This repository has been archived by the owner on Dec 2, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Security Overview
David Scrobonia edited this page May 15, 2020
·
3 revisions
HOME » TECHNICAL DOCUMENTATION » SECURITY OVERVIEW
- All user input returned to the frontend is properly output encoded by default in React. There are no instances of
dangerouslySetInnerHTML, which circumvents React’s default protections. - Snyk vulnerability and dependency scanning runs on every PR to check for vulnerabilities in dependencies.
- Trufflehog secrets detection has been ran against the repository.
- Denial of Service (DoS) Attack Vectors
- AuthN and AuthZ
- Session Hijacking
- Cross Site Request Forgery (CSRF)
Security Headers: if the State hosts the Frontend, it is highly recommended that they review and implement all applicable security headers
Content-Security-PolicyStrict-Transport-SecurityX-Frame-OptionsX-Content-Type-OptionsX-Xss-Protection
A complete security review of the backend has not been completed.
If you are new to AWS here are a few articles on security best practices to read before implementing:
HOME » TECHNICAL DOCUMENTATION
Technical
Technical Overview
MVP System Design Doc
Using Github
Design
Design Overview
Security
Security Overview
Financial
Financial Overview
Cost Estimation