Skip to content
Branch: master
Find file Copy path
Find file Copy path
4 contributors

Users who have contributed to this file

@mr-mig @nikitadyumin @leonardofalk @ad-m
95 lines (57 sloc) 2.46 KB

Serverside checklist

This is a checklist for serverside of the Web App.


  • Licences of my application's 3rd-party dependencies are not violated
  • My application does not violate cryptography policies and laws
  • My app is compliant according to the organisation standards


  • My application can retain reasonable functionality in isolation
  • My application can recover from being under heavy load
  • My application can reestablish all lost connections
  • My application can not cause Cascading Failures to propagate through the system

Load balancing

  • My project can run on multiple CPUs
  • My project can run behind the load balancer
  • I can add a new node without system downtime

Transparent deployment

  • I can add a new node without stopping the application
  • I can add a new node without user sessions being lost/destroyed
  • I can make a rolling upgrades for my service


  • My application can survive a server restart
  • My application is restarted automatically after the crash


  • My application logs all errors (even "swallowed")

  • My application produces log output to rotated files

    • Streams with different log levels are separated from each other
  • My logs are aggregated to a log analysing service


  • I have configured the alerts for abnormal activity

    • Application restart events
    • Error rate threshold reached
    • Server resources are soon to be exhausted (CPU, memory, IO > 90%)
    • HTTP requests timeouts
    • HTTP responses with 500 status codes
  • I have health checks for all parts of my system


  • I can observe different events from my app over time

    • Number of requests for endpoints
    • Duration of requests for endpoints
    • Duration of business-logic operations

High Availability

  • I can run my services in different independent Data Centers


  • I have performed stress tests for my application
  • I have performed network partitioning tests for my application


  • I can restore all my data from backups


  • I have audited my system against OWASP Top 10 Vulnerabilities

  • I use TLS for all endpoints

  • I have added relevant security headers to app HTTP endpoints

    • X-Frame-Options
    • X-Content-Type-Options
    • Content-Security-Policy
    • X-XSS-Protection
    • Strict-Transport-Security
    • Public-Key-Pins
You can’t perform that action at this time.