I am developing a platform, the details don’t matter, but it’s a system the hosts personal data. As a result, I want to avoid hosting users in any way, and I am trying to make it as easy to self-host as possible.
I have some experience self hosting applications and I have some intuuition what to do or don’t, but I wanted to see if I can pull from the collective wisdom.
Got any good resources to share? Any tips? Or, maybe some bad experiences or things to avoid?
A good place to start is the owasp cheat sheet. They provide up-to-date, high value information about software security, I wish there was a resource like this when I started learning about security.
Even though, I have a decent background in software security, it’s hard to decide on an encryption schema that’s both safe and easy to use. My goal is to increase the number of components an attacker has to compromise in order to get access to the data.