CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Building an RBAC based application in ...

This is the second article about RBAC in CakePHP series (2/2). In our previous post we did a quick introduction to RBAC and how to setup CakeDC/Auth plugin in an example project, dealing with basic array based rules. Today we'll talk about how to debug rules, and provide complex Auth rules to check permissions. We'll also discuss how to encapsulate the rules logic into `Rules` classes, and how to deal with RBAC in big projects.  

Debugging rules

Notice when debug is enabled, a detailed trace of the matched rule allowing a given action is logged into debug.log For example: 2017-10-04 23:58:10 Debug: For {"prefix":null,"plugin":null,"extension":null,"controller":"Categories","action":"index","role":"admin"} --> Rule matched {"role":"*","controller":"*","action":["index","view"],"allowed":true} with result = 1 This log could save you some time while debugging why a specific action is granted.

Callbacks for complex authentication rules

Let's imagine a more complex rule, for example, we want to block access to the articles/add action if the user has more than 3 articles already created. In this case we are going to use a callback to define at runtime the result of the allowed key in the rule. [ 'role' => '*', 'controller' => 'Articles', 'action' => 'add', 'allowed' => function (array $user, $role, \Cake\Http\ServerRequest $request) { $userId = $user['id'] ?? null; if (!$userId) { return false; } $articlesCount = \Cake\ORM\TableRegistry::get('Articles')->findByUserId($userId)->count(); return $articlesCount <= 3; } ],

Rules example

As previously discussed, we have the ability to create complex logic to check if a given role is allowed to access an action, but we could also extend this concept to define permission rules that affect specific users. One common use case is allowing the owner of the resource access to a restricted set of actions, for example the author of a given article could have access to edit and delete the entry. This case was so common that we've included a predefined Rule class you can use after minimal configuration. The final rule would be like this one: [ 'role' => '*', 'controller' => 'Articles', 'action' => ['edit', 'delete'], 'allowed' => new \CakeDC\Auth\Rbac\Rules\Owner(), ], The Owner rule will use by default the user_id field in articles table to match the logged in user id. You can customize the columns, and how the article id is extracted. This covers most of the cases where you need to identify the owner of a given row to assign specific permissions.

Other considerations

Permissions and big projects

Having permission rules in a single file could be a solution for small projects, but when they grow, it's usually hard to manage them. How could we deal with the complexity?
  • Break permission file into additional configuration files
  • Per role, usually a good idea when you have a different set of permissions per role. You can use the Configure class to append the permissions, usually having a defaults file with common permissions would be a good idea, then you can read N files, one per role to apply the specific permissions per role.
  • Per feature/plugin, useful when you have a lot of actions, and a small set of roles, or when the roles are mostly the same regarding permissions, with a couple changes between them. In this case you will define the rules in N files, each one covering a subset of the actions in your application, for example invoices.php file would add the pemissions to the Invoices plugin. In the case you work with plugins, keep in mind you could write the permission rules inside each plugin and share/distribute the rules if you reuse the plugin in other apps (as long as the other apps will have similar roles).
  • QA and maintenance
  • It's always a good idea to think about the complexity of testing the application based on the existing roles. Automated integration testing helps a lot, but if you are planning to have some real humans doing click through, each role will multiply the time to pass a full regression test on the release. Key question here is "Do we really need this role?"
  • Having a clear and documented permissions matrix file, with roles vs actions and either "YES" | "NO" | "RuleName" in the cell value will help a lot to understand if the given role should be allowed to access to a given action. If it's a CSV file it could be actually used to create a unit test and check at least the static permission rules.
  • Debugging and tracing is also important, for that reason we've included a trace feature in CakeDC/Auth that logs to debug.log the rule matched to allow/deny a specific auth check.

About performance

Performance "could" become an issue in the case you have a huge amount of rules, and some of them would require database access to check if they are matching. As a general recommendation, remember the following tips:
  • Rules are matched top to bottom
  • Try to leave the permission rules reading the database to the end of the file
  • Cache the commonly used queries, possibly the same query will be used again soon
  • Note cache invalidation is always fun, and could lead to very complex scenarios, keep it simple
  • If you need too much context and database interaction for a given rule, maybe the check should be done elsewhere. You could give some flexibility and get some performance in return

Last words

We've collected some notes about the implementation of a RBAC based system in CakePHP using our CakeDC/Auth plugin. As stated before, there are many other ways, but this is ours, worked well on several projects and we thought it was a good idea to share it with other members of the CakePHP community to expose a possible solution for their next project Authorization flavor. Please let us know if you use it, we are always improving on them - And happy to get issues and pull requests for our open source plugins. As part of our open source work in CakeDC, we maintain many open source plugins as well as contribute to the CakePHP Community. Reference

Building an RBAC based application in ...

This is the first post of a small series covering how to setup, organize and implement an RBAC based authorization system in CakePHP using the CakeDC/Auth Plugin. We'll cover the basic concepts, setup and implementation of the basic permission rules in part 1.

What does RBAC mean in this context?

We'll use RBAC as "Role Base Access Control", meaning your app will be using the following concepts to define who can access what:
  • "Who" is an existing user, mainly identified as his role in the system, such as an "admin" or "writer", etc.
  • "What" is a specific action in your application, identified as the associated routing params, for example ['controller' => 'Posts', 'action' => 'add'].
  • A permission in this context would be a link between who, and what.

