Security on front side


I would like to develop a web application and i wanted to know, how can i secure enough front end knowing that front end consists of html, javascript/javascript frameworks and css ?
First step must be to force HTTPS i guess and to use a session to store not sensible data.

Is it correct ?

Regarding forcing HTTPS, i do not think that forcing HTTPS using javascript is a good solution as it can be hacked, so the best and easiest way is to use apache/nginx or is there other possibilities ?


You may need to offer a more specific example of exactly what it is you are wanting to secure to get a meaningful answer.
Of course anything front-end like html/css/js can be manipulated by the user in their browser.

i want to avoid hackers to manipulate data. I will implement other security check like security against sql injection,webservices (stored procedures) etc…

but i would like to know if forcing HTTPS is a must and if the best place is apache/nginx place to redirect to HTTPS.

AFAIK, security on the front end would be mostly about how it interacts with the back end.
That is POST and GET requests.
Both can be modified by users, so although it can be a good idea to use JavaScript to help honest users, all serious security needs to be handled server side

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.