These seem like tasks that invite "re-inventing the wheel" redundant effort. Anyone aware of scripts, Ansible playbooks, step-by-step checklists, etc. to help make the process more efficient and secure?
from the OWASP list some of the high level tasks you will need to do:
setting proper response headers ( cross origin, strict https, etc)
input validation ( for cross site scripting)
file upload scanning for viruses, etc
securing authentication ( appropriate token policies, account lock against
brute force attacks)
update configs to remove server details from exposed via headers ( e.g.
you can run a vulnerability scan using tools like burp, zap to scan for
holes in your web app
On Sat, Oct 7, 2017 at 1:27 PM, Leandro David Cacciagioni <
[hidden email]> wrote: