abedef

I try to always keep security in mind when working on my side projects, but can't shake the feeling that I am obliviously committing grave mistakes.

What are some of your favorite resources for trustworthy general-purpose security best practices?

To clarify, I am looking to better understand appropriate practices for things like password hashing & storage and authentication token generation, and considerations that should be taken when running a web server. My concern come from the fact that I don't know what I don't know.