Application Security Best Practices

Input Validation

• Validate all user input
• Use allowlisting over blocklisting
• Sanitize HTML to prevent XSS
• Use parameterized queries for SQL
• Validate file uploads (type, size)

Authentication

• Use strong password hashing (bcrypt, argon2)
• Implement MFA where possible
• Use secure session management
• Implement rate limiting on auth endpoints
• Use JWTs properly (short expiry, refresh tokens)