Tag Archives: xss

Web application security

Below are some security checklist for a web application.

  1. Login screen
    1. to avoid brute force attack, display captcha after 3-5 attempts from same IP
    2. enforce longer password more than 8
  2. Registration (or open form)
    1. display captcha for all form to submit
  3. SSL is a must. free or paid
  4. displaying primary id for table in URL must be avoided, use other ID instead. E.g. a secure id consisting of unique 10 randomized alphanumeric