One place for hosting & domains

      What is SQL Injection? Attack Examples & Prevention Tips


      Security is an important issue for all web applications and databases, especially those using the Structured Query Language (SQL). Although criminals most frequently focus on high-value targets, even small online applications can be victimized. When important information is stolen or an application is compromised, the financial, logistical, and reputation costs can be severe. Criminals and hackers frequently use a technique named SQL Injection (SQLi) to gain unauthorized entry to a remote database. This guide describes a SQL injection attack and explains how it is used. It also discusses how to detect SQLi vulnerabilities and how to defend against them.

      What is a SQL Injection Attack?

      A SQL injection attack is an incursion that alters SQL Queries with the objective of tampering with a SQL database. It is most often used to attack web applications, but can be used on other systems that host a database. This attack uses a code injection strategy to send malicious SQL queries to the database. Often, these commands are based on legitimate information from the website. SQLi attacks are usually launched to achieve the following:

      • View private or restricted information contained in a database, including sensitive personal or financial information.
      • Add, delete, or edit information stored in a database. This could include either application data or metadata including the schema or table definitions.
      • Gain administrative access to a database, possibly creating a back door for long-term future use.
      • Compromise the server by using the database as an access point.
      • Launch a denial-of-service attack or incapacitate the database’s underlying infrastructure.

      Some SQL injection attacks are designed to remain undetected for a long period of time. In this case, the objective is usually to maintain ongoing access and eavesdrop on the database in the future. In some other cases, the hackers want to immediately extract as much information as they can, such as credit card numbers. Their intention is to resell the information or use it for criminal purposes. While the intruders would prefer to go undetected, they do not expect to access the system again. Finally, other attackers only want to inflict damage and take the application offline. They have no need for secrecy.

      No matter the purpose of the attack, it can inflict tremendous consequences upon the victimized organization. A SQL injection attack can cause several of the following negative consequences:

      • Lead to the loss of corporate secrets, confidential information, and other sensitive data.
      • Expose sensitive customer information, including credit/financial information, personal details, or private correspondence.
      • Incur direct financial loss due to theft and claims for compensation from users or third parties.
      • Generate negative publicity and a public relations crisis.
      • Take a web application or other component of a site offline or render it inoperable.
      • Hurt customer confidence and make it difficult for the organization to attract new clients and retain existing ones.

      Any organization can be targeted, even personal websites and small forums. According to the
      Wikipedia SQL Injection page
      , the average web application is attacked around four times per month. New exploits are always being developed, and it is difficult to design a truly bulletproof site. However, many hackers target sites indiscriminately using brute force. A database that has been secured through a few basic techniques is much more secure and difficult to compromise.

      Note

      This guide is intended as an introduction to SQL injections and does not cover every possible type of attack.
      Web security
      is a very complex field, and many possible attacks demand careful consideration. You should consult with web security professionals before launching any application that stores private personal or financial information.

      What is a SQL Query?

      SQL is a simple domain-specific programming language used to communicate with a Relational DataBase Management System (RDBMS). Database developers use SQL commands to send queries from database clients to the RDBMS. These queries contain commands to insert, update, delete, or read data. Queries are also used to administer the database and update the schema, including table definitions.

      During normal operations, web applications incorporate user data into SQL queries and forward them to the RDBMS. For instance, a query might add a new forum user or retrieve information about a category of products. Unfortunately, bad actors can manipulate these queries and cause the application to behave in an unintended or insecure manner.

      Types of SQL Injection Attacks

      Most SQL injection attacks fall into one of three categories. They vary in how direct they are and how difficult they are to execute. The three main categories are:

      • Classic (In-Band)
      • Blind
      • Out-of-Band

      Classic SQL Injection

      The classic method attack, also known as an in-band attack, sends altered commands to the database using the regular communication channel. It uses information learned from the response to gain information about the structure or contents of the database. This type of attack is easy to execute and can quickly yield results. It requires less skill, imagination, and programming ability than the other attack types. Many attackers use these techniques in an automated fashion on random sites, trying to find poorly-designed web applications.

