48 lines
1.3 KiB
Markdown
48 lines
1.3 KiB
Markdown
# Security Practices Reference
|
|
|
|
Complete technical reference for Grey Haven security standards and practices.
|
|
|
|
## Reference Materials
|
|
|
|
1. **[OWASP Top 10 for Grey Haven Stack](owasp-top-10.md)** - Vulnerability prevention
|
|
- A01: Broken Access Control
|
|
- A02: Cryptographic Failures
|
|
- A03: Injection
|
|
- A04: Insecure Design
|
|
- A05: Security Misconfiguration
|
|
- A06: Vulnerable Components
|
|
- A07: Authentication Failures
|
|
- A08: Data Integrity Failures
|
|
- A09: Logging Failures
|
|
- A10: Server-Side Request Forgery
|
|
|
|
2. **[Security Configuration](security-configuration.md)** - Complete settings guide
|
|
- Authentication configuration
|
|
- Session management
|
|
- CORS settings
|
|
- Rate limiting config
|
|
- Environment variables
|
|
|
|
3. **[Secret Management](secret-management.md)** - Doppler integration guide
|
|
- Required secrets
|
|
- Doppler CLI reference
|
|
- Access patterns
|
|
- Rotation procedures
|
|
|
|
4. **[Multi-Tenant Security](multi-tenant-security.md)** - Tenant isolation patterns
|
|
- RLS policies
|
|
- Query patterns
|
|
- Testing strategies
|
|
- Common pitfalls
|
|
|
|
## Quick Links
|
|
|
|
- For examples: See [examples/](../examples/INDEX.md)
|
|
- For checklists: See [checklists/](../checklists/)
|
|
- For templates: See [templates/](../templates/)
|
|
|
|
---
|
|
|
|
**Coverage**: OWASP Top 10, Configuration, Secrets, Multi-tenancy
|
|
**Last Updated**: 2025-11-09
|