- cross-posted to:
- programming@programming.dev
- cross-posted to:
- programming@programming.dev
These tips cover various aspects of web application security, but remember that security is an ongoing process. Stay informed about the latest threats and regularly update your security practices.
There are some good points in it but the list feels poorly written as it contains very general tips which feel like fluff to increase the article length like:
Protect the client-side against attacks.
Or just wrong stuff like:
Validate all server-side input data.
If you can trust someone, it's the server. You should validate data coming from the client on the server side.
Some things even contradict each other like
Implement strong authentication, such as two-factor authentication (2FA).
And
Use secure authentication mechanisms such as OAuth.
Assuming your app is an OAuth client, you have no say in how the identity provider identifies the user.
Good point, but even better than
Monitor file and source code integrity.
is having the application source code read-only, ideally owned by another user to avoid the confused deputy problem.