      For this injection attack, the user adds information to the URL or the fields on a web form in an attempt to trick the database. The assailant hopes the database might transmit sensitive information or provide clues about its internal structure. For example, they might try to trick the database into displaying not only the public entries, but every row in the table.

      There are several variations on this method. Error-based SQLi attacks are designed to get the database to transmit error messages that reveal information about its internal schema. Union-based attacks use the SQL UNION command to append an additional query to the command. This can cause a database to display extra data. The information gained through a SQL injection attack is frequently used to craft subsequent attacks. A classic attack often takes an iterative approach. The attacking queries are refined until the database is fully compromised.

      Classic SQL injection attacks are often more successful with older applications that are built with PHP or ASP. This is due to security gaps and the lack of more advanced programming tools.

      Blind SQL Injection

      This approach is often used when classic attack methods do not work. In a blind attack, the attacker sends a manipulated query to the database and analyzes the response. The attack is considered “blind” because the attacker does not receive any direct information from the server. The attacker can analyze details, such as how long it takes the server to reply, to learn more about the database.

      The two most common types of blind SQL injection attacks are the Boolean Attack and the Time-based Attack. In a Boolean attack, the attacker expects a different response if the query is True than if it is False. For example, the results might get updated if the query is valid, but stay the same otherwise. The attacker might also be able to deduce some information based on whether they receive an error page or not.

      A time-based attack extracts information from the database based on how long it takes the server to respond. The attacker can selectively add delays to the query and calculate the response time. They can also construct commands that take longer to process in some situations compared to others. For example, a time-based attack might initiate a complex calculation for each column in a table. Tables that have more columns take longer to process the query. However, if the processing time exceeds the connection timeout value, the response becomes useless.

      Although this type of attack takes more time, forethought, and consideration, it can eventually uncover plenty of information about the database. Therefore, it can be as damaging as a classic attack, even though it is less common.

      Out-of-Band Injection

      Out-of-band attacks are the most complicated and the most difficult to construct. They are less common than the other two types. They do not rely on the behavior of the database. Instead, they receive information through a different channel other than the original web application. For example, they can trigger the database to transmit DNS or HTTP requests to a server under the attacker’s control. This is often referred to as a compounded SQL attack.

      Some out-of-band attacks might only work if certain features are enabled on the database. For example, the UTL_HTTP package must be configured on an Oracle database before it can forward any HTTP requests.

      SQL Injection Attack Examples

      Many SQL injection attacks take advantage of SQL keywords and syntax. The object is to use valid queries to get the database to operate in an undesirable manner. The particular details of these dangerous commands vary between the various RDBMS applications. However, most attacks use a few basic methods. The following SQL injection examples demonstrate some commonly used approaches.

      Note

      Although the core SQL syntax is standardized, the implementation varies between RDBMS applications. The different database applications also offer unique enhancements and features. These might be more or less secure. Some of the following attacks might work on some databases and not others. Consult the database documentation for more details.

      In SQL, the -- symbol means the rest of the command is a comment. If a user adds a comment indicator to a field it might be incorporated into a dynamic command. This could cause other fields to be ignored.

      In the following SQL injection example, a web form might have a field for the username and another for the user password. The backend of the application validates the login using the following command:

      SELECT * FROM forumusers WHERE username="username" AND password = 'password'
      

      If an unprotected dynamic query, a hostile agent could enter the name of another user followed by the sequence '--. The quotation mark closes the field while the -- characters convert the rest of the command into a comment. As a result, the web application sends the following command to the database.

      SELECT * FROM forumusers WHERE username="otheruser"--' AND password = 'password'
      

      When the comment is stripped out, the command evaluates to the following.

      SELECT * FROM forumusers WHERE username="otheruser"
      

      If no other validation or safeguards are in place, the application might permit the attacker to log in as the other user.

