-
Notifications
You must be signed in to change notification settings - Fork 2
Security and Privacy
Kyriakos Chatzidimitriou edited this page Oct 4, 2018
·
1 revision
Some security and privacy measures and resources one can take are:
- Encrypt data in transit using HTTPS
- Hash and salt user password
- Use JSON Web Token (JWT)
- Backup the data
- Following the motto: if you have not tested to revive a backup, you have no backup
- In another physical location from the servers
- In an automated fashion
- In an interval that follows the data throughput
- Add logging for accountability and tracing
- Review what personal data you keep and follow GDPR guidelines for them, perhaps encrypt them (but be careful to not loose the key)
- No hardcoded credentials and cryptographic keys
- No distributed credentials and cryptographic keys in public facing repositories, like GitHub
- Use activity monitoring and check for outliers
- Scan the code using static analysis tools (like npm audit for example)
- Don't store data you don't need
- Outsource: OAUTH for authentication, PCI compliant Payment Gateways for credit card processing
- Use appropriate libraries to combat: SQL injection, XSS and CSRF attacks
- Add test that promote penetration testing. For example in all you API endpoints add tests for an unauthenticated or unauthorised request that should return 401 or 403 respectively.
Table of Contents:
- Agile Project Management
- Codebase and Gitflow
- Environments
- The MERN stack
- Developer setup
- Testing
- CI and CD
- Example Application
- Security
Under construction: