{"id":376,"date":"2014-02-04T13:15:35","date_gmt":"2014-02-04T19:15:35","guid":{"rendered":"https:\/\/justinparrtech.com\/JustinParr-Tech\/?p=376"},"modified":"2014-12-12T00:27:02","modified_gmt":"2014-12-12T06:27:02","slug":"top-developer-mistakes","status":"publish","type":"post","link":"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/","title":{"rendered":"Top Developer Mistakes"},"content":{"rendered":"<p><em>Background:\u00a0 Even with top notch architecture, coding, and Quality Assurance (QA), it&#8217;s easy to make these simple mistakes, that once introduced in to production, can be quite costly to fix.<\/em><\/p>\n<p><em>Production issues can cause down time, brand \/ reputation impact, loss of customer \/ end-user confidence, loss of productivity, loss of revenue, and wasted resources.<\/em><\/p>\n<p><em>This article describes some of the more common mistakes that can be made, going from development in to production.<\/em><\/p>\n<p><!--more Click here to read more!--><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_81 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\"><p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<\/div><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-1-%e2%80%9cit-worked-on-my-machine%e2%80%9d\" >Mistake #1:\u00a0 &#8220;It worked on my machine.&#8221;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-2-%e2%80%9cif-i-can-use-it-for-free-then-its-free%e2%80%9d\" >Mistake #2:\u00a0 &#8220;If I can use it for free, then it&#8217;s free&#8221;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-3-fire-and-forget\" >Mistake #3:\u00a0 Fire and Forget<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-4-scaling-issues\" >Mistake #4:\u00a0 Scaling Issues<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#scale-out-presents-several-unique-issues\" >Scale-out presents several unique issues:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#scaling-up-has-its-own-set-of-challenges\" >Scaling up has its own set of challenges:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-5-compliance-issues\" >Mistake #5:\u00a0 Compliance Issues<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-6-platform-bloat\" >Mistake #6:\u00a0 Platform Bloat<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-7-insufficient-error-handling-logging-and-diagnostics\" >Mistake #7:\u00a0 Insufficient Error Handling, Logging, and Diagnostics<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#error-handling-ensures-that-your-application-is-robust-and-can-survive-unexpected-input-data-network-conditions-and-environmental-conditions\" >Error handling ensures that your application is robust, and can survive unexpected input, data, network conditions, and environmental conditions.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#logging-should-be-configurable-but-robust\" >Logging should be configurable, but robust.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#diagnostics-should-be-built-in-to-the-platform-or-infrastructure-and-should-provide-meaningful-metrics\" >Diagnostics should be built in to the platform or infrastructure, and should provide meaningful metrics:<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#a-simple-test-harness-can-be-co-developed-with-the-application-for-functional-and-load-testing-as-well-as-remote-monitoring\" >A simple test harness can be co-developed with the application for functional and load testing, as well as remote monitoring<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-8-no-vendor-support\" >Mistake #8:\u00a0 No vendor support<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-9-no-community-support\" >Mistake #9:\u00a0 No community support<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-10-production-will-never-have-problems\" >Mistake #10:\u00a0 Production will never have problems.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-11-keep-everything\" >Mistake #11:\u00a0 Keep Everything!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#mistake-12-reporting-is-an-afterthought\" >Mistake #12:\u00a0 Reporting is an afterthought.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/top-developer-mistakes\/#summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-1-%e2%80%9cit-worked-on-my-machine%e2%80%9d\"><\/span>Mistake #1:\u00a0 &#8220;It worked on <span style=\"text-decoration: underline;\">my<\/span> machine.&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Make sure dependent components are identified and bundled with your installation package.<\/strong><\/span><\/p>\n<p>You hit &#8220;compile&#8221;, you get a couple of warnings, no errors, and&#8230;. done!\u00a0 You run the app, click, click, everything seems to work OK, so you push the new version in to production.<\/p>\n<p><strong>Within minutes, customers or end-users start calling you because they are getting an error message about a missing component.<\/strong><\/p>\n<p>First, let me state up front, most development shops have a QA function that&#8217;s supposed to catch dependencies.\u00a0 There are also many self-maintained or single-sourced software projects out there, that either start off as hobby code, or garage projects that enjoy limited commercial release.\u00a0 Full regression testing should always be part of the release management process.<\/p>\n<p>That said, development environments are often specially-crafted and highly-personalized, to facilitate the development and coding process.\u00a0 There are often complete installs of development tools, such as Microsoft Visual Studio, that come with libraries and other components that normal end users might not have installed on their PCs.\u00a0 Sometimes, there are 3rd-party tools and utilities that you might be using, without even realizing it.<\/p>\n<p>The best approach is to make sure you have a &#8220;clean build&#8221; environment where you test new builds.\u00a0 Be religious about clean-testing new builds, and keep a careful list of platform and component dependencies.<\/p>\n<p>Virtualization can be used for &#8220;clean build&#8221; environments &#8211; tools such as Oracle VirtualBox and Microsoft Hyper-V are tools that are free to use under specific circumstances, and support disk imaging, so that at the end of a test, you can effectively &#8220;snap back&#8221; or delete any changes that have been made.<\/p>\n<p>The installation process should be single-click &#8211; the installer should bundle redistributable versions of every dependent package or platform.<\/p>\n<p>There&#8217;s nothing more frustrating than trying to install some software that requires that you download half the internet to get the thing working!<\/p>\n<p>Bundling dependencies ensures that your customers and end-users get exactly what components they need, and the correct versions that your software requires.<\/p>\n<p><strong>When people are waiting on you, &#8220;<em>it worked on <span style=\"text-decoration: underline;\">my<\/span> machine<\/em>&#8221; is not an excuse!\u00a0 Clean-build testing, and bundling dependencies can help you make sure no excuse is required.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-2-%e2%80%9cif-i-can-use-it-for-free-then-its-free%e2%80%9d\"><\/span>Mistake #2:\u00a0 &#8220;If I can use it for free, then it&#8217;s free&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Make sure you and your customers \/ end-users comply with 3rd-party Licensing.<\/strong><\/span><\/p>\n<p>Ironically, developers, who ostensibly make a living writing code, are often the worst at understanding and respecting the work of other developers.<\/p>\n<p>This mistake comes in two flavors:\u00a0 tools and components that are included with the development environment, and 3rd-party open-source \/ shareware \/ tools.<\/p>\n<p>Often, development environments come with &#8220;full install&#8221; versions of software that might be a component that other people have to license independently.\u00a0 One example is MS SQL server &#8211; there is a single-use version of SQL called MS SQL Express, but bundling the full version means that the customer or end-user is responsible for a full SQL license!<\/p>\n<p>In some cases, if you run a hosted environment, you might require a special license.\u00a0 For example, Microsoft requires a Service Provider License Agreement (SPLA) for environments that are &#8220;generally-licensed&#8221;, meaning anyone can connect to them.<\/p>\n<p>Likewise, &#8220;open source&#8221; tools and components might be free to use under certain conditions, but might require special licensing if you sell your software commercially.<\/p>\n<p>Other restrictions that are typical in GPL, LGPL, GPL-2 licensing might include:<\/p>\n<ul>\n<li><strong>Enterprise licensing:<\/strong>\u00a0 Although free for personal use, some components \/ tools might require fee-based licensing, or use might be prohibited inside a company.<\/li>\n<li><strong>Reseller licensing:<\/strong>\u00a0 Even though &#8220;GPL&#8221; means &#8220;open source&#8221;, there might be a fee for reselling someone else&#8217;s code, or using their code in your project might be prohibited.<\/li>\n<li><strong>Commercial use:<\/strong>\u00a0 Some tools and components are free to use personally, but might require special licensing if you use them to develop software for resale.\u00a0 Often, this is called the &#8220;cobbler test&#8221;:\u00a0 If your company makes shoes (for internal use), you&#8217;re OK.\u00a0 If you SELL shoes (externally), you need a license.<\/li>\n<\/ul>\n<p>Failure to comply with licensing requirements could result in exorbitant license fees, fines, a lawsuit, or even jail time!<\/p>\n<p>To make sure neither yourself nor your clients are in for an unexpected surprise, ALWAYS read license agreements &#8211; make sure you know what components are truly &#8220;free&#8221; to use, or might require special licensing for yourself or your clients.\u00a0 Enter in to license agreements where appropriate, and work with your key vendors to establish strategic agreements that provide reduced costs (and therefore pricing) as well as enhanced usage rights for yourself and your customers.<\/p>\n<p>The purpose of licensing is to ensure that the developer&#8217;s rights are protected &#8212; if you use someone else&#8217;s tools or components, you have to abide by the terms of their license.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-3-fire-and-forget\"><\/span>Mistake #3:\u00a0 Fire and Forget<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Make sure every transaction can fail safely.<\/strong><\/span><\/p>\n<p>Whether your application writes something to disk, or sends data over a network, make sure that you account for the possibility that things could break.<\/p>\n<p>The development environment is often an ideal world, with lots of LAN-connected components, as well as lots of bandwidth and computing resources.\u00a0 The real world often runs on old, slow hardware, and flaky, slow networks.<\/p>\n<ul>\n<li><strong>Identify atomic transactions.<\/strong>\u00a0 If components A, B, and C are all part of one transaction, have the code ensure that A, B, and C all get committed together, or they all fail together.\u00a0 Nothing is worse than trying to deconstruct a partial transaction from its components.\u00a0 Think of it this way:\u00a0 If you work at a hospital, a patient could get dosed twice, or if you work at a bank, a check could get posted twice.\u00a0 You don&#8217;t want YOUR CODE to be the reason someone dies or goes broke. \u00a0If your application copies a file AND updates a database, make sure BOTH happen or NEITHER happen.<\/li>\n<li><strong>Anything outside your code might fail.<\/strong>\u00a0 If you call a third-party component, write a file to disk, transmit data on a network, or write to a database, anticipate an error condition.\u00a0 Make sure the application recovers smoothly &#8211; alert the administrators, give the end-users a friendly message, and preserve the data if possible.<\/li>\n<li><strong>Use WAN testing tools<\/strong> &#8211; there are several available, that simulate faulty or flaky networks.