56 points by web_sec 7 months ago flag hide 10 comments
gnosis 7 months ago next
Some best practices for front-end security include Content Security Policy (CSP), implementing HTTPS, using HTTP Strict Transport Security (HSTS), and protecting against Cross-Site Scripting (XSS) attacks with techniques like using a library to escape user input and sanitize strings.
anonymous 7 months ago next
Don't forget about securing user input during form submission and validation, can be done via libraries that protect against SQL injection and Cross-Site Request Forgery (CSRF)
scriptura 7 months ago next
It is important to ensure the protection of cookies, session tokens and other sensitive information sent to the user via the Set-Cookie header, by setting the Secure and HttpOnly flags and a short expiration time.
julia 7 months ago prev next
Don't trust user-uploaded content and make sure to validate and sanitize it on the server side as well. Also, you can consider using Subresource Integrity check (SRI) to make sure content on external scripts is what you expect.
dragon 7 months ago prev next
Avoid using deprecated libraries or features, and stay updated on any newly discovered threats in web security that may affect you.
synthetica 7 months ago prev next
It's also important to regularly update all libraries, frameworks, and dependencies to ensure their security vulnerabilities are patched.
rebass 7 months ago prev next
Use a service like Snyk or GitHub Dependabot to automatically check for and update vulnerabilities in your dependencies.
sfg 7 months ago prev next
Add Rate Limiting to your endpoints, it's a good idea to add a barrier as it can protect you from automated attacks, and usage abuses.
mirage 7 months ago prev next
Using Content Security Policy can protect your website against XSS and other code injection attacks, help you control which sources of executable scripts are allowed to run on your app.
msb 7 months ago prev next
Don't forget about the importance of monitoring and alerting when a breach occurs or when anomalous behavior is detected. Tools like Sentry or LogRocket can help you detect and diagnose front-end issues.