Skip to content

Commit ba6daee

Browse files
erynoeryno
authored
Setup (noun) -> Set up (verb)
1 parent 8edfbf4 commit ba6daee

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

security-checklist.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@
6363
- [ ] Use a decent provisioning script to create VMs in the cloud.
6464
- [ ] Check for machines with unwanted publicly `open ports`.
6565
- [ ] Check for no/default passwords for `databases` especially MongoDB & Redis. BTW MongoDB sucks, avoid it.
66-
- [ ] Use SSH to access your machines; do not setup a password.
66+
- [ ] Use SSH to access your machines; do not set up a password.
6767
- [ ] Install updates timely to act upon zero day vulnerabilities like Heartbleed, Shellshock.
6868
- [ ] Modify server config to use TLS 1.2 for HTTPS and disable all other schemes. (The tradeoff is good.)
6969
- [ ] Do not leave the DEBUG mode on. In some frameworks, DEBUG mode can give access full-fledged REPL or shells or expose critical data in error messages stacktraces.
@@ -72,9 +72,9 @@
7272
- [ ] If developing for enterprise customers, adhere to compliance requirements. If AWS S3, consider using the feature to [encrypt data](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html). If using AWS EC2, consider using the feature to use encrypted volumes (even boot volumes can be encypted now).
7373

7474
##### PEOPLE
75-
- [ ] Setup an email (e.g. [email protected]) and a page for security researchers to report vulnerabilities.
75+
- [ ] Set up an email (e.g. [email protected]) and a page for security researchers to report vulnerabilities.
7676
- [ ] Depending on what you are making, limit access to your user databases.
7777
- [ ] Be polite to bug reporters.
7878
- [ ] Have your code review done by a fellow developer from a secure coding perspective. (More eyes)
7979
- [ ] In case of a hack or data breach, check previous logs for data access, ask people to change passwords. You might require an audit by external agencies depending on where you are incorporated.
80-
- [ ] Setup [Netflix's Scumblr](https://github.com/Netflix/Scumblr) to hear about talks about your organization on social platforms and Google search.
80+
- [ ] Set up [Netflix's Scumblr](https://github.com/Netflix/Scumblr) to hear about talks about your organization on social platforms and Google search.

0 commit comments

Comments
 (0)