For the security checklist I've thought of some nice checks. But some of them are have a greater impact on security then others. Behold: check-severity. A number to define the severity of the check.
The severity is an integer ranging from 1-5.
These are the checks currently implemented and ther severity-rating
- 5 AppInDebugMode,
- 5 IsAppSecretKeySet,
- 5 NotUsingDefaultAdminCredentials,
- 1 UsingPublicFolder,
- 3 ComposerWithoutDevDep,
- 4 IsTheInstallerDeleted,
- 4 IsCSRFProtectionEnabled,
- 2 AreWeUseingDotEnv
- 2 DoWeEncryptSessionData,
- 3 DefaultCookieName,
- 2 HttpsOnlyCookies
I wonder what you guys @LukeTowers, @CptMeatball think about this severity-rating.
For the security checklist I've thought of some nice checks. But some of them are have a greater impact on security then others. Behold: check-severity. A number to define the severity of the check.
The severity is an integer ranging from 1-5.
These are the checks currently implemented and ther severity-rating
I wonder what you guys @LukeTowers, @CptMeatball think about this severity-rating.