Web Application Security Checklist

HTTPS (Browser Security Certificate)

  • Is there a certificate (HTTPS)? No. Set it up!
  • Advantages:
  • Disadvantages:
    • None

 

HTTP Headers

  • CSP (content-security-policy)

Resources

 

HTTP Cookies

  • SameSite: SameSite cookies let servers require that a cookie shouldn’t be sent with cross-site requests, which somewhat protects against cross-site request forgery attacks (CSRF). SameSite cookies are still experimental and not yet supported by all browsers.
  • HttpOnly: cookie attribute can help to mitigate an XSS attack by preventing access to tje cookie value through JavaScript.
  • Secure: Tells the browser to use a secure protocol (HTTPS) for sending the cookie to the server.

Resources:

 

HSTS (HTTP Strict Transport Security)

 

 

 

XSS (Cross Site Scripting)

 

 

CSRF (Cross-Site Request Forgery)

 

 

Sub-Resource Integrity (SRI)

 

 

SQLI (SQL Injection)

 

 

Brute Force Attacks

 

 

Account Enumeration

 

 

Resource Enumeration