[New post] Thoughts on Security

chriseyre2000 posted: " It is almost impossible to secure a web app. You cannot tell if a browser is being used or a script simulating it. Anything that can be called from the browser should be treated as a public API (with the exception of insisting on backwards compatibility" Respond to this post by replying above this line New post on Developer Rants Thoughts on Security by chriseyre2000 It is almost impossible to secure a web app. You cannot tell if a browser is being used or a script simulating it. Anything that can be called from the browser should be treated as a public API (with the exception of insisting on backwards compatibility). This means any endpoint reachable from the client must be treated as if the user is directly calling it. This means that you need to consider authentication (who is the user) and authorisation (what the user is allowed to do). Trust no-one! This means that all endpoints need to be tested at the API level as well as via the UI. All those bundled minified js bundles that you have carefully constructed form excellent documentation of your exposed APIs. All the endpoints exist as neat little strings among the minified code. chriseyre2000 | September 19, 2021 at 12:00 pm | Categories: Uncategorized | URL: https://wp.me/p4Fr7o-lI8r Comment    See all comments    Like Unsubscribe to no longer receive posts from Developer Rants. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://devrants.blog/2021/09/19/thoughts-on-security/ Thanks for flying with WordPress.com