usability.cat

Why Security Matters

Your web app is a target, even if it's small. Here's why you should care.

You might think "I'm just building a small app, who would attack me?" The answer: bots. Automated scanners crawl the entire internet looking for vulnerable sites. They don't care if you have 10 users or 10 million.

Real impacts

When your app gets compromised:

  • User data gets stolen — emails, passwords, payment info
  • Your site gets defaced — replaced with spam or malware
  • You become a launchpad — attackers use your server to attack others
  • Trust is destroyed — users won't come back

The good news

Most web security is about avoiding a short list of common mistakes. You don't need to be a security expert. You just need to:

  1. Set up HTTPS and security headers — takes 10 minutes
  2. Avoid common vulnerabilities — know the patterns
  3. Keep your dependencies updated — regular maintenance

These three things prevent the vast majority of attacks on small web apps.

What usability.cat checks

Our security scan looks for:

  • Missing or misconfigured HTTPS
  • Missing security headers (CSP, X-Frame-Options, etc.)
  • JavaScript patterns that suggest XSS vulnerabilities
  • Known vulnerable dependencies
  • Exposed sensitive information

Each issue comes with a plain-English explanation and a fix prompt.

Forms & Inputs

Build forms that people can actually complete without frustration.

HTTPS & Security Headers

Lock the front door — HTTPS and security headers every site needs.

On this page

Real impactsThe good newsWhat usability.cat checks