Web Security We treat web security as a core requirement , not an afterthought. Assume hostile input and untrusted environments by default. Core Principles - NEVER trust user input - ALWAYS validate and sanitize data at boundaries - Prefer secure defaults over configurability XSS & Injection - AVOID and raw HTML injection - Escape and encode dynamic content properly - Never interpolate untrusted data into HTML, CSS, or JS contexts - Ensure SQL injection protection Authentication & Authorization - Do not store secrets or tokens in insecure locations - AVOID localStorage for sensitive credentia…