I’m a software engineer who wants to launch his own product. I write that, because my business partner demands a good security system and I’m not really sure if my planned security measures are a good standard. I’m really afraid getting hacked and disappointing my customers and business partners – that’s the reason why I’m asking on this thread. I came so far with my own knowledge and research and therefore wanted validation or some other tips.
My security measures:
– Implement token based authentication with jwt ([jwt.io](https://jwt.io))
– Secure the connection with SSL
– Follow the OWASP top ten web app security rules ([https://owasp.org/www-project-top-ten/](https://owasp.org/www-project-top-ten/))
– Probably at a later stage, look more into Firewalls and DDoS protection, because at the beginning I doubt that someone will DDoS us with a few customers and the standard firewall will probably be enough.
What is your opinion? Do you think it’s missing out on some crucial things or do you think it’s a solid foundation?