What benefits does SAST have? What's the difference between SAST and DAST? What's IAST? What do all these words mean?! Let's talk about this and more in the overview of the main types of Application Security Testing (AST).
Informational Security
Before we start deciphering these terms, let's figure out why we need security testing at all. In modern world, software integrates into automation processes almost everywhere, the number of code lines in applications is increasing. As a result, the number of possible vulnerabilities and errors is increasing as well. This creates the need for effective checking and testing of the source code.
A few weeks ago, we released episode two of our ongoing webinar series, "SRE: From Theory to Practice." In this series, we break down a challenge facing SREs through an open and honest discussion. Our topic this episode was “What’s difficult about incident command?” When things go wrong, who is in charge? And what does it feel like to do that role? To discuss, Jake Englund and Matt Davis from Blameless were joined by Varun Pal, Staff SRE at Procore, and Alyson Van Hardenburg, Engineering Manager at Honeycomb.
To explore how organizations felt about incident command, we asked about the role on our community Slack channel, an open space for SRE discussion. We found that most organizations don’t have dedicated incident commander roles. Instead, on-call engineers are trained to take on the command role when appropriate. Because of this wide range of people who could end up wearing the incident commander hat, it’s important to have an empathetic understanding of exactly what the role entails.
For the longest time, hosting static files on CDNs was the de facto standard for performance tuning website pages. The host offered browser caching advantages, better stability, and storage on fast edge servers across strategic geolocations. Not only did it have performance benefits, but it was also convenient for developers. Recent developments, however, show that self-hosting static files such as Ajax (Asynchronous JavaScript and XML) and jQuery libraries, CSS styles, and other include directives are faster, more reliable, and add better security to the system.
Possible Performance Degradation from CDN Usage
Most developers and administrators think that adding a CDN-hosted static file improves performance. The idea has been that a CDN has fast edge servers that cache content and deliver it based on the user’s geolocation. These cached servers are faster than a traditional single hosting server, and the developers got the benefit of convenience.
Ecommerce grew 33.6% between 2020 and 2021, and experts believe there’s plenty of room for growth. Projections indicate that ecommerce sales could grow from today’s $3.3 trillion to $5.4 trillion by 2026. Furthermore, there doesn’t seem to be a ceiling for how much the industry might grow.
There are many entry points into ecommerce. However, dropshipping remains one of the most accessible means of breaking into the lucrative global online market. Dropshipping requires minimal startup capital, is flexible, and is easy to scale.
Dropshipping is also potentially lucrative, with an estimated global market value of $128.6 billion in 2020. This figure is expected to grow to $476.1 billion by 2026. The market conditions and outlook couldn’t be better for someone wishing to start a dropshipping business.
However, like any kind of business, dropshipping has its challenges and drawbacks. One of the biggest challenges is choosing a viable dropshipping product. It’s a competitive space with low barriers to entry, so it’s important that you set yourself up for success from the start.
Dropshipping is no different from any other retail business. You’ll need to understand your products and your audience. With near-infinite products to explore, picking the winners is easier said than done.
Here are nine tips to ensure you pick the best dropshipping products.
Do Thorough Product Research
There are nearly infinite potential dropshipping products. Unfortunately, while it sounds great on paper, only a minority of products sell well. Recent estimates suggest that only around 10%-20% of dropshippers are successful.
The trick is to find out which products sell well. Each product in your catalog should have profit potential out of the gate. Try to focus your attention on the products successful drop shippers are selling, the latest trends, and products with a lot of buzz on social media.
Online marketplaces such as Wish, Amazon, eBay, and Alibaba are terrific places to discover which products are trending. You can also start with a general product category, so you don’t get overwhelmed with choices.
For example, Wish’s most popular product categories in 2022 include gadgets, hobbies, home décor, and makeup & beauty products. Similarly, Amazon’s best-selling product categories include beauty and grooming, sports and fitness, clothing and accessories, and home.
Choose a Product Niche
The next step is to choose a niche product. A niche product is an item that serves a specific subsection of consumers in a larger market. For example, beauty and personal care is a popular product category across most online marketplaces.
However, you can’t sell every conceivable beauty and personal care product being manufactured. Instead, you narrow it down to a specific niche. Following the same example, some niche products under beauty and personal care include:
Cruelty-free mascara
Men’s grooming kits
Eyeliner pencils
Pimple patches
Travel bottles
Hydrating eye gels
Foundation brushes
Press-on manicure nail kits
Fortunately, you can use software like Niche Scraper to find the best dropshipping niches. The tool works for popular dropshipping platforms, including Amazon, eBay, WooCommerce, and Shopify. In addition, the tool crawls popular selling platforms to find the best dropshipping products for various categories.
