← Projects

SSP

Security & InfrastructureCompleted

Production tracking system web app for work orders, contracts, employees, and resources, hardened with a passwordless OTP and IP-bound session security layer.

Gallery (5)

Details

  • Passwordless OTP authentication with progressive lockout on failed attempts
  • Single active session per user with IP binding and hardware fingerprint fallback consistent across browsers
  • 12-step security middleware covering rate limiting, CSP nonce, inactivity, role revalidation, and IP/fingerprint checks
  • Email alerts on new device or new geographic location with one-use block links
  • Role-based access control across five roles with forced logout on role change and per-page server-side verification
  • Hardened security headers (CSP nonce, HSTS, X-Frame-Options, Permissions-Policy)
  • Audit log for login, logout, and sensitive user mutations
  • Client-side guards for inactivity logout and multi-tab tracking with sendBeacon on tab close
  • Threat model documentation following MITRE ATT&CK
  • Management of work orders, contracts, employees, crews, vehicles, inspectors, and items
← PreviousRecipear
Next →Finanzas App