educational topic request - a walkthrough about security best practices

What are security best practices for a Sui Dapp Developer? How do you publish packages using the CLI using a hardware wallet, such that the adminCap can be owned by a hardware wallet? Multisig on Sui? In general, I have many questions about best practices on how to manage a Dapp as a developer securely.