Google Trends is another terrific solution for narrowing down your niche. It lets you track the popularity of specific products across time. You can also check the product’s popularity in a particular geographical region or demographic. Finally, Google Trends lets you compare multiple products or keywords to check which has the best dropshipping potential.
You can also use Google Trends to estimate the market share for your chosen product. For example, you can check the product’s search frequency to decide whether it’s worth adding to your catalog.
Come Up With a Pricing Strategy
Ideally, you want a profit margin between 20% and 40%. That’s the range for a sustainable ecommerce business. Your profit is what you get after deducting your overheads, including supplier costs, shipping, and advertising.
The first instinct for many new drop shippers is to choose high-ticket items with the hopes of making a killing. However, expensive products have little demand. Also, refunds for high-ticket products can hurt your cash flow.
The best pricing strategy is to choose low-cost products with high demand. Then, add your desired profit margin after your expenses to determine the list price. Low-ticket items will likely give you the sales volume you need to be profitable.
Another advantage of high volume sales is credibility. You can start to accumulate positive customer reviews soon after launching your business. These reviews and ratings are crucial for attracting new customers.
Finally, don’t forget to compare your prices with competitors selling similar products.
Choose Trending Products Carefully
There’s a big difference between popular products and trending products. Popular products tend to have consistent demand, regardless of the season or economic status. Trending products are only in demand for a particular period.
So, focus your attention on popular products or evergreen products. Examples of items with relatively consistent demand include:
Smart devices
Electronic gadgets
Artificial Intelligence (AI) and Virtual Reality (VR) devices
Luggage and travel
Sports and fitness equipment
Kitchen gadgets
Car accessories
Pet care tools
Kids’ toys
Remember the fidget spinner? Trending products are great if you get your foot in early. However, these markets quickly become saturated, and demand declines quickly and consistently.
So how do you tell the difference between a popular or evergreen product and a trending product? Simply search the product on Google Trends to see how it performed over a specific period, such as the last three or five years.
You can also search your favorite ecommerce websites for the most popular sellers. Then, find their sales history and determine which products have the most consistent sales. This simple exercise should inspire you on which products to include in your catalog.
Finally, ensure your products are unique enough to purchase online. Some products may be popular, but this popularity doesn’t translate to online sales.
For example, anyone can walk to the nearest convenience store or pharmacy to buy a toothbrush. However, they might be willing to wait a few days and pay extra for an eco-friendly bamboo toothbrush.
Learn to Spot Problematic Dropshipping Products
It’s not always about what you should sell. It’s equally important you know which items to avoid. These products traditionally don’t do well with dropshipping.
Dropshipping has been around long enough to draw certain generalities across products that do well vs. those that fail. Here are a few tell-tale signs that the product probably isn’t the best choice for dropshipping:
Too big – A quick way to test a product’s dropshipping potential is to apply the ePacket test. ePacket is a budget courier service. It’s available for U.S. drop shippers purchasing from China, Hong Kong, and Korea. The service has a size and weight limit of 90*60 cm and 2 KGs.
If your product exceeds this size, it’s probably too costly, time-consuming, and bulky to ship, regardless of your courier. This rule isn’t iron clad but is a great tip for beginners. You want your dropshipping debut to be simple, and shipping can quickly become a headache.
Lastly, be sure to shop around for the best drop shipping company for your products. Some drop shipping companies do well with certain products.
For example, Shopify is terrific for beginners. But, Printful might be a better choice for print-on-demand dropshipping. We have a great post here reviewing the best dropshipping companies for different categories of drop shippers.
Expensive to source – Most new drop shippers prefer to keep their items under $100. Remember that you get your profit when you deduct manufacturing costs, logistics, and advertising. High-ticket items like electric guitars have little margin for profit, especially for new drop shippers.
You also want to take advantage of impulse buying. This is especially true for a new drop shipping business with few reviews and little credibility. So making your products accessible is a great way to set your business up for success.
Fragile – You have no control over how couriers handle your packages. Plus, you can expect at least some impact during shipping. Therefore, fragile items like glassware might be out of the question.
Similarly, you might want to avoid products with multiple moving parts. These parts may break in transit, and the cost will be forwarded to you. But, again, the supplier typically expects payment if something goes wrong during shipping.
Restricted social media advertising – You can’t advertise certain types of products on social media. For example, Facebook doesn’t allow advertising products that make unverified health claims.
