Security issues happen for two reasons –
- Developers who have just started and cannot really tell a difference between using MD5 or bcrypt.
- Developers who know stuff but forget/ignore them.
Our detailed explanations should help the first type while we hope our checklist helps the second one create more secure systems. This is by no means a comprehensive guide, it just covers stuff based on the most common issues we have discovered in the past.
I can’t think that I’ve ever seen a really exhaustive web development security checklist, so this looks promising. Still in development, but definitely worth keeping an eye on, or contributing to.