Security on front side

Hi,

I would like to develop a web application and i wanted to know, how can i secure enough front end knowing that front end consists of html, javascript/javascript frameworks and css ?
First step must be to force HTTPS i guess and to use a session to store not sensible data.

Is it correct ?

Regarding forcing HTTPS, i do not think that forcing HTTPS using javascript is a good solution as it can be hacked, so the best and easiest way is to use apache/nginx or is there other possibilities ?


thx

 

Hi,

is your application going to use some server-side programming language like PHP or .NET? What about using a database? The weakest elements are forms and you need to pay attention to them. Proper validation is needed.

About forcing HTTPS I recommend to make it in .htaccess file on the server. Take a look here: http://stackoverflow.com/questions/4398951/force-ssl-https-using-htaccess-and-mod-rewrite
or here: http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

And better to stay away from the sessions if you can. My opinion.