Ask HN: Security Practices in Side Projects?
I try to always keep security in mind when working on my side projects, but can't shake the feeling that I am obliviously committing grave mistakes.
What are some of your favorite resources for trustworthy general-purpose security best practices?
To clarify, I am looking to better understand appropriate practices for things like password hashing & storage and authentication token generation, and considerations that should be taken when running a web server. My concern come from the fact that I don't know what I don't know. In general work, try applying a threat modeling framework to guide your security measures. I like STRIDE: https://en.m.wikipedia.org/wiki/STRIDE_(security) Other than that, there a lot of best practices for each framework on Medium or other blogs. Also, never store credentials in code, separate prod from dev, and apply patches regularly. private repos aren’t private