Webapp pre-launch checklist?

And what to do if I have launched it? I have users, bad database structure, as well as insecure APIs as well.

I don't aim to make a profit, but I don't want to pay for my wrongdoings either.

Comments

[Gio]

A lot of this depends on your stack.

Example:

• Are you allowing for UGC via some type of form?
• Do these forms interact w/a SQL database?
• If the above are yes, SQL injection is a vulnerability you want to scan for.

[Alessandro Diaferia]

It's not clear from your post if you've launched it already or not.
You have already recognized a few issues.
If you think the database structure is bad it's probably because you're evaluating it in terms of the way you think your webapp is going to evolve. I wouldn't stress too much about it but rather I would prioritise understanding if your user-base is gaining value from your app as well as validating if your assumptions are correct. Sometimes you find that your users are going to need something different from what you had already imagined and that probably means a database structure you hadn't thought of.
Regarding insecure APIs I would prioritise the privacy and security of your users. So if you acknowledge that insecure API might harm your users I'd definitely prioritise addressing that.

[Pacharapol Withayasakpunt]

I indeed meant both ways -- I have old one I don't want to maintain anymore, and I want to create a new one.

However, there will be a user system, so privacy and security come first.

[Shane McGowan]

You've said it yourself, fix your data structures and secure your APIs!

[Souk Syp.]

Check out productchecklist.co/