Last week I made this thread:
What are some fundamentals of security every developer should understand?
...
For further actions, you may consider blocking this person and/or reporting abuse
Of course, thanks to all the dev.to folks that chime in on these kinds of threads. This kind of willing wisdom sharing is such a big part of what makes the dev.to community special. 😇
Regarding prepared statements. Look into what your driver does with them.
Some drivers just concatenate the strings (no protection at all), others do a sanitised concatenation, the best send it to the server to compile and then send the parameters to the server in separate calls (best).
Know what your driver does! Don't assume.
(Also don't rely on this mechanism.. CHECK YOUR INPUTS!)
These are great. Here is my 2-cents to add to your list:
This has some good overlap with your items and a few others to add:
Web Developer Security Checklist: dev.to/powerdowncloud/web-develope...
Would be a good to point out essential maturity of security development.
Thanks for posting this. I learned a lot, and the Darkwing Duck image just about triples the credibility of the advice here.
What are your thoughts about access-controlled documentation and restricting libraries with known vulnerabilities (CVEs)?
Corollary: You cannot prove a negative as in "not malicious".
thanks
The secure apps or Web is no code. Seriously: github.com/kelseyhightower/nocode