#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2017
    Posts
    1
    Rep Power
    0

    Question security on front side of web application


    Hi,

    I would like to develop a web application and i wanted to know, how can i secure enough front end knowing that front end consists of html, javascript/javascript frameworks and css ?
    First step must be to force HTTPS i guess and to use a session to store not sensible data.

    Is it correct ?

    Regarding forcing HTTPS, i do not think that forcing HTTPS using javascript is a good solution as it can be hacked, so the best and easiest way is to use apache/nginx or is there other possibilities ?


    thx
  2. #2
  3. Lord of the Dance
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Oct 2003
    Posts
    4,113
    Rep Power
    2010
    HTTPS is a protocol using a SSL/TLS encryption through a certificate key, which you configure at the web-server. The client then use that protocol to get the encryption.
    This has nothing to do with JavaScript, except URI calls through AJAX or similar also need to use HTTPS.
    Generally, the client can't be trusted, which means any data you receive has to be validated.

    Question is what kind of security you are looking for?
    You can see a Top 10 list here of possible exploits:
    https://www.owasp.org/index.php/Top_10_2013-Top_10

IMN logo majestic logo threadwatch logo seochat tools logo