You may believe what your supplier says about its supplements. However, it’ll be challenging to sell if you can’t advertise your products in the first place. The same goes for dangerous products like weapons.
Advertising is critical for attracting new customers. So, ensure that your products don’t interfere with your ability to market your dropshipping business.
Leverage Your Personal Experience
It helps if you have personal experience with the products you sell. So, where possible, favor products you have experience using. Simply offering technical details about your products may give you a competitive advantage.
For example, say you have experience working at a baby store. You may want to consider dropshipping products in the baby and kids niche.
A first-time parent may not know what to buy. Therefore your personal experience can be an asset in this situation. In addition, you’ll be able to offer tips such as infant clothing sizes, age-appropriate strollers, or car seat safety features.
Your expertise can also prove helpful for up-selling. For example, you may recommend post-pregnancy items like breastfeeding pillows, maternity pads, and nursing bras in addition to the baby items.
Passion also plays an important role in your business success. First, passion is contagious. Your clients can tell that you care about the products you’re selling. Secondly, passion can help you go the extra mile by creating unique content to promote your products.
Solve Your Customer’s Problems
You’re getting into dropshipping to make money. So it’s natural that your focus should be on products that sell well and have good profit margins. But, don’t forget about your customer’s needs.
A great product serves people. There are many examples of great products that solve everyday problems. You can choose a specific product category and try to find items that solve everyday problems.
For example, we suggested that furniture might not be a great dropshipping product. Furniture is bulky and difficult to ship. But, you can still sell furniture-related items that make life easier.
For instance, pet hair removal brushes, odor absorbers, or cup holders for sofas are unique and handy items. These products are also inexpensive, which is perfect for impulse buying.
Other examples of unique but valuable products include:
Hand blender and food processor combo
Foldable bike helmet
Portable dishwasher
Portable espresso machine
Weekly pill organizer
All-in-one stain removers
Survival bracelet
Again, inexpensive products are great for impulse buyers. Plus, you can expect more sales once word gets around about your problem-solving products.
Choose Simple Products
Some products sound great on paper. But, they don’t quite hit the mark in real life. For example, Oakley Thump sunglasses sported a built-in MP3 player and a slew of other futuristic features.
However, with a hefty price tag of almost $500, Oakley had vastly overestimated how much people were willing to pay for the novel sunglasses. Furthermore, there were numerous complaints about the weak sound, cheap-feeling material, and impractical design.
Complex products are likely to attract above-average returns and refund requests. But unfortunately, you’re also more likely to receive negative reviews from frustrated users.
Therefore, it’s a good idea to stick with products that are easy to use. Ideally, your products should also have a few replaceable parts. This strategy reduces the chances of a product breaking a critical part during shipping.
Join Online Dropshipping Communities
There are many dropshipping communities on social media platforms like Facebook and Reddit. These communities offer insightful and actionable information from experienced drop shippers. Plus, they are free to join, so you have nothing to lose.
There are a few ways to join a drop shipping community. First, you can restrict your groups to the countries or regions you intend to sell. Alternatively, you can join a niche-specific community for the products you hope to sell.
Spark-Radiant is the Apache Spark Performance and Cost Optimizer. Spark-Radiant will help optimize performance and cost considering catalyst optimizer rules, enhance auto-scaling in Spark, collect important metrics related to a Spark job, Bloom filter index in Spark, etc.
Spark-Radiant is now available and ready to use. The dependency for Spark-Radiant 1.0.4 is available in Maven central. In this blog, I will discuss the availability of Spark-Radiant 1.0.4, and its features to boost performance, reduce cost, and the increase observability of the Spark Application. Please refer to the release notes docs for Spark-Radiant 1.0.4.
Apple unveiled an expanded version of its San Francisco system font at WWDC 2022. Then, last month, Jim Nielsen zeroed in on the font’s variations, explaining how the font provides a spectrum of variations based on the width and weight. It’s a remarkable read if you haven’t checked it.
With all of these great new options, you might be tempted to use them in a web design. Chris was ogling over the expanded sets as well over on his personal blog and pondered:
But it’s not year clear how we might tap into the condensed, compressed, and expanded varieties in CSS, or if there is even a plan to allow that. I suppose we can peek around Apple.com eventually and see how they do it if they start using them there.
Doesn’t this make perfect sense to construct as a variable font and ship the whole kit and kaboodle that way?
Turns out, yes. It does make perfect sense. Chris follows up in a new post:
But just yesterday I randomly stumbled across the fact that the built-in San Francisco font (on the Apple devices that have it built-in) is already variable (!!). See, I was derping around with Roboto Flex, and had system-ui as the fallback font, and I was noticing that during the FOUT, the font-variation-settings I was using had an effect on the fallback font, which renders as San Francisco on my Mac. Which… unless I’m daft… means that San Francisco is a variable font.
