| Security Measure | Description | |
|---|---|---|
| ☐ | Use HTTPS everywhere | Prevents basic eavesdropping and man-in-the-middle attacks |
| ☐ | Input validation and sanitization | Prevents XSS attacks by validating all user inputs |
| ☐ | Don't store sensitive data in the browser | No secrets in localStorage or client-side code |
| ☐ | CSRF protection | Implement anti-CSRF tokens for forms and state-changing requests |
| ☐ | Never expose API keys in frontend | API credentials should always remain server-side |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| git config --global alias.rando '!sh -c "git add -A && git commit -m \"$(curl -s https://whatthecommit.com/index.txt)\" && git push"' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Abort sign off on any error | |
| set -e | |
| # Start the benchmark timer | |
| SECONDS=0 | |
| # Repository introspection | |
| OWNER=$(gh repo view --json owner --jq .owner.login) |
mattppal
/ security-checklist.md
Last active
August 28, 2025 04:02
A simple security checklist for your vibe coded apps
OlderNewer