- Login & registration authentication
- Stored passwords hashed
- CSRF protection
- Prepared statements to protect from SQL injection
- Input sanitisation to protect from XSS
- ReCAPTCHA
- 2FA via QR code
- TLS for HTTPS
All keys & certs have been omitted from the repo, for obvious reasons