Web security best practices

Written by Kees van Dieren

Web security best practices

A short overview of web security best practices for public web applications.

Web security check list

The following checklist can be used as baseline for web security.

• Use a Content-Security-Policy with report uri
• Use Subresource Integrity for external resources
• All Ports must be closed for the internet except 443 and 80
• All requests to port 80 must redirect to port 443
• Use HTTPS only for all web traffic
• Sent security related HTTPS response headers, verify with securityheaders.com
• Use whitelist of headers, permit only headers defined on the white list.
• Use Google Search Console to receive security-related alerts from Google once they detect them.
• SSL Labs should rate domain with score ‘A’
• Verify against the OWASP Top Ten regularly.
• Check regularly, in an automated way, for vulnerabilities of third-party libraries, using ossindex.sonatype.org integrations.

Web security links

• Web security fundamentals by Google to learn more about web security.
• Web security tools useful tools to analyse security of existing web applications.

Contact

Have some remarks, or need help implementing security? Get in touch by sending an email to info@squins.com

Posted in:  Security  Web 

Kees van Dieren, CEO

We've years of experience helping startups and scale-ups to work more efficient by creating apps that are fit their needs.

Let’s talk. We look forward to exploring the opportunity to help your company too.

Email address

Phone

Your project

Send

Go ahead and send us a message. We look forward to exploring the opportunity to help you too.