Why not ACL?

ACL is a really good choice when your answer is 'yes' to any of the following questions:
  • Do we need to let users create new roles on the fly?
  • Do we need the roles to inherit permissions (tree structure)?
  • Do we need to assign permissions NOT based on controller actions? For example CRUD based permissions, checked on the model layer for each operation on a given row.
If your answer is yes, you should consider using cakephp/acl. It provides a very powerful, reliable and flexible way to configure your permissions, but with greater power comes a bigger maintenance burden, that is keeping the acl data in your tables. Specially if you have several environments to maintain, you'll need to write migrations to populate your acl tables, then create import/export scripts and utilities to reproduce permission issues from live environments, and so on. Not an impossible task, but could increase the complexity of your project in a significant way...

Setting up CakeDC/Auth

There are other plugins you could use, but this one will cover everything you'll need, so let's go. CakeDC/Auth usually comes installed from within CakeDC/Users (a complete solution covering many more features) but today we'll set it up alone. composer require cakedc/auth bin/cake plugin load CakeDC/Auth And last, but not least, add the RBAC Auth to the list of Authorize objects. Here is a working configuration based on the blog tutorial. We'll be using the blog tutorial described in the book as an example application Change AppController.php Auth related configuration to: $this->loadComponent('Auth', [ 'authorize' => ['CakeDC/Auth.SimpleRbac'], 'loginRedirect' => [ 'controller' => 'Articles', 'action' => 'index' ], 'logoutRedirect' => [ 'controller' => 'Pages', 'action' => 'display', 'home' ] ]); With this change, we'll be using only the rules defined in config/permissions.php file. If this file is not present, default permissions will be in place. Default permissions will grant access to admin role to all actions. To override permissions, you can copy the default permissions to your project and fix the rules: cp vendor/cakedc/auth/config/permissions.php config/ Then edit this file and check the provided examples and defaults.

Using CakeDC/Auth

The core of the RBAC system is the ability to define permission rules that will match one given role with the actions granted. Rules are defined in an array, but you can extend the AbstractProvider class to retrieve the rules from somewhere else (database?). By default, nothing will be granted. Rules are evaluated top to bottom. The first rule matched will stop the evaluation, and the authentication result will be provided by the value of the allowed key. Note we can use a callback to implement complex rules, or encapsulate the rules into classes that we could reuse across projects, like the Owner rule class provided. This is an example rule [ 'role' => '*', 'plugin' => 'CakeDC/Users', 'controller' => 'Users', 'action' => ['profile', 'logout'], ], We could read this rule as follows: "For any role, we grant access to actions 'profile' and 'logout' in the Users controller in plugin CakeDC/Users". Note default allowed value is true, we can use an array, or a string to determine the role, plugin, controller and action. We can also use * in the value to match anything or use * at the start of the key to match anything but the values, for example '*controller' => 'Users', would match all the controllers but 'Users'.

Simple Rules

As our first objective, we are going to grant access to all the index and view pages, using the rule [ 'role' => '*', 'controller' => '*', 'action' => ['index', 'view'], ],
Stay tuned for the second post, where we'll deal with complex rules, rule classes and implementation tips for complex applications...

Has your website been hacked? Learn mo...

If you have a website and have not made the necessary security precautions, then you may become victim to hacking.   Besides the obvious defacing that can take place once your website has fallen victim, here are some other signs you have been hacked:

  • Your website redirects to another site, not your own.
  • Google or Bing notifies you.
  • Your browser indicates that your site is not secure.
  • You notice a change in your website traffic, especially from different countries.
  So you’ve been hacked - what do you do? Where do you start?   We’ve put together a few things that you need to look into as soon as possible!  
  • Do you have a support team? Contact them!
In this situation, it is best to immediately contact your technical support - your web developers who have experience in how to handle these situations. From what to shut down, what to look for and where to check. Someone without the technical expertise to help you is going to have difficulty properly fixing things!  
  • Get together all of the information required for your support team
Your support team will need all the access information, so start putting this together - things they will need access to include your CMS; hosting provider and login details; web logs, FTP/sFTP access credentials as well as any back ups you may have. If you have never been hacked or do not have regular back ups running - here’s a good place to start.  
  • Temporarily take your website down
If you haven’t already done so, make sure to take your site down temporarily. While you are doing this, it is also important to check all your servers and computers for malware, spyware or trojans. And if you have a virtual server, it may be in the best interest to start over - some attacks leave software that may not be visible or you may not know what to look for.  
  • Change your passwords
Make sure to change your passwords! Not sure what to use? For the best security, make use of a password generator that includes both letters and numbers of more than 12.
  For expert development and consultation services, give CakeDC a call - we lead, so you can lead.

