I haven't read it yet, but found something on Reddit that is probably relevant to the discussion:
As a full stack web developer, I've recently taken a detour into learning about web security and penetration testing. I decided to take what I've learned over the past few months and put together a list of "Minimum Viable Security" recommendations for anyone building web apps.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.