      Using the UNION Command

      The UNION command is very powerful. It retrieves the intersection of two distinct queries. This can be used to extract additional results from the database, combining an “innocent” query with one requesting sensitive information.

      As an example, the original command might be constructed in the following manner.

      SELECT name, price, description FROM products where category ='categoryname'
      

      The attacker might then add the phrase 'UNION ALL SELECT username, password FROM forumusers -- to the end of a product name. This results in the following query.

      SELECT name, price, description FROM products where category ='categoryname' UNION ALL SELECT username, password FROM forumusers
      

      This might result in the login details of all the forum users being dumped onto the attacker’s screen along with the product information.

      Using Stacked Queries

      In SQL, the ; symbol is used to separate two queries, which are executed together in the same transaction. This is known as a stacked query. This is often a useful feature, but it can cause problems for web applications. If an attacker adds a ' character to terminate the original field, they can then add ;, followed by a malevolent command.

      For example, the application logic constructs the following command from a user-specified category.

      SELECT name, price, description FROM products where category ='categoryname'
      

      Then the user might end their product selection with '; DROP TABLE forumusers --. This causes the command to execute the following commands:

      SELECT name, price, description FROM products where category ='categoryname' ; DROP TABLE forumusers
      

      If not detected elsewhere in the application, this command would delete all the user accounts, rendering the forum nearly worthless.

      Using the OR Keyword

      Attackers can also use the SQL OR keyword to extract additional information. The phrase +OR+1=1 always evaluates to True, so an attacker can use it to access the entire table. It could also be used on the forum login page, which ordinarily generates the following query.

      SELECT * FROM forumusers WHERE username="username" AND password = 'password'
      

      The phrase +OR+1=1 could be inserted, radically altering the command.

      SELECT * FROM forumusers WHERE username="username" OR 1=1 --' AND password = 'password'
      

      The expression 1=1 evaluates to True. So does username="username" OR True. This results in an unqualified SELECT * statement without any conditionals, which displays the login information for every user.

      SELECT * FROM forumusers
      

      Other Techniques

      Attackers typically iterate through several techniques until they find something that works. They can potentially use a long list of keywords along with numerical and string manipulators. For instance, they can use the SQL CONCAT keyword. They can also use the CHAR keyword to transmit individual characters as their hexadecimal equivalents. This could bypass validation techniques that are scanning for certain invalid characters. Some commands provide information about the database and its schema, although they differ between the various RDBMS applications.

      Several websites provide detailed “cheat sheets” about the most common attacks. One example is
      Netsparker’s SQL Injection Cheat Sheet
      . It compares and contrasts the various RDBMS systems, so it can be used as a MySQL injection cheat sheet, for example. The Open Web Application Security Project (OWASP) also provides a very detailed and useful
      SQL Injection Prevention Cheat Sheet
      .

      How to Detect a SQL Injection Vulnerability

      To ensure a web application is not vulnerable to common web attacks, consider security issues at every stage of the development process.

      • During the design specification process, document how to handle security threats.
      • At the implementation stage, build common classes or functions to sanitize input and detect suspicious data. Every client should call these routines to ensure every case is covered.
      • Develop a strategy for input validation, also known as sanitization, to detect malicious input. All user-provided data should be verified to ensure it is legitimate. At the same time, valid input must still be allowed. See the section on
        Preventing a SQL Injection Attack
        for more information.
      • Use established quality assurance techniques and tools to ensure common SQLi attacks are blocked. Build automated test and regression scripts to validate fixes and ensure security holes are not introduced.
      • Stay informed about new security issues and emerging threats. Keep the web server and RDBMS updated to the most recent release using the latest security updates.

      Applications handling financial information are at an even higher risk of attack, and should consider some additional measures. This increases the development and operational costs but provides an extra level of protection.

      • Consider hiring a security firm or consultant. An expert can review the design documents beforehand and run a security audit on the final product. Some firms provide commercial web vulnerability scanners. These scanners can be run anytime during the development process.
      • Employ a web application firewall (WAF) to detect threats. These applications continually update their list of attack signatures and filter input coming IP addresses with bad reputations. Because these applications are continually updated, they provide a reliable level of ongoing security.

      The OWASP has a good
      security code review guide
      which covers SQL injection attacks along with other web security issues.

      Preventing a SQL Injection Attack

      Several basic coding principles can greatly enhance database security. Most attackers are hoping to find easy targets. If their standard playbook does not work, they are likely to move on to another site. Many of the most obvious safeguards can be used together for increased effectiveness. To reduce the chances of a SQL injection attack, follow the steps below.

      • Use parameterized queries: This technique uses prepared SQL statements to construct the query beforehand. Variables initially take the place of the actual parameters. The actual user-supplied values replace the placeholders later on. This draws a distinction between code and data, and renders many attack techniques much less useful. For example, an attacker cannot comment out the remainder of the query using the -- sequence. The double dash would be included as part of the username field. The database would attempt to locate a user field ending with '-- and would not find it.
      • Validate all data: Before accepting any data, verify it is actually valid. This includes rejecting any input using certain characters or certain keywords. Table and column names can be mapped to their actual internal names, which should not be exposed to the customers. Choice control can be used to limit certain selections. For example, a form’s design can force a user to select their birth year from a drop-down list. This means any input in this field is guaranteed to be valid.
      • Use stored procedures: This is an alternative to parameterized queries with the same goal. Stored procedures are saved inside the database, allowing the application to use them at any time. Typically, the procedures automatically parameterize the code. As an added precaution, only a user who has execute privileges can run these procedures. Unfortunately, there might be cases where this technique is not completely foolproof. Consult the user documentation for the RDBMS for more information.
      • Use non-standard names for tables and columns: Many attackers look for standard tables such as customers or fields including username and password. Adding a prefix or suffix to each string or column provides additional protection at the cost of a bit of extra complexity and longer strings for each name.
      • Escape the input fields: This technique is not considered effective on its own, but provides another layer of protection as part of a total security strategy. Every RDBMS has a method of escaping user-supplied data. This involves recalculating the input so it is treated as pure text, rather than keywords or application-specific symbols. Some applications convert the input characters into their hex equivalents. The PHP programming language, which is often used in conjunction with SQL, also provides tools for escaping SQL queries.
      • Restrict the access privileges of the database user: Determine the level of access every account requires and configure the user roles accordingly. This limits the damage any individual user can inflict. A similar optimization is to limit the system privileges of the database owner. Even if a user gains access to an administrative account, they cannot use it to gain further access to the server. SQL views can also be used to further limit access. Our guide
        SQL Database Security: User Management
        discusses how to develop an access management strategy for an RDBMS.

      Conclusion

      A SQL injection attack is a type of security threat where attackers manipulate the data in web forms or in URLs. The main purpose of this attack is to get the database to behave in an undesirable or insecure manner. This might result in the database displaying confidential data or allowing an unauthorized user to modify, add, or delete data. An injection attack can cause a severe loss of reputation and operational or logistical consequences for the victimized business.

      The three main types of SQL injection attacks are classic, blind, and out-of-band. The classic method is the most common. The attacker directly assaults the database, submitting malevolent data as part of a query. For example, adding the -- sequence causes many RDBMS applications to treat the rest of the command as a comment. This might cause important parts of the query to be dropped and allow the attacker to log in as an administrator or another user.

      Database operators can protect themselves by considering security at every stage of the development process, hiring a security auditor, or deploying a web application firewall. Several coding defenses including parameterized queries, input validation, and stored procedures can thwart most common attacks. If you are considering deploying a web application that uses a database, consult OWASP’s
      cheat sheet
      and
      security code review guide
      .

      More Information

      You may wish to consult the following resources for additional information
      on this topic. While these are provided in the hope that they will be
      useful, please note that we cannot vouch for the accuracy or timeliness of
      externally hosted materials.



      Source link

      Web Accessibility Guide for Designers (6 Key Tips)


      As a website designer, you play a significant role in a website’s accessibility and inclusiveness.  Many design elements, from typography to media, can create barriers for those with disabilities. With so many items that need to be addressed, it may feel like an impossible task.

      Fortunately, there’s a lot of guidance available for designing a website that’s accessible to all. By giving careful attention to a few key areas, you should be able to include accessibility in your design process without breaking stride.

      In this guide, we’ll introduce you to the concept of web accessibility and its importance. Then we’ll cover six key areas to keep in mind when designing an accessible website. Let’s get started!

      An Introduction to Web Accessibility

      Web accessibility means that all aspects of a website are usable by people with disabilities. Without it, much of the information on the internet would be inaccessible to a large percentage of the population. For online business owners, this would also equate to losing out on potential sales.

      As of 2019, nearly 60% of the United States population with disabilities lived in a home with internet access. That translates to a lot of people who rely on accessible design to use the web fully. People with disabilities also tend to adopt technology at lower rates, meaning they may not have an option for which device to use when accessing a website.

      The World Wide Web Consortium (W3C) developed the Web Accessibility Content Guidelines (WACG) to provide a set of standards to developers, designers, and others responsible for creating and maintaining content on the web.

      The accessibility guidelines are organized into four principles, sometimes referred to by the acronym POUR:

      1. Perceivable: Website components must be presented in a way that users can perceive, regardless of disability.
      2. Operable: Navigation and operation must not require input actions that a user cannot perform.
      3. Understandable: Users must understand how to use and navigate a website and the content on it.
      4. Robust: Content needs to be compatible with current and future assistive technology.

      These principles can seem overwhelming and even somewhat vague. However, there are concrete steps you can take to ensure that your website is accessible to everyone.

      Get an Inclusive Design You’re Proud Of

      Our designers will create a gorgeous website for your brand with usability guidelines and ADA compliance in mind. No accessibility problems here!

      Web Accessibility Guide for Designers (6 Key Tips)

      Having touched on how vital web accessibility is, let’s look at six areas to consider when designing an accessible website.

      1. Make Visual Design Elements Readable

      Typography is a fun area to showcase your creative flair, but the primary purpose of your website’s text is to convey information. There are a few guidelines to be mindful of when working with typography.

      First, you’ll want to think about the contrast between the text and the background. Contrast is expressed as a ratio, and per WCAG guidelines, the minimum contrast is 4.5:1 for normal text and 3:1 for large text.

      There are several tools you can use to test color combinations. WebAIM’s Contrast Checker is one of these.

      WebAIM’s contrast checker tool.

      Line height and letter spacing also come into play where accessibility is concerned. To keep text readable, W3C provides the following guidance:

      • Line height must be at least 1.5 times the font size.
      • Spacing between paragraphs should be two times the font size.
      • Spacing between letters must be at least .12 times the font size.
      • Word space should be at least .16 times the font size.

      Graphs are another way to present a lot of information in an easily understood format. However, if you’re only differentiating the elements by color, you could be shortchanging many people. In fact, there are about 3 million colorblind people worldwide who could be struggling with your content.

      To be certain visual elements are understandable, consider using patterns as well as color in your graphs. When selecting designs, we recommend choosing ones that are different enough from each other. For example, lines or dots are easily discerned, whereas lines of varying thickness may not be.

      2. Organize Content for Easy Understanding

      No matter what type of website you’re designing, chances are there is a lot of text. You can improve accessibility by structuring content in a way that’s easy to skim and understand.

      First, most users will appreciate you breaking your text up into short paragraphs. People often aren’t reading deeply on the web, and shorter sections are easier to scan through.

      Headings are also crucial to scannability. Each heading should accurately describe the content beneath it and follow a logical hierarchy. This means using larger headings first and progressively smaller ones as you cover more specific information.

      Using appropriate markup for your headings can make it easier for screen readers to read and navigate your content. In HyperText Markup Language (HTML), you’ll use tags <h1> down to <h6> to create hierarchical headings to break up your text.

