have a genuine question:
what’s the necessary step to make sure for an DApp it’s secure, if it has a backend + smart contract (not just smart contract)? I think many DApp these days powered by privy only uses onchain tx for onramp & offramp but most of the in-app experience is off chain, for example Zora mobile app. But i wonder how the security part really work, especially for those bootstrap apps

how do yall generally make sure a prod-level app safe (and especially for those that are a mix of backend and smart contract)?