\u00a0 If your program runs well under difficult conditions, things like an internet glitch won&#8217;t cause your application to crash, or lose data.<\/li>\n<li><strong>Make sure your application can write to a backup (failover) component.<\/strong>\u00a0 For example, if you send data to a database server, or read data from a DNS, make sure your application switches over to a pre-configured backup database or DNS automatically!<\/li>\n<li><strong>Disk failures happen!<\/strong>\u00a0 Network storage, SAN, as well as local disks can fail, often at the worst possible time.\u00a0 Make sure your application allows for writing to a backup location in the event that primary storage fails.<\/li>\n<li><strong>Timeout.<\/strong>\u00a0 Every transaction should have an absolute timeout, after which, the transaction is agreed by the server, broker, remote system, and client, to NOT have been committed.\u00a0 The timeout should be less than the user session&#8230; the user should receive a positive error message that the transaction failed, rather than an ambiguous timeout message.<\/li>\n<li><strong>Clean crash recovery.<\/strong>\u00a0 Whether your application crashes, the operating system crashes, or maybe the administrator terminates your program incorrectly, always make sure you start your application with a post-execution cleanup process.\u00a0 The most common example is Java processes that leave behind a PID file, and then can&#8217;t execute! \u00a0On startup, make sure your app cleans up everything from the previous execution, including temp files (PID files if applicable), re-registers cleanly with remote servers, terminates any zombies (unattached processes from the previous execution), and frees any local or remote resources. \u00a0If a transaction has multiple states, keep track of transaction states, to ensure that transactions don&#8217;t get duplicated or ignored.<\/li>\n<\/ul>\n<p>A fast, easy restart means less down time, and data integrity is the most important thing to your customers and end-users.<\/p>\n<p>(In my best Yoda voice)\u00a0 <strong>Always plan to fail, and you will always succeed.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-4-scaling-issues\"><\/span>Mistake #4:\u00a0 Scaling Issues<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Scale-out means running multiple instances, while scale-up means running a bigger instance.\u00a0 Scaling an application for a production environment can mean both!<\/p>\n<h3><span class=\"ez-toc-section\" id=\"scale-out-presents-several-unique-issues\"><\/span>Scale-out presents several unique issues:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Inter-process communication.<\/strong>\u00a0 If you have multiple instances of a process, they all need to communicate with each other (Inter-Process Communication, or IPC) so that they know which instance is handling what work.\u00a0 I&#8217;ve seen many applications where the task server is the bottleneck, because you can&#8217;t run multiple task servers!<\/li>\n<li><strong>Session awareness.<\/strong>\u00a0 Session awareness means that an app or web server can fail, and the user&#8217;s session persists, failing over seamlessly to another instance.\u00a0 Saving the user&#8217;s session means saving frustration.<\/li>\n<li><strong>Infrastructure capacity.<\/strong>\u00a0 Core, infrastructure components such as file and database servers, might be overrun by scale-out, requiring that infrastructure components need to handle more and more concurrent connections &#8211; this means slower transaction times, decreased reliability, greater memory and resource footprint, longer disk queues, and a greater level of concurrency for your application if infrastructure transactions fail to complete in a timely manner (imagine &#8220;add to cart&#8221; taking 10 minutes on Amazon.com &#8212; I guaranty you&#8217;ll shop somewhere else!). \u00a0The best approach is to plan from day 1 to use <span style=\"text-decoration: underline;\">multiple<\/span> databases, file servers, and other core resources.\u00a0 Using pointers to infrastructure resources (pointer databases, UNC paths to file servers) allows core resources to scale quickly and easily with the application growth.<\/li>\n<li><strong>Application Delivery.<\/strong>\u00a0 Formerly referred to as load-balancing, understand and know how to leverage application delivery.\u00a0 App delivery can route traffic to data centers with excess capacity, or route around failure.\u00a0 The closer your application integrates with the app delivery tier, the more reliable and persistent your application service will appear.<\/li>\n<li><strong>N-tier versus X-tier.<\/strong>\u00a0 N-tier means that all application components run on one box.\u00a0 In reality, most production environments split the various tiers out to separate systems (x-tier).\u00a0 Each tier needs to be able to communicate with the next tier &#8212; possibly through an App Delivery layer, or perhaps the application has its own method for resource allocation.<\/li>\n<li><strong>N-squared.<\/strong>\u00a0 This is my favorite scaling problem.\u00a0 Assume two application tiers, &#8220;A&#8221;, and &#8220;B&#8221;.\u00a0 If every &#8220;A&#8221; node must maintain a connection to every &#8220;B&#8221; node (called &#8220;full mesh&#8221;), then the connections have an &#8220;n-squared&#8221; relationship &#8212; for the number of nodes, the number of connections approaches n^2 (n squared).\u00a0 Brokers ensure efficient communication between app tiers.\u00a0 App delivery \/ load balancing can be used for brokering connections between tiers, or the app might have its own load-balance algorithm.<\/li>\n<li><strong>Selection bias.<\/strong>\u00a0 This is my second favorite scaling problem.\u00a0 If you have &#8220;n&#8221; nodes, selection bias means you always start with node 1, then move to node 2.\u00a0 This means that by &#8220;selecting&#8221; node 1 first (etc&#8230;.), node 1 gets 30+% of the traffic, while node &#8220;n&#8221; never gets used!\u00a0 If you have a load-balance algorithm or leverage an app-delivery tier, make sure you avoid selection bias.