Digital-Coder
commented
1 year ago possible tickets to add:
-
[ ] Yarn/NPM packages: We're using a lot of outdated packages. Since we're a small team, we should try to update them at least once every three months.
-
[ ] Passwords: Leaked passwords are a common problem. We should subscribe to notifications that can alert us if any of our commmon passwords have been leaked. If someone gains access to our database, they could delete all the data and backups. It might be a good idea to set up additional database backups outside of Firebase.
-
[ ] Malicious user behaviour: Certain features can be spammed or abused. We should add throttling or CAPTCHA to vulnerable functionalities.
- anonymous user login/logout
- "receive support" button
-
anything else ?
-
[ ] Malicious user content: We already have a "report idea or comment" feature, but it might be a fun mini-project to add an automatic content scanner for "bad words." This way, we can flag inappropriate content more efficiently.
-
[ ] Penetration testing: There was a possibility of inserting malicious code that has been fixed, but we might still have vulnerable places. We should scan our app with penetration testing tools like XSS Scanner and Burp Suite.
-
[x] Harden firebase rules: ticket already exists
-
[x] Firebase notifications for exceeding monthly budget: already implemented, but do other devs/product owners get notified besides Tassilo ?
Find possible solutions like e.g.