safe token that is validated with a signature.
Read more…
All webmasters should strive for improving the performance of their website, and increasing their website’s security. If you’re looking for ways to increase your website’s performance and security, Jonas Krummenacher brings you five methods that are great options. Not only are they all relatively easy to implement, but they’ll also modernize your overall stack. Some of these technologies are still in the process of being globally adopted; however, as demand increases, so will compatibility. Thankfully, there are ways to implement some of the technologies for browsers that support them, while falling back to older methods for browsers that do not.
Read more…
In the previous article, David Tucker introduced the concept of user management and how complicated it is in our current digital landscape. If you regularly create new web or mobile applications, then Amazon Cognito is a powerful tool that can cut 90% of the time it usually takes to set up a custom user-management solution. David believes that whether you are a web, iOS or Android developer, this toolset will prove to be a valuable one. Feel free to use the sample code to help you in that process. Happy coding!
Read more…
As a developer, David Tucker often runs up against one hurdle that can slow down the initial build of a mobile hypothesis: user management. Cognito is a tool for enabling users to sign up for and sign into web and mobile applications that you create. In addition to this functionality, it also allows for storage of user data offline, and it provides synchronization of this data. In this article, David will walk you through the process of configuring a user pool for your needs. Then, he will integrate this user pool with an iOS application and allow a user to log in and fetch the attributes associated with their user account.
Read more…
With iOS 10.3, Apple has gifted the world powerful new features, as well as fixes for critical security holes. For your typical iPhone user, it’s a really nice upgrade. For a software developer who is responsible for either a mobile website or a native app, it can be a huge pain, because Apple changed the confirmation alert into a new non-blocking dialog. For developers, there is a hidden change that has more important implications: the App Store had always received a special exemption from the old version of this alert, but that exemption has now been removed.
Read more…