Security best practices

Security is a never-ending battle. There are countless ways that a given application can be exploited. As engineers, our job is to minimize the attack vectors available to attackers. We can never cover all of the holes, but it is still our duty to try. What follows is a non-exhaustive list of security best practices that will help to keep your application as secure as possible.

Use TLS!

This may seem like an obvious tip, but it is important enough to note. Use secure communication channels! This applies for when your client application talks to service providers, as well as when the service providers talk to your client application.

When your client application talks to the service provider, it does so by interacting with ...

Get Mastering OAuth 2.0 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.