
Ask HN: Security Practices in Side Projects? - abedef
I try to always keep security in mind when working on my side projects, but can&#x27;t shake the feeling that I am obliviously committing grave mistakes.<p>What are some of your favorite resources for trustworthy general-purpose security best practices?<p>To clarify, I am looking to better understand appropriate practices for things like password hashing &amp; storage and authentication token generation, and considerations that should be taken when running a web server. My concern come from the fact that I don&#x27;t know what I don&#x27;t know.
======
rsmolinski
In general work, try applying a threat modeling framework to guide your
security measures. I like STRIDE:
[https://en.m.wikipedia.org/wiki/STRIDE_(security)](https://en.m.wikipedia.org/wiki/STRIDE_\(security\))

Other than that, there a lot of best practices for each framework on Medium or
other blogs. Also, never store credentials in code, separate prod from dev,
and apply patches regularly.

------
dlphn___xyz
private repos aren’t private

