Lesson 2 — Security and Verification

Topics

• Produce a threat model
• Write tests for critical security flows
• Test authorization boundaries deliberately
• Test file-related abuse cases deliberately
• Perform a final security review before release
• user registration, login, and logout
• secure session management
• file upload and download flows
• file metadata persistence
• file ownership and permission-based sharing
• centralized authorization checks
• audit logging for security-relevant events
• basic realtime notifications
• background processing for non-request-path work
• structured logs and operational visibility
• production deployment with HTTPS
• threat model, architecture notes, and runbook
• file versioning
• expiring share links
• signed URLs
• antivirus or malware scanning pipeline
• thumbnail or preview generation
• Redis caching
• OpenTelemetry tracing
• object storage integration
• team workspaces
• advanced dashboards and alerts
• Kubernetes deployment
• source repository
• README and setup guide
• architecture document
• threat model
• API documentation
• deployment guide
• runbook
• test evidence
• live deployment or deployment recording
• short retrospective explaining tradeoffs, limitations, and next improvements