halilim/Web Apps Security and Performance.md

Last active August 8, 2016 22:01

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/halilim/3313755f6b7031a1d100.js"></script>
Save halilim/3313755f6b7031a1d100 to your computer and use it in GitHub Desktop.

Download ZIP

Web Apps Security / Performance

Raw

Web Apps Security and Performance.md

Security

The Security Checklist

General

Throttle failed logins (password, token, email link, ...)
Notify the old address on email change
Check and Automate - https://gist.github.com/halilim/7888069
Change admin path

Passwordless Auth

Expire the link after a short amount of time
The link should only be one-time (e.g. usable only once)

Links

Signing in to Medium by email

PHP

http://www.sk89q.com/2009/08/definitive-php-security-checklist/

Performance

PHP

Opcode caching (OPcache, APC etc)
Develop your code against E_STRICT. If the code you are hosting have many notices, deprecation warnings, strict warnings etc your app might have to spend a long time for writing logs. Either fix the code or lower the error level in php.ini

MySQL

Ruby

Fast Ruby

... to be continued ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment