The full landscape of web development skills can be overwhelming, especially for new web developers. If we distill all of this knowledge into five essential skills that are needed to be a professional web developer, regardless of your framework and toolset of choice, what would they be?
Every web developer needs to know about security. The best place to start is the OWASP top ten, which should be required reading. Web developers should take time to go through the list. Learn about each vulnerability and how it can be avoided. Think about any of your own code that might be vulnerable. Revisit the list frequently.
Good frameworks make it easier for the developer to be secure by default. For example, in Ruby on Rails, Active Record by default will perform parameterized database queries, helping to remove SQL injection vulnerabilities. Ruby on Rails also helps with CSRF protection when using the built-in form helpers, by placing a hidden input field in your form that the server recognizes and must receive in order to submit the form.
In addition to the OWASP top ten, take some time to learn about the hashing and salting technique to encrypt user passwords. Though you hopefully aren't writing your own authentication, hashing and salting is a common technique and it's worthwhile to spend some time understanding how it works.
Finally, think about what information you shouldn't be collecting. Do you really need to store that credit card number? Think about what information shouldn't be persisted to logs, as that is an easy area to overlook.
It goes without saying that users prefer fast websites over slow websites. Every web developer should learn the basic techniques for running a fast website.
One great tool for checking how your site is performing on the client side is the Page Speed Insights tool from Google
On the server side, learn about the big performance offenders. In Ruby on Rails, two of the biggest performance bottlenecks are N+1 queries and blocking processes. Rails developers should learn how to recognize, then rewrite N+1 queries in a more performant way. Rails developers should also learn how to push blocking processes off to a background job.
As far as tooling goes, New Relic has great tools for identifying server-side issues for many of the popular frameworks.
In the early days of building websites, there wasn't much choice but to understand how HTTP worked. Later on, certain web frameworks, such as Microsoft's Web Forms, and certain protocols, such as SOAP, hid much of the underlying plumbing. Today we've swung back toward embracing HTTP. Ruby on Rails for example, provides a ton of convenience on top of HTTP, while fully embracing the protocol. For example, by default, Rails uses the correct HTTP verbs and response status codes, and working with resources is done in a RESTful manner.
As a web developer it's important to learn HTTP. Learn the different request headers, response codes, HTTP verbs, and how your framework makes use of them. Learn how caching makes use of the headers, and how they can be tweaked for performance.
Tools such as Chrome Developer Tools web inspector make it easy to dive in and learn what is going on at the HTTP layer, and is time well spent.
There are so many tools and technologies available for web developers, and more appear every single day. One of the essential skills of any web developer, is to navigate the new tool ecosystem.
Before you know if a tool can help you, you need to know that it exists. There are great newsletters, podcasts, Twitter feeds, and conference videos to help you stay on top of the latest news. Find the news source that best fits into your schedule, style, and technology stack, and stay on top of it.
One you know about the new and shiny, have a methodology to determine whether a new tool will really improve your workflow as a developer, or if the new tool is simply trendy. This skill comes with experience, practice, and thinking about real-world needs.
As web developers we plug into all kinds of external services to help us build compelling products. It's hard to imagine an interesting web application that doesn't make use of some type of API. Developers often use payment providers like Stripe, error monitoring services like New Relic, or Honeybadger, SMS services like Twilio, even authentication providers like Facebook or Twitter. Or, perhaps you need to pull in interesting data for analysis from a government or third party data source.
As web developers, it is essential that we learn to consume web services in all of their various formats. Some services provide a language-specific library to wrap the web service calls, some rely purely on REST, or even SOAP. Some services provide web hooks to communicate back when specific events occur. Being comfortable in whatever method of communication the service uses is an essential skill.
In addition it's important to learn how to properly test the pieces of our application that rely on a given web service. What happens when a given web service is down or failing? Having a backup plan for critical services, and the ability to test those plans is part of this essential skill.
There is an overwhelming amount of knowledge needed to be a web developer today. Knowing what skills are essential can be very tricky and isn't obvious. Hopefully this list provided insight into skills that web developers should have, or be working to acquire.