--- title: "Security Checklist for Web Apps - 71 Items" slug: security-checklist-web-apps-71-items date_published: 2026-02-25T10:00:00.000Z original_url: https://www.tigzig.com/post/security-checklist-web-apps-71-items source: fresh processed_at: 2026-02-25T10:00:00.000Z --- # Security Checklist for Web Apps - 71 Items...all practical stuff... ![Security Checklist](/images/blog/security_01.png) My endpoints got hammered recently. I deserved it. My AI Coder (Claude Code now) flags security issues on every audit. Some I fix.. some I plan to do 'in a bit'.. but never come around to it... Client apps: always hardened with OAuth, rate limits, API logs - that's mandatory. But my 30+ public apps... I tend to get negligent. Now I've setup a proper checklist.... 71 items across React, FastAPI, Postgres, DuckDB, Cloudflare, MCP servers, Auth & VPS security... all detected in my apps... with the fixes + practical issues I faced when implementing the fixes. Each item in plain English with a basic code fix for reference. There is nothing like a 100% checklist ...would be updating this as I go along Now every app - my AI Coder has to run it past this checklist before release. No exceptions...at least that's the plan. If you come from a data science background like me - this stuff is new. Otherwise, IT world has been doing this for decades. But for analysts and data scientists now building tools... whether freelance or inside a company... very very important stuff.. Full checklist on site with a copy-to-markdown button. Paste it to your AI coder - it will explain, execute, customize for you.. [tigzig.com/security](https://tigzig.com/security-checklist) --- ### Earlier Infra Guides - Part 1: [AI Coder](https://tigzig.com/post/self-hosting-infrastructure-ai-tool-builders-2026-part-1-ai-coder) - Part 2: [Deployment & Hosting](https://tigzig.com/post/2026-infra-guide-part-2-deployment-hosting) - Part 3: [Security (updated)](https://tigzig.com/security-checklist) this one... tigzig.com/security - Part 4: [CORS](https://tigzig.com/post/fast-tips-what-is-cors-and-how-to-fix-it)