ZAP Penetration Testing: A simple Tutorial to Detect Vulnerabilities

Penetration testing (otherwise known as pen testing, or the more general security testing) is the process of testing your applications for vulnerabilities, and answering a simple question: “What could a hacker do to harm my application, or organization, out in the real world?”

Recently I came across a tool, Zed Attack Proxy (ZAP). Its main goal is to allow easy penetration testing to find vulnerabilities in web applications. It is ideal for developers and functional testers as well as security experts. Let’s check out how ZAP penetration testing works.

Installation and configuration of ZAP:

Download Link:

Adding a site to the testing scope

By telling ZAP what the target site is, ZAP can limit the scope of the scan and only scan the target site for vulnerabilities.
1. Open the web application that you want to test.
2. In Zap you will find your website/application displayed under sites.
ZAP will spider that URL, then perform an active scan and display the results.




Zap runs on proxy, to set up the proxy in ZAP:

Close all active Firefox browser sessions
ZAP tool -> Tools Menu -> Options -> Local Proxy -> Change Address = Port = 8080.
Mozilla browser -> Tools Menu -> Options -> Advanced tab -> Network -> Settings -> Select Manual Proxy configuration:- HTTP Proxy = Port = 8080.

Now try to connect to your application using your browser.
If you can’t connect to it then check your proxy settings again. You will need to check your browser’s proxy settings, and ZAP’s proxy settings. It’s also worth checking that the application that you are trying to test is running!

When you have successfully connected to your application you will see one or more lines in ZAP’s Sites and History tabs.
Note that most of ZAP’s tabs provide additional functionality that could be accessed via ‘right click’ menus.

Right click on the HTML -> Attack -> Active scan
ZAP will perform active scan on all the pages and display the results.


blog pic 2


Save the ZAP session

Once you have manually explored the application it would be a good time to save the ZAP session so that you can look at it again.
If your application has multiple roles then you should explore it with each role and save the sessions in separate files.


Generating a Report:

ZAP tool -> Report -> Generate HTML report (Any other options listed) -> Save and share the report.

Authentication , session and User management using ZAP

1) Context: Represents a Web application
2) Session Management Method: How are the web Sessions identified by the server and handle requests

Example: cookie based using query parameters
3) Authentication Method: How is a new session established?
It could be either Form based authentication method, HTTP based or oath methods.
4) User Management: Handling users of web application that could be used for executing actions
Example: user name/password pair

Steps to follow:

1) Set proxy in local browser/access url:
Now include web app in context.

Context includes:

(ii)Session management
(iii)Users management

Context: Form based authentication

(I) log-in from target url:

(ii) Login Request POST Data: username={%username%}&password={%password%}&proceed=login

(iii) Set params as: username =password

(iv) Include regex pattern for logged in or logged out response
Regex pattern for logged in response :- \Qa href=”\E



Context: Session Management



Context: User management

For user management, we can add 2 users, one valid user let it be the “Existing user” here “superadmin” in our example and other is “Test User” invalid user.




Spider url attack applied to “Test user”

If spider url attack applied to the Test user returns get_login.php (error_message), also once spider attack completed “Test User” accesses home url only. uri’s covered: 31 is shown in the screenshot, where as only scan through



Spider url attack for existing valid user “Superadmin”




Here spider url attack applied to the Existing valid user. That is user with super admin logged in credentials. In the attached screenshots returns “POST login.php ( request _url) if selected, returns Uri’s covered 182 for the valid user. He can access all sites.

If you have any interest in application security then you should download ZAP and try it out.


Zed Attack Proxy,

How to write Cordova Plugins

View story at

How to write Cordova Plugins

Cordova Plugins are one of the dark arts of hybrid app development, helping web apps running natively access the full power of the device underneath. Their obscurity separates the haves from the have nots, with whole swaths of Cordova users relying on a relatively small group of plugin developers to build and maintain these crucial pieces of functionality for their apps (like the famous Eddy Verbruggen).

It doesn’t have to be this way. More Cordova developers can and shouldventure into Cordova plugin development, because it’s not as hard as it’s cracked up to be, and the ecosystem needs more people to step in and help out.

At Ionic, we’ve identified the Cordova plugin ecosystem as one of the most important and at-risk parts of the Cordova experience, and we’re working hard to change that through education, maintaining existing plugins, and building new plugins that expand the capabilities and features of Cordova out-of-the-box.

Let’s start at square one and walk through the process of becoming a seasoned Cordova plugin developer. I think you’ll find that it’s much less intimidating than it seems!

0. What is a Cordova plugin?

Before we get into building our first Cordova plugin, let’s take a step back and talk about what a Cordova plugin, and, by extension, Cordova is.

Cordova is a set of command line tools and a plugin bridge for building native apps for the app stores that lets us build our app in a web view, and call native code from JavaScript. When we install Cordova on our computer, we’re installing a set of tools that helps package up this web content, place it into a native app container, deploy it to a device or simulator for testing, and build binaries for final release to the app store.

Inside of that container is a relatively small bridge that transports certain JavaScript calls we make into corresponding native code to give our app the ability to do complex, native things, that aren’t baked into the standard Web APIs.

Building Cordova plugins means we are writing some JavaScript to call down to some Native (Obj-c/Swift, Java, etc.) code we also write, and returning the result to our JavaScript.

To sum it up: we build a Cordova plugin when we want to do something natively that doesn’t yet have a Web API analog, like accessing HealthKit data on iOS or using the Fingerprint scanner on Android.

1. Getting started: scaffolding our first plugin

Plugins plugins everywhere, but how do we start our own? There are two ways to do this: we can use the plugman tool to create one quickly, or we can get all mitosis on an existing plugin by cloning it.

Generally, I prefer cloning existing plugins because you get a faster start with code filled in for all the platforms you want. I’ve cloned the Cordova Device plugin as it’s rather simple, but recently we released a Cordova Plugin Template which comes pretty bare bones. Let’s git clone the template.

We see a few files and directories here, but most importantly: plugin.xml, src, and www:

plugin.xml is one of the most important files here. It’s what Cordova parses to figure out what platforms your plugin supports, preferences it has that the user can configure, source files we’ll include in our final app build, and more. It’s also a bit esoteric so generally we’ll look at other plugin.xml files and use our Computer Science background to copy and paste into ours.

Next is src. This is where our native code lives. If we peek into here we see an ios and android folder.

Finally, www is where the JavaScript code for our plugin lives. This is what gets called first and then kicks off Cordova to call our native code.

