Security Hardening rules

Ensure that user-controlled HTTP redirections are validated to prevent phishing attacks.

Ensure that URLs used in redirection are properly validated and restricted to trusted domains. Open redirects can be exploited to redirect users to malicious sites.

Ensure that all user inputs related to file paths are validated and sanitized to prevent path traversal attacks.

Ensure that all user inputs in templates are properly validated and sanitized to prevent SSTI attacks.

Using unsanitized user input in SQL queries can lead to SQL injection attacks. Use parameterized queries to protect against malicious inputs.

Ensure that user-controlled data is not used to suspend threads, as it can lead to Denial of Service (DoS) attacks.

In Pulumi TypeScript programs, load sensitive values with new Config().requireSecret and pass as Secret<T>, never plain strings.

Before handling sensitive personal data (e.g., health, biometric), verify a valid consent record and attach its ID to the processing context. Provide a path to revoke consent and stop further processing.

Allowing user input in connection strings can lead to injection attacks. Always validate and sanitize inputs before constructing connection strings.

Identify server-side requests that do not validate input sources. SSRF vulnerabilities allow attackers to make unauthorized requests on behalf of the server. Restrict and validate request sources.

Disabling SSL/TLS certificate validation exposes applications to Man-in-the-Middle (MitM) attacks, compromising security.

Skipping certificate validation enables attackers to impersonate trusted entities and intercept secure communications.

Validate required parameters at boundaries using require/requireNotNull or explicit validators; fail fast with actionable messages.

Validate method inputs up front with null checks or use Objects.requireNonNull and meaningful messages.

Validate presence, format, and ranges for incoming parameters before processing.

Validate presence, type, and range of critical inputs at boundaries (API, CLI, jobs) and fail fast with clear messages.

Serve via rustls with TLS1.2+ and add middleware to log JSON audit events with user_id and request_id; never log raw tokens.

Enforce uniqueness at the database level (unique indexes/constraints) for identifiers and natural keys.

Failing to check `ModelState.IsValid` before processing user input can result in invalid or unverified data being accepted.

Protect /exports/ with role checks, fresh MFA, and rate limits; add requester and approved_by to the audit event.

Whenever PII is read, emit an audit event capturing actor, purpose, fields touched, and legal basis; never include raw PII in the audit payload—store hashes/tokens only.

Check for occurrences where user input is directly used to construct system commands. This introduces a risk of command injection. Suggest using parameterized queries or safe wrappers instead.

Passing user input directly into system commands can lead to command injection vulnerabilities. Always sanitize inputs before execution.

Do not use the eval() function to run dynamically generated PHP code, especially if it can include user input. Look for safe alternatives like controlled function calls or explicit decision structures.