- Make security checks a reccuring activity
- Use secure connection
- Configure software with security in mind
- Don't commit secrets to the repository
- Check application dependencies
- Make it harder for attackers to guess about your application
- Research and use the tools that already available
- Use automatic tools to check your application
- Don't trust user input and sanitize it
- Protect user data by requesting only what necessary
- Disallow everything, and granually add permissions as they are required