🔐 Security Checklist
Security Test Check
- XSS
- CSRF
- SQL Injection
- Clickjacking
- Memory Leak
- Input Sanitation
- Containerization
- Exposed Private Environment
- No Public Bucket (all bucket must private)
XSS
Cross-site scripting (XSS) is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users.
Prevention
- Use
Content Security Policy
(CSP) to prevent XSS attacks - Use
X-XSS-Protection
to prevent XSS attacks - Use
X-Content-Type-Options
to prevent XSS attacks - Use
HTTPOnly
to prevent XSS attacks - Use
Secure
to prevent XSS attacks - Use
SameSite
to prevent XSS attacks - Use
Escape Output
to prevent XSS attacks
CSRF
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
Prevention
- Use
CSRF Token
to prevent CSRF attacks - Use
SameSite
to prevent CSRF attacks - Use
CORS
to prevent CSRF attacks - Use
Origin
to prevent CSRF attacks - Use
Referer
to prevent CSRF attacks - Use
Double Submit Cookie
to prevent CSRF attacks
SQL Injection
SQL injection is a code injection technique that might destroy your database.
Prevention
- Use
Prepared Statements
to prevent SQL Injection - Use
Parameterized Queries
to prevent SQL Injection - Use
Stored Procedures
to prevent SQL Injection - Use
ORM
to prevent SQL Injection - Use
Input Sanitization
to prevent SQL Injection
Clickjacking
Clickjacking is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
Prevention
- Use
X-Frame-Options
to prevent Clickjacking - Use
Content Security Policy
(CSP) to prevent Clickjacking - Use
Frame Ancestors
to prevent Clickjacking
Memory Leak
A memory leak is a type of resource leak that occurs when a computer program incorrectly manages memory allocations in such a way that memory which is no longer needed is not released.
Prevention
- Use
Memory Profiling
to prevent Memory Leak - Use
Memory Management
to prevent Memory Leak - Use
Garbage Collection
to prevent Memory Leak - Use
Memory Leak Detection
to prevent Memory Leak
Input Sanitation
Input sanitation is the process of cleaning data from any input that is used by an application. This is done to prevent any malicious data from being executed by the application.
Prevention
- Use
Input Validation
to prevent Input Sanitation - Use
Input Filtering
to prevent Input Sanitation - Use
Input Escaping
to prevent Input Sanitation - Use
Input Encoding
to prevent Input Sanitation - Use
Input Sanitization
to prevent Input Sanitation
Containerization
Containerization is a lightweight alternative to full machine virtualization that involves encapsulating an application in a container with its own operating environment.
Prevention
- Use
Docker
to prevent Containerization - Use
Kubernetes
to prevent Containerization - Use
Podman
to prevent Containerization - Use
LXC
to prevent Containerization - Use
LXD
to prevent Containerization
Exposed Private Environment
Exposed private environment is a condition where the private environment is exposed to the public.
Prevention
- Use
Private Network
to prevent Exposed Private Environment - Use
VPN
to prevent Exposed Private Environment - Use
Firewall
to prevent Exposed Private Environment - Use
Security Group
to prevent Exposed Private Environment
No Public Bucket
All bucket must private
Prevention
- Use
Private Bucket
to prevent No Public Bucket - Use
Bucket Policy
to prevent No Public Bucket - Use
ACL
to prevent No Public Bucket - Use
IAM
to prevent No Public Bucket - Use
VPC Endpoint
to prevent No Public Bucket - Use
CloudFront
to prevent No Public Bucket - Use
Origin Access Identity
to prevent No Public Bucket - Use
Signed URL
to prevent No Public Bucket - Use
Signed Cookie
to prevent No Public Bucket - Use
Pre-Signed URL
to prevent No Public Bucket - Use
Pre-Signed Cookie
to prevent No Public Bucket - Use
CloudFront Signed URL
to prevent No Public Bucket - Use
CloudFront Signed Cookie
to prevent No Public Bucket - Use
CloudFront Pre-Signed URL
to prevent No Public Bucket - Use
CloudFront Pre-Signed Cookie
to prevent No Public Bucket - Use
CloudFront Origin Access Identity
to prevent No Public Bucket - Use
CloudFront Origin Access Identity
to prevent No Public Bucket - Use
CloudFront Origin Access Identity
to prevent No Public Bucket - Use
CloudFront Origin Access Identity
to prevent No Public Bucket