- cross-posted to:
- programming@lemmy.ml
- cross-posted to:
- programming@lemmy.ml
These tips cover various aspects of web application security, but remember that security is an ongoing process. Stay informed about the latest threats and regularly update your security practices.
There are some good points in it but the list feels poorly written as it contains very general tips which feel like fluff to increase the article length like:
Or just wrong stuff like:
If you can trust someone, it’s the server. You should validate data coming from the client on the server side.
Some things even contradict each other like
And
Assuming your app is an OAuth client, you have no say in how the identity provider identifies the user.
Good point, but even better than
is having the application source code read-only, ideally owned by another user to avoid the confused deputy problem.