Let’s go ahead and copy all the files and directories from the template we cloned to a new directory where we are going to work on our plugin. For this tutorial, we will be creating a simple “echo” plugin, so we can create an echo-plugin directory.

2. Configuring our Plugin

Now for my favorite part: writing XML!!!1

Okay, it’s not glamorous but the plugin.xml file is where everything happens and it’s where we should start. First, we need to give our plugin a unique name and id. As far as naming conventions go, the id is usually of the form this-is-a-plugin, like cordova-plugin-device (as an example):

Next, we’ll set a reference to our JavaScript code:

At a glance, js-module specifies the JS code that will run, and <clobbers> sets what window variable the plugin will be exported under. So, in this case, our script file is www/plugin.js, and when our app runs, we’ll be able to access the plugin at window.MyCordovaPlugin.

Next, we specify the platforms we are going to support, along with references to the corresponding native code for each, starting with Android:

Inside of <config-file> we specify our Android package name and also the symbol Cordova will use to identify our plugin, in this case it’s MyCordovaPlugin. Finally, we have a reference to our main Java code inside of <source-file> which is where our native code lives.

Let’s take a look at ios:

In this snippet, we see much of the same stuff from Android. Inside of <config-file> we have a similar entry to Android just without the Java package format. Finally, we list out the source files Cordova will copy into our app before build, making sure to specify both header and source files we will include. Note: plugins can be built in Swift, but given that Cordova is still in Objective-C and there’s a little overhead to using Swift, we’re going to focus on Objective-c for now.

3. Building our plugin: JavaScript

Let’s start with the JavaScript API that we’d like to expose to the developer. In this case, our JavaScript code lives in www/plugin.js. Here’s what it looks like:

In this case, we have a simple object that has echo and getDate as functions the developer can call. When run, the developer can call this plugin by writing

window.MyCordovaPlugin.echo(‘Hello!’, function() { //callback })

The code that does the magic here is the exec function we’ve imported from cordova/exec. When called, this plugin tells Cordova’s plugin layer to find the plugin identified by PLUGIN_NAME and send the action passed in to either a function call (iOS) or a switching function (android). It’s a good practice to make sure the Cordova symbol name we give our plugin (in this case MyCordovaPlugin) matches the <clobbers target> setting from our plugin.xml, as that will be the window variable we access.

For many plugins, this is as complex as they’ll need to get on the JavaScript side, as the native code is doing all the work. However, I implore future Cordova plugin developers to strongly consider doing more of the actual grunt work in JavaScript instead of Native code. For example, avoid things like String processing, JSON encoding, etc. in Native code because you’d have more platform-specific code to maintain, and often JavaScript performs these tasks with much less mental overhead for the developer (read: string processing in Objective-C is agonizing as all hell). Here’s one of our pluginsthat does a lot of cross-platform work in the JavaScript layer, only using the Native layer to get data the JS layer can’t.

4. Building our plugin: Native iOS

Now for the fun part: writing some native iOS Objective-C code.

Let’s start with the Objective-C header file, in src/ios/MyCordovaPlugin.h:

This header file is a spec of the functions we’ll implement in our corresponding .m, MyCordovaPlugin.m:

These methods are called through Cordova when we run exec() from our JavaScript. They take a CDVInvokedUrlCommand* argument that contains the arguments we passed from JS, along with a reference to the callback the user passed. We can configure the callback to only work once, or to be called repeatedly (by using [result setKeepCallbackAsBool]).

Once in this method, we’re doing plain ol’ Objective-C. Anything you can dream of doing natively you can do here. When you’re done and want to return data back to JS, create a CDVPluginResult object and send it to the commandDelegate which dispatches the result back to JS.

In the example above, the echo method just calls NSLog to echo the string the user passes, while getDate gets a native date from iOS and then converts it into an ISO string and returns it.

This is by no means an exhaustive intro to building iOS Cordova plugins. The best way to go from here to building complex plugins is to study existing ones, like the Geolocation plugin.

5. Building our Android plugin

Building the Android part of our plugin is exactly the same conceptually, but Android plugins have slightly different semantics. Here’s what our src/android/com/example/ looks like:

For Android, we have one single execute method that Cordova calls with the action we put into exec() on the JS side, along with the arguments and callback context. Thus, instead of having Cordova call our method directly, we have to check the action string against each action name we support, in this case “echo” and “getDate”. Then, we perform the action and return the result just like on the iOS Side.

Again, to see a more complex Android plugin, take a look at the Geolocation plugin source.

6. Testing plugins

Smashing our keyboard and producing code is the easy part. Now, we need to test and verify our plugin actually works.

To test a Cordova plugin, we need to have a Cordova/PhoneGap/Ionic app to run. Cordova plugins are not runnable on their own.

Assuming we have an existing Cordova app, we can add our plugin locally:

cordova plugin add --link ~/git/echo-plugin

The link flag adds our plugin as a symbolic link, meaning we can work on our code (at least the native code) and rebuild and run our app without having to add the plugin again. However, for some reason, the JavaScript side of our plugin doesn’t automatically update. As we build and modify the JS side, we have to remove the plugin quick using cordova rm my-cordova-plugin and add it back like we did before.

To test the plugin, we just run our app like normal, using our standard Cordova debugging techniques (attach browser dev tools, use IDE console, etc.).

If something ever gets wonky or out of sync, just try removing the plugin and adding it back. If that doesn’t work, remove your platform directory and make sure all references to your plugin are gone from the plugins directory. This tends to happen if you change things like the plugin id or name.

7. Where to go from here

This post was meant to lay out the basics of building a plugin. Day-to-day there isn’t much more beyond what I’ve written here, except lots more native code to do whatever fancy schmancy thing we’re trying to do.

If you’d like to dig in a bit from a slightly more practical angle, I’ve put together a Cordova Plugin Development Guide that runs through building the plugin above and the commands you’d use to add it to your project and test it, along with some advanced topics towards the end.

Whenever I build a Cordova plugin, I’m always amazed at how straightforward it is. For some reason, it always seemed like an incredibly unapproachable topic full of undocumented magic that only a few people knew. That’s not at all the case, and I hope this post encourages more people to try building their own plugins, or improving the ones that already exist out there.

Happy hacking!

Build your first Cordova plugin


Build your first Cordova plugin

Step 1: Determine what you want your plugin to do

Cordova plugins are appropriate in two main cases:

  • There is a need to expose the native capabilities of a device to a Cordova app.
  • There is a need to encapsulate common functionality across a number of Cordova apps, even if that functionality does not require interaction with the native platform.

