
Ask HN: How do you test the security of your front-ends? - kevinSuttle
Looking for experience from the field in hardening web front-ends, specifically with custom API servers, and AWS infrastructure, to prevent tampering and DDOS.
======
onion2k
There's a lot of great content out there. Start here:
[https://www.owasp.org/](https://www.owasp.org/)

tl;dr Don't trust _anything_ that a web browser (or any client app) sends your
servers. Treat data as actively hostile. Use high quality open source projects
where you can because they've done all the hard learning for you.

------
lvh
Front-end means different things in different contexts. What do you mean
exactly? Static JS code? Some web heads?

~~~
kevinSuttle
Static web files would be a good start. JS/CSS/HTML.

