Development

Development

1. No secrets in code: Use environment variables
2. Input validation: Validate all user inputs
3. Output encoding: Encode all dynamic outputs
4. Authentication: Use proven authentication libraries
5. Authorization: Check permissions on every request
6. Dependencies: Keep dependencies updated
7. HTTPS: Always use HTTPS in production