\u00a0 Maintain state external to the session to ensure that new sessions start where the old one left off, or use random selection for the initial node.<\/li>\n<li><strong>N-squared and selection bias go hand-in-hand.<\/strong>\u00a0 Beware.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"scaling-up-has-its-own-set-of-challenges\"><\/span>Scaling up has its own set of challenges:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>Memory footprint.<\/strong>\u00a0 Frameworks such as Java and Dot Net are subject to underlying OS limitations &#8212; for example, a 32-bit process in Windows is limited to 2 gig.\u00a0 If your server has 20 gig, and your application can only use 2, you need to re-think your strategy!\u00a0 Run multiple instances on the same machine, or run another version, such as 64-bit versus 32.\u00a0 Make sure you use system resources efficiently.<\/li>\n<li><strong>Thread allocation.<\/strong>\u00a0 Using 2 CPUs efficiently is quite a bit different than using 32 CPUs efficiently!\u00a0 Modularized, multi-threaded code ensures that as the application scales up, system resources can be used efficiently.<\/li>\n<li><strong>Paging.<\/strong>\u00a0 Virtual memory means that your application might be using virtual resources.\u00a0 Keep track of timing, and make administrator recommendations to increase physical memory, to prevent paging out to disk.\u00a0 A disk call is in the 10ms range, while a memory call is in the 10 nanosecond range!\u00a0 Avoid paging, which is death to your application.<\/li>\n<li><strong>Storage and Network IO.<\/strong>\u00a0 As your application scales, having fewer Input\/Output (IO) paths means that disk and network writes could take longer.\u00a0 &#8220;Queue length&#8221; is an indication of IO taking too long&#8230; the longer the queue, the more IO is waiting &#8220;in queue&#8221; to be processed by the appropriate subsystem.\u00a0 High kernel usage can also be an indication of slow IO, as most IO is handled by the kernel.\u00a0 Plan in advance for slow IO.\u00a0 Monitor, and send an administrative alert recommending increased IO capacity.<\/li>\n<\/ul>\n<p>Planning from day 1 to accommodate multiple instances and large instances ensures that your application will run smoothly in a large-scale production environment.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-5-compliance-issues\"><\/span>Mistake #5:\u00a0 Compliance Issues<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Production environments often have compliance requirements based on the type of data they store, transmit, or manage.<\/strong><\/span><\/p>\n<p>Here are some examples of sector-specific regulatory requirements:<\/p>\n<ul>\n<li><strong>PCI<\/strong> &#8211; Payment Card Industries.\u00a0 If your application accepts, stores or transmits credit card data, it&#8217;s subject to PCI.<\/li>\n<li><strong>GLB<\/strong> &#8211; If your application runs inside a bank environment, or processes online transactions for banks, it&#8217;s subject to the Gramm-Leach-Bliley act.<\/li>\n<li><strong>HIPA<\/strong> &#8211; If your application runs in a doctor&#8217;s office, hospital, insurance, or other medical environment, it&#8217;s subject to the Health Information Portability and Accountability act.<\/li>\n<li><strong>OWASP top 10<\/strong> &#8211; Web-based applications should identify and actively avoid the OWASP top 10 list of vulnerabilities.<\/li>\n<\/ul>\n<p>All of these requirements have unique privacy and security standards.\u00a0 Writing a sector-specific application means conforming to sector-specific requirements &#8211; educate yourself about the requirements and how to comply with them.<\/p>\n<p><span style=\"text-decoration: underline;\">General guidelines for secure coding:<\/span><\/p>\n<ul>\n<li>All applications should comply with <span style=\"text-decoration: underline;\">secure coding practices<strong>.<\/strong><\/span><\/li>\n<li>All applications should assume that every transaction is <span style=\"text-decoration: underline;\">monitored<\/span>, and an attacker might try to compromise them.<\/li>\n<li>Passwords should be <span style=\"text-decoration: underline;\">hashed<\/span>, not stored in cleartext, nor encrypted.\u00a0 A hashed password can&#8217;t be extracted and used elsewhere.<\/li>\n<li><span style=\"text-decoration: underline;\">Unchecked buffers<\/span> are a potential memory exploit.<\/li>\n<li>Have <span style=\"text-decoration: underline;\">input validation<\/span> rules defined for all input, and validate all input<\/li>\n<li><span style=\"text-decoration: underline;\">Authenticate every transaction<\/span>.\u00a0 Even in the absence of encryption, secure hashing and other forms of authentication can be used to ensure that transactions and transaction data are legitimate.<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\">Use encryption where feasible.\u00a0 <\/span><\/p>\n<ul>\n<li><span style=\"text-decoration: underline;\">Communication between tiers<\/span> should use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) where possible.<\/li>\n<li><span style=\"text-decoration: underline;\">SSL and TLS authenticate the servers to each other, and encrypt data transmitted between them<\/span>.<\/li>\n<li>Data stored on a <span style=\"text-decoration: underline;\">f<\/span><span style=\"text-decoration: underline;\">ile system should be encrypted<\/span> using the operating system&#8217;s native libraries.<\/li>\n<li><span style=\"text-decoration: underline;\">Databases can often be configured for native encryption<\/span>, so that only certain users have access to certain fields.\u00a0 Any sensitive field should be encrypted.<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\">Beware query by form<\/span>, and <span style=\"text-decoration: underline;\">never pass raw SQL<\/span> from the web tier to the core.<\/p>\n<ul>\n<li><strong>Query by form<\/strong> is the Achilles heel of any application.\u00a0 If you throw up a form with date and customer ID, HOW could that possibly be exploited?\u00a0\u00a0 What if the user hacks the URL, adding &#8220;OR 1=1&#8221;?