mahi/Goa-gel-fullstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6ec8d3236de540c5ce1bbb376aae12316e58e442
Goa-gel-fullstack/Documentation/operations/security.md
Mahi 6ec8d3236d feat: Rebrand to License Authority with Govt of Goa branding 
- Replace TLAS with License Authority throughout documentation
- Add Government of Goa emblem/logo (Ashoka Chakra style)
- Update frontend branding to match documentation
- Add configurable Swagger API link via VITE_API_BASE_URL env var
- Fix Docker build for VitePress (git dependency, .dockerignore)
- Fix helmet security headers for HTTP deployments
- Add CORS support for VM deployment

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-10 00:46:25 -04:00

81 lines
1.7 KiB
Markdown
Raw Blame History

# Security Hardening
## Pre-Deployment Checklist
### Network Security
- [ ] Firewall rules configured
- [ ] Unnecessary ports closed
- [ ] Internal services not exposed
- [ ] SSL/TLS certificates installed
- [ ] HTTP redirected to HTTPS
### Application Security
- [ ] Debug mode disabled
- [ ] Error messages sanitized
- [ ] Rate limiting enabled
- [ ] CORS properly configured
- [ ] Security headers set
### Database Security
- [ ] Default passwords changed
- [ ] Network access restricted
- [ ] SSL connections enforced
- [ ] Audit logging enabled
- [ ] Backups encrypted
### Authentication
- [ ] JWT secret rotated
- [ ] Password policy enforced
- [ ] Session timeout configured
- [ ] Failed login lockout enabled
- [ ] MFA available for admins
## Security Headers
```nginx
# Required headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000";
add_header Content-Security-Policy "default-src 'self'";
```
## Vulnerability Management
### Dependency Scanning
```bash
# Run weekly
npm audit
docker scan license-api:latest
```
### Security Updates
- OS patches: Monthly
- Framework updates: Quarterly
- Critical CVEs: Within 48 hours
## Incident Response
1. **Detect**: Monitoring alerts, user reports
2. **Contain**: Isolate affected systems
3. **Investigate**: Identify scope and cause
4. **Remediate**: Fix vulnerability
5. **Recover**: Restore normal operations
6. **Document**: Post-incident report
## Access Reviews
| Review Type | Frequency |
|-------------|-----------|
| User access | Quarterly |
| Admin access | Monthly |
| API keys | Quarterly |
| Service accounts | Quarterly |
Reference in New Issue View Git Blame Copy Permalink