      Headings arranged hierarchically from one to six.

      When adding links to your content, be sure the anchor text is descriptive enough that readers will know where clicking on it will take them. Also, it’s smart to mention if the link will open in a new window. A window opening unexpectedly can cause issues for screen readers and confuse the user.

      You should also let your users skip through the content without using a scroll wheel or repeatedly pressing an arrow key. This can be as simple as including a table of contents at the start of a blog post. You can also have a button that skips right to the main content of the page.

      A ‘skip to main content’ button.

      Next, we’ll explore some ways you can make interacting with your website easier.

      3. Keep User Interface (UI) Elements Intuitive and Device-Independent

      User Interface (UI) elements are anything on a website that visitors need to interact with to navigate, and they play a major role in the overall User Experience (UX). UI elements can include scrollbars, dropdown menus, and notifications.

      For a website to be considered accessible, people using different devices need to be able to interact with these UI elements successfully. This means that device-independent design is crucial.

      For example, some people are only able to use keyboards. To make it possible for them to navigate a webpage, you can include focus indicators to highlight buttons, links, and text fields when a user tabs through a page.

      Anything on your website that can be interacted with should have a corresponding focus indicator. The appearance can vary from one browser to another, but they typically show up as a blue or white outline depending on the background color.

      A focus indicator on the Google search page.

      When adding focus indicators, you’ll need to define tab order. This order should be similar to how you read: top to bottom and left to right. You can test this by tabbing through your site.

      Try to keep navigation and other menus in a consistent order throughout the website. These elements should also appear in roughly the same locations on each page because it makes them easier to memorize and quicker to use.

      Touch targets are the areas a user taps when using a touchscreen device. When defining touch targets, you’ll want to be sure they’re large enough to be easily tapped by anyone. For example, people with neuromuscular disorders may lack the fine motor control needed to interact with a tiny target.

      However, you also don’t want to create targets so large that they overlap with nearby elements. Tapping one button when you were aiming for another is enough to frustrate anybody.

      Some users rely heavily on keyboard shortcuts. While you can define shortcuts for your website, it may not be the best course of action. Keyboard shortcuts are not standardized across the web, and any you create may conflict with the device someone is using. If you decide to add custom shortcuts, be sure to make this clear and provide guidance for using them.

      There are some types of interactions that aren’t available on every device. For example, while pinch-to-zoom is convenient for mobile phones, it’s impossible on any computer without a touchscreen. Be sure content isn’t locked behind actions your users may not be able to perform. Provide multiple avenues to your information.

      UX is a highly involved area of web design with a lot of moving parts. Therefore, you might consider adding a section to your style guide to help maintain consistency for all UI elements across your website.

      4. Make Input Controls User-Friendly

      Input controls are a subset of UI elements intended to accept input from a user. Examples include text fields, checkboxes, and radio buttons.

      Forms can be tricky to design with accessibility in mind, but there are some guidelines to follow. You can start by labeling each field of your form. You might also include some example text in the field itself.

      A lead generation form with labels and example text.

      When laying out forms, we suggest using a vertical structure and placing each field on its own line. This makes navigating the form easier for keyboard-only users. On a related note, ensure that focus indicators are placed throughout the form.

      You might break long forms into multiple sections as they can be overwhelming. You could also add a progress bar for people to know where they are in the process; this is likely to be appreciated by your users.

      Finally, be sure to provide error messages that are clear and easy to understand. If possible, don’t clear the entire form when an error is made. It’s a good idea to include instructions for how to fix the mistake as well.

      5. Include Multiple Ways to Enjoy Media

      Media can add a lot to a website, but there are accessibility issues to be mindful of. Fortunately, you can ensure that any media you use is enjoyed by everyone.

      First, some types of media are best avoided altogether. Flashing animation or pop-ups can potentially trigger seizures in some people. You may also want to skip scrolling text or animated content that can’t be paused. It can be difficult or even impossible for some users to absorb.

