Threat-Informed Defense-in-Depth Payment System
SecurePay is a robust fintech platform architected with a defense-in-depth security strategy. It is designed to secure sensitive Personally Identifiable Information (PII) and financial transactions against modern web threats.
- Defense-in-Depth Architecture: Layered security controls to protect against failure at any single point.
- AES Encryption: Sensitive PII is secured using AES encryption at rest.
- Argon2id Hashing: State-of-the-art password hashing to resist GPU-based brute-force attacks.
- Cryptographic Transaction Chain: Implements SHA-256 hashing to ensure immutable data integrity for all financial records.
- Idempotency Keys: Prevents double-spending and replay attacks by ensuring unique transaction processing.
- OWASP Top 10 Mitigation:
- TOTP 2FA: Time-based One-Time Password for robust second-factor authentication.
- JWT Session Management: Secure, stateless session handling.
- API Rate Limiting: Protects against brute-force and DoS attacks.
- Backend: Python, FastAPI
- Frontend: Next.js (React), Tailwind CSS
- Database: SQLite (Default) / SQLAlchemy ORM
- Security Libraries:
passlib,python-jose,cryptography,slowapi
- Python 3.8+
- Node.js 18+ & npm/pnpm
-
Navigate to the backend directory:
cd backend -
Create and activate a virtual environment:
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate
-
Install dependencies:
pip install -r requirements.txt
-
Run the server:
uvicorn app.main:app --reload
The API will be available at
http://localhost:8000.