Web Developer Security Checklist
Michael O'Brien

Hi Michael, great list. When it comes to authentication I think there is a first question missing from that section — create the authentication component yourself or take an out-of-the-box solution from an IDaaS specialist? With user accounts, and the security of them, increasingly in the spotlight, it is a fundamental requirement of any web app that the authentication component is secure and user data is protected. There are a lot of great companies focusing specifically on this issue and so app developers don’t have to re-invent the wheel but can instead get a login/authentication system up and running in just a few hours. Companies like 10Duke (where I am) Gigya, Janrain and others offer this capability on tap. In the words of Eric Sachs, who leads the Identity team at Google ‘Building a login system is like paying taxes…I know I have to do it, I don’t want to do it,I know I’m going to leave money on the table’ https://docs.google.com/presentation/d/1RIrNagaB0IDc9JDSWsJnh3aRz2f4j5PtdUvvBxT6yH4/edit#slide=id.g13585f25ec_4_0

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.