\u00a0 If you pass raw SQL to the database, this will return all rows.<\/li>\n<li>Tables and other objects should be <strong>aliased<\/strong> to prevent exploitation.<\/li>\n<li><strong>Don&#8217;t pass whole or partial SQL<\/strong> &#8212; no WHERE, HAVING, GROUP BY, or ORDER BY clauses.<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\">Understand, respect, and conform to infrastructure security controls:<\/span><\/p>\n<ul>\n<li><strong>Firewall<\/strong>:\u00a0 Applications should use specifically-defined ports and well-known endpoints between tiers.\u00a0 Port ranges are difficult to define, frowned upon, and leave room for exploitation.<\/li>\n<li><strong>Intrusion Detection \/ Prevention<\/strong>:\u00a0 Passing raw SQL, or using well-known application ports (such as TCP\/1433) might trigger intrusion prevention, causing your application not to run properly.<\/li>\n<li><strong>Antivirus<\/strong>:\u00a0 Scanning certain file types, such as zip files, can cause excessive overhead, resulting in corrupt files, failed transactions, and unreliable applications.\u00a0 Use standard file formats that can be easily excluded, and make administrators aware of application-related file formats and requirements.\u00a0 Scanning large files (such as database files) should ALWAYS be excluded.<\/li>\n<li><strong>XML Gateway \/ Datawall:<\/strong>\u00a0 This type of device is configured to allow only certain types of transactions in to or out of your network, and to limit the amount of data returned in a single transaction.<\/li>\n<\/ul>\n<p>By defaulting to a secure posture, you help ensure maximum protection for your customers and users, while avoiding potentially costly compliance pitfalls.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-6-platform-bloat\"><\/span>Mistake #6:\u00a0 Platform Bloat<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>There&#8217;s nothing like having to install 100 gig of platform files for 200 lines of code.<\/strong><\/span><\/p>\n<ul>\n<li><strong>Be aware of your core platform.<\/strong>\u00a0 Dot net and Java are both guilty of this &#8212; the promise that &#8220;managed code&#8221; is fast and efficient.\u00a0 If your Grandma, on her Pentium M laptop had to install a current Java or Dot Net platform base to run your app, she might disagree about both! \u00a0From experience, I can tell you that there&#8217;s nothing I hate more &#8212; <a title=\"$40 slice of pizza\" href=\"http:\/\/www.businessweek.com\/articles\/2012-02-22\/why-debit-card-overdraft-fees-are-under-scrutiny-again\" target=\"_blank\"><span style=\"text-decoration: underline;\">this is like the $40 slice of pizza scenario<\/span><\/a> &#8212; I hate trying to install an app or utility that gleefully expresses, &#8220;.Net Framework 4.5 is required!!&#8221; (in mock triumph).<\/li>\n<li><strong>Either stick to the most common versions, or stay version independent<\/strong>.\u00a0 The only thing worse than finding out I have to install Java or Dot Net, is finding out the three versions I already have installed aren&#8217;t sufficient.\u00a0 <span style=\"text-decoration: underline;\">Find out what your user base already primarily has installed, and conform to the majority<\/span>.<\/li>\n<li><strong>Evaluate alternatives.<\/strong>\u00a0 For lightweight uses, investigate other options that are purpose-specific, and may be smaller or more efficient.\u00a0 Python, PERL, BASIC, and C can all be compiled to native executable format, using various 3rd-party tools and utilities.\u00a0 Some installer toolkits can be used as executable batch files.<\/li>\n<li><strong>Keep your code clean, lean, and mean.<\/strong>\u00a0 Don&#8217;t include libraries, options, or utilities you don&#8217;t need.\u00a0 These translate in to dependencies that you don&#8217;t need, and bloat that your users don&#8217;t want.\n<ul>\n<li>I worked with a guy one time who downloaded and used a 3rd-party grid control, because he liked the way it looked over the MS Common Controls grid control.\u00a0 The difference?\u00a0 Every user had to individually download and accept the license for this 3rd party control, instead of using the Microsoft-supplied one that they already had on their computer!<\/li>\n<li>In another situation, a developer used a different 3rd-party grid control, because he could implement it with less effort, only to find out that the grid control was uploading all the grid data to a 3rd-party website.<\/li>\n<li>In a third situation, a VB developer I worked with, had his default project set up to bind to all of the ActiveX controls that shipped with VB.\u00a0 Even though his code didn&#8217;t use everything, all of these controls had to be included as part of the installation &#8211; one missing library would cause the program to fail to execute.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><strong>Keep things lean, simple, and small, and your users and administrators will love you for it.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-7-insufficient-error-handling-logging-and-diagnostics\"><\/span>Mistake #7:\u00a0 Insufficient Error Handling, Logging, and Diagnostics<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The biggest problem you&#8217;ll have as a developer, is having to remotely support a customer \/ end-user, while having insufficient metrics and diagnostics.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"error-handling-ensures-that-your-application-is-robust-and-can-survive-unexpected-input-data-network-conditions-and-environmental-conditions\"><\/span>Error handling ensures that your application is robust, and can survive unexpected input, data, network conditions, and environmental conditions.<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Every application and non-application call should <span style=\"text-decoration: underline;\">anticipate an error.<\/span>\u00a0 Build error handling in to every function call.<\/li>\n<li>Channel-specific calls (such as database, file storage, etc&#8230;) should be handled by a <span style=\"text-decoration: underline;\">channel-specific handler<\/span>.