The non-negotiable controls for any app facing the internet.
dana-sec/web-app-security-baseline · v1
The single most effective XSS mitigation.
Never build SQL by string concatenation.