Forms! Tips to make yours better

With your website as such a powerful tool in reaching potential clients, can you afford to have forms that aren’t adequately bringing in conversions or leads?   If you are failing to get leads in, have you considered that your forms may be the problem? Here are some tips to getting your forms up to scratch.   Keep it simple Its key to keep your forms as easy as possible to submit - remove as many barriers as you can. Do you request excessive information, ask your user to login in order to submit their details or have a design that is over complicated and confusing? These are the things to look out for as they can act as deterrents to form submissions or lead conversions.   Fill out the form yourself, give it a test run! If you haven’t already, give your form a test run! How do you feel about filling out the required fields, how long does it take, what emotions would you feel if this wasn’t your website and your form? Take all of these points into consideration and see if there any adjustments that need to be made.   Reduce the number of fields There is no need to require 20 fields when submitting a form. Not only is it time consuming, but also unnecessary and frustrating to your user. Be sure to keep things to a minimum - if a user profile is required, ask them to fill this out later, once they have a feel for the benefits to them.   Is there motivation to submit the form? Are you looking for new leads or to build up your email database? Does the user have incentive to submit the form? Besides your basic contact us forms, there should ideally be other CTA’s or lead generation techniques at play. These could include access to white papers, reports or expert advice which may be offered up as ‘free’ should the user submit their details. Use the opportunity to capture as many leads as possible - and remember, users need a reason to submit their details to you.   Confirm the submission So a user has submitted their details, is there a confirmation message or page redirect? If not, you may be further frustrating your user - make sure to let them know that they have successfully submitted and you have received their information.   For expert development and consultation services, give CakeDC a call - we lead, so you can lead.  

Learn more about UX tracking metrics t...

With UX being a subjective, human and ever changing experience, it can be seen as difficult to track. However, there are some key tell-tale signs that you should be tracking in order to assess the overall user experience of your website.   Common metrics to use when tracking UX   1. Tracking how long it takes visitors to fill out your forms If your contact forms take too much time to fill in, your visitors or potential clients may get frustrated and fail to complete the form. Forms need to be simple, short and easy. Some tips to keeping forms user friendly and easy to fill in include:

  • keeping the number of fields as simple as possible,
  • Keeping the number of fields to as few as possible, there will be opportunity to ask for more information later on in the customer journey.
  • Testing your form yourself, if you struggle to fill out the fields during testing then you definitely need to relook it!
  • Add a confirmation page or message to let your user know that they have submitted successfully
  2. How many fields are skipped in submitted forms? Do you allow for optional fields in your forms? If you do, do you find a trend on certain fields not being submitted? These fields may be too much trouble for your users to fill in - remember, most visitors are lazy when needing to contact you. Make it as easy as possible but also, its important to ensure that you aren’t being too intrusive when requiring information in your forms. If it’s not ‘need to know’ information, then cut it from your form. These skipped fields give you a good idea as to what your user is thinking and feeling. Make sure to keep an eye on how your forms are submitted and what your users are subconsciously telling you.   3. Analyse your user experience with the use of heat maps Heatmaps give you the best view of the journey your visitors take when visiting your page. From where they are clicking to the amount of engagement a page gets and where. Simple things from users clicking your logo top of page to which links they view as engaging and click through to, these insights help you better optimise your page.      4. Collect feedback from customers and your customer service department Your customer service department is front facing - these are the people that will know what users are saying about your website and they are able to provide insights into where your UX issues. If you haven’t already - this is a great place to start your UX measurement and feedback journey.   If you need an expert to help you with your website, then give CakeDC a call. CakeDC - the experts behind CakePHP.  

Does your website suffer from these ch...

If you haven’t had a good hard look at your website in a while, now is the time to do so. You will probably find a few things that you’d like fixed. These are the most common challenges that websites fail to fix in time.   Content and technology that is out of date If you had your website built years ago, chances are that it is (severely) out of date. This leaves you vulnerable to security breaches amongst other things. Content is another part of your website that goes out of date, do a spring clean of your overall content and make sure everything listed on your site is still relevant and well organized.   No Call to action for your visitors Are you missing call-to-action triggers such as “Download”, “Contact Us”, “Get started” or “Sign up for free”. You may be losing valuable conversions by not encouraging visitors to engage with your content and brand. This is a quick and easy fix - ideally, you should be checking and updating this type of content regularly to keep abreast of website visitor trends.   Lack of branding It is important as a business owner to make your brand reliable and trustworthy, it is also important to make sure your website correctly displays your clear brand message. Who are you, what do you offer and what tone do you use to project your brand to your clients.   Traffic woes due to SEO troubles If you are not seeing good traffic onto your site, the main culprit may be poor SEO practices. Be sure to regularly check your analytics tracking and if you seeing poor traffic landing on your site then the next port-of-call is to suss out your SEO elements. These include title tags, headlines, content, alt tags, file names, meta descriptions. It is also important to make sure these all align to your key brand message and product offering. The best trick is to select a core group of relevant and related keywords and build your SEO strategy around these.   Websites that haven’t been optimised for mobile If you (or your development team) has failed to quality test the appearance of your site across devices, then you are probably in the majority of companies that are not optimised for mobile. The time is now! Mobile optimised sites are becoming more and more important to business strategy as consumers are no longer bound to only browsing via their computers or laptops. Be sure to check that you are following best practices when optimising for mobile, such as common menu icons and icon placements.   Not sure if your website needs an overhaul? Contact the experts behind CakeDC today to find out more about our development services as well as how we can help you become leaders. CakeDC - We lead, so you can lead.  

