How can I keep my web applications secure? can this list help me?

Question

i'm developing some things on the internet and i'd like to know how i can keep my applications safe. i found this list here https://chat-to.dev/post?id=28 is that enough or do i still have to study something else?

1ba9115454 · Accepted Answer

You can look at it from a pen testers point of view.Here's a checklist for a web pentest. https://pentestbook.six2dez.com/others/web-checklist

_benj · Answer

Depending on your level of interest you could learn some hacking. I have used tryhackme.com (no affiliation) in the past and loved it!
It’s kind of enlightening and empowering to understand how a hacker thinks, the actual tools they use and what to look in a web application to exploit it.
As a quick experience, I once came across a huge vulnerability in a web app I was working, a logged in user could pass a different user ID and our app would send all the other user ID data back!
I was part of a team with much more experience but they never considered intercepting and modifying a request to see how the app behaved

akira_f · Answer

By all means gain some solid knowledge and experience with OAuth 2 and OIDC. You can start with OAuth 2 courses on udemy. Make sure you complete all the hands on labs. After that study owasp top 10 and hack through its juice shop if you have time.

stop50 · Answer

I would always watch out for the owasp top 10.

beardyw · Answer

Do I really need to sign up to see prices. What is the logic behind that?

cushpush · Answer

depends on framework and stuff - i think what you want is ... nginx, ssl (let's encrypt =cert-bot), and a database that does not understand sql ;)