[ ] Ensure no issues from https://sakurity.com/peatio.pdf are found within the site and ensure no similar vulnerabilities have been introduced / found since.
[ ] Complete manual pentration test of live prod environment (web-front end & back-end infrastructure).
[ ] Complete automated vulnerability checks.
[ ] Ensure all packages, code-bases, and patches are installed and up-to-date.
[ ] Update all code dependencies to latest versions.
[ ] Link any existing OPEN CVE's without fix's to our dependencies and ensure appropriate controls are implemented to prevent exploitation.
[ ] Create Wallet security policies and process's
[ ] Ensure DB's are secure and hardened
[ ] Ensure all default credentials have been changed
[ ] Implement hardened "iptables and SELinux rules"
[ ] Implement correct and secure security headers
[x] Tighten SSL policy / configurations.
[ ] Tighten Nginx configurations / security
[x] Only support TSL 1.1 & 1.2 +
[ ] Phusion security?
[ ] User security audit, password length / complexity #8
[ ] Create / Run bug bounty program with rewards . Hackerone etc
Complete code audit