      If you feel the need to include scrolling or animation, there are ways to make these elements more accessible. Be sure text moves slowly enough that visitors can read it easily. In addition, make it possible for users to pause the content and be clear about how to do so.

      When you create video content for your website, you can include closed captioning for the deaf and hard of hearing. You should also add a text transcript of the video’s content for those using a screen reader.

      Visitors who use screen readers can sometimes have a difficult time with images on a site as well. To make it possible for these people to see what is happening in a picture, you can include alt text.

      Adding alt text to an image of a person playing guitar.

      Alt text is a description intended to show up when an image fails to load. However, screen readers also speak this text, so those with visual impairments don’t miss out.

      When you’re writing alt text, you’ll want to be as descriptive as possible. You can base your description on what is featured in the image and the context of the surrounding content. Also, there’s no need to include the words “Picture of…” at the start of your alt text, as the screen reader will add that automatically.

      6. Perform User Research and Testing

      User research and testing probably aren’t as exciting to you as the design process, but they’re crucial for nailing accessibility. User research is best done early in the process to get a handle on who your users are and what they expect from you. You can do testing throughout the design process to help keep you heading in the right direction.

      Thorough research ensures that none of your users will fall through the cracks and will help you develop a plan for designing your website. You might use focus groups or surveys to determine what users need from your website and how they intend to use it.

      You’ll likely want to do some testing throughout the site-building process. You might try A/B testing at the wireframing stage when there’s still time to pivot. Once your site goes live, you could observe people using your website and ask for their thoughts as they accomplish specific tasks.

      During research and testing, it’s best to gather a diverse group of participants. Including those of all abilities gives you a better chance of designing a site that works for everyone.

      You can also perform testing yourself, such as trying to navigate your website using only your keyboard. For other elements of accessibility, you might want to try a plugin such as WP Accessibility.

      The WP Accessibility plugin.

      This plugin is free to use. It can help you correct a variety of accessibility issues.

      DreamHost Takes Inclusivity Seriously

      We regularly report on diversity, accessibility, and representation in the tech industry. Subscribe to our monthly newsletter so you never miss an article.

      Let’s Make Accessibility Standard

      Focusing on accessibility during the design process can result in a website that’s accessible to everyone. While it may seem like a lot to keep track of, the payoff is well worth the extra effort.

      Keep the following in mind when you’re designing your website:

      1. Make visual design elements readable.
      2. Organize web content for easy understanding.
      3. Keep User Interface (UI) elements intuitive and device-independent.
      4. Make input controls user-friendly.
      5. Include multiple ways to enjoy media.
      6. Perform user research and accessibility testing.

      Building an accessible website is a lot easier with the right web host in your corner. DreamHost’s Shared Unlimited hosting can ensure that you get off to a great start with a fast and reliable website!



      Source link

      Be the Boss of Your Base: Tips to Master MongoDB Like a Pro


      Video

      About the Talk

      MongoDB developer advocates share best practices on when to use relational databases, and top tips and tricks for getting the most out of the latest release of MongoDB.

      Resources

      Slides
      MongoDB Developer Hub
      MongoDB Community Forums

      Presenters

      Ado Kukic, Lead Developer Advocate, MongoDB
      Ado is a full-stack software engineer, international speaker, and lead developer advocacy at MongoDB, as well as Google Developer Expert for Web Technologies. He spends most of his time giving talks at conferences and meetups, mentoring and running workshops, and creating online content to help technology professionals.

      Adrienne Tacke, Senior Developer Advocate, MongoDB
      Currently a Senior Developer Advocate for MongoDB, Adrienne Tacke is a Filipina software engineer, speaker, published author of the book Coding for Kids: Python, as well as LinkedIn Learning instructor who specializes in Cloud Development courses.

      Perhaps most important, however, is that she spends way too much money on desserts and ungodly amounts of time playing Cyberpunk 2077.



      Source link