Web Security Hardening
Purpose
Audit and harden web applications with a concise, repeatable checklist.
Inputs
- •framework/runtime
- •API endpoints and auth model
- •deployment environment
Process
- •Validate auth and authorization boundaries.
- •Review CORS, headers, and transport security.
- •Verify rate limits and abuse controls.
- •Check input validation and output encoding.
- •Verify file upload, secret handling, and password hashing.
- •Capture risks with severity and fixes.
Output Format
- •findings by severity
- •impacted files/endpoints
- •mitigation steps
- •verification plan
Quality Checks
- • Uses explicit PASS/FAIL/PARTIAL findings
- • Includes at least one verification step per fix
- • Avoids vague recommendations