Security Checklist
ki9us opened this issue · 0 comments
ki9us commented
source: blog.risingstack.com/node-js-security-checklist
- Security HTTP Headers (tester)
- Brute Force Protection
- Cookie Management
- CSRF
- XSS
- Mongo injection
- SSL
- HSTS
- Account lockout
- Node Security Project/Synk
- CSP
- Store reset tokens as salted hashes
- Don't allow reusing reset tokens with a refreshed expiry
- Attempt to gather more account data before permitting password reset (See OWASP guide)