40 - Security and Compliance Hardening (Default-Safe Engineering)

Home: README

Security cannot be bolted on. It must be built in from first commit.

Hardening objectives

• Protect credentials, tokens, and sensitive data.
• Enforce least privilege access patterns.
• Reduce dependency and supply-chain risk.
• Maintain auditable evidence of control execution.

Hardening lab pack

1. Secrets handling baseline (env vars + secret manager model).
2. Input validation and output sanitization checks.
3. Dependency inventory and upgrade policy.
4. AuthN/AuthZ policy checks for services.
5. Audit log schema and retention policy.
6. Security incident drill with documented response.

Evidence requirements

• Threat model for each major system.
• Security checklist in every release package.
• Audit-ready artifacts for quarterly review.

Primary Sources

• FastAPI security
• pip docs
• PyPA guidance
• Python logging HOWTO

Optional Resources

• Real Python

Next

Next: 41_PERFORMANCE_ENGINEERING_LAB.md →