Web Design trends for the current year 2015

Every year, Web design grows and so many awesome things are being published daily. While many of those trends will still be around in 2015 (and probably 2016), it’s time to see what new trends are likely to emerge in 2015.

Let’s see what some of the web’s smartest thinkers reveal what they believe will transform the web.

In 2014, the biggest web design trends included: grid layouts, flat design, background videos, and the increasing capabilities of HTML5 APIs.

So which trends, technologies and techniques will define 2015?

1.       Longer scrolling sites : As mobile devices become more popular, it’s becoming more commonplace for sites to opt for scrolling instead of linking as a means to display content, especially on their home pages. It is easier for users to simply scroll through a page to get their information than it is to constantly click to find information.

2.       Parallax Scrolling: One big web design trend of the moment is parallax scrolling, which involves the background moving at a slower rate to the foreground, creating a 3D effect as you scroll down the page. It can sometimes be overwhelming, but when used sparingly it can provide a nice, subtle element of depth.

3.       Ghost Buttons: Ghost buttons are those transparent and empty buttons that have a basic shape form, such as a rectangular or perhaps squared. They are generally bordered by a very thin line, while the internal section consists of plain text printed in a light, sans-serif font.

These buttons, are also sometimes referred to as “empty” of “hollow” buttons, and tend to be bigger than standard colored buttons.

The attribute ‘ghost’ is due to the fact that, although they’re transparent as phantoms, they immediately grab the users’ gaze — almost in the way a ghost story can transfix your gaze.

Indeed a beautiful hollow button performs the neat magic trick of both merging itself seamlessly within a site, but, if set in a proper background and position, it can very successfully attract the users’ eyes.

4.       Absence of large header background images: The trend over the last few years have been large header background images, often with text on top, and it is the first thing most visitors see when they come to a site. Some recent site designs have decided to buck this trend by keeping their large headers, but making them background-image free. As a fact removal of large image will increase the performance of the website and its speed.

5.       Bigger Emphasis on Typography: Traditionally web type-kits that allowed for beautiful fonts and typefaces to be used on websites have been expensive. Meaning that sites leaning heavily on typographic design tended to require larger budgets–leaving the small guys (and most WordPress users) out of the fun. That however, is changing. Type kits are becoming more affordable (or free in the case of Google Fonts) and that means there is more freedom for designers working with a smaller budget to bring their typography skills to the web design table. Website Development India

6.     Rise of Flat design: Flat design has achieved a lot of momentum over the last year or two and it appears to have staying power into 2015. However, it might be possible that as a concept, flat design is growing up. Perhaps into material design.  So, what is material design?

Material design is something Google unveiled this year as their new direction for mobile (and design in general). “Material,” to quote their brief, “is the metaphor. A material metaphor is the unifying theory of rationalized space and a system of motion. Our material is grounded in tactile reality, inspired by our study of paper and ink, yet open to imagination and magic.”

To know more about our web and mobile development service visit http://evincetech.com.
For more information, please contact us with the specifications for your project. You can email our sales team at info@evincetech.com, also you can call us at following numbers.
India: (+91) 44 42170775, (+91) 91766 40375
USA [Toll Free]: 866 220 6565

5 Important Features of Android Lolipop

There’s no operating system that can be called perfect. Despite the fact that Android leads the mobile OS game, running on 84% of smartphones globally, it’s known to have some rough edges. With the latest version of Android, called Lollipop, Google aims to smoothen these rough edges with plenty of design improvements, new features and security upgrades.

Google’s latest mobile operating is now making its way to a variety of smart phones and tablets. Android 5.0 Lollipop completely revamps the look and feel of the operating system, and includes a number of new features and enhancements. Android Lollipop is absolutely PACKED with new features.

Below are listed a few features of this new version:

  1. Material Design: It is the fresh look, dubbed “Material” by Google. While there are some similarities between Material and the look of “stock”, the designers are clearly forging a new path here, in purely aesthetic terms. The flatness seen in KitKat is still present and correct, but it comes with a twist: realism. Animation is going to play a big part in the new design, and Android Lollipop will adopt real-time shadows to give its interface more depth and make it look a little more dynamic.Mobile Application Development Chennai The shadows are there because Android Lollipop will make much more use of layers in the UI, allowing developers to do all kinds of visual customisation within their apps.
  2. New lock screen: Notifications are now displayed front and centre on the screen. They can be swiped either to the left or to the right to be dismissed, or you can double tap them to jump right into an app. A simple swipe up from the bottom will unlock your stock Android device, while sliding your finger from left to right will open the phone app and a swipe from right to left will open the camera.

3. Get longer battery life with battery-saver mode: This feature is great for those times your battery is running low and you just can’t seem to find a charger. In fact, Google claims that enabling the battery-saver mode on Android 5.0 Lollipop will extend your device by up to 90 minutes.

4. Priority Mode : This lets you setup an environment on your phone where you’ll only be served certain notifications when you’re busy working on something. It’s a method of streamlining what can and can’t come through to you so you won’t be disturbed. When you set up Priority mode, Android asks you which applications you’d like to allow in a handy drop down menu. It also lets you set up a timer for the mode too, so if you’re only busy for an hour, just set it for an hour and it’ll revert back to normal once that time is up. Priority is an awesome feature that lets you keep in contact with important stuff while blocking out all the usual guff your phone normally bothers you with.

5. Right information at the right moment: With Lollipop, your tablet shows your inbox alongside the message that you have open, while your watch shows new emails as they arrive.

To know more about our web and mobile development service visit http://evincetech.com.
For more information, please contact us with the specifications for your project. You can email our sales team at info@evincetech.com, also you can call us at following numbers.
India: (+91) 44 42170775, (+91) 91766 40375
USA [Toll Free]: 866 220 6565

Web application vulnerable and prevention

SQL Injection :

SQL injection is a technique where malicious users can inject SQL commands into an SQL statement, via web page input.A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database.

Any business affected by an SQL Injection would need to take steps quickly to rectify the issue. The loss of personal data, financial information and other aspects can cause a great deal to harm a company’s reputation. That is why it’s crucial to be forewarned and protected against such threats before they occur.

To Avoid SQL Injection:

SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL. Website Development India

Using PDO and MySQLi

1) Parametrized queries using bound, typed parameters.
2) Careful use of parametrized stored procedures.

Broken Authentication & Session Management

Broken Authentication and Session Management attacks are anonymous attacks generated to try and retrieve passwords, user IDs, account details and other information.

OWASP lists seven reasons an application may be vulnerable:

User authentication credentials aren’t protected when stored using hashing or encryption.
Credentials can be guessed or overwritten through weak account management functions.
Session IDs are exposed in the URL.
Session IDs are vulnerable to session fixation attacks.
Session IDs don’t timeout, or user sessions or authentication tokens, particularly single sign-on tokens, aren’t properly invalidated during logout.
Session IDs aren’t rotated after successful login.
Passwords, session IDs and other credentials are sent over unencrypted connections.

To prevent  Broken Authentication & Session Management

To prevent these types of vulnerabilities from occurring in your application, developers should first ensure that SSL is used for all authenticated parts of the application. In addition, verify that all credentials are stored in a hashed form.

1) Avoid cookiesless session
2) Look into IP Checking
3) Use SSl
4) Expire session early and often
5) Double- check passwords on certain activities

XSS (Cross Site Scripting)

XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

When information is sent to web service providers such as banks or online stores, webmasters, or website owners, an attacker can interrupt the transfer process and extract this valuable information. This can all be done seamlessly without either the website owner/provider or the client having knowledge of the attack.

Data loss, misleading content and other issues cause massive amounts of damage to a company’s reputation and can severely stain the brand if left untreated.

To prevent  XSS (Cross Site Scripting)

Data Validation
Data Sanitization
Output Escaping

  • Never pass data from untrusted origins into output without either escaping or sanitising it.
  • Never forget to validate data arriving from an untrusted origin using relevant rules for the context it’s used in.
  • Remember that anything not explicitly defined in source code has an untrusted origin.
  • Remember that htmlentities() is incompatible with XML, including HTML5′s XML serialisation – use htmlspecialchars().
  • Always include ENT_QUOTES, ENT_SUBSTITUTE and a valid character encoding when calling htmlspecialchars().
  • Never use htmlspecialchars() as the primary means of escaping Javascript, CSS or URL parts.
  • Never use json_encode() to escape Javascript strings unless using PHP 5.3 and RTFM.
  • Use rawurlencode() to escape strings being inserted into URLs and then HTML escape the entire URL.
  • Never ever pass escaped or sanitised data from untrusted origins into a Javascript execution context: a string later executed as Javascript.
  • Validate all complete URLs if constructed from untrusted data.
  • Never validate URLs using filter_var(). It doesn’t work and allows Javascript and Data URIs through.
  • Never include resources loaded over unsecured HTTP on a page loaded over HTTPS.
  • Sanitise raw HTML from untrusted origins using HTMLPurifier before injecting it into ouput.
  • Sanitise the output of Markdown, BBCode and other HTML replacements using HTMLPurifier before injecting it into output.
  • Remember that HTMLPurifier is the only HTML sanitiser worth using.
  • Adopt the Content Security Policy (CSP) header and abandon the use of inline CSS and Javascript where feasible.
  • Always transmit, with content, a valid Content-Type header referencing a valid character encoding.
  • Ensure that cookies for use solely by the server are marked HttpOnly.
  • Ensure that cookies which must only be transmitted over HTTPS are marked Secure.
  • Always review dependencies and other third party code for potential XSS vulnerabilities and vectors.

 

To know more about our web and mobile development service visit http://evincetech.com.
For more information, please contact us with the specifications for your project. You can email our sales team at info@evincetech.com, also you can call us at following numbers.
India: (+91) 44 42170775, (+91) 91766 40375
USA [Toll Free]: 866 220 6565