So, as for using it? Chris has a demo, of course:
There are some gotchas to all this, the most significant being fallbacks for non-Apple devices. After all, that demo is simply calling system-ui for the font family — it’s not telling the browser to download a font file or anything and who knows if Apple is gonna ever ship a variable font file we can serve up as an actual custom web font.
The other interesting thing? Chris did some sleuthing and counted 35 layout featured included in that system font. Go read the rest of the post to see ’em all (and to get a good ol’ dose of Chris-isms — I know I miss them!).
Today payment solutions online have reached a highly convenient stage, where the customer has endless options available. However, the downfall of several small to medium businesses is that they don’t pay attention to this aspect, losing out on customers. Not only can this deter new visitors from subscribing to your services or buying your products, […]
This is the era where we can see the face of the rapid growth in the integration space. There several dynamic entities have been added to the space, such as cloud networking, mobile network, IoT, system API, and so on. To use those dynamics, there should be any medium to communicate with each other.
Connectors and SDKs are the medium for connecting integration entities to each other.
Web3 represents an exciting chapter in the development of the internet. The primitives that the blockchain provides will lead to an infinite number of applications and use cases. We’ve seen the explosion of ICOs, DeFi, NFTs, and peer-to-peer payment systems. However, we still have a long way to go before reaching the mass adoption of this new technology. User experience is one area where things still lack.
As Web3 developers, how are we supposed to onboard the next wave of users when the average person doesn’t understand concepts such as non-custodial crypto wallets or signed transactions? This article will explore the issue, and offer a solution to help create a better user experience. We’ll look at a real-world example of how we can use the Coinbase Wallet SDK to create a seamless onboarding experience for new users.
Have you heard of geo-distributed apps? According to my statistics around 50% of us haven’t!
Microsoft defines a geo-distributed app as an app that spans multiple geographic locations for high availability and resiliency. "Geo-distributed" is a relatively new term, coined around the time when many of us jumped on the cloud bandwagon and started building cloud-native apps like crazy.
Whether you’re expanding your online business or starting a new one altogether, hosting multiple sites comes with a whole different set of concerns than hosting your first site. This guide to the best multiple domain hosting plans will explain everything you need to know about hosting multiple domains.
It's critical to ensure that your website is secure if you're running one. Hackers are always looking for vulnerabilities to exploit, and if they can find one on your site, they could do serious damage. That's where web penetration testing comes into the scene. Web penetration testing is the act of detecting and exploiting security flaws on a website. In this post, we'll go through what web pentesting is, why you need it, and how to use it to safeguard your site. We'll also look at some of the top web pentesting tools available, both open source and commercial.
What Is Web Pentesting?
Web application penetration testing, often known as web application security testing, is the activity of detecting and exploiting vulnerabilities in web applications. Pentesting can be used to find both known and unknown vulnerabilities. Once a vulnerability has been discovered, the tester may try to exploit it in order to steal confidential information or gain control of the system.
Whether you’re a project leader at a software development company, a university, or a marketing agency, facing down a big project can feel overwhelming. If you dive in right away, ditching organization for the sake of saving time, you’ll probably end up swamped with what feels like an impossible amount of work.
Even worse, the people you’re completing the project for—your stakeholders—may be breathing down your neck as the deadline looms.
Using a project management methodology can help you organize your team and get the job done well. Two of the most popular project management methodologies are Agile and Waterfall. Which one should you choose for your project?
Top-Rated Software to Implement Agile Project Management
To see which tools we recommend for Agile project management, see our top list below. Many of these can also be used to implement the Waterfall methodology or a hybrid of both.
Monday.com – Best Simple Agile Project Management Tool
Jira Software – Best Overall Agile Project Management Tool
Toggl Plan – Best Project Management Tool for Creative Teams
Pivotal Tracker – Best Agile Project Management Tool for Integrations
What Are Agile and Waterfall Project Management Methodologies?
As its name suggests, Agile methodology is flexible. Teams break tasks up into manageable sections and work on these sections at the same time, frequently collaborating with stakeholders as they work to meet short-term deadlines known as sprints.
In nature, a waterfall starts at one point and flows straight down to its destination, and that’s exactly what the Waterfall methodology does. A team gathers requirements and a final deadline date from stakeholders before planning out each step required to complete the project. The team then works on the project in a linear fashion, completing each step before beginning the next.
