search

systemapic / wu

Systemapic web server and API
https://systemapic.com
2 stars 3 forks source link

Network Security #40

Open knutole opened 9 years ago

knutole commented 9 years ago

Completely secure the network, keys, SSL, ports, and logic of API/portal, oauth, etc. Make sure everything is bleeding edge and tight. Document with passed tests for clients.

TASKS

  1. Secure the network. Ports, protocols, certificates, webserver, dbs.
  2. Secure Docker containers.
  3. Secure client-side javascript.
  4. Secure portal logic (ie. user can create only with permission, etc.)
  5. General pen-testing
knutole commented 9 years ago

Update SSL on mongod, currently OpenSSL version: OpenSSL 1.0.1e 11 Feb 2013, and not run as user root.

MongoDB best practices