To check whether your code is safe against the most common vulnerabilities, you should first learn about the said vulnerabilities. After all, a defense is only possible when you know what the offense looks like. The Open Web Application Security Project (OWASP) has cataloged the most common vulnerabilities and has published them at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project. At the moment of writing this book, those vulnerabilities are as follows:
- Injection: Commonly known as SQL injection. It is not limited to SQL; this vulnerability occurs when untrusted data is passed directly to an interpreter (such as a SQL database, NoSQL database, shell, or eval function). The attacker may this way gain access to parts of the system that should be protected.
- Broken Authentication: If authentication is improperly implemented, attackers may use flaws to either compromise secret data or impersonate other users.
- Sensitive Data Exposure: The...