Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
okkimus2406180dValidate all inputs. Validate stuff on server. Don't use technology that isn't maintained security wise.
groot552180dXSS, html escape everything while storing or presenting.. validate all forms .. read the owasp guide to prevent such things.. pretty much standard if you are using any good framework which takes care of this for you.
zlice3241180dwhy are your rants homework questions? -.-
sathya741343180dJust using Dev rant for what it is meant to used.
njpugh90717180dDon't rely on client side validation, easy to bypass, if you want some client side validation as someone fills a form out, make sure you check when it gets to the server as well.
d4ng3r0u54087180dsql injection (similar attacks are possible with meteor/mongo if you don't check params to methods)
shit password storage algorithms (try not to roll your own authentication in general)
shit admin passwords
not enforcing ssl (more a problem for the users)
exposing secret api keys
no or wide-open spf/dkim/dmarc policies, enabling phishing
server admin stuff
ganjaman43088180dHiring developers who can use google
marci0101011549180dNever trust client.
ilPinguino1996179dHit at least staging, if possible Dev too, with w3af, zap or something similar. Don't go to production while it still finds something... That won't replace a proper pentest, but the absolutely basic and obvious security issues will be identified.
Your Job Suck?
Take a quick quiz from Triplebyte to skip the job search hassles and jump to final interviews at hot tech firms
Get a Better Job