Skip to content

Notes from meeting with Arlene #55

Description

@Arnav210
  • assess password
  • outsource to OIDC (social logins, involves trusting another source to verify an identity) or OAUTH
    • could and should integrate with business sign up
  • if it becomes a mobile app, go passwordless and use biometric type things
  • need 2FA
  • ideally, shouldn't be storing data ourselves but should be encrypting it; however, store in a directory server or something close and should be secured
  • have cloud provider turn on security features for route data
  • Daily Routine backend cloud
  • use ip from browser header to add delay between creating accounts
  • make website/app not depend on browser speed because it is slow
  • penetration test development
  • protect production and testing environment
  • protect directory
  • think about cross-site scripting and injection
  • use the web application firewall
  • protect admin accounts, potentially move them to a separate database, definitely need multiple factor authentication
  • don't need to worry about the open traffic data
  • consider using amazon cognito for data storage
  • amazon also has multifactor authentication services, so definitely use them

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions