GritGrit
GitHub

Chapter 5 Assignment

Full defence audit

The brief

Verify every defence is enabled + tuned: Sentinel limits, CSP headers, CSRF on form endpoints, audit log on sensitive ops. Document each in a `SECURITY.md` at the repo root.

You've completed this when

  • SECURITY.md exists and lists every active defence
  • curl against deliberately-broken inputs returns the right status
  • Audit log captures admin actions

Worked through every criterion?

Push your code to GitHub, paste the link in your notes.md, and move on.

Finish course
Back to chapter