\u00a0 There is NOTHING more frustrating than a generic error message.<\/li>\n<li><span style=\"text-decoration: underline;\">Redundancy should be applied where feasible<\/span>.\u00a0 Every connectivity-related configuration item should include a standby or failover configuration, that the application automatically tries to leverage in the event of a primary failure.<\/li>\n<li><span style=\"text-decoration: underline;\">Every failed transaction should be survivable<\/span>.\u00a0 Set user expectations, send an administrative alert, then DEAL with it!<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"logging-should-be-configurable-but-robust\"><\/span>Logging should be configurable, but robust.<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>Non-repudiation.\u00a0 <span style=\"text-decoration: underline;\">Every transaction should be logged<\/span> (at all logging levels) and authenticated via secure hash.\u00a0 With atomic transactions, there should never be a question of whether a transaction occurred or not.<\/li>\n<li><span style=\"text-decoration: underline;\">Anything returned to the client should be logged.<\/span>\u00a0 Error codes, return codes, status codes.\u00a0 If the client receives an unexpected result, this can be traced to both the return code, and the internal diagnostics.<\/li>\n<li><span style=\"text-decoration: underline;\">Debug logging should be available<\/span>, detailing the entire stack (all function calls), but not enabled by default.<\/li>\n<li><span style=\"text-decoration: underline;\">All log entries should be time stamped<\/span> using a coordinated time source.\u00a0 Typically, &#8220;network time&#8221; is obtained via the operating system through NTP (Network Time Protocol).<\/li>\n<li><span style=\"text-decoration: underline;\">Logging to external sources should be supported<\/span>.\u00a0 This includes SYSLOG and other logging protocols, in support of centralized logging and event correlation.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"diagnostics-should-be-built-in-to-the-platform-or-infrastructure-and-should-provide-meaningful-metrics\"><\/span>Diagnostics should be built in to the platform or infrastructure, and should provide meaningful metrics:<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><span style=\"text-decoration: underline;\">Is a certain bandwidth required?<\/span>\u00a0 Include a bandwidth test in your application.\u00a0 Send a fixed amount of data, then have a client script send it back.\u00a0 Time both transactions.\u00a0 Data-in-bytes * 8 \/ seconds = available bandwidth. \u00a0One of the biggest mistakes I see is that tech support sends the end user to a 3rd-party bandwidth test site.\u00a0 Just because the user has a decent bandwidth test result to a 3rd-party site, doesn&#8217;t mean the instantaneous bandwidth available to your application is sufficient &#8212; the only way to be sure is to host a lightweight bandwidth test app on YOUR website.<\/li>\n<li><span style=\"text-decoration: underline;\">Component dependencies?<\/span>\u00a0 Run a local diagnostic.\u00a0 If your end-user has already accepted and installed an ActiveX or Java control, this is an excellent opportunity to ensure that system pre-reqs are met, or upload logging information to the server if not.<\/li>\n<li><span style=\"text-decoration: underline;\">Time every transaction.<\/span>\u00a0 Building a histogram by day and time\u00a0 of day means that you have a library of &#8220;normal&#8221; for every transaction.\u00a0 Abnormal transactions should generate an administrative warning, a message to the end user, and some kind of affirmative transaction disposition (so that the user knows what happened).<\/li>\n<li><span style=\"text-decoration: underline;\">Be sure to log normal and abnormal timing metrics.<\/span>\u00a0 This allows an administrator to check whether things are working correctly.\u00a0 Metrics \/ statistics should be gathered from server AND client for every major application function.<\/li>\n<li><span style=\"text-decoration: underline;\">Automatically upload workstation diagnostic logs.<\/span>\u00a0 If the workstation had an error, or timed out for some reason, or perhaps received an unexpected status code, upload every detail possible.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"a-simple-test-harness-can-be-co-developed-with-the-application-for-functional-and-load-testing-as-well-as-remote-monitoring\"><\/span>A simple test harness can be co-developed with the application for functional and load testing, as well as remote monitoring<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li>A test harness allows you to <span style=\"text-decoration: underline;\">simulate various types of transactions<\/span>.<\/li>\n<li>For <span style=\"text-decoration: underline;\">web-based applications<\/span>, the test tool can use a browser object instance to programmatically enter data, manipulate controls, and simulate XML or web calls.<\/li>\n<li>For <span style=\"text-decoration: underline;\">thick-client applications<\/span>, a debugger &#8220;side-pipe&#8221; interface allows simulated events to be configured and fired from a test file, or sent via a network interface.<\/li>\n<li><span style=\"text-decoration: underline;\">Load testing<\/span> means simulating many concurrent transactions in to the app server.\u00a0 A script-able test harness and debugging interface makes this easy, with no 3rd-party tools required!<\/li>\n<li>A debugging interface can be used for <span style=\"text-decoration: underline;\">remote monitoring<\/span>.\u00a0 Simulated transactions can be timed by periodically firing off specific scripts from the test harness.<\/li>\n<li><span style=\"text-decoration: underline;\">Always protect debugging interfaces!<\/span>\u00a0 Any connection should be authenticated, and there should be an option to disable all debugging in production.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-8-no-vendor-support\"><\/span>Mistake #8:\u00a0 No vendor support<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Anticipate that you will need vendor support.