The Basics of Agile vs. Waterfall Methodology
The Waterfall methodology works best in fields where certain steps must be completed before others, such as building a house: if you don’t lay a foundation first, you can’t put the framing up.
Agile project management, on the other hand, excels in scenarios where multiple steps can be completed at the same time. Take a publishing house, for example, where there are multiple moving parts at all times–editing, design, layout, marketing, and more. Using an Agile methodology means the design team can work on the cover while the writer finishes revisions and the marketing team drafts a promotion plan.
Here are the three core elements that help us understand the differences between Agile vs. Waterfall project methodology.
Framework
Both methodologies take completely different approaches to organizing a project. Each has its own strengths and weaknesses, as we’ll cover below.
Agile
This project management system centers on the belief that being able to quickly pivot and adapt is critical to the success of a project. Instead of sticking to one specific framework, like Waterfall does, Agile focuses instead on four core values. Each Agile project framework, from Kanban to Scrum to Extreme Programming (XP), abides by these core values:
Individuals and interactions over processes and tools
A working product over exhaustive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan
Keep in mind that processes, tools, documentation, contracts, and plans are all important in Agile, too—they’re just not the most important elements.
By design, Agile is less structured than Waterfall. This can be a downside for some. Because there are several Agile frameworks to choose from, you and your team may need to spend time learning a framework before you can begin a project.
Waterfall
Unlike Agile, Waterfall tends to follow one specific framework:
Initiating the project
Planning each step
Completing each step in order
Testing the results
Delivering the product to the customer
This methodology places a strong focus on mapping out an entire project before the team starts working on it. Each step is carefully documented and placed into a spot according to a strict timeline.
The Waterfall system makes it easy for new team members to quickly join a project because they can read all the documentation to understand what’s required of them. However, organizing a project into a rigid framework can make fixing mistakes difficult and expensive.
If someone makes a mistake or the customer isn’t satisfied with the end result, you may have to go all the way back to the beginning and start over—often an enormously expensive and time-consuming task.
Planning
Regardless of which framework you choose for either methodology, Agile and Waterfall come with wildly different approaches to planning.
Agile
Agile methodology uses what’s called an iterative approach to project planning. Working in collaboration with the customer, a project is sorted into phases, sometimes called sprints, each with its own mini-deadline and set of deliverables. Agile uses checklists, drag-and-drop cards, templates, and other tools to help organize these project phases.
Regardless of the specific framework you choose to work with, project development and testing happen all the time in an Agile project, allowing for greater flexibility.
If the client gives you constructive criticism on a certain sprint deliverable, for example, you can adjust both the deliverable and the due date. This means you can easily make changes without derailing an entire project.
Waterfall
With Waterfall, you and your team will plan a whole project at once and organize it into steps that have to be completed in order. This can help you visualize the project and give you a solid understanding of what you need to do. It can also help keep the project moving forward smoothly, as there’s never a need to ask what needs to happen next.
On the flip side, any minor mistake or missed deadline can throw your team off track. This can cause frustration and make you lose focus as you scramble to put the plan back together after an interruption.
Communication
Now more than ever, businesses everywhere understand just how important communication is to the success of a product or project. I’m not going to lie—Agile beats Waterfall when it comes to communication. Let’s take a look.
Agile
Perhaps more than anything else, Agile focuses on listening to people—both your stakeholders and your team members. This methodology encourages you to bring customers into the whole process of creating a product, from start to finish.
Instead of holding your breath and hoping your customer will approve of the end result, you can feel confident that the project meets their standards because they’ve been there all along.
Frequent input from the customer can cause plans to change more often than you’d like, but that’s the heart of Agile project management. Ultimately, your goal is to satisfy your customer, and that’s what Agile helps you do.
Waterfall
The project stakeholder often provides input at the initial stage of a Waterfall-based project, but once the project is set and contracts are signed, the stakeholder doesn’t have much of a role. The team develops and tests the project on its own before delivering it to the customer.
This means there’s a risk that the customer won’t like the way you’ve done something. To keep them satisfied with you, your team, and your product, you may need to go back and fix an early step. This can cost a lot of time and money.
3 Tools to Improve Agile and Waterfall Project Management
Whether you want to try an Agile or Waterfall project management methodology—or you want to build your own system that incorporates elements of both—here are three tools to help you get started.
No matter what type of project you’re working on, Monday.com can handle it. Monday gives you control over the type of dashboard you see, and you can customize it to fit the needs of your team. Monday offers templates for both Agile and Waterfall workflows, which is part of why we love it.
