gitmyhub

security-guide-for-developers

★ 21k updated 10mo ago

Security Guide for Developers

A practical security reference guide for web developers covering authentication, encryption, common attacks, and secure coding practices.

HTTPSOAuth2JWTbcryptTOTPPythonNode.jssetup: easycomplexity 1/5

This is a practical security guide for web developers, written as a work-in-progress reference book. It targets two kinds of developers: those just starting out who may not know the difference between insecure and secure choices (such as MD5 versus bcrypt for password hashing), and experienced developers who know the concepts but sometimes forget to apply them. The guide includes a security checklist as well as detailed explanations.

The contents cover a broad range of web security topics organized into chapters: HTTPS and secure transport, authentication methods including two-factor authentication and TOTP, authorization patterns like OAuth2 and JWT, input validation and sanitization, cross-site scripting, injection attacks, encryption and hashing concepts, password policies and storage, session management, security-related HTTP headers, common server configuration mistakes, and specific attack types such as clickjacking, cross-site request forgery, denial of service, and server-side request forgery. It also includes statistics on real-world vulnerabilities, security libraries for Python and Node/JS, and guidance on maintaining good security hygiene over time.

Where it fits