
Dev-Sec.io Automated Hardening Framework - kiyanwang
http://swreflections.blogspot.com/2016/06/dev-secio-automated-hardening-framework.html
======
r1ch
Some of these settings seem a bit dubious - setting the nginx keepalive
timeout to 5 seconds for example does nothing to "harden" things, but kills
performance of HTTPS sites. Be sure you understand what you're actually doing
before blanket applying all of these.

------
Singletoned
> under the project name "Hardening.io". The authors have recently had to
> rename this hardening framework to "Dev-Sec.io"

I can't imagine why...

~~~
zufallsheld
Why?

------
willejs
Ive been using this for a while, it's a really great project! Verifying your
infra against the inspec tests is really valuable.