Monday Agile methodology template with sprints, also called iterations
Despite the flexibility and customization Monday offers, the tool is intuitive and user-friendly. It’s also GDPR compliant and has earned SOC and ISO security certifications, which means you don’t have to worry about the security of your projects and data. Plus, teams with 25 or more members can select HIPAA-compliant plans.
The more flexible your team needs to be, the more flexible Toggl Plan is. This tool offers drag-and-drop timelines to help you organize projects according to multiple due dates. Toggl Plan really shines when it comes to creative projects—think magazines with multiple stories to juggle or video streaming sites that constantly need to serve up new content.
Toggl Plan helps you schedule multiple projects with multiple deadlines
Toggl Plan also lets you color-code milestones to help implement those sprints that Agile project management is known for.
This tool comes with a suite of features to help you organize each element of your project management strategy. Even better, ActiveCollab offers visually pleasing, UI-friendly instructions that make it easy to learn how to use said features.
ActiveCollab’s project management software
Whether you want to implement a more Waterfall-oriented strategy or keep things Agile, ActiveCollab can do both. Or a hybrid of both. With ActiveCollab, it’s easy to bring both team members and clients together on any project.
3 Tricks for Agile and Waterfall Project Management
Wondering how to get started with Agile vs. Waterfall project management? These tricks can help.
Trick #1 — Determine Your Project Methodology
Everyone is different, which means that some people on your team may work better with a Waterfall methodology, while others will thrive with Agile.
If you’re just starting out, introduce both methodologies to your team. Discuss the pros and cons of each one. Collaborate with your team to figure out which methodology works best for everyone. Or, map out a plan for a hybrid of both Agile and Waterfall for your team to implement.
Trick #2 — Research the Best Tools for Your Team
Before you choose a tool like Monday.com or Toggl Plan, research their features with your team in mind. Are you more of a remote team, or do you all work together in an office? Which tool best serves your team’s particular skillset? How ready is your team to learn new software, and which software would be the most valuable for them to learn?
By doing this research in advance, you’ll lower the risk of wasting valuable time learning how to use a tool that ultimately doesn’t work for you.
Trick #3 — Give Everyone Time to Learn the Methodology
Once you and your team have decided on a methodology and tool to use for a project, make sure to take the time you need to learn how to use both before you embark on a big project. Take a few days to learn your chosen methodology together using videos, blogs, and discussions between team members.
During this time, learn how to use the tool you and your team have chosen to work with by watching demos and reading how-to articles. When everyone feels knowledgeable and prepared, you can tackle projects with confidence.
What to Do Next
Even though Waterfall came first, both Agile and Waterfall have been around for decades. This means that there are tons of resources out there—and plenty more to learn. Dig deeper into Waterfall project management or discover project methodologies that go beyond both Agile and Waterfall to help you decide what could work best for you.
Reach out to other project managers in your network and ask them which methodology they use and why. By taking the time to explore project management systems, you’ll help set your team up for success no matter what project you take on.
XAMPP and WAMP are different types of local development servers which are crucial web development technology. They reproduce the environment of a genuine web server so that you can run your website code, test it extensively, and then go onto the deployment step.
A server hosted locally on your laptop or computer is referred to as a local server. Before a website goes online, they aid developers with testing it for faults and flaws.
As an API product manager, you want your API to have a great developer experience. This means that developers can get up and running quickly, they get consistent behavior from your API, it’s easy for them to troubleshoot any errors they encounter, and your API makes it easy for them to address their business needs.
Tracking your APIs is an important part of understanding how well they perform, which leads most organizations to build out their own internal API tracking systems. While this approach can work out for some organizations, it is much more common for organizations to track metrics incorrectly. Tracking the wrong metrics leads to an incorrect understanding of your API.
Leveraging continuous integration and delivery (CI/CD), many businesses today automate the software development life cycle. CI/CD is a part of the DevOps process, which aims to accelerate software development while minimizing errors. Continuous delivery automates the entire software release process up to production, whereas continuous integration produces and tests code automatically. However, security still possesses a significant concern. That brings us to the critical question, why is security a primary concern?
CI/CD pipeline enhances your software development capabilities by providing several benefits. These include fewer code modifications, a shorter mean time to fix issues, more reliable tests, quicker release cycles, a lower backlog of products, and more customer satisfaction.
Testing is often viewed as a necessary evil in software development, in order to ensure the quality of applications. Most commonly, however, testing occurs after the coding process has been completed.
However, according to the Ministry of Testing’s OpsBoss and author of Testing of Web APIs Mark Winteringham, testing should apply across the entire software development lifecycle. In his book, he even wrote that testing should be done “even before a line of code is written.”
