General web developers `rules`

• always use CI/CD
• absolutely do not support Internet Explorer (other than user warning to install another browser)
• do not deploy web applications on premises and/or on unmanaged virtual machines
• manage bugs only using dedicated tool (issue tracker)
• don’t roll your own authentication
  • do make sure that you’ll be able to switch identity provider if necessary
  • here’s a list of options to get you started: Auth0, Cognito, Okta, Ory, Azure AD B2C
• just to put it perspective: do not do web applications in any way related to child pornography