This repository has been archived by the owner on Dec 2, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 5
Security Overview
David Scrobonia edited this page May 15, 2020
·
3 revisions
HOME » TECHNICAL DOCUMENTATION » SECURITY OVERVIEW
- All user input returned to the frontend is properly output encoded by default in React. There are no instances of
dangerouslySetInnerHTML
, which circumvents React’s default protections. - Snyk vulnerability and dependency scanning runs on every PR to check for vulnerabilities in dependencies.
- Trufflehog secrets detection has been ran against the repository.
- Denial of Service (DoS) Attack Vectors
- AuthN and AuthZ
- Session Hijacking
- Cross Site Request Forgery (CSRF)
Security Headers: if the State hosts the Frontend, it is highly recommended that they review and implement all applicable security headers
Content-Security-Policy
Strict-Transport-Security
X-Frame-Options
X-Content-Type-Options
X-Xss-Protection
A complete security review of the backend has not been completed.
If you are new to AWS here are a few articles on security best practices to read before implementing:
HOME » TECHNICAL DOCUMENTATION
Technical
Technical Overview
MVP System Design Doc
Using Github
Design
Design Overview
Security
Security Overview
Financial
Financial Overview
Cost Estimation