Ask HN: Secure by Default Web Framework?
Are there any production-quality web frameworks that are secure "by default"? I'm an experienced software developer but completely new to web development. I just discovered csrf, xss, cors, etc which seem to be easy to fall into by mistake/inexperience and I really don't want to goof-out.
2 comments
[ 2.3 ms ] story [ 11.8 ms ] threadIn general, you're better off with popular, open-source frameworks that are still getting updates by a team of paid professionals (usually through corporate sponsorship). Strong, static types also help.
For a beginner, .NET 6 is a pretty good "batteries included" starting point that doesn't require as much caution when importing third-party libraries (as opposed to Node/npm).