In this tutorial, we will focus on the first type of plugin. We will demonstrate the steps needed to create a plugin that accesses a user’s calendar to determine if they are about to be late for a meeting. To do this, we will use the native Calendar APIs present on Android™, iOS™, and Windows Phone ®.

Step 2: Create the plugin skeleton

Before generating the skeleton for your plugin, you should decide on the plugin’s ID and name. In particular, the ID should be unique, and should follow the convention “cordova-plugin-[your-plugin-name]”.

For the purpose of this tutorial, we will go through the process of creating a plugin that uses a device’s native services to determine if a user has an appointment within the next X minutes. The plugin ID will be “cordova-plugin-am-i-late”, and the name will be “Am I Late?”.

Now that we’ve decided on what our plugin will do and what it will be called, we’re ready to create the skeleton. While this can be done by hand, the plugman will generate the necessary folder structure and file for you. To install plugman, run npm install plugman from a command prompt.

To create the skeleton, call plugman as follows:

plugman create --name AmILate --plugin_id cordova-plugin-am-i-late --plugin_version 0.0.1

If the command succeeds, you should see no additional output to the command prompt. plugman should have created a folder structure that looks like this:

|- plugin.xml
|- src/
\- www/
   \- AmILate.js

At this point, you are ready to move onto the next step.

Step 3: Design the JS interface


Step 4: Implement the native functionality

Now that the JS interface has been defined, it’s time to start writing the code that will execute on the individual native platforms. Each platform has a slightly different way of interacting with plugins, but we will cover Android, iOS, and Windows Phone in this tutorial.

For each platform, you will add a folder under the src folder, as well as some entries in plugin.xml. Once again, plugman simplifies this process considerably.


To start, we will add the android platform:

plugman platform add --platform_name android

When the command completes, your folder structure should now look like this:

|- plugin.xml
|- src/
|  \- android/
|     \-
\- www/
   \- AmILate.js

As well, plugin.xml will include these new lines:

<platform name="android">
    <config-file parent="/*" target="res/xml/config.xml">
        <feature name="AmILate">
            <param name="android-package" value="cordova-plugin-am-i-late.AmILate" />
    <config-file parent="/*" target="AndroidManifest.xml"></config-file>
    <source-file src="src/android/" target-dir="src/cordova-plugin-am-i-late/AmILate" />

Mobile platforms often require that apps request permission from the user in order to access particular features. Part of creating a plugin is ensuring that any such permissions are specified by the plugin. For our plugin, we will need to include the “Read Calendar” permission from Android. To do so, we will add the middle line to plugin.xml:

<config-file parent="/*" target="AndroidManifest.xml">
    <uses-permission android:name="android.permission.READ_CALENDAR"/>

While our plugin will only need the single java source file, it is simple to add additional native files to the plugin by adding elements to plugin.xml.

To actually implement the native functionality, we will add the necessary Java code. Looking at the generated, you will see a number of references to “coolMethod”. Those should be replaced with getNextAppointment. As well, the argument is an integer, not a string, so that call should be changed. After updating the scaffolding, the relevant methods should look like this:

public boolean execute(String action, JSONArray args, CallbackContext callbackContext) throws JSONException {
    if (action.equals("getNextAppointment")) {
        int minutes = args.getInt(0);
        this.getNextAppointment(minutes, callbackContext);
        return true;
    return false;

private void getNextAppointment(int minutes, CallbackContext callbackContext) {
    if (minutes > 0) {
        callbackContext.success("Plugin is working");
    } else {
        callbackContext.error("minutes must be > 0");

Before continuing, let’s look at some important features of the code:

  • The action parameter is used to distinguish between different method calls that users may make to your plugin.
  • The execute() method should return true if your plugin handles a particular action, and false otherwise. Note that this does indicate the success or failure of the handling.
  • Indicating success is failure is done by calling the appropriate method on the callbackContext. While our code only passes back a message for now, you can also pass a JSONObject or JSONArray if you need to return structured data.

Knowing that, we’re finally ready to implement the calendar functionality. The specific code needed to access the calendar is beyond the scope of this article, but the plugin plumbing code is still important. The method will look like this when completed:

private void getNextAppointment(int minutes, CallbackContext callbackContext) {
    if (minutes > 0) {
            Code to retrieve name, time of next appointment goes here
        if (foundAppointment) {
            JSONObject returnObject = new JSONObject();
            returnObject.put("title", appointmentTitle);
            returnObject.put("date", appointmentDate);
        } else {
            // If no appointment was found, return an empty string.
            // Note that we used success() rather than error(), since
            // no finding an appointment is perfectly valid. Error
            // conditions should be reserved for situations where
            // the plugin was unable to complete its task at all.
    } else {
        callbackContext.error("minutes must be > 0");

At this point, the plugin is ready to be consumed by a Cordova app.


Adding the ios platform can also be done via plugman:

plugman platform add --platform_name ios

When the command completes, your folder structure should now look like this:

|- plugin.xml
|- src/
|  |- android/
|  |  \-
|  \- ios/
|     \- AmILate.m
\- www/
   \- AmILate.js

As well, plugin.xml will include these new lines:

<platform name="ios">
    <config-file parent="/*" target="config.xml">
        <feature name="AmILate">
            <param name="ios-package" value="AmILate" />
    <source-file src="src/ios/AmILate.m" />

Adding more source files to our plugin simply requires adding elements under the ios platform element in plugin.xml. Header files can be added in the same way using elements.

The final AmILate.m implementation, which illustrates the key plugin plumbing code, will look like this:

- (void)getNextAppointment:(CDVInvokedUrlCommand*)command
    CDVPluginResult* pluginResult = nil;
    int minutes = [[command.arguments objectAtIndex:0] intValue];

    if (minutes > 0) {
            Code to retrieve name, time of next appointment goes here
        if (foundAppointment) {
            NSMutableDictionary *appointment = [NSMutableDictionary dictionaryWithCapacity:2];
            [appointment setObject:appointmentName forKey:@"title"];
            [appointment setObject:appointmentDate forKey:@"date"];
            pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_OK messageAsDictionary:appointment];
        } else {
            pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_OK messageAsString:@""];
    } else {
        // Indicate an error result
        pluginResult = [CDVPluginResult resultWithStatus:CDVCommandStatus_ERROR];

    [self.commandDelegate sendPluginResult:pluginResult callbackId:command.callbackId];

Rather than using JSONObject/JSONArray, iOS allows plugins to return structured data by passing back an NSMutableDictionary. However, the basic structure is very similar to the android platform.


