Hi, I would like to develop a web application and i wanted to know, how can i secure enough front end knowing that front end consists of html, javascript/javascript frameworks and css ? First step must be to force HTTPS i guess and to use a session to store not sensible data. Is it correct ? Regarding forcing HTTPS, i do not think that forcing HTTPS using javascript is a good solution as it can be hacked, so the best and easiest way is to use apache/nginx or is there other possibilities ? thx
What are you trying to secure - people using the front end to hack the server? or people being able to see the underlying code?
Hi, is your application going to use some server-side programming language like PHP or .NET? What about using a database? The weakest elements are forms and you need to pay attention to them. Proper validation is needed. About forcing HTTPS I recommend to make it in .htaccess file on the server. Take a look here: http://stackoverflow.com/questions/4398951/force-ssl-https-using-htaccess-and-mod-rewrite or here: http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file And better to stay away from the sessions if you can. My opinion.