There are some good points in it but the list feels poorly written as it contains very general tips which feel like fluff to increase the article length like:

Protect the client-side against attacks.

Or just wrong stuff like:

Validate all server-side input data.

If you can trust someone, it’s the server. You should validate data coming from the client on the server side.

Some things even contradict each other like

Implement strong authentication, such as two-factor authentication (2FA).

And

Use secure authentication mechanisms such as OAuth.

Assuming your app is an OAuth client, you have no say in how the identity provider identifies the user.

Good point, but even better than

Monitor file and source code integrity.

is having the application source code read-only, ideally owned by another user to avoid the confused deputy problem.