Security Tips
Security Tip: Cryptographically Secure Randomness
[Tip#19] Because all randomness should be cryptographically secure.
Security Tips
Security Tip: Keep Dependencies Updated
[Tip#18] Dependencies are security risks, especially if you have a lot of them or don't keep them updated...
Security Tips
Security Tip: Don't Hardcode Admin Emails
[Tip#17] It's easy to forget to update the admins list when it changes...
Security Tips
Security Tip: Avoid Open Redirects!
[Tip#16] Ever clicked a link that looked legitimate, but took you somewhere unexpected?
Security Tips
Security Tip: Be Careful Of Transliteration
[Tip#15] Since we don't have enough weird edge cases to worry about in security, here's one more: Transliteration allows you to bypass security checks when services like MySQL do magical translation without telling you! 😱
Security Tips
Security Tip: Use Subresource Integrity on Your Resources!
[Tip#14] What is Subresource Integrity and why is it so important for securing your site?
Security Tips
Security Tip: Should You Block Compromised Passwords?
[Tip#13] Blocking Compromised (Pwned) Passwords forces your users to use strong passwords, but is it the right choice for your app?
Security Tips
Security Tip: Rate Limit Your Login Forms!
[Tip#12] It's easy to guess passwords if your app doesn't rate limit attempts...
Security Tips
Security Tip: Default Password Rules
[Tip #11] Why duplicate password validation rules across your app when you can define defaults once?
Security Tips
Security Tip: Selectively Stage and Commit Changes
[Tip#10] You should always selectively stage changes, to avoid committing secrets or debug code and pushing to prod.
Security Tips
Security Tip: Publish a security.txt!
[Tip #9] security.txt is a simple way to share your security contacts to make vulnerability reporting easier.
Security Tips
Security Tip: Sensitive Model Attributes
[Tip #8] We need to be careful of sensitive data and where it gets passed around, especially when it relates to models and Javascript.