For PCI requierements I need to hardening a node.js app or nginx server but I only found guides for IIS, Tomcat, operative systems, etc. here you will find the available guides . My questions are:
For example dev-sec provides nginx hardening roles for puppet, ansible etc...
To harden a nodejs server the same principles should apply as hardening tomcat. PCI-DSS lists a couple of things you need to do:
First make sure you develop your application according to best practises from a security point of view. For instance, SSL/TLS, CSRF, Error handling, use SNYK or similar, as described here .
Talk to your QSA about the requirements.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.