# Security Rules - OWASP Top 10 protection - CSRF, XSS, SQL Injection, LDAP Injection protection - MFA Ready - Password Policy - Session Management - Encryption for secrets - HTTPS Only - Security audit logging mandatory