Redesigning your website? Do not do this!

From increasing engagement through to increasing overall website performance, there may be aspects of your site that you are currently unhappy with or are looking to improve. Redesigning your website may be necessary due to lack of performance or a brand overhaul, but there are certain things that you should avoid at all costs when redesigning your website.   1. Not considering risk mitigation Most creative or marketing agencies offer web redesigns are part of their packages, however, often fail to outline the different risks that you may face. Such risks include loss of data, server failures, loss of website functionality, bugs and QA testing timelines. To fully understand your risk exposure, it is ideal to consider all individual changes or updates being made and then multiply by the depth of change for each element.   2. An overcrowded home page We understand, when given the opportunity to redesign your website, the first goal is to get all of your messaging across to your potential clients. However, the biggest mistake when doing this, is to inundate the user with too much information and overcrowd your homepage. This leaves visitors confused, overwhelmed - Users make a decision on whether or not to continue browsing after 3 seconds. It is important to ensure that all information is presented in a concise manner. Perhaps investigate infographics to reduce word dense designs.   3. It’s difficult to contact you Leaving out essential contact information or links to your social sites may discourage potential clients from trying to contact you. Keep your information handy in the footer of each page, as well as on its on contact page. The contact page gives you the opportunity to include a contact form as well as other relevant information that may be useful to your visitors.   4. Not having responsive web design and cross device QA testing Your website visitors will become frustrated if they are viewing your site on a device that has not been optimised for - leaving the page lacking user friendliness. Make sure to test a variety of devices and ensure your website has responsive web design.   5. Slow site speed and lack of optimisation Having a slow site can take away any favorable first impressions - make sure to optimise thoroughly when developing your site and ensure site speed is up to scratch.   6. Avoid poor or pixelated imagery Make sure to give proper image files to your development team. Including pixelated or poor imagery onto your site displays lack of professionalism to your visitors or potential clients.   Are you struggling with any of the above website redesign issues? Contact the CakeDC team today and speak to the experts behind CakePHP

Reasons why you should consider CakePH...

In the world of so many options to build your next website, we thought we would put the many benefits of CakePHP forward for you to learn more about this great framework! CakePHP remains popular as it provides ability to simultaneously fulfill the needs of the various stake holders to a project including business owners, project managers, developers, and system administrators. But were you aware of the other great reasons why you should consider CakePHP for your next application? Build quickly CakePHP helps you (or your developers!) build quickly using code generation and scaffolding features. CakePHP is Secure The CakePHP project regularly releases updates and security fixes, as well as allowing developers to follow best practices when securing web applications. CakePHP can make your website faster Ever loaded a web page or web application and wished it was faster? CakePHP helps developers to optimise applications making them more efficient and quicker to load. Reduce your maintenance costs! CakePHP structures code in an easy to follow architecture allowing you to save money on any future maintenance requirements. Create Scalable applications Get a code base developed that is ready for expansion - grow your business without worrying if your web application can keep up. Convenient extensions Easily extend your project with components, behaviors and plugins. CakePHP allows you to expand the functionality of your app using pre-generated code or plugins from other projects meaning that you don’t have to write everything from scratch. CakePHP has a solid community and core team This open source framework has a strong following as well as a strong (volunteer) team leading it forward and making sure it stays current. With these and many more reasons why CakePHP makes an excellent choice for your next application, we recommend it time and time again. CakeDC are not only the experts behind the framework, we are also able to offer you the best solutions catered to your specific requirements. Our team caters to finding efficient problem solving approaches while offering expert assistance, support and advice from initial contact through to project completion and hand over. Contact our team today to get your project started!

Advantages of a custom site and why yo...

Custom websites offer many benefits and advantages over pre-built solutions. Have you considered a custom website or application? Working with the right team is key to success - contact CakeDC today to find out how we can develop your custom solution today! We’ve put together a list of some of the advantages that you could get from deciding a custom solution for you.

  • Being able to plan, and plan properly
Custom solutions allow you to start with a planning phase. This ensures that all expectations and a complete project scope can be decided on and approved. It allows you and your development team to be on the same page. Here is the chance as the client, to ask questions and deep dive into options with your development team.
  • Longevity
At CakeDC, we aim to ensure that custom applications and solutions for our clients, are built with longevity and scalability in mind. Getting a custom solution developed for you is a dream, but imagine that your business grows from strength to strength over the coming years - will your solution, application or website be able to cope with increased traffic, more users etc. We keep these in the fore of development solutions, ensuring longevity for your application.
  • Support, expertise and assistance
Cheaper, non-customisable solutions are often chosen over more expensive solutions. However, choosing the cheaper option can leave you in the deep end - it leaves you and your business open to vulnerabilities (hacking, lack of security, ransomware attacks). At CakeDC, we offer custom web development solutions that are tailored to you and your needs. We also offer support, expertise and assistance. When acquiring a team, be sure to ask them what they will offer you in terms of support in developing your application.
  • Alignment with your branding and business message
A custom website enables you to be able to design the website around your brand. It will impress visitors (potential clients), allow you to showcase any images, brochures or video’s appropriately and keep your branding intact. CakeDC delivers scalable, secure and reliable solutions, contact us today to get your project started!

