Modern web development has many challenges. Of course, you need to write code that fulfills customer functional requirements. It needs to be fast. Further, you are expected to write this code to be comprehensible and extensible.
Somewhere, way down at the bottom of the list of requirements, behind, fast, cheap, and flexible is “secure”. That is, until something goes wrong, until the system you build is compromised, then suddenly security is, and always was, the most important thing.
Specialized techniques, such as threat analysis, are increasingly recognized as essential to any serious development. But Cade Cairns and Daniel Somerfield explore how security can be significantly enhanced with some basic practices which every developer can and should be doing as a matter of course.