Towards Web Security
Towards Web Security

Wednesday • April 26th 2023 • 11:20:31 pm

Towards Web Security

Wednesday • April 26th 2023 • 11:20:31 pm

To learn programming you must over engineer all the things, to write programs that last, you should do the opposite.


Above all, you can’t skip things, even if it is a very good idea.

Coders may tell you to leave authentication, sessions, and security, to passport.js, express or koa session, and something like helmet

But, in order write safe programs, you have to roll out your own versions, there is no better way than to learn about security.


When you finish your programs, you put on a white hat, and red ream your program, until an entire year or two of your life, is spent on hacking and security.

You don’t have to do it all at once and right away, but hacking your own software needs to be high up on your todo list.


This is not a boring tangent, you can start by building honey pots, and putting them up on a public server.

You want to see, what the weather is like out in cyberspace,

How many login attempts per hour, how popular are wordpress exploits, what the bots are up to, and where they are coming from.

You are very much playing a game, with real hacking robots that are trying to destroy your work!

Give them a beautiful dashboard, a neat honey-pot framework, and consider developing a kind of a firewall.

Web application development is getting simpler and more powerful, that means you can create your own web applications.

And that in turn means, you are in charge of how users communicate with the server.

You can evolve your honey-pot software, to create an effective firewall that matches your system.

This means you now have two cool programs, a honeypot, and a firewall, with cool dashboards.

It will take a while to figure out how to set it all up, but your firewall will minimize your attack surface…

And give you a singe program to control application security, meaning you will be able to swiftly respond and adapt to attacks.

It is a neat startup idea, and compared to writing a content management system, it is a small system.


Finally, once you start feeling safe, and get over your fears of getting hacked, which is very important for success.

I think it is worth considering building powerful, but empty platforms, ready to accept some clever API and good looking UI.

The early artificial intelligence can only get more interesting, and if you create a rapid AI application deployment platform…

You will be able to swiftly launch new ideas, and experiments.

Once you are done learning application security, and figure out ways to build platforms that scale, or auto provision.

You may look back at existing headless content management systems, and maybe even consider using them.

But whatever choices you make then, will be well informed, and wise.