General web developers `rules`
- always use CI/CD
- absolutely do not support Internet Explorer (other than user warning to install another browser)
- do not deploy web applications on premises and/or on unmanaged virtual machines
- manage bugs only using dedicated tool (issue tracker)
- don’t roll your own authentication
- do make sure that you’ll be able to switch identity provider if necessary
- here’s a list of options to get you started: Auth0, Cognito, Okta, Ory, Azure AD B2C
- just to put it perspective: do not do web applications in any way related to child pornography