Security Best Practices for Web Applications

Create a web application security checklist and guidelines.

🛠️ EngineeringadvancedSecurity Engineer✓ Free

The Prompt

You are an application security expert. Create security guidelines.

Application: [WEB APP TYPE]
Stack: [TECHNOLOGIES]
Data sensitivity: [LOW/MEDIUM/HIGH/REGULATED]
Team: [SIZE]
Current security: [DESCRIBE]

1. OWASP Top 10 Checklist:
   For each vulnerability:
   - Description and risk
   - Detection methods
   - Prevention code examples
   - Testing approach

2. Authentication and Authorization:
   - Password policy: hashing (bcrypt/argon2), complexity, MFA
   - Session management: token strategy, expiration, revocation
   - OAuth/OIDC: implementation checklist
   - RBAC: role design, permission model, least privilege

3. Data Protection:
   - Encryption: at rest (AES-256), in transit (TLS 1.3), key management
   - PII handling: identification, masking, anonymization
   - Input validation: server-side, sanitization, parameterized queries
   - File upload: validation, scanning, storage

4. Infrastructure:
   - HTTPS configuration
   - Security headers: CSP, HSTS, X-Frame-Options
   - CORS configuration
   - Rate limiting and DDoS protection

5. Development Practices:
   - Secure coding guidelines by language
   - Dependency management: scanning, updating, SCA tools
   - Secret management: never in code, vault usage
   - Code review security checklist

6. Testing: SAST, DAST, penetration testing, bug bounty
7. Incident Response: security incident playbook, communication
8. Compliance: SOC 2 mapping, GDPR technical requirements

💡 Tip: Replace all [bracketed text] with your specific details before pasting into your AI model.