

Ask HN: How do you prevent Security Anxiety? - saosebastiao

Backstory: I&#x27;m currently developing my first web-facing application, but I know almost nothing about security. I actually started coding my application in Clojure, but I read an article [1] about Clojure web security and it scared me away. Now I&#x27;m developing in Scala&#x2F;Play. I do think this was a good decision, but I&#x27;m only saying so due to social proof (other large respectable companies using it). Apart from this decision, I&#x27;m constantly left worrying about every single decision I make.<p>I try to follow what could be called as best practices, but there only seem to be a handful of things that are common denominators amongst various lists of best practices. And it worries me when I see one security expert taking down the writing of another security expert on some particular practice...not even security experts can agree on what is a best practice.<p>I don&#x27;t want to be ignorant, and absolutely want to protect the privacy and data of my customers. I don&#x27;t want to give myself excuses for making stupid mistakes. But I also don&#x27;t want to spend 100% of my side project time worrying about what I&#x27;m doing wrong.<p>Is there some sort of cure to this Security Anxiety? What can I (implement|test|monitor) now to ease my fears enough to actually develop my product?<p>[1] https:&#x2F;&#x2F;hackworth.be&#x2F;2014&#x2F;03&#x2F;26&#x2F;clojure-web-security-is-worse-than-you-think&#x2F;
======
jonnybgood
Those security concerns for Clojure apps are easily fixable. The link is a
good reference and reminder for what you need to do. If anything, you should
feel more confident with Clojure web development because you now know where
the security issues lay.

