Practical Security for Startups

Details: here

  • Use password manager and 2FA (KeePass, BitWarden)

  • Develop with Modern Frameworks

  • Configure Edge Service; helps prevent against DOS and most acts as CDN (Ex: Cloudflare)

  • Enable HTTP Security Headers

    • Ref: OWASP Secure Headers project, Security Headers

    • Tools to evaluate CSP: here

    • Report Generator: here

  • Apply Patches

  • Backup user data and source code

  • Centralize all logging

  • Recruit good hackers

  • Service Containerization