\u00a0 Your customers \/ end-users will call you, and if you require platform support, you will need to call your vendors.<\/strong><\/span><\/p>\n<ul>\n<li><strong>Make sure that platform and components are kept current.<\/strong>\u00a0 Vendors don&#8217;t provide support for End Of Life (EOL) components.<\/li>\n<li><strong>Make sure there is a 1st party or 2nd party support agreement in place.<\/strong>\u00a0 Some vendors require a 2nd party agreement directly with the client, while others allow you to resell their components (requiring you to broker support).\u00a0 Either way, anticipate your users \/ clients having a platform issue that you&#8217;ve never seen, in a critical situation, in the middle of the night, and be prepared to deal with it!<\/li>\n<\/ul>\n<p>Keep technology components and vendor support contracts current, to ensure that you can provide critical support to <span style=\"text-decoration: underline;\">your<\/span> customers.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-9-no-community-support\"><\/span>Mistake #9:\u00a0 No community support<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Community support means vetting new features and functions with your user base, in advance of general release.<\/strong><\/span><\/p>\n<ul>\n<li><strong>Foist.<\/strong>\u00a0 Foisting means you thrust a new feature or function upon your user base without their approval.\u00a0 Users generally don&#8217;t like this.\u00a0 Like&#8230; taking away the &#8220;Start&#8221; button.<\/li>\n<li><strong>Public Betas.<\/strong>\u00a0 Helps fix the &#8220;It runs on <span style=\"text-decoration: underline;\">my<\/span> machine&#8221; error.\u00a0 Your user base has a wider variety of hardware and software components than you do, and a public beta can help identify and sort out errors much faster than lab testing, in a relatively controlled environment.\u00a0 End users are also a never-ending source of spontaneous, unanticipated input (take that however you want), that may find holes in your error detection and resilience approach.<\/li>\n<li><strong>Market Demand.<\/strong>\u00a0 Opposite of foisting, allowing your beta users to suggest new features, means staying ahead of market demand, thus making your product more marketable.<\/li>\n<\/ul>\n<p>The purpose of community support is to make sure that development effort is in alignment with market demand, and to ensure that new features \/ functions are regression tested across a large user base.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-10-production-will-never-have-problems\"><\/span>Mistake #10:\u00a0 Production will never have problems.<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Planning in advance for a site-wide disaster (disruptive event) ensures that data is current (Recovery Point Objective), and that the Disaster Recovery (DR) site can be brought up in a timely manner (Recovery Time Objective).<\/strong><\/span><\/p>\n<ul>\n<li>Plan for a mirror Disaster Recovery (DR) site, with equal capacity and bandwidth.\u00a0 Often, the mistake made with DR is to use older equipment or have insufficient bandwidth in place &#8211; in the event of a disaster, <span style=\"text-decoration: underline;\">DR becomes your production site<\/span>, and it should be treated like production.<\/li>\n<li>Replicate transactions to a mirror server, where feasible.\u00a0 Anticipate that the connection to a Disaster Recovery (DR) servers might be across a slower wide-area connection, and transactions might queue up.\u00a0 One approach is to use a 2nd local server to buffer the transactions.<\/li>\n<li>Have a master copy of all software components and installation keys set aside and copied to your DR site.\u00a0 There is nothing like trying to find a license key in the middle of a\u00a0 disaster.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>High Availability<\/strong><\/p>\n<ul>\n<li>Plan for high availability at Production and DR.<\/li>\n<li>Servers can fail.\u00a0 They can have hardware problems, OS problems, or infrastructure problems outside of your control.\u00a0 If you have ONE server, and it fails, what is that down time going to cost you?<\/li>\n<li>Designing for active-active high availability means having multiple session-aware servers that all share the load.<\/li>\n<li>There should be enough servers in play, such that you can lose some predetermined part of your capacity, and maintain performance levels.\u00a0 If you have 2 active servers, losing 1 means 50% capacity reduction.\u00a0 Can your business run on 50% capacity?<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Plan for upgrades<\/strong><\/p>\n<ul>\n<li>As the application footprint grows, making codebase updates in production becomes a greater concern<\/li>\n<li>Plan for new codebase versions to be compatible with existing configuration and data.\u00a0 New features and updates can be enabled with a final configuration change, once all app servers are at the same codebase level.<\/li>\n<li>Use modular design, so that one module or group of functions can be updated independent of the rest of the application.<\/li>\n<li>Using high-availability, update a few app servers at a time to the new codebase during non-peak times.<\/li>\n<li>Consider performing a site-level upgrade in DR, and switch to DR for production while you update the &#8220;normally production&#8221; side.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-11-keep-everything\"><\/span>Mistake #11:\u00a0 Keep Everything!<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Have a data retention plan, and implement data purge routines.<\/strong><\/span><\/p>\n<ul>\n<li>Database and file system growth can lead to performance issues<\/li>\n<li>In addition to performance issues, keeping unnecessary data could put you or your customers at risk, if there is a data breach.<\/li>\n<li>Every transactional data table or file system\u00a0 should have a purge plan<\/li>\n<li>Purge scripts can be driven at the app, database, or OS level, but should be configurable within the application.