The native code for Windows and Windows Phone 8.1+ is slightly different from other platforms. While it is possible to implement the functionality using C# or C++, the native APIs are actually available via JavaScript, and it is usually easiest that way.

Unfortunately, plugman does not currently support the windows platform, so the scaffolding previously created by plugman needs to be done by hand.

First, create a windows folder under the src folder, and then create an empty AmILate.js in it. Your folder structure should now look like this:

|- plugin.xml
|- src/
|  |- android/
|  |  \-
|  |- ios/
|  |  \- AmILate.m
|  \- windows/
|     \- AmILate.js
\- www/
   \- AmILate.js

Then add the following lines to plugin.xml, just below the closing tag for android:

<platform name="windows">
    <js-module src="src/windows/AmILate.js" name="AmILate">
        <runs target="" />

Next, add the following code to src/windows/AmILate.js:

module.exports.getNextAppointment = function(success, error, args) {
    if (args.length == 0 || args[0] < 0) {
        // Invalid call to the plugin, so return an error condition
        error('Invalid value for minutes argument');

        Code to retrieve name, time of next appointment goes here

    if (foundAppointment) {
        result = {
                'title': appointmentTitle,
                'date' : appointmentDate
    } else {
        // Empty string to indicate no appointment

Note how much simpler this was than the Java implementation. The callback methods are invoked directly, the json objects can be constructed in-place, and the arguments parameters can be accessed with sensible syntax, rather than complex method calls.

Step 5: Test the plugin

Step 6 (optional): Publish the plugin to NPM

Starting with Cordova version 5.0.0, plugins are published to and retrieved from NPM. This greatly simplifies the steps required to publish your plugin for use by others. Once your plugin is in a stable state, these steps will package and upload it to NPM.

First, use plugman to generate a package.json for your plugin:

plugman createpackagejson .

Answer the questions presented, and you will end up with a package.json that looks like this:

  "name": "AmILate",
  "version": "0.0.1",
  "description": "A plugin for determining if the user has an appointment coming up shortly",
  "cordova": {
    "id": "cordova-plugin-am-i-late",
    "platforms": [
  "keywords": [
  "author": "Microsoft",
  "license": "ISC"

If everything looks right, you are ready to publish! Just run the following command from a command prompt:

npm publish .

AngularJS Best Practices: Directory Structure


We spend a lot of time writing code. In the early phases of a project, the directory structure doesn’t matter too much and many people tend to ignore best practices. In the short term, this allows the developer to code rapidly, but in the long term will affect code maintainability. AngularJS is still relatively new and developers are still figuring out what works and doesn’t. There are many great ways to structure an app and we’ll borrow some principles from existing mature frameworks but also do some things that are specific to Angular.

In this article, I will cover best practices regarding directory structures for both small and large AngularJS apps. This may be a hot button issue with some developers and while there is no “perfect” way to structure an app, I will be writing from experience and lessons learned from projects I’ve worked on.

#Standard Structure

First of all, let’s go over what not to do. Many AngularJS tutorials show an app structure that resembles the code below:

----- controllers/
---------- mainController.js
---------- otherController.js
----- directives/
---------- mainDirective.js
---------- otherDirective.js
----- services/
---------- userService.js
---------- itemService.js
----- js/
---------- bootstrap.js
---------- jquery.js
----- app.js
----- mainView.html
----- otherView.html
----- index.html

This is a very typical app structure that I see. On the surface, it seems to make a lot of sense and is very similar to a lot of MVC frameworks. We have a separation of concerns, controllers have their own folder, views have their own folder, external libraries have their own folder, etc.

The main problem with this directory structure is not apparent when you are working with only a handful of views and controllers. In fact, it is preferable to follow this approach when writing a tutorial for example or for smaller application. This structure makes it very easy for the reader to visualize and conceptualize the concepts you are covering.

This approach falls apart, however, when you start adding additional functionality to the app. Once you have more than 10 controllers, views and directives, you are going to have to do a lot of scrolling in your directory tree to find the required files.

For example, say you are building a blog with Angular. You decide that you would like to add the author information to the bottom of each article. Well now, you have to find the blog directive, controller, potentially the service and finally the view before you can even look at the whole picture and start making edits.

Learn Angular

Related Course

Say a few months down the line, you are adding additional features to your blog and want to rename a particular feature, again it’s a hunt throughout the directory structure to find the affected files, edit them, make sure they are all in sync, and then make the changes.

#A Better Structure and Foundation

Let’s get to best practices and what you should be doing to build scalable and maintainable AngularJS apps that your coworkers will love you for. An ideal AngularJS app structure should be modularized into very specific functions. We also want to take advantage of the wonderful AngularJS directives to further compartmentalize our apps. Take a look at a sample directory structure below:

----- shared/   // acts as reusable components or partials of our site
---------- sidebar/
--------------- sidebarDirective.js
--------------- sidebarView.html
---------- article/
--------------- articleDirective.js
--------------- articleView.html
----- components/   // each component is treated as a mini Angular app
---------- home/
--------------- homeController.js
--------------- homeService.js
--------------- homeView.html
---------- blog/
--------------- blogController.js
--------------- blogService.js
--------------- blogView.html
----- app.module.js
----- app.routes.js
----- img/      // Images and icons for your app
----- css/      // All styles and style related files (SCSS or LESS files)
----- js/       // JavaScript files written for your app that are not for angular
----- libs/     // Third-party libraries such as jQuery, Moment, Underscore, etc.

This directory structure is much harder to read and understand from the get go. A newcomer to Angular may be completely turned off by this complex approach, and that is why you see tutorials and examples in Angular following the simpler directory structure found in examples earlier. Let’s dive into the directory structure above and see what’s going on here.


The index.html lives at the root of front-end structure. The index.html file will primarily handle loading in all the libraries and Angular elements.

Assets Folder

The assets folder is also pretty standard. It will contain all the assets needed for your app that are not related your AngularJS code. There are many great ways to organize this directory but they are out of scope for this article. The example above is good enough for most apps.

App Folder

This is where the meat of your AngularJS app will live. We have two subfolders in here and a couple JavaScript files at the root of the folder. The app.module.js file will handle the setup of your app, load in AngularJS dependencies and so on. The app.route.js file will handle all the routes and the route configuration. After that we have two subfolders – components and shared. Let’s dive into those next.

