In a fast changing world, where digital transformation is being accelerated due to the Covid19 Pandemic, businesses are in a hurry to adopt digital solutions. However they forget the need to adopt robust security practices to prevent their eCommerce and IOT platforms, hence exposing valuable organisation data to competitors and hackers.
Ultimately, it is about recognising that the business world has been through its most significant upheaval since World War II, taking a holistic, informed look at how risks maps on to this, and then implementing realistic, high impact, cost-effective countermeasures. Wired magazine
Security is an important aspect of IOT platform engineering
If the entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. If we enable this setting, the pages will be served with an You should consider enabling this header to prevent the browser from identifying content types incorrectly.
Secure eCommerce sites and portals
Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
IOT platform security & sub domain
Without this, your site is potentially vulnerable to attack via an insecure connection to a subdomain. Only set this to True if you are certain that all subdomains of your domain should be served exclusively via SSL.
IOT platform security & cookie
Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token. Without this, your site cannot be submitted to the browser preload list.
Debugging options disabled !!
Our lives sites never run under debug options. Never deploy a site into production with DEBUG turned on. When DEBUG is True, Django will display a detailed trace back, including a lot of metadata about your environment, such as all the currently defined Django settings (from settings.py). File paths, configuration options and the like all give attackers extra information about your server.
IOT platform security – Cross site request forgery (CSRF) protection
eCommerce software platform admin security
One of the most important things is to make your website administration secure. Before you deploy your application you must change admin/ path to something only you know. Otherwise, someone can easily type /admin in url and access the administrator login page.