Checklist de seguranca.
Mapa operacional de controles para validacao antes de venda enterprise.
A01 - Broken Access Control
Status: automated
RBAC, tenant scope, security E2E and portal token checks.
A02 - Cryptographic Failures
Status: configured
JWT/session secrets, secure portal AES-GCM token, production SECRET_KEY guard.
A03 - Injection
Status: automated
SQLAlchemy parameterized queries and analytics validation schemas.
A04 - Insecure Design
Status: documented
Offline idempotency, explicit project/location context and workflow approval.
A05 - Security Misconfiguration
Status: automated
Healthcheck, typed env, production config assertions and security headers.
A06 - Vulnerable Components
Status: manual
Run pip/npm audit in CI before production release.
A07 - Identification and Authentication Failures
Status: automated
Refresh rotation, rate limiting on auth and sync, session revocation.
A08 - Software and Data Integrity Failures
Status: configured
Alembic migrations and direct S3/R2 upload metadata confirmation.
A09 - Security Logging and Monitoring Failures
Status: configured
structlog request_id/company_id and Sentry integration hooks.
A10 - Server-Side Request Forgery
Status: manual
Webhook URLs need allowlist policy before enterprise production.