Components Folder

The components folder will contain the actual sections for your Angular app. These will be the static views ,directives and services for that specific section of the site (think an admin users section, gallery creation section, etc). Each page should have it’s own subfolder with it’s own controller, services, and HTML files.

Each component here will resemble a mini-MVC application by having a view, controller and potentially services file(s). If the component has multiple related views, it may be a good idea to further separate these files into ‘views’, ‘controllers’, ‘services’ subfolders.

This can be seen as the simpler folder structure shown earlier in this article, just broken down into sections. So you could essentially think of this as multiple mini Angular applications inside of your giant Angular application.

Shared Folder

The shared folder will contain the individual features that your app will have. These features will ideally be directives that you will want to reuse on multiple pages.

Features such as article posts, user comments, sliders, and others should be crafted as AngularJS Directives. Each component here should have it’s own subfolder that contains the directive JavaScript file and the template HTML file.

In some instances, a directive may have it’s own services JavaScript file, and in the case that it does it should also go into this subfolder.

This allows us to have definitive components for our site so that a slider will be a slider across the site. You would probably want to build it so that you could pass in options to extend it. For example, you could have:

<!-- user a slider directive to loop over something -->
<slider id="article-slider" ng-repeat="picture in pictures" size="large" type="square">

Now this slider is accessible from any part of our site so we’re not reinventing the wheel. We also just have to change it in one place, the shared folder and it will update sitewide.

#Best Practices (For Huuuuge Apps)

If you are developing a really large application in AngularJS, you will want to go even further and modularize your app. Here are some additional tips on how to accomplish this.

Modularize the Header and Footer

A good practice here would be to create a Core subfolder under components, and then a subfolder for the Header and Footer and any additional components that will be shared across many pages.

Modularize the Routes

In the structure above we didn’t do this, but another good practice for very large apps is to separate the routes into separate files. For example you might add a blogRoutes.js file in the /views/blog/ subfolder and there include only the routes relevant to the blog such as /blog/:slug, /blog/:slug/edit, blog/tags:/tags, etc.

Don’t Forget to Minify

If you do decide to opt in and build your AngularJS apps in a modularized fashion, be sure to concatenate and minify your code before going into production. There are many great extensions for both Grunt and Gulp that will help with this – so don’t be afraid to split code up as much as you need.

You may not want to necessarily have just one giant .js file for your entire app, but concatenating your app into a few logical files like:

  • app.js (for app initialization, config and routing)
  • services.js (for all the services)

This will be greatly beneficial for reducing initial load times of your app.

If you need some more tips on minifying, check out our guide: Declaring AngularJS Modules For Minification

Keep the Names Consistent

This is more of a general tip, but this will save you a headache in the future, when writing components and you need multiple files for the component, try to name them in a consistent pattern. For example, blogView.html, blogServices.js, blogController.js.

#Benefits of the Modularized Approach

The example above shows a modularized approach to building AngularJS. The benefits of this approach include:

Code Maintainability

Follow the approach above will logically compartmentalize your apps and you will easily be able to locate and edit code.


Your code will be much easier to scale. Adding new directives and pages will not add bloat to existing folders. Onboarding new developers should also be much easier once the structure is explained. Additionally, with this approach, you will be able to drop features in and out of your app with relative ease so testing new functionality or removing it should be a breeze.


Debugging your code will be much easier with this modularized approach to app development. It will be easier to find the offending pieces of code and fix them.


Writing test scripts and testing modernized apps is a whole lot easier then non-modularized ones.

#In Conclusion

To conclude, this article covered some of the best practices in regards to structuring an AngularJS app. It is easy to ignore good practices in order to save time upfront. We all have a tendency to just want to start writing code. Sometimes this passion can hurt us in the long run when our awesome apps grow and become popular and then we’re stuck rewriting or even worse maintaining badly thought out code. I hope this article had some helpful tips.

I plan on building a barebones AngularJS application structure that should follow the best practices outlined in this article that will help you get started building Angular apps quickly and efficiently. Keep a lookout for that in the coming weeks. Stay tuned for Part 2 where we put these concepts into practice!

In the meantime, be sure to check out John Papa’s AngularJS Style Guide for additional tips on AngularJS best practices and while you’re add it give Todd Motto’s AngularJS Guide a look too.

20 useful tools for web developers


Improve your website’s performance, validate your code and more with these handy tools.

Life as a web developer may offer many rewards, but when project managers are asking you to do more and more in less and less time, it can become frustrating. So it’s always good to find tools that can make your work faster and more productive. Here we’ve gathered together some of the most useful.


Some you’ll have heard of, others you’ll already be using, but hopefully there’ll be at least one or two that can lighten your workload and brighten your day…

01. Browser Calories

Get the page weight of whatever you’re looking at

In a time when more of us are doing more of our browsing on a flaky mobile connection than ever before, as designers and developers we need to be keeping an eye on our page weights. This browser extension places an icon next to the address bar that, when clicked, lets you know the page weight of whatever your looking at, broken down by resource if you like.

02. Visual Studio Code

Visual Studio Code

A free, open source code editor from Microsoft that runs anywhere and has lots of smart features for making coding quicker and easier. Built-in Git commands, debugger and much more.

03. Firebug

Firefox add-on Firebug is a must-have for devs

From the developers at Firefox, the amazingly useful add-on Firebug enables you to debug, edit and monitor HTML, JavaScript and CSS live, all in the browser. One of the very best web development tools out there, this is a must-have for anyone working in web development.

04. HTML Entity Character Lookup

HTML Entity Character Lookup

HTML Entity Character Lookup helps you ensure all the characters on your page are validated

Using HTML entities is essential to ensure all the characters on your page are validated. However, often finding the right entity code requires scanning through 250 rows of characters. It’s also available as a widget on the Mac Dashboard.

05. -prefix-free

Prefix free

-prefix-free helps you break free from CSS prefix hell

This cool tool from Lea Verou lets you use unprefixed CSS properties. It essentially works behind the scenes, adding the current browser’s prefix to any CSS code, only when it’s needed.

06. Cloud9 IDE

Cloud9 IDE

Cloud9 IDE enables developers around the world to edit the same code and chat together

Cloud9 IDE is a tool to help you collaborate with others on big-scale code projects. Letting developers around the world edit the same code and chat together in realtime, it’s fast emerging as one of the best browser-based IDEs. Features include code completion and editor, drop-document trees, smart drag and FTP integration.

07. Foundation


Foundation 6 makes it “crazy fast” to code responsive designs, say its makers ZURB

Made by develpopers for developers at ZURB, this prototyping tool acts as a blueprint for your responsive design projects. Its latest version is an easy grid-structure that makes styling even more convenient and flexible. It works with both SASS and CSS.

08. Fontello


Fontello offers an easy way to generate icons in web font form

This icon generator is truly one of a kind. Pick the icons you want and Fontello will compile them into customized web fonts. You can also edit and customize the symbol codes and names.

09. Cloud Comp

Cloud Comp

Share sites and apps with ease using Cloud Comp

This lightweight and easy to use tool helps you share website and apps with others. It’s been specifically built to give designers and developers a way to present comps to their clients inside of a realistic device shell.



BLOKK replaces dummy text with blocks

BLOKK is a fun-to-use font for “clients who do not understand Latin”. In other words, it replaces all text with blocks to suggest generic text instead. That way you can create good looking mock-ups and wireframes without confusing people with Lorem Ipsem.

11. Basecamp


Basecamp is the project management of choice for much of the web design industry

Developed by 37signals, Basecamp is a popular online tool to help you manage collaboration and project management with ease. It all runs in the cloud and most people working in web design and development will be familiar with it.

12. Browser Shots

Browser Shots

Browser Shots takes screenshots of your sites in different browsers

Browser Shots generates screenshots of how websites appear at 800×600 and 1024×768 resolution in six commonly used web browsers. Just submit the web address and a group of distributed computers will access and open it, then upload screenshots of the site for you to check out.

13. FavIcon Generator

FavIcon Generator

FavIcon Generator

A favicon (‘favorites icon’) is a small, 16×16 image that’s shown inside the browser’s location bar and bookmark menu when your site is called up. This tool makes it easy to create them for your site.

14. Web-developer toolbar

Web developer toolbar

The Web Developer extension adds a range of handy tools to the browser

This Firefox plug-in feature provides a number of useful tools that web developers use on a day-to-day basis. It’s particularly useful when inspecting your HTTP header information or when you need to validate your XHTML.

15. Load Impact

Load Impact

Load Impact simulates large amounts of traffic to test your site’s performance

A successful website is one that loads faster and quickly. Load Impact is a cloud-based service for load testing and website optimization that generates traffic load by simulating users. In other words it lets you test how your website, web app, mobile app or API will perform with up to 1.2 million concurrent users.

16. Lorem Ipsum Generator

Lorem Ipsum Generator

Lorem Ipsum Generator does exactly what you’d expect

If you’re not impressed with BLOKK (see 10) and want to stick with Lorem Ipsum, this reference site about the subject, giving information on its origins, also includes a random Lorem Ipsum generator.

17. W3c Markup Validation Service

W3c Markup Validation Service

W3c Markup Validation Service checks your documents for conformance to the relevant specification

Validating web documents is an important step that can dramatically help improving and ensuring their quality. This free service from the W3C helps you to check the markup validity of different web documents, in HTML, SMIL, XHTML and MathML and more.

18. Typetester


Take fonts for a spin with Typetester

The Typetester is a browser tool for comparing different kinds of fonts, Choose the typeface you want to test out, along with your chosen size, tracking, colour etc, and Typetester applies it to a set piece of text so you can see what it will look like.

19. Pingdom


Pingdom is a great tool for monitoring your site’s performance

Pingdom is a service that tracks the uptime, downtime, and performance of websites. Upload a full page in HTML and it will mimic the loading process of the entire website, incorporating all the elements (namely JavaScript, RSS, CSS and images), thereby enabling you to check and monitor the efficiency of your site.

20. CSS Sprite Generator

CSS Sprite Generator

CSS Sprite Generator can help improve your site’s performance

By reducing the number of HTTP requests, this tool aims at increasing the loading speed of your website. Images are combined into one larger image at defined X and Y coorindates. Having assigned this generated image to relevant page elements the background-position CSS property can then be used to shift the visible area to the required component image.

100+ Awesome Web Development Tools and Resources



The best and worst thing about being a web developer is that the web is constantly changing. While this is exciting it also means that web developers must always be proactive about learning new techniques or programming languages, adapting to changes, and be willing and eager to accept new challenges. This could include tasks such as adapting existing frameworks to meet business requirements, testing a website to identify technical problems, or optimizing and scaling a site to better perform with the back-end infrastructure.  We thought we would compile a comprehensive list of web development tools and resources that can help you be more productive, stay informed, and become a better developer.

Web Development Tools and Resources for 2017

A lot fo these web development tools below are ones we use at KeyCDN on a daily basis. We can’t include everything, but here are a couple of our favorites and other widely used ones. Hopefully, you find a new tool or resource that will aid you in your development workflow. Note: The tools and resources below are listed in no particular order.

JavaScript Libraries

javascript libraries

Javascript is one of the most popular programming languages on the web. A Javascript library is a library of pre-written Javascript which allows easier access throughout the development of your website or application. For example, you can include a copy of Google’s hosted jQuery library by using the following snippet.
  • jQuery: A fast, small, and feature-rich JavaScript library.
  • BackBoneJS: Give your JS app some backbone with models, views, collections, & events.
  • D3.js: A JavaScript library for manipulating documents based on data.
  • React: Facebook’s Javascript library developed for building user interfaces.
  • jQuery UI: A curated set of user interface interactions, effects, widgets, and themes.
  • jQuery Mobile: HTML5-based user interface system designed to make responsive web sites.
  • Underscore.js: Functional programming helpers without extending any built-in objects.
  • Moment.js: Parse, validate, manipulate, and display dates in JavaScript.
  • Lodash: A modern utility library delivering modularity, performance, & extras.

Front-end Frameworks

web development tools - front-end frameworks

Front-end frameworks usually consist of a package that is made up of other files and folders, such as HTML, CSS, JavasScript, etc. There are also many stand-alone frameworks out there. We are a big fan of Boostrap and the main KeyCDN website is built on it. A solid framework can be an essential tool for front-end developers.

  • Bootstrap: HTML, CSS, and JS framework for developing responsive, mobile first projects on the web.
  • Foundation: Family of responsive front-end frameworks that make it easy to design beautiful responsive websites, apps and emails that look amazing on any device.
  • Semantic UI: Development framework that helps create beautiful, responsive layouts using human-friendly HTML.
  • uikit: A lightweight and modular front-end framework for developing fast and powerful web interfaces.

