If it's a serious project, I follow all the best practices you mentioned. If it isn't that serious, I will follow basic stuff such as sanitizing inputs, enabling HTTPs and so on.
Comment by Sandeep Panda on "What is your take on application security?" | Hashnode