Navigation options for improved usability

Ease of navigation is closely linked to user experience - it can make or break how the user interacts with your website. From being able to find and use your navigation menu, through to the user being able to find the information they are looking for, it is important to ensure your navigation options are cleverly designed and stick to best practices.   If visitors are having difficulty with your navigation options, you are missing an opportunity to either create a conversion, delight your customer or engage a potential client.   When it comes to your website usability, here are some things you can focus on to ensure your site’s navigation is a user-friendly one:   1.     Keep it simple While this one may sound obvious, it is important to ensure that you avoid making your navigation difficult to comprehend. Examples of this include cluttered navigation menus, disorganized sub menus   2.     Keep it predictable While creativity makes your website stand out and is great to catch a user's attention and provoke emotion, it is important not to practise creativity in areas where predictability is preferred by the user or visitor. Such as when creating your navigation menu or the placement thereof.   3.     Keep it consistent It is key to keep the theme and structure of the different pages of your site consistent. Check our CakeDC.com menu and the different pages, each page keeps the overall theme and structure consistent. This is to ensure that your user is able to make sense of the content as quickly as possible when switching between pages.   4.     Have a clear hierarchical structure Every category and clickable sub category should have a clear hierarchical structure and should be visible in your menu. Doing this gives your user a clear view and pathway for them to go to the exact page or content that they are wanting. This point is particularly important for website that have a wide range of products or services.   5.    Make it distinct Navigation options should be clearly visible and easy to find. They should stand out from other graphics, images or backgrounds. This can be done through size, color and font.   6.    Link the logo to the homepage A good practice is to link the homepage to the logo of your company on your website. This logo should be in the same place on every page. Users have a high tendency to click on your logo, with the expectation that it will lead back to the home page as this is a generally predictable behavior across websites and design practices.   7.     Always include a search bar Search bars are necessary for making your website more usable to your visitors. Some visitors only want to find information by using a search bar within your site. Offer your users a way to navigate through your website without having to go through every page or menu option.

Difference between UX and UI

UX and UI are often misused in the tech industry. Understanding the key differences between UX and UI is beneficial, we take a quick look at both. UX, User Experience Design, and UI, User Interface Design, are both crucial to a product, such as a website, and work closely together while remaining vastly different disciplines. UX design tends to be more analytical and technical, while UI is not. A basic example for UX design would refer to how users interact with CakeDC.com, where they find the navigation menus (is this as per industry norm or do they have difficulty navigating around the website to find the information they are looking for, or how to contact CakeDC via our contact form or telephone number). Whereas UI design looks at ensuring brand relevance through the look and feel of the site, keeping color standards as per best practice. UX, User Experience Design UXD or User Experience Design refers to the process of enhancing the experience that a user has with a company, its products or its services. This is done by focusing on increasing the ease of use as well as improving the overall interaction between the user and the product or service. Good user experience design translates to customer satisfaction and loyalty so it's vitally important to ensure good design is put to practice! As a UX designer, you will  need to understand your site’s users and potential users, from creating persona’s to determining user stories and carrying out user testing. A persona could be an example of a customer who is seeking more information by contacting you versus a visitor who would like to learn more by reading your blog. UI, User Interface Design User Interface Design is the look, feel and interactivity of the product, basically referring to the means by which the user and a product (such as a website) interact with each other. The end goal of UI Design is to “achieve structure, analysis and optimization of a customer’s experience with the company and product.” UI Design includes activities that range from user guides and story lines through to UI prototyping and implementation with the development team.
  While there are differences between UX and UI, there are some similarities, let’s look at these:

  • Have a primary objective of improving customer satisfaction such as improving the use of a “contact us” form
  • Focus on the user and his/her interaction with a product/service such as having an easy to navigate menu
  • Can be applied to any product
Here is an example of the planning behind CakeDC.com

Website redesign? Here's a checklist o...

Redesigning your website can be a daunting and scary task, however, with the proper preparation and the right development team it can be a breeze! It can be a potentially long and tedious process, with a lot that can go wrong. From just a visual overhaul through to improving branding, user experience and sales, a website redesign can encompass a wide variety of changes that you can benefit from. Whatever your reasoning is for choosing a redesign, it offers you an opportunity to re-evaluate the bigger picture and see where improvements can be made. Here’s a quick checklist of things to look out for when embarking on a website redesign

  1. Strategy - why are you doing a redesign. Pencil down your main points behind the redesign project. What are your goals, ideals, visions. Where do you want the redesign to get you. What are the measurable results that you are hoping to see - importantly, you should also benchmark your current traffic and metrics.
  2. Saving your current assets - Have you made the proper back ups of the important files, media etc so that these remain accessible after the redesign of your website is complete. Go a step further, and take your metrics to work out what the most important assets and pages of your website - such product pages with the most sales or blog posts with the most views or social shares.
  3. Define your target audience - who is your idea visitor? Look at your customer journey and describe your customer.
  4. Have you checked out your competitors? Conduct competitive research - their overall look, problem areas, good ideas that appeal to you and your product/redesign.
  5. Outline your key features - identify what is most important to your website redesign. From shopping carts to news posts, landing pages, social sharing, security updates.
  6. Set your budget - outline what you want and how much you’d like to spend on it. Who - an agency, a freelancer etc - as well as the size or scope of your project, backend applications or additional features that you are looking for.
  7. Create a timeline and schedule your milestones - When do you expect to see things happen.
  8. Have you considered optimization? Don’t forget to make sure that your site is optimized social media and search engines.
  9. Test and revise - before launching!

