Security Checklist for Web Apps - 71 Items...all practical stuff...

Published: February 25, 2026

Security Checklist

My endpoints got hammered recently. I deserved it. My AI Coder (Claude Code now) flags security issues on every audit. Some I fix.. some I plan to do 'in a bit'.. but never come around to it...

Client apps: always hardened with OAuth, rate limits, API logs - that's mandatory. But my 30+ public apps... I tend to get negligent.

Now I've setup a proper checklist.... 71 items across React, FastAPI, Postgres, DuckDB, Cloudflare, MCP servers, Auth & VPS security... all detected in my apps... with the fixes + practical issues I faced when implementing the fixes. Each item in plain English with a basic code fix for reference.

There is nothing like a 100% checklist ...would be updating this as I go along

Now every app - my AI Coder has to run it past this checklist before release. No exceptions...at least that's the plan.

If you come from a data science background like me - this stuff is new. Otherwise, IT world has been doing this for decades. But for analysts and data scientists now building tools... whether freelance or inside a company... very very important stuff..

Full checklist on site with a copy-to-markdown button. Paste it to your AI coder - it will explain, execute, customize for you.. tigzig.com/security

Earlier Infra Guides