Name: Security Hardening
Author: Jeet1511

Input Sanitization

Never trust user input. Validate and sanitize at every boundary.

import DOMPurify from "isomorphic-dompurify";

const clean = DOMPurify.sanitize(userInput);

For SQL, always use parameterized queries:

// Safe
await db.query("SELECT * FROM users WHERE id = $1", [userId]);

// Dangerous — never do this
await db.query(`SELECT * FROM users WHERE id = ${userId}`);

Content Security Policy

app.use((req, res, next) => {
  res.setHeader("Content-Security-Policy",
    "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:;"
  );
  res.setHeader("X-Content-Type-Options", "nosniff");
  res.setHeader("X-Frame-Options", "DENY");
  res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
  next();
});

Input Sanitization

Never trust user input. Validate and sanitize at every boundary.

import DOMPurify from "isomorphic-dompurify";

const clean = DOMPurify.sanitize(userInput);

For SQL, always use parameterized queries:

// Safe
await db.query("SELECT * FROM users WHERE id = $1", [userId]);

// Dangerous — never do this
await db.query(`SELECT * FROM users WHERE id = ${userId}`);

Content Security Policy

app.use((req, res, next) => {
  res.setHeader("Content-Security-Policy",
    "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:;"
  );
  res.setHeader("X-Content-Type-Options", "nosniff");
  res.setHeader("X-Frame-Options", "DENY");
  res.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
  next();
});

Security Hardening

Input Sanitization

Content Security Policy

Security Hardening

Input Sanitization

Content Security Policy

Dependency Auditing

Environment Variables

Key Rules

1password

Springboot Security

Security Review

Laravel Security

Security Review

Django Security