Security & Infrastructure Workstreams
This issue tracks the two major workstreams required to harden authentication, infrastructure, and application security across the platform.
Group A — Identity, Access, and User Security
Tasks
- Implement OIDC authentication (Google, Apple, etc.).
- Add OAuth flows where needed.
- Integrate business sign‑up into the identity provider.
- Implement passwordless login for mobile (biometrics).
- Enable MFA/2FA for all users.
- Move admin accounts to a separate identity store or user pool.
- Add IP‑based throttling/delays for account creation.
- Remove local password storage; encrypt any unavoidable secrets with KMS.
- Store identity data in Amazon Cognito or directory service.
Group B — Infrastructure, App Security, and Hardening
Tasks
- Enable cloud provider security features for routing and data in transit.
- Protect directory server with IAM, network isolation, and audit logging.
- Enable AWS WAF and configure rules.
- Harden production and testing environments (VPC separation, IAM roles, secrets).
- Secure Daily Routine backend cloud environment.
- Add rate limiting and request validation at the edge.
- Add XSS protection (CSP, sanitization).
- Add injection protection (parameterized queries, ORM).
- Conduct penetration testing on development and staging environments.
- Fix browser‑speed dependency by shifting work server‑side.
- Protect admin routes with RBAC and IP allowlisting.
Security & Infrastructure Workstreams
This issue tracks the two major workstreams required to harden authentication, infrastructure, and application security across the platform.
Group A — Identity, Access, and User Security
Tasks
Group B — Infrastructure, App Security, and Hardening
Tasks