We are building a single page application in React and it should be highly secured. However, I do not find proper resources on doing automated/manual penetration testing so as to find security issues early on. Nowadays, there have been numerous types of attacks and while handing sensitive user data, the attack vectors have increased. How do we target complete security and penetration testing for SPA Frontend app?
Implemented several things -
- Set right Content Security Policy
- Cookies using same site and secure attributes
- static code analysis using tools like Sonarqube
- Regular audits of dependencies
- Set HTTP headers like "X-Xss-Protection", "X-Frame-Options", etc
I saw there’s a tool Zed Attack Proxy by OWASP but have no experience with it