SF
evan-sre/web-app-security-baseline
/
Sign in
© 2026 SetForkExploreAboutSource codeContactTermsPrivacy

Web app security baseline

The non-negotiable controls for any app facing the internet.

evan-sre/web-app-security-baseline · v1

0 0 v1
evan-srev13 hours ago 1
•
Enforce HTTPS and set HSTS
•
Set a Content-Security-Policy

The single most effective XSS mitigation.

$Content-Security-Policy: default-src 'self'
•
Validate and encode all user input/output
•
Use parameterized queries everywhere

Never build SQL by string concatenation.

•
Rate-limit auth and other abusable endpoints
•
Keep dependencies patched (automate it)
About

The non-negotiable controls for any app facing the internet.

securitywebappsec
0 stars 0 forks Releases: v1Latestmaintained by Evan Wright
Contributors 1

web-app-security-baseline

v1 Public
Star 0
Suggest edit
List Issues Suggestions Versions