Show HN: A Minimum Viable Security Checklist for Web Apps blog.hartleybrody.com 6 points by hartleybrody 8 years ago · 1 comment Reader PiP Save dbielik 8 years ago Make sure any session/auth cookies are httpOnly too!