Security Audit/Testing/Remedation

[MakeMoneyOz]

Complete code audit

• [ ] Ensure no issues from https://sakurity.com/peatio.pdf are found within the site and ensure no similar vulnerabilities have been introduced / found since.
• [ ] Complete manual pentration test of live prod environment (web-front end & back-end infrastructure).
• [ ] Complete automated vulnerability checks.
• [ ] Ensure all packages, code-bases, and patches are installed and up-to-date.
• [ ] Update all code dependencies to latest versions.
• [ ] Link any existing OPEN CVE's without fix's to our dependencies and ensure appropriate controls are implemented to prevent exploitation.
• [ ] Create Wallet security policies and process's
• [ ] Ensure DB's are secure and hardened
• [ ] Ensure all default credentials have been changed
• [ ] Implement hardened "iptables and SELinux rules"
• [ ] Implement correct and secure security headers
• [x] Tighten SSL policy / configurations.
• [ ] Tighten Nginx configurations / security
• [x] Only support TSL 1.1 & 1.2 +
• [ ] Phusion security?
• [ ] User security audit, password length / complexity #8
• [ ] Create / Run bug bounty program with rewards . Hackerone etc

[MakeMoneyOz]

Guys, let me know if anything you think missed / disagree etc

👍