Security Posture
Zum LoginWe build security into delivery: access control, hardened environments, and measurable controls.
Controls we operate
TLS enforced (HTTPS only)
Security headers (CSP, frame-ancestors, nosniff, referrer policy, permissions policy)
Rate limiting for auth/admin
Secure sessions (HttpOnly, Secure, SameSite)
Audit logs & change tracking (admin + auth events)
Backups & restore procedure
TODO: Set `BACKUP_SCHEDULE` and `BACKUP_TARGET` in ops config and document restore RTO/RPO.
Standards we align with
- Aligned with Zero Trust principles (NIST SP 800-207)
- Inspired by CIS Controls
- Web app checks mapped to OWASP ASVS