Skip to main content

front-end security practice

  • Awareness: Recognize that this issue is not solely a backend problem, though the backend is where it is implemented.
  • While staff developers might not need to focus on this, managers should pay attention to avoid significant risks. At the very least, understand how big the hidden problems is.
  • The overall approach includes several aspects:
  • Prevent arbitrary data access. This includes restrictions like cookies, CSP (Content Security Policy), allow-origin policies, and strong passwords.
  • Validate and sanitize both input and output data.
  • Prevent unrestricted access. This includes using sessions, rate limiters, etc.