Web Application Frameworks

web application frameworks

A web application framework is a software framework designed to aid and alleviate some of the headache involved in the development of web applications and services. KeyCDN actually hosts a version of AngularJS, HTTP/2 and CORS enabled, that you can use in your projects completely free. See code below. Full documentation at
  • Ruby: Ruby on Rails is a web-application framework that includes everything needed to create database-backed web applications, with the MVC pattern.
  • AngularJS: Lets you extend HTML vocabulary for your web application. AngularJS is a framework, even though it’s much more lightweight and sometime referred to as a library.
  • Ember.js: A framework for creating ambitious web applications.
  • Express: Fast and minimalist web framework for Node.js.
  • Meteor: Full-stack JavaScript app platform that assembles all the pieces you need to build modern web and mobile apps, with a single JavaScript codebase.
  • Django: High-level Python Web framework that encourages rapid development and clean, pragmatic design.
  • Free, fully supported Web application framework that helps you create standards-based Web solutions.
  • Laravel: A free, open-source PHP web application framework to build web applications on MVC pattern.
  • Zend Framework 2: An open source framework for developing web applications and services using PHP.
  • Phalcon: A full-stack PHP framework delivered as a C-extension.
  • Symfony: A set of reusable PHP components and a web application framework.
  • CakePHP: A popular PHP framework that makes building web applications simpler, faster and require less code.
  • Flask: A microframework for Python based on Werkzeug and Jinja 2.
  • CodeIgniter: Powerful and lightweight PHP framework built for developers who need a simple and elegant toolkit to create full-featured web applications.

Also make sure to check out KeyCDN’s framework integration guides to see how you can implement a CDN with the solutions mentioned above.

Task Runners / Package Managers

build systems task runners

Tasks runners are all about automating your workflow. For example you can create a task and automate the minification of JavaScript. Then build and combine tasks to speed up development time. Package managers keep track of all the packages you use and make sure they are up to date and the specific version that you need.

  • Grunt: JavaScript task runner all about automation.
  • Gulp: Keeps things simple and makes complex tasks manageable, while automating and enhancing your workflow.
  • npm: Pack manager for JavaScript.
  • Bower: A web package manager. Manage components that contain HTML, CSS, JavaScript, fonts or even image files.
  • Webpack: A module bundler for modern JavaScript applications.

Languages / Platforms

programming languages

Behind all the web development tools is a language. A programming language is a formal constructed language designed to communicate with a computer and create programs in which you can control the behavior. And yes we realize some of these might not always be referred to as a language.

  • PHP: Popular general-purpose scripting language that is especially suited to web development.
  • NodeJS: Event-driven I/O server-side JavaScript environment based on V8.
  • Javascript: Programming language of HTML and the web.
  • HTML5: Markup language, the latest version of HTML and XHTML.
  • Python: Programming language that lets you work quickly and integrate systems more effectively.
  • Ruby: A dynamic, open source programming language with a focus on simplicity and productivity.
  • Scala: Scala is a pure-bred object-oriented language allowing a gradual, easy migration to a more functional style.
  • CSS3: Latest version of cascading style sheets used in front-end development of sites and applications.
  • SQL: Stands for structured query language used with relational databases.
  • Golang: Open source programming language that makes it easy to build simple, reliable, and efficient software.
  • Rust: Systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.
  • Elixir: Dynamic, functional language designed for building scalable and maintainable applications.



A database is a collection of information that is stored so that it can be retrieved, managed and updated.

  • MySQL: One of the world’s most popular open source databases.
  • MariaDB: Made by the original developers of MySQL. MariaDB is also becoming very popular as an open source database server.
  • MongoDB: Next-generation database that lets you create applications never before possible.
  • Redis: An open source, in-memory data structure store, used as database, cache and message broker.
  • PostgreSQL: A powerful, open source object-relational database system.

CSS Preprocessors

web development tools - css preprocessors

A CSS preprocessor is basically a scripting language that extends CSS and then compiles it into regular CSS. Make sure to also check out or in-depth post on Sass vs Less.

  • Sass: A very mature, stable, and powerful professional grade CSS extension.
  • Less: As an extension to CSS that is also backwards compatible with CSS. This makes learning Less a breeze, and if in doubt, lets you fall back to vanilla CSS.
  • Stylus: A new language, providing an efficient, dynamic, and expressive way to generate CSS. Supporting both an indented syntax and regular CSS style.

If you are just getting started with a CSS preprocessor you might want to make the transition easier by first using a 3rd party compiler, such as the ones below.

Compiler Sass Language Less Language Mac Windows

Text Editors / Code Editors

text editors code editors

Whether you’re taking notes, coding, or writing markdown, a good text editor is a part of our daily lives!

  • Atom: A text editor that’s modern, approachable, yet hackable to the core. One of our favorites!
  • Sublime Text: A sophisticated text editor for code, markup and prose with great performance.
  • Notepad++: A free source code editor which supports several programming languages running under the MS Windows environment.
  • Visual Studio Code Beta: Code editing redefined and optimized for building and debugging modern web and cloud applications.
  • TextMate: A code and markup editor for OS X.
  • Coda 2: A fast, clean, and powerful text editor for OS X.
  • WebStorm: Lightweight yet powerful IDE, perfectly equipped for complex client-side development and server-side development with Node.js.
  • Vim: A highly configurable text editor built to enable efficient text editing.
  • Brackets: A lightweight and powerful modern text editor; written in JavaScript, HTML and CSS.
  • Emacs: An extensible, customizable text editor with built-in functions to aid in quick modifications of text and code.

Markdown Editors

markdown editors

Markdown is a markup language in plain text using an easy syntax that can then be converted to HTML on the fly. Note: This is different than a WYSIWYG editor. Markdown editors are sometimes referred to as the in-between WYSIWYG and simply writing code.

  • StackEdit: A free online rich markdown editor.
  • Dillinger: An online cloud-enabled, HTML5, buzzword-filled Markdown editor.
  • Mou: Markdown editor for developers on Mac OS X.
  • Texts: A rich editor for plain text. Windows and Mac OS X.

Some of the text editors we mentioned above also support markdown. For example, there is a markdown preview package for atom.



Almost every web developer, especially front-end developers will at some point or another need icons for their project. KeyCDN actually hosts a version of Font Awesome, HTTP/2 and CORS enabled, that you can use in your projects completely free. See code below. Full documentation at
  • Font Awesome: Scalable vector icons that can instantly be customized — size, color, drop shadow, and anything that can be done with the power of CSS.
  • IconMonster: A free, high quality, monstrously big and continuously growing source of simple icons. One of our favorites!
  • Icons8: An extensive list of highly customizable icons created by a single design team.
  • IconFinder: Iconfinder provides beautiful icons to millions of designers and developers.
  • Fontello: Tool to build custom fonts with icons.

Git Clients / Services

git clients

Git is a source code management system for software and web development known for distributed revision control. When working with teams, using a git client to push code changes from dev to production is a way to maintain the chaos and ensure things are tested so they don’t break your live web application or site.

  • SourceTree: A free Git & Mercurial client for Windows or Mac. Atlassian also makes a pretty cool team Git client called Bitbucket.
  • GitKraken (Beta):  A free, intuitive, fast, and beautiful cross-platform Git client.
  • Tower 2: Version control with Git – made easy. In a beautiful, efficient, and powerful app.
  • GitHub Client: A seamless way to contribute to projects on GitHub and GitHub Enterprise.
  • Gogs: A painless self-hosted Git service based on the Go language.
  • GitLab: Host your private and public software projects for free.

Local Dev Environments

local dev environment

Depending upon what OS you are running or the computer you currently have access to, it might be necessary to launch a quick local dev environment. There are a lot of free utilities that bundle Apache, mySQL, phpmyAdmin, etc. all together. This can be a quick way to test something on your local machine. A lot of them even have portable versions.

  • XAMPP: Completely free, easy to install Apache distribution containing MariaDB, PHP, and Perl.
  • MAMP: Local server environment in a matter of seconds on OS X or Windows.
  • WampServer: Windows web development environment. It allows you to create web applications with Apache2, PHP and a MySQL database.
  • Vagrant: Create and configure lightweight, reproducible, and portable development environments.
  • Laragon: A great fast and easy way to create an isolated dev environment on Windows. Includes Mysql, PHP Memcached, Redis, Apache, and awesome for working with your Laravel projects.

Diff Checkers

diff checkers

Diff checkers can help you compare differences between files and then merge the changes. A lot of this can be done from CLI, but sometimes it can be helpful to see a more visual representation.

  • Diffchecker: Online diff tool to compare text differences between two text files. Great if you are on the go and quickly need to compare something.
  • Beyond Compare: A program to compare files and folders using simple, powerful commands that focus on the differences you’re interested in and ignore those you’re not.

A lot of the free text editors we mentioned above also have plugins or extensions which allow you to diff or compare your files.

Code Sharing / Experimenting

code sharing

There is always that time when you are on Skype or Google hangout with another developer and you want him or her to take a quick look at your code. There are great team tools for sharing code like Slack, but if they aren’t a member of your team there are some great quick alternatives. Remember not to share anything secure.

  • JS Bin:  Tool for experimenting with web languages. In particular HTML, CSS and JavaScript, Markdown, Jade and Sass.
  • JSfiddle: Custom environment to test your JavaScript, HTML, and CSS code right inside your browser.
  • codeshare: Share code in real-time with other developers.
  • Dabblet: Interactive playground for quickly testing snippets of CSS and HTML code.

Collaboration Tools

dev collaboration tools

Every great development team needs a way to stay in touch, collaborate, and be productive. A lot of teams work remotely now. The team at KeyCDN is actually spread across many different continents. Tools like these below can help employees streamline their development workflow.

  • Slack: Messaging app for teams that is on a mission to make your working life simpler, more pleasant, and more productive. One of our favorites, we use this at KeyCDN!
  • Trello:  Flexible and visual way to organize anything with anyone. We also use this as KeyCDN.
  • Glip: Real-time messaging with integrated task management, video conferencing, shared calendars and more.
  • Asana: Team collaboration tool for teams to track their work and results.
  • Jira: Built for every member of your software team to plan, track, and release great software or web applications.


developers inspiration

We all need inspiration at some point or another. For front-end developers especially, from time to time, it can be beneficial to check out what other people are doing. This can be a great source of inspiration, new ideas, and making sure your web application or site doesn’t fall behind the times.

  • CodePen: Show off your latest creation and get feedback. Build a test case for that pesky bug. Find example design patterns and inspiration for your projects.
  • Dribble: A community of designers sharing screenshots of their work, process, and projects.

Website Speed Test Tools

website speed test tools

The speed of a website can be a critical factor to its success. Faster loading websites can benefit from higher SEO rankings, higher conversion rates, lower bounce rates, and a better overall user experience and engagement. It is important to take advantage of the many free tools available for testing website speed.

  • Website Speed Test:  A page speed test developed by KeyCDN that includes a waterfall breakdown and the website preview.
  • Google PageSpeed Insights: PageSpeed Insights analyzes the content of a web page, then generates suggestions to make that page faster.
  • Google Chrome DevTools: Set of web authoring and debugging tools built into Google Chrome.
  • WebPageTest: Run a free website speed test from multiple locations around the globe using real browsers (IE and Chrome) and at real consumer connection speeds.
  • Pingdom: Test the load time of that page, analyze it and find bottlenecks.
  • GTmetrix: Gives you insight on how well your site loads and provides actionable recommendations on how to optimize it.

You can see a more in-depth list on our post about website speed test tools.

Web Development Communities

web development communities

Every web developer has been there. They have a problem and what do they do? Well, they go to Google to find a quick answer. The web offers so much content right at our fingertips that it makes it easy to diagnose and troubleshoot problems when they arise. Check out a few good web development communities below.

Web Development Newsletters

web development newslettersThe last thing you probably need is another newsletter subscription. But these guys handpick some of the best web development and performance topics from around the web so you don’t have to!

  • A handcrafted, carefully selected list of web development related resources. Curated and published usually every week.
  • A weekly newsletter for Web developers focusing on web operations, infrastructure, deployment of apps, performance, and tooling, from the browser down to the metal.
  • web tools weekly: A front-end development and web design newsletter with a focus on tools. Each issue features a brief tip or tutorial, followed by a weekly round-up of various apps, scripts, plugins, and other resources.
  • A weekly reading digest for front-end developers and UX designers.
  • Smashing Magazine is an online magazine for professional web designers and developers. Useful tips and valuable resources, sent out every second Tuesday.
  • front-end dev weekly: Front-end developer news, tools and inspiration hand-picked every week.
  • friday front-end: Front-end development links tweeted daily, emailed weekly.
  • /dev tips: Receive a developer tip, in the form of a gif, in your inbox each week.

And of course, you can subscribe to our newsletter if you haven’t already on the right hand side of this post.


As you can see there are hundreds of web development tools and resources available to help streamline your development workflow and hopefully aid you in being more productive. Again we can’t list every tool or resource, but if we forgot something important, feel free to let us know below in the comments.