Canister and Web App Security Best Practices: Request for Discussion and Developer Input

Hi everyone!

We’ve created a collection of security best practices for canister and web app development on the Internet Computer. These best practices are mostly inspired by issues found in security reviews.

We would like to advertise these best practices to developers so that potential issues can be addressed early during the development of new dapps, and not only in the end when (if at all) a security review is done. Ideally, this will make the development of secure dapps more efficient.

I’d like to initiate a discussion on this and collect feedback:

  • Do you see security issues / foot guns / insecure defaults when developing on the IC that are currently not or insufficiently covered in the doc?
  • Do you have ideas for features, tooling, documentation, etc. that could be created in order to make it easier to build secure dapps?

Looking forward to your input, thanks!