Basic UX principles

Everyone wants their website to stand out and be noticed, have you considered what the top UX principles should be when designing your next website? We have compiled a quick list of our top ones.

  • Keep the user in mind - it's a social experience
Visitors may not always remember all the information presented to them on your site, however, they will almost certainly remember the experience or how they felt. Advertisers focus on selling to your heart, so why shouldn't you when designing. Focus on creating an emotional connection with your user.
  • Visitors scan websites - very few actually read!
Infographics and images are a perfect way to get your message across quickly - try to capture as many of your audience as you can by including ‘scan friendly’ content.
  • Keep it simple and clear
Don’t let your main message get lost in clutter. Keep the visitors path to success clear and concise. It can take as little as 0.5 seconds for a visitor to decide whether to stay or leave. Don’t let a user have to think about their next action - keep preferred actions as clear as possible.
  • Getting creative vs. using common design patterns
There are many commonly used UI patterns out there, which users are already accustomed to. By making use of these in your design, you make it easier for your user to adapt while making it easier for them to make use of your website. Links, buttons, position of login points, logos and company names all form part of commonly used UI patterns. Try to balance usability with your own creativity.
  • Designing above the fold vs. designing for above the fold.
When designing to capture one’s attention, above the fold becomes a hot topic. Designing above the fold needs to be referenced within its own context - it varies across devices. Ideally when designing to capture attention, focus should not only be on the top of the page but rather be held throughout the page’s design.
  • UX is a conversation
Your goal when designing any website, is to create a dialogue with potential clients. The key to this point is to know who your visitors will be and to use these as insights into developing your design.
  • Responsive design should be thoughtful design
Designing your website to be fluid across devices has become increasingly important over the last few years. However, many companies are still making websites responsive just to be responsive without proportioning image and text sizes. Top tip is to check out your site on different devices, such as mobile and tablets, and asking yourself “does this look good”.

Responsive Websites vs. Native Apps

Do you know what the difference is between responsive websites vs. native apps? With users more and more likely to be browsing your website on their mobiles, have you considered how they see and experience it across devices? A bad mobile experience may be likely to turn potential customers away, so it’s vital to ensuring that all touchpoints match your brand experience and draw customers in. But how do you go about that - what is the best solution for you - responsive website or a native app? Below we look at the differences between the two, however, the best solution for you will be highly dependent on your website and business/consumer needs, be sure to speak with your development team to get the best fit for you! Responsive vs native Responsive Web Design is the methodology that recommends the design and implementation of a website that responds to user behavior and environment based on the screen size, orientation and operating system of their device. While a native/mobile app, once the app has been downloaded, it’s stored directly on their device, so they will be able to access it in every context. Native apps can be used both online and offline. These two mobile solutions do not answer the same needs. In today’s world, all websites should be responsive to mobile devices, but not everyone needs a mobile app. Mobile or native app’s are expensive and time consuming to produce, they also can irritate users who do not see value in downloading them. However, should your product work well or need an app to work well in, you should investigate it. Generally the development time and cost of a native app can make this look like a poor option, however, if your product or need is one of the following, an app is definitely the way to go.

  • interactivity /Gaming is required: an App is the best choice if you require an immersive and interactive user experience.
  • Regular usage and personalization: Are you planning that your users use the app on a regular basis?
  • Complex calculations or reporting: Think banking or financial calculators.
  • Offline accessibility: Is your concept something that you want users to be able to use offline?
A key point to take into consideration when deciding what is the best fit for your business concept, is to keep your goals in  mind. If your goal is purely from a marketing and content distribution consideration, to ensure usability on mobile platforms, then a responsive website is what you need. However, if you are requiring a more immersive brand experience, a native app is required.

Importance of backing up data for smal...

Data is essential to any business - regardless of the size. And with the recent ransomware attacks, it is important to keep backups regularly. A loss of your business’s data, from a down server or a ransomware attack, can cost a company a lot of money. Types of backups You can either back up online to an out of network cloud server, to a physical storage location or to an offline drive. Either should have you secured from a network attack and will enable you to be up and running after-the-fact. Having a backup strategy cannot be stressed enough, here are some strategies that you could follow:

  1. Cloud backups - keeping data offsite is helpful should you experience a natural disaster.
  2. Encryption of data in transit.
  3. Multiple backups offsite - ensuring 2 or 3 backups are kept.
  4. Testing of backups - ensuring that all backups taken are viable for use should the need arise.
Regular backups can be a life saver - ransomware attacks, natural disasters, corrupt hardware can strike at any moment. Being prepared can save your business money in the long run. Some other tips that you can consider following include
  • Having a file organization standard. Develop a standard way of organizing your files so that you or your users will always know where data belongs.
  • Determine critical files or data. Organize and sort through the files to ensure critical data or files are kept secure and regularly backed-up.
  • Create a local backup solution.
  • Create an offsite backup.
  • Automate your backup procedures.
How do you get started? Its key to create a backup routine, which includes the following information
  • A checklist for the file or data that you need to backup;
  • A backup schedule for times that your backup system will run;
  • Verify the backup to ensure the data is intact.
Also remember, for your website and hosted applications, to check with your local hosting provider as they usually offer backups. For local development work, always use a repository for code and documents, like git, while for binaries, use cloud storage so all you lose, if your hard drive was to crash, is the work of the current day.

