- Enable & configure role-based access control. Configure TLS.
- Restrict network exposure - ensure the instance is only listening on the localhost interface.
- Configure system auditing. Stay updated with MongoDB security fixes.
- Understand how queries are handled by frameworks in use and their sanitization and validation capabilities.
Full post here, 7 mins read