- Use OWASP Application Security Verification Standard(ASVS) for the verification of security controls
- Implement servers and frameworks are running on latest versions.
- Encrypt highly sensitive information(authentication verification data)
- Monitor networks and update software and hardware regularly
- Use Web Application Firewall(WAF) that monitors HTTP traffic across Internet and blocks vulnerabilities.
- Perform regular updates for libraries
- Use auto-scanning tools like Synk
- Principle of Least Priviledge(PoLP) ensures authorized users can execute jobs within the system.
- Roles based access towards some operations.
- Implementing strong password policies with rotation
- Implementing Multi-Factor Authentication(MFA)
- User tokens implemented during login form