All front-end developers must be familiar with the OWASP Top 10 and also the techniques described for:
Some specific topics to consider are:
To prevent data leakage, ensure no PII data is placed in unencrypted form in any:
- Page URLs
- Page Titles
- Other page meta data (description, social sharing attributes etc.)
- Cookies or local storage
PII includes policy numbers, addresses, full name, date of birth - anything that could identify an individual.
Any input field for PII data must have the
autocomplete="off" attribute set.