Programming

There are situations when you need to analyze user’s experience but can’t use a third-party web analytics solutions like Google Analytics or Yandex Metrika. For example, if your production environment is PCI DSS compliant. In this case you have to deploy self-hosted analytics engine and inside your environment and configure user actions tracking in your application. One of the possible solutions is the piwik as analytics engine + Angulartics or angular-piwik for tracking events inside AngularJS application. In addition to web analytics features, piwik offers a log analytics. Piwik Demo Another option is to use Open Web Analytics (OWA) and write a plugin for Angulartics. OWA Demo

Modern web application should be user friendly and notify the User when time consuming operation is on the way, e.g. uploading file or downloading data. There are a some solutions for AngularJS which are fairy easy to integrate. First one is Angular Loading Bar. It can be attached to your application with almost zero configuration and does not affect application design. It attaches the interceptor to $http service and displays a thin progressbar on the top edge of the page. Demo Another component is angular-busy. It is more customizable and can show a spinner with backdrop above any page element. Just wrap it with <div cg-busy="..."/>. But it may require some customization. Demo Also, there are some examples how to add loading indicator to ui-router.

Stay DRY! Don’t waste your time implementing tags input control for AngularJS yourself! There is an excellent AngularJS module for that called “ngTagsInput”. It’s also supports autocomptetion, validations,custom styles and templates. See the demos. It took me just 10 minutes to add that type of control to my application. All you need to do is: Add NPM or Bower dependency npm install ng-tags-input --save bower install ng-tags-input --save Include script and CSS to your html page. If you’re using some dependency injection pre-processor like gulp-inject or gulp-ng-inject you don’t need it. <script src="angular.js"></script> <script src="ng-tags-input.js"></script> <link rel="stylesheet" type="text/css" href="ng-tags-input.css"> declare module dependency: angular.module('myApp', ['ngTagsInput']) .controller('MyCtrl', function($scope, $http) { $scope.tags = [ { text: 'just' }, { text: 'some' }, { text: 'cool' }, { text: 'tags' } ]; $scope.loadTags = function(query) { return $http.get('/tags?query=' + query); }; }); Add input control to html <body ng-app="myApp" ng-controller="MyCtrl"> <tags-input ng-model="tags"> <auto-complete source="loadTags($query)"></auto-complete> </tags-input> </body> Pretty simple, isn’t it? The only thing to consider is handling of the tags model. $scope.tags will be an array of objects on the form {text:value}. You may need to transfer them to array of strings: var tagValues = $scope.tags.map(function(input) {return input.text;});

After playing with ui.grid I found one more library to impmenent grids in AngularJS - angularGrid. It’s quite easy to integrate and faster than ui.grid. You may find other reasons of using this grid on the author’s post.

Here are some useful links to security resources: OWASP to 10 v.2013– A list of the 10 Most Critical Web Application Security Risks. OWASP: list of website security attacks OWASP: list of website vulnerabilities OWASP Development Guide – The OWASP Developer Guide 2014 is a dramatic re-write of one of OWASP’s first and most downloaded projects. The focus moves from countermeasures and weaknesses to secure software engineering. The Developer Guide 2014 is a “first principles” book - it’s not specific to any one language or framework, as they all borrow ideas and syntax from each other. There are highly specific issues in different languages, such as PHP configuration settings or Spring MVC issues, but we need to look past these differences and apply the basic tenets of secure system engineering to application security. OWASP Testing Guide (version 4 PDF) OWASP Enterprise Security API / ESAPI 2.x on GitHub – ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library that makes it easier for programmers to write lower-risk applications. The ESAPI libraries are designed to make it easier for programmers to retrofit security into existing applications. The ESAPI libraries also serve as a solid foundation for new development. OWASP Resources on GitHub Offensive Security Exploit Database Archive CVE – CVE is a dictionary of publicly known information security vulnerabilities and exposures. National Vulnerability Database – NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

If you are involved in software development then recalling a basic testing principles once again is not a waste of time. So here are the principles: A necessary part of a test case is a definition of the expected output or result. A programmer should avoid attempting to test his or her own program. A programming organization should not test its own programs. Any testing process should include a thorough inspection of the results of each test. Test cases must be written for input conditions that are invalid and unexpected, as well as for those that are valid and expected. Examining a program to see if it does not do what it is supposed to do is only half the battle; the other half is seeing whether the program does what it is not supposed to do. Avoid throwaway test cases unless the program is truly a throwaway program. Do not plan a testing effort under the tacit assumption that no errors will be found. The probability of the existence of more errors in a section of a program is proportional to the number of errors already found in that section. Testing is an extremely creative and intellectually challenging task. I recommend reading a book “The Art of Software Testing” by Glenford j. Myers, Tom Badgett and Corey Sandler (ISBN: 978-1-118-03196-4).