Context:

Its been a while since I have been developing desktop apps. I never ventured into the web space. I daddled with asp.net a few years ago but it was frustrating to setup. These days I work more with Python scripting to achieve goals in a non-software dev company. I recently have been exposed to nodejs and am excited about how easy and quick it is to get running.

I want to commercialise an old desktop app of mine, but I have some major areas of concern:

1. What popular frameworks would you suggest that I use to streamline my web app security to prevent SQL injection, XSS attacks?

2. What other attacks should I be aware of?

3. What is the most secure way to handle session data? Is there a framework that I should use?

4. I also want a framework that can take care of user permissions. For example, only an admin will see admin resources on the site, whereas an operator will only a limited subset of what an admin user has access to.

5. Hosting Providers. Can you recommend hosting providers that will allow me to develop this app in the cloud (testing and dev environment). After having worked my rear off and doing clever things for 20 years I am still broke, so I am looking for a "low cost" option.

If you can give me some pointers, or point me to a good book or article, I would really appreciate your help.

Thank you!

You need to sign in to view this answers