Security has become a secondary concern for frontend developers and are far behind the backend and devops engineers for whom this is a regular part of their development process. Today security attacks are on the rise and we need to take measures from both server side and client side before it is too late. I will be talking through the most common vulnerabilities including Cross Site Scripting (XSS), Cross-site Request Forgery Attacks (CSRF) and other vulnerabilities of the OWASP Top 10 list, their causes and consequences, and how they can be avoided by simple secure coding practices with examples in JavaScript and Vue js and how you can test them. It is not enough to write secure code but also be aware of the Defence in depth strategies in order to secure the whole system.