website icon indicating copy to clipboard operation
website copied to clipboard
verified publisher icon FAForever

App Hardening

Open fcaps opened this issue 2 years ago • 2 comments

see: https://expressjs.com/en/advanced/best-practice-security.html

fcaps avatar Nov 19 '23 04:11 fcaps

  • TLS is solved by our reverse proxy
  • Prevent brute-force attacks against authorization is solved in the user service
  • Deprecated versions / unsafe dependencies is what dependabot should help with.

Not sure what actions remain.

Brutus5000 avatar Nov 19 '23 09:11 Brutus5000

some steps like:

  • session cookie name
  • helmet http headers (maybe we need not all, but some of them)
  • app.disable('x-powered-by') lel, opensource... you can't hide

and search/remove unused libs that are loaded, but not used (browser)

fcaps avatar Nov 19 '23 10:11 fcaps