Skip to content

Potential Security Tasks Split #56

Description

@Arnav210

Security & Infrastructure Workstreams

This issue tracks the two major workstreams required to harden authentication, infrastructure, and application security across the platform.


Group A — Identity, Access, and User Security

Tasks

  • Implement OIDC authentication (Google, Apple, etc.).
  • Add OAuth flows where needed.
  • Integrate business sign‑up into the identity provider.
  • Implement passwordless login for mobile (biometrics).
  • Enable MFA/2FA for all users.
  • Move admin accounts to a separate identity store or user pool.
  • Add IP‑based throttling/delays for account creation.
  • Remove local password storage; encrypt any unavoidable secrets with KMS.
  • Store identity data in Amazon Cognito or directory service.

Group B — Infrastructure, App Security, and Hardening

Tasks

  • Enable cloud provider security features for routing and data in transit.
  • Protect directory server with IAM, network isolation, and audit logging.
  • Enable AWS WAF and configure rules.
  • Harden production and testing environments (VPC separation, IAM roles, secrets).
  • Secure Daily Routine backend cloud environment.
  • Add rate limiting and request validation at the edge.
  • Add XSS protection (CSP, sanitization).
  • Add injection protection (parameterized queries, ORM).
  • Conduct penetration testing on development and staging environments.
  • Fix browser‑speed dependency by shifting work server‑side.
  • Protect admin routes with RBAC and IP allowlisting.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions