
Show HN: A Minimum Viable Security Checklist for Web Apps - hartleybrody
https://blog.hartleybrody.com/startup-security/
======
dbielik
Make sure any session/auth cookies are httpOnly too!

