Coding

A project I was recently working on had in place a cloud-based infrastructure that was designed to support a single installation of the Drupal CMS running in Amazon Web Services (AWS). This infrastructure included an auto-scaling setup with load balancers hosting a ‘cache’ layer and an ‘application’ layer that hosted the Drupal CMS. On the backend tier, an AWS Relational Database Service (RDS) provided the MySQL database needed for the application. There were other components of the infrastructure such as our shared services for continuous integration, monitoring and development tools. ...

I was recently notified that one of the sites I support was getting a ‘C’ rating on SSL Labs. It turned out that there were three main issues that needed to be resolved. Two out of the three were relatively easy to find via the SSL Labs documentation, which required simple fixes to the ssl.conf file. This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. This was relatively easy to fix. I resolved it by modifying ssl_protocols in the ssl.conf file - thank you Digital Ocean for your comprehensive write-up on this! The server does not support Forward Secrecy with the reference browsers. Again, more simple changes in the ssl.conf file. In case you run into a similar issue, be sure to read this helpful article, Configuring Apache, Nginx, and OpenSSL for Forward Secrecy. The third issue, however, was not quite as straightforward: This server accepts RC4 cipher, but only with older protocols. I found a number of helpful articles on this stating that by adding !RC4 to exclude RC4 in SSLCipherSuite, will result in mitigation of this vulnerability. I spent quite a bit of time trying different cypher list combinations and always including !RC4, however no matter how many times I tweak this, restart httpd and revisit SSL Labs, I kept getting the annoying ‘B’ grade and RC4 complaint. For anyone facing similar issues, I highly recommend reading Hardening Your Web Server’s SSL Ciphers. ...

Because of erroneous PHP and Java extensions, I’ve switched from Atom to Microsoft’s VSCode aka Visual Code Editor for writing applications. VSCode is a powerful editor. With the help of some extensions, you can use VSCode as a replacement for RAM hogging Integrated Development Environments. If you’ve just installed VScode and you’re searching for extensions that will improve your productivity, you’re at the right place. Below, I’ve shared the list of best Visual Code extensions. ...

As a developer, knowledge of web application security vulnerabilities is essential in order to build software that is both resilient to attacks and protected through a layered approach of defense. The cybersecurity landscape is constantly shifting, however a good understanding of the most common vulnerabilities is a great place to get started with security. Before reviewing the articles below, be sure to look at 10 Most Common Security Vulnerabilities. The list that follows are a handful of articles I’ve written over the years both in my graduate and professional work. They focus on application security specifically as well as an understanding of the people behind such attacks. ...

You’ve decided it’s time to start solidifying ideas for your ideal website. You have no doubt spent countless hours in the planning phase identifying your target audience, design considerations, and of course you have a solid idea of your overall content strategy. If you haven’t, then do yourself a favor and take a look at The Complete Guide to Building Your Personal Brand, What Makes an Effective Website? and How to Design a Website for a Specific Target Audience? before reading on. ...

Fundamental to all modern web development is a strong foundational knowledge of version control. In recent years Git has emerged as the go-to choice for many developers and continues to gain popularity. Github is a platform that uses Git for source control. It provides an environment that encourages and fosters community open source development. It is a great platform to publish and use for version control on your own web sites and projects. Below I have listed several resources for getting started with Git, Github, Github Pages and Open Source. ...

The HTML5 and CSS learning resources provided here supplement classroom materials for my CMST 386 class taught at the University of Maryland University College. Please report any broken links in the LEO classroom. If you have any suggestions for additional resources that could be added here, let me know. To access some of these resources you will need to sign up for a free account, which I cannot mandate in class. ...

Like other top web servers, Nginx lets webmasters enable Gzip compression for their websites. It can compress scripts and stylesheets in a web page on the fly. The Gzip file’s size is significantly lower than the original file. Nginx supports 9 Gzip compression levels.1 is the lowest and 9 is the highest. To gzip a file, Nginx will use invoke a function and the function will use system resources during the file conversion process. The function will take few milliseconds to execute. ...

After Googleweblight, AMP aka Accelerated Mobile Pages is the new initiative from the search engine giant Google to make the web fast. As of today, over 900K sites are powered by AMP. I’ve used AMP on my site for a month. Below, I’ve shared the Pros and Cons of Google AMP. Pros of Google AMP (Advantages) Easy to implement Google has published a detailed documentation which covers the HTML markup/CSS code you should use while implementing AMP. It also covers tutorials, news, case studies and demos of AMP. If you’re a developer, go through the documentation before writing the code of your website. ...

Over the last few months my team has been developing microsites to accompany our main website. The requirements for these sites included having their own domain, theme and separate content. After reviewing options in Drupal 7, I decided the best approach given our situation was to use the Domain Access Module. The Domain Access Module provides a very solid and powerful framework for developing additional sites within your existing Drupal CMS, but it can also be somewhat complicated to setup for any given use case. I have documented some of the lessons learned over the last few months as we implemented Domain Access in our own project. ...