Security

Todo

  • OWASP
  • Security Requirements by banking providers?
  • Audits needed? Ex: Unit Ensure security policies, XSS prevention, disable Iframe Embedding,
  • Referrer policy
  • IP Blocking - some regulation require US only, checking for VPN, fraud detection
  • Fraud Handling - closing accounts, suspending accounts, refunds, freezing assets
  • Dependency auditing - Snyk Have external security audit
  • Make sure you are following regulations and compartmentalization for Prod data, even logging HTTPs, HTTP redirect