Authentication is a tricky subject. There are so many terms floating around us, from 2FA to MFA to OTP — and it might be difficult to make sense of what we need and when we need it. But authentication is everywhere, and sometimes it’s extremely frustrating, and sometimes it’s seamless. Let’s explore a few patterns to create experience that are a bit more seamless than frustrating.
Now, nobody wakes up in the morning hoping to finally identify crosswalks and fire hydrants that day. Yet every day, we prompt users through hoops and loops to sign up and log in, to set a complex enough password or recover one, to find a way to restore access to locked accounts and logged-out sessions.
Of course security matters, yet too often, it gets in the way of usability. As Jared Spool said once, “If a product isn’t usable, it’s also not secure.” That’s when people start using private email accounts and put passwords on stick-it-notes because they forget them. As usual, Jared hits the nail on the head here. So what can we do to improve the authentication UX?
1. Don’t Disable Copy-Paste For Passwords
It appears only reasonable to block copy-paste for password input to avoid brute-force attacks. Yet when we do so, we also block users who copy-paste passwords from password managers and text documents. As a result, they need to repeatedly retype complex, lengthy, cryptic strings of text — and it’s rarely an exciting adventure to embark on.
In fact, that’s slow, annoying and frustrating. In her talk on Authentication UX Anti-Patterns, Kelly Robinson explains that this is a common anti-pattern, often causing way more frustration than remedy, and hence best to be avoided.
Also, double check that your password fields include the attribute autocomplete="new-password", so browsers can prompt a strong auto-generated password. And the best bit: users without password managers don’t have to come with a password of their own — because usually that’s a recipe for disaster.
2. Don’t Rely on Passwords Alone
Passwords are problematic. For example, only 34% of users in the US use a password manager, and everybody else relies on their good ol’ memory, sticky notes, and text files on the desktop.
Good passwords are hard to remember. As a result, users often choose easy-to-guess passwords instead, including names of their pets and loved ones, their birthdates, and their wedding dates. That’s far from secure, of course.
Still, we often forget our passwords, sometimes recovering passwords 4-5 times a week. So no wonder many of us still reuse the same password across multiple accounts, often favoring convenience over data safety. In fact, allowing users to choose their own passwords is a recipe for trouble. To fix that, what if we nudge users away from passwords?
Any kind of 2-Factor Authentication is better than passwords, and ideally, we could use a cookie that users can opt-in for to avoid frequent log-ins. Data-sensitive sites might want to log out users automatically after every visit (e..g online banking), but simpler sites might be better off avoiding aggressive log-outs and allowing users to stay logged in for 30 days or even longer.
3. Drop Strict Password Requirements
Since users are very good at twisting and bending password rules (just to forget them shortly after the task is done), what if we change our strategy altogether? What if we do support lengthy and complex passwords with all the special characters unique delimeters but keep rules relatively friendly?
This surely would come at the cost of security, of course. So to protect user’s data on their behalf, we use new-password to prompt secure passwords to be generated during sign-up, and nudge users aggressively towards a 2FA setup, e.g., providing 30% off for the first month for turning 2FA on.
The only thing required would be to connect the account with a mobile phone or Google Authenticator, type in a verification code, or verify with a Touch-ID, and that would be it. Thus, we avoid endless and expensive password resets, which often cause abandonment and frustration.
4. Social Sign-In Isn’t For Everyone
The more sensitive the data stored, the more attention users expect from the interface to security. Usability sessions hint that log-in hurdles seem to be accepted as long as they are considered to be “reasonable”. But what’s reasonable to us, as designers, isn’t necessarily what’s reasonable to our customers.
Social sign-in is a good example of that. Some users love it because it’s so fast, yet others are generally opposed to it due to privacy concerns. Plus, we need to comply with GDPR, CCPA, and similar legislation when using them.
Also, remember that some users forget what they signed up with last time, so it’s a good idea to indicate their previous choice based on their previous log-in (as illustrated above). Essentially, social sign-in is a great option for people who just want to get things done, but it can’t be the only option that we provide.
5. Replace Security Questions With 2FA
In an ideal world, security questions — like the ones we are being asked by a bank on the phone to verify our identity — should help us prevent fraud. Essentially, it’s a second layer of protection, but it performs remarkably poorly both in terms of usability and security. Questions about favorite pets, maiden names, and the first school can easily be discovered by scrolling a Facebook stream long enough.
Knowing that, users sometimes reply to these questions with the very same answer (e.g., their birthday or a location of birth) and sometimes even use the same password that they’ve entered initially. This isn’t really helping anybody. Magic links and push notifications are much more secure, and there is no need to memorize the answers at all.