With the latest ransomware attack, her...

With the latest attack, Petya, fresh in our minds, we thought it would be a good time to discuss what exactly a ransomware attack is and how you, as a business, can protect yourselves from such. These cybersecurity attacks not only attack individuals and small to medium sized business, but also large multinational enterprises from around the world. What is clear is that the attack from the past week, Petya/GoldenEye while similar, is a lot more serious than the attack of the previous month - the WannaCry worm attack that struck hundreds of thousands of computers.   Have we gotten your attention? Good! The first real way to protect yourself, and your business, is to know what the attacks are and what they look like. And then to move onto how to set yourself up so that you are secured against such an attack. With the latest ransomware worm, the ransomware infects computers and locks down their hard drives. Then demanding $300 ransom in digital currency Bitcoin.
The email account associated with the ransomware will have been blocked, so even if victims pay, they won't get their files back. Many experts are calling for people to not pay the ransom. The virus or worm is spread by infecting multiple computers on a network, and is initially contracted via an outside source, commonly an email. Many companies were hit severely this time round, as they did not update their Microsoft packages, leaving them vulnerable to the attack.  Am I at risk you may be asking yourself? Well potentially. The great news is that if you have a Windows machine, and it is up to date with security updates, then you are fine. The bad news is that if you are on a network with a machine that is not up to date, then this will cause a problem for you should they get the virus. Top tips for keeping you and your network secure:

  1. Keep all servers and network connections up to date with the latest security updates;
  2. Be sure to backup your computer regularly and keeping a recent backup copy off-site.
  3. Brief all network users on what phishing emails look like, the importance of not on links;
  4. Make sure your antivirus software is up to date.

More into Cybersecurity - what do you ...

As technology becomes more and more entrenched into our daily lives, we become more dependent on it. This dependence may lead to vulnerability - especially if the technology fails. As we move further into 2017, we are seeing even bigger cybersecurity threats than before - more deceptive and creating more vulnerability than ever. Hackers (and their associated threats) are forever evolving and changing, we need to be constantly aware. There are of course simple rules that we need to keep note of:

  • Update your passwords regularly and use different characters and symbols each time.
  • Set up security questions with answers that hackers can’t guess based on your public information. The city you were born in or the name of your prom date aren’t exactly iron-clad secrets.
  • Avoid downloading suspicious links and delete your cookies every month.
A hack threat can cause more than just a crashed server or spam sent through your systems. From basic phishing through to fundamental security flaws on your website, it is important that you align yourself with a development partner that is up to date with security. Phishing refers to the fraudulent practice of sending emails pretending to be from reputable companies in order induce individuals to reveal personal information. Another important thing about cybersecurity and potential hack threats, is that it is not limited to bigger corporations - small businesses are under attack as well. Cybersecurity topics can be subdivided into two complementary areas: cyber attacks, which are essentially offensive and emphasize network penetration techniques; and cyber defenses, which are essentially protective and emphasize counter-measures intended to eliminate or mitigate cyber attacks. If you are getting a website or web application developed, don’t be shy to ask about how your application is being built and considered against the current and past security threats. Ask about how updates will work and about continued support to ensure that you web application is kept secure and up to date. As a business, you can institute solid network security protocols to keep information secure in both the present and future. Keeping ahead of attacks and creating a secure environment are fundamental steps in protecting your assets. Another key component is training your staff, such training is particularly important for companies that rely heavily on cyber communication due to having remote employees. Some of the security protocols that you can implement can start with these simple steps:
  • Protect every end point
    All devices that are connected to your network, should be secured - every connected item, including wearable technology.
  • Build for scale and flexibility
    A key consideration when developing a web application, but have you thought about it?
  • Prepare for new sources of data
    As technology is evolving so are the sources of new data. Make sure that you are planning ahead of the curve.
Concerned about the security of your web application? Chat with us! Also be sure to check out online tools that provide free webscanning on your site. There are also online resources where you are able to track the security issues in cakephp. Other resources to look at include OWASP’s web application security testing cheat sheet and OWASP testing project.  

A quick guide to agile development - w...

