Security Heuristics

Prevent problems before they happen

What can go wrong?

Model possible threats

Simpler the system, smaller the attack surface

Validate

Sanitize

Isolate

Parametrize queries to prevent SQL injection

Don’t try to roll your own security solutions, it’s a community effort

also see:

Pick a Vulnerability to Learn About

Best practices for managing & storing secrets like API keys and other credentials [2020]

What should every programmer know about security? - Stack Overflow

Newest ‘security’ Questions - Stack Overflow