Ask HN: How do you prevent Security Anxiety?

2 points by saosebastiao ↗ HN
Backstory: I'm currently developing my first web-facing application, but I know almost nothing about security. I actually started coding my application in Clojure, but I read an article [1] about Clojure web security and it scared me away. Now I'm developing in Scala/Play. I do think this was a good decision, but I'm only saying so due to social proof (other large respectable companies using it). Apart from this decision, I'm constantly left worrying about every single decision I make.

I try to follow what could be called as best practices, but there only seem to be a handful of things that are common denominators amongst various lists of best practices. And it worries me when I see one security expert taking down the writing of another security expert on some particular practice...not even security experts can agree on what is a best practice.

I don't want to be ignorant, and absolutely want to protect the privacy and data of my customers. I don't want to give myself excuses for making stupid mistakes. But I also don't want to spend 100% of my side project time worrying about what I'm doing wrong.

Is there some sort of cure to this Security Anxiety? What can I (implement|test|monitor) now to ease my fears enough to actually develop my product?

[1] https://hackworth.be/2014/03/26/clojure-web-security-is-worse-than-you-think/

1 comment

[ 0.26 ms ] story [ 10.8 ms ] thread
Those security concerns for Clojure apps are easily fixable. The link is a good reference and reminder for what you need to do. If anything, you should feel more confident with Clojure web development because you now know where the security issues lay.