Member-only story
Web Security Fundamentals
6 min readOct 8, 2020
Looking for a great Software Engineer? Or just feel like having a chat? Visit my profile on LinkedIn and say hi! 😃
If you enjoy this article, please hit the clap button 👏🏻 so that someone at FAANG who read it thinks I’m cool and offers me a sweet dev job! 😉
Much of this content came from LinkedIn Learning’s fantastic course.
General Security Recommendations
- Validate & Sanitize inputs and outputs
- Provide a Content Security Policy (CSP)
- Use cookie settings like HttpOnly, Secure, and Expire
- Always use HTTPS
- Mark session cookies as Secure Cookies
- Force the User to perform an additional step for sensitive actions like changing passwords, wiring money, etc. Examples for this extra step are entering an SMS-sent code, or going to a confirmation page and forcing the User to click a Confirm button, etc.
Good Housekeeping Rules for Security
- Update your software regularly
- Apply security patches ASAP when the come out
- Back up your data so that it stays available, even if you suffer an attack
- Secure your domain ownership settings with…
