In my opinion, the best practice for securing your apps will always be: understanding the security threats properly. Once you know your enemies, you'll (hopefully) know if you are vulnerable or not, and how to correct it.
OWASP Cheat Sheet Series are a very good start.
Lars
German developer, who likes to play with everything that comes in his way
I always add helmet