6. Users Need Options For Access Recovery
Nothing can be more frustrating than being locked out at just the wrong moment. As designers, we can pave deliberate ways out in our interfaces with multiple alternate ways to restore access (access recovery stacks) and avoid these issues for good.
We often think of password recovery to help users restore their access, but perhaps thinking about recovering access is a better perspective to look at the issue. If a user can’t log in at a given moment, they aren’t really interested in defining a brand new secure password, or finding an email or special characters that they haven’t used before. They just need to log in. And we need to help them do just that.
Of all the techniques for access recovery, surely, magic links will be a part of the access recovery stack. Users seem to appreciate just how fast they can get back in once they are locked out. Usually they work flawlessly unless the email doesn’t arrive, or the account is linked to an outdated email, or the email inbox or phone aren’t available.
Still, to use magic links, users need to switch context, jumping from browser to the mail client and then back to the browser. It might have been faster to prompt users to type in a code on their phone to get in instead. One way or the other, to avoid lock-outs, we provide multiple options to guarantee a speedy recovery, and a mix of options works best:
Send a magic link for log-in via email. Don’t require users to retype a password, or set a new one. Users might not have access to email, or it could be hacked.
Send a magic link for log-in to a secondary email. Unfortunately, the secondary email is often outdated, or the user might have no access to it.
Send an SMS verification URL/code to a mobile phone. This option won’t work for users who have purchased a new phone, or don’t have access to their SIM-card (e.g. when travelling abroad).
Send a push notification via OTP/2FA. This option won’t work for users who have purchased a new phone and haven’t set up OTP/2FA just yet, or don’t have access to their old phone.
Biometric authentication via a dedicated app/Yubikey. This option won’t work for users who don’t have an OTP/2FA setup yet, or have purchased a new phone/Yubikey.
Type backup recovery codes. Not every user will have backup recovery codes nearby, but if they do, they should always override account lock-out. Sometimes backup recovery codes are sent via a postal service, but they could be lost/stolen.
Phone call verification. Users could be called on their (new) phone, and they’d need to answer a few questions to verify their idemtity. Ideally, it would be something that they know (e.g. latest transactions), something that they have (e.g. credit card) and something that they are (e.g. face recognition via a video call).
Customer support inquiry. Ideally, users could restore access by speaking to an agent via live chat, WhatsApp/Telegram, video call or email (which is usually the slowest).
It’s not a good idea to send randomly generated passwords via email and require a new password setup when a user finally manages to log in. That’s not secure, and it’s always a hassle. Instead, yet again, nudge users towards a 2FA setup, so they can recover access by accessing a code from the app installed on their phone or SMS (which is less secure, however.)
Wrapping Up
Authentication is always a hurdle. Yet when the interface is difficult to deal with, users become remarkably creative in bending the rules to make it work and forget the password the moment they complete a transaction.
Perhaps we should give our users at least a chance to get to know our website or app before creating too many barriers for them. Ideally, we need a 2FA setup for everyone, but we need to get there first. And a path there is paved with a seamless, good authentication UX — without complicated rules and restrictions, and preferably the one that users won’t even notice.
Meet “Smart Interface Design Patterns”
If you are interested in similar insights around UX, take a look at Smart Interface Design Patterns, our shiny new 7h-video course with 100s of practical examples from real-life projects. Plenty of design patterns and guidelines on everything from accordions and dropdowns to complex tables and intricate web forms — with 5 new segments added every year. Just sayin’!Check a free preview.
Sign-In Best Practices A thorough overview of cross-platform browser features to build sign-in forms that are secure, accessible and easy to use, by Sam Dutton.
Fixing the Failures of Authentication by Jared Spool A very insightful talk about the various hurdles we put our users through when we make authentication more difficult than it should be.
Passwordless Authentication Methods for SaaS Web Applications Perhaps we don’t need passwords after all. Armantas Zvirgzdas is looking at what we can do to nudge users away from passwords towards authentication methods that don’t require passwords.
Related Articles
If you find this article useful, here’s an overview of similar articles we’ve published over the years — and a few more are coming your way.
Today payment solutions online have reached a highly convenient stage, where the customer has endless options available. However, the downfall of several small to medium businesses is that they don’t pay attention to this aspect, losing out on customers. Not only can this deter new visitors from subscribing to your services or buying your products, […]
Whether you’re expanding your online business or starting a new one altogether, hosting multiple sites comes with a whole different set of concerns than hosting your first site. This guide to the best multiple domain hosting plans will explain everything you need to know about hosting multiple domains. 