Agile has been around for a while, but recently it has come back into focus. But what is agile development and why has it become such an important concept? It has become such a buzz word but do you really know what it means or why it could be a great addition to your development process? Agile is a project management term that uses short development cycles, or iterations, to focus on continuous improvement in the development of a product or service. Agile was originally developed to improve the development process - allowing it to rapidly identify and adjust for issues and defects. A major benefit is that it allows development to keep ahead of customer expectations, competition etc.  There are 12 key principles that guide an agile project

  1. Customer satisfaction is always the highest priority; achieved through rapid and continuous delivery.
  2. Changing environments are embraced at any stage of the process to provide the customer with a competitive advantage.
  3. A product or service is delivered with higher frequency.
  4. Stakeholders and developers closely collaborate on a daily basis.
  5. All stakeholders and team members remain motivated for optimal project outcomes, while teams are provided with all the necessary tools and support, and trusted to accomplish project goals.
  6. Face-to-face meetings are deemed the most efficient and effective format for project success.
  7. A final working product is the ultimate measure of success.
  8. Sustainable development is accomplished through agile processes whereby development teams and stakeholders are able to maintain a constant and ongoing pace.
  9. Agility is enhanced through a continuous focus on technical excellence and proper design.
  10. Simplicity is an essential element.
  11. Self-organizing teams are most likely to develop the best architectures, designs and meet requirements.
  12. Regular intervals are used by teams to improve efficiency through fining tuning behaviors.
 Many industries actually make use of an agile development process and follow these key principles. It is highly collaborative and is seen to be more efficient. Some of the more popular agile methods used are
  • Scrum
  • Kanban
  • Lean (LN)
  • Dynamic System Development Model, (DSDM)
  • Extreme Programming (XP)
  • Crystal
  • Adaptive software development (ASD)
  • Agile Unified Process (AUP)
  • Crystal Clear methods
  • Disciplined agile delivery
  • Feature-driven development (FDD)
  • Scrumban
  • RAD(Rapid Application Development)
While agile development has many advantages, it also has a few disadvantages - it certainly is not for every project or project team. It also favors developers, project teams and customer goals, not necessarily the end user’s experience.

Quick glossary: DevOps

Has your team gotten you down with the use of so many terms that seem so unfamiliar? Don’t despair! The ability to rapidly develop, deploy and integrate new software is essential to success - but you should be aware of the terms that the dev ops team will be using! First starting off with devops - which is a mash-up of two terms: "software development" and "information technology operations. But there are more A/B testing A technique for testing new software or new features whereby two or more versions are deployed to users for testing. The metrics from each variant are then compared and assessed based on the testing criteria. Acceptance testing The testing performed near the end of the development cycle that determines whether software is ready for deployment. Agile development Agile development refers to a methodology that emphasizes short iterative planning and development cycles. The idea is that iterative development affords more control and establishes predictability.   Behaviour driven development A development methodology that asserts software should be specified in terms of the desired behavior of the application, and with syntax that is readable for business managers. Build Automation Tools or frameworks that allow source code to be automatically compiled into releasable binaries. Usually includes code-level unit testing to ensure individual pieces of code behave as expected. CA Release Automation CA Release Automation is an enterprise-class, continuous delivery solution that automates complex, multi-tier release deployments through orchestration and promotion of applications from development through production. Continuous delivery Continuous Delivery is a set of processes and practices that radically removes waste from your software production process, enables faster delivery of high-quality functionality and sets up a rapid and effective feedback loop between your business and your users. Deployment Manager Cloud Deployment Manager allows developers to easily design, deploy, and reuse complex Cloud Platform solutions using simple and flexible declarative templates. From simple web servers to complex highly available clusters, Deployment Manager allows teams to spend less time managing, and more time building. Delivery pipeline A sequence of orchestrated, automated tasks implementing the software delivery process for a new application version. Each step in the pipeline is intended to increase the level of confidence in the new version to the point where a go/ no-go decision can be made. A delivery pipeline can be considered the result of optimizing an organization’s release process. Functional testing Testing of the end-to-end system to validate (new) functionality. With executable specifications, Functional Testing is carried out by running the specifications against the application. Gitlab GitLab is a web-based Git repository manager with wiki and issue tracking features. GitLab is similar to GitHub, but GitLab has an open source version, unlike GitHub. Github GitHub is a web-based Git repository hosting service, which offers all of the distributed revision control and source code management (SCM) functionality of Git as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a web-based graphical interface and desktop as well as mobile integration. Lean “Lean manufacturing” or “lean production” is an approach or methodology that aims to reduce waste in a production process by focussing on preserving value. Largely derived from practices developed by Toyota in car manufacturing, lean concepts have been applied to software development as part of agile methodologies. The Value Stream Map (VSM), which attempts to visually identify valuable and wasteful process steps, is a key lean tool. Micro services Microservices is a software architecture design pattern, in which complex applications are composed of small, independent processes communicating with each other using language-agnostic APIs. These services are small, highly decoupled and focus on doing a small task. NoOps A type of organization in which the management of systems on which applications run is either handled completely by an external party (such as a PaaS vendor) or fully automated. A NoOps organization aims to maintain little or no in-house operations capability or staff. Non-Functional•Requirements (NFRs) The specification of system qualities such as ease-of-use, clarity of design, latency, speed, ability to handle large numbers of users etc. that describe how easily or effectively a piece of functionality can be used, rather than simply whether it exists. These characteristics can also be addressed and improved using the Continuous Delivery feedback loop. Orchestration pipeline Tools or products that enable the various automated tasks that make up a Continuous Delivery pipeline to be invoked at the right time. They generally also record the state and output of each of those tasks and visualize the flow of features through the pipeline. Whitebox testing A testing or quality assurance practice which is based on verifying the correct functioning of the internals of a system by examining its (internal) behavior and state as it runs.  

We Bake with CakePHP