Web Security Best Practices: Protecting Modern Applications

# Web Security Best Practices: Protecting Modern Applications Security is critical for web applications. This guide covers essential security practices to protect your applications and users. ## Authentication & Authorization ### Password Security ```typescript import * as bcrypt from 'bcrypt'; // Hash passwords const hashedPassword = await bcrypt.hash(password, 12); // Verify passwords const isValid = await bcrypt.compare(password, hashedPassword); ``` ### JWT Implementation ```typescript import * as jwt from 'jsonwebtoken'; // Generate token const token = jwt.sign( { userId: user.id, role: user.role }, process.env.JWT_SECRET, { expiresIn: '1h' } ); // Verify token const decoded = jwt.verify(token, process.env.JWT_SECRET); ``` ## Common Vulnerabilities ### SQL Injection Prevention Use parameterized queries: ```typescript // Bad const query = `SELECT * FROM users WHERE email = '${email}'`; // Good const user = await prisma.user.findUnique({ where: { email } }); ``` ### XSS Prevention Sanitize user input: ```typescript import DOMPurify from 'dompurify'; const clean = DOMPurify.sanitize(userInput); ``` ### CSRF Protection Use CSRF tokens: ```typescript import csrf from 'csurf'; app.use(csrf({ cookie: true })); ``` ## Security Headers ```typescript app.use((req, res, next) => { res.setHeader('X-Content-Type-Options', 'nosniff'); res.setHeader('X-Frame-Options', 'DENY'); res.setHeader('X-XSS-Protection', '1; mode=block'); res.setHeader('Strict-Transport-Security', 'max-age=31536000'); next(); }); ``` ## Conclusion Security requires constant vigilance. Implement these practices and regularly audit your application for vulnerabilities.