webapp-checklist icon indicating copy to clipboard operation
webapp-checklist copied to clipboard

Published 20 hours ago verified publisher icon dhilipsiva

Is this still up to date?

Open Aditya94A opened this issue 8 years ago • 1 comments

It's been almost a year since the last update, I was wondering whether any of the information is outdated or perhaps some best practices have evolved since last year?

Aditya94A avatar Oct 18 '17 04:10 Aditya94A

This isn't actually different from 2016, but usually the recommended password hashing algorithms are (in this order) scrypt, bcrypt, and then PBKDF2.

I would personally have the bit about xss specifically recommend only using escape-by-default templating engines, as well as mentioning that validated user data should be stored as is, and then escaped by the mechanism which displays it (templating engine).

The list should probably recommend using HTTPS for all pages, not just those with sensitive data. This was true in 2016, but is more important now with more features being https-only, and browsers openly displaying warnings for http sites.

samsch avatar Mar 30 '18 14:03 samsch