• Enable & configure role-based access control. Configure TLS.
  • Restrict network exposure - ensure the instance is only listening on the localhost interface.
  • Configure system auditing. Stay updated with MongoDB security fixes.
  • Some MongoDB operations let you execute arbitrary JavaScript expressions. Disable JavaScript execution.
  • Understand how queries are handled by frameworks in use and their sanitization and validation capabilities.

Full post here, 7 mins read