<\/li>\n<li>From a<span style=\"text-decoration: underline;\"> capacity planning<\/span> standpoint, make sure you have database and file storage calculators to help administrators figure out what resources will be used by the application.<\/li>\n<li>I typically try to provide a sizing spreadsheet, where the client can plug in some variables, to forecast what types of transactions and how many they will make, and <span style=\"text-decoration: underline;\">predict storage and network capacity requirements<\/span> accordingly.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"mistake-12-reporting-is-an-afterthought\"><\/span>Mistake #12:\u00a0 Reporting is an afterthought.<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"text-decoration: underline;\"><strong>Reports can cripple your<\/strong><strong> application.<\/strong><\/span><\/p>\n<p>Trying to run reports on a highly-transactional database means lots of locking.\u00a0 One misplaced, long-running report can cause enough locking to prevent new transactions from entering the database!<\/p>\n<ul>\n<li>Plan to integrate with a BI \/ Reporting Tool &#8211; create schemas and views that are easy to read by semi-skilled report-writers (analysts)<\/li>\n<li>Have controls in place to prevent locking key transactional tables.\u00a0 Views are a great way to prevent this &#8212; views can be configured with the appropriate isolation level.<\/li>\n<li>Choosing an appropriate isolation level means that your query can accept data that may be out of date (known as &#8216;dirty read&#8217; or &#8216;uncommitted read&#8217;).\u00a0 If you have a long, scary report that runs for 4 hours, at the default isolation level, it will try to lock resources in various tables in order to maintain a &#8220;consistent picture&#8221; from a transaction standpoint.\u00a0 By using a slightly less aggressive locking strategy, you can improve performance and reduce impact to waiting transactions.<\/li>\n<li>Plan in advance for a separate report repository.\u00a0 Ensuring that your reporting engine can run from a read-only copy of the database, means that all day 2 reporting can be run from a replicated copy of the database, with no impact to the transactional primary copy.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h2><span class=\"ez-toc-section\" id=\"summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>Do clean-build testing to ensure that your application works everywhere, not just on your dev system<\/li>\n<li>Understand licensing requirements.\u00a0 Obtain the proper licenses where applicable, or make sure you bundle 3rd-party licenses if needed.<\/li>\n<li>Assume every transaction might fail.\u00a0 Make sure your app never commits a partial transaction.\u00a0 Allow your app to support multiple connection points, and have it route around failed components.\u00a0 Allow for timeouts and retries, assuming your network or environment might be slow or flaky.<\/li>\n<li>Plan for scaling from day 1.\u00a0 Figure out how each app tier might be serviced by multiple instances, and how they will communicate.\u00a0 If your platform or OS has inherent limitations, figure out how your app will use system resources more efficiently on larger systems.<\/li>\n<li>Understand compliance issues based on the data your app receives, stores, processes, or transmits.\u00a0 Understand and work with infrastructure security mechanisms.\u00a0 Beware query by form.<\/li>\n<li>Avoid platform bloat.\u00a0 Use only the features, components and objects that you really need.\u00a0 Investigate smaller platforms that might be purpose-specific, but suited to your need.<\/li>\n<li>Build robust error handling, lots of logging, and relevant diagnostics directly in to the application.<\/li>\n<li>Maintain vendor support contracts.<\/li>\n<li>Deliver features and functionality your user community wants, and give them an opportunity to test it<\/li>\n<li>Plan in advance for high availability (HA) and disaster recovery (DR)<\/li>\n<li>Have a built-in retention policy and data purge \/ cleanup mechanism<\/li>\n<li>Plan in advance for reporting<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><span style=\"text-decoration: underline;\"><strong>Update: 6\/27\/2014<\/strong><\/span><\/em><\/p>\n<p><em>Click here to read Part 2:<br \/>\n<\/em><a title=\"More Common Developer Mistakes\" href=\"https:\/\/justinparrtech.com\/JustinParr-Tech\/more-common-developer-mistakes\/\">https:\/\/justinparrtech.com\/JustinParr-Tech\/more-common-developer-mistakes\/<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><em><span style=\"text-decoration: underline;\"><strong>Update: 12\/12\/2014<\/strong><\/span><\/em><\/p>\n<p>Fixed a few typos and formatting errors.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Background:\u00a0 Even with top notch architecture, coding, and Quality Assurance (QA), it&#8217;s easy to make these simple mistakes, that once introduced in to production, can be quite costly to fix. Production issues can cause down time, brand \/ reputation impact, loss of customer \/ end-user confidence, loss of productivity, loss of revenue, and wasted resources. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-376","post","type-post","status-publish","format-standard","hentry","category-analyses-and-responses"],"_links":{"self":[{"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/posts\/376","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/comments?post=376"}],"version-history":[{"count":11,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/posts\/376\/revisions"}],"predecessor-version":[{"id":1414,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/posts\/376\/revisions\/1414"}],"wp:attachment":[{"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/media?parent=376"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/categories?post=376"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/justinparrtech.com\/JustinParr-Tech\/wp-json\/wp\/v2\/tags?post=376"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}