It would be worth before handing the site over to the game dev club to deploy the site locally and see if there are any glaring vulnerabilities, e.g.:
- Zap
- Cross-site scripting vulnerabilities from inline scripts, forms, etc, e.g.
href=javascript:alert('XSS')
- Test malicious requests
Additionally, we should investigate configuring nginx, specifically CORS, to make cross-site scripting etc more difficult.
It would be worth before handing the site over to the game dev club to deploy the site locally and see if there are any glaring vulnerabilities, e.g.:
href=javascript:alert('XSS')Additionally, we should investigate configuring nginx, specifically CORS, to make cross-site scripting etc more difficult.