diff --git a/backend/src/main.ts b/backend/src/main.ts
index 6d4d521..5eb3a59 100644
--- a/backend/src/main.ts
+++ b/backend/src/main.ts
@@ -1,8 +1,52 @@
+import { Logger, ValidationPipe } from "@nestjs/common";
+import { ConfigService } from "@nestjs/config";
 import { NestFactory } from "@nestjs/core";
+import * as Sentry from "@sentry/nestjs";
+import { nodeProfilingIntegration } from "@sentry/profiling-node";
+import helmet from "helmet";
 import { AppModule } from "./app.module";
+import { AllExceptionsFilter } from "./common/filters/http-exception.filter";
 
 async function bootstrap() {
 	const app = await NestFactory.create(AppModule);
-	await app.listen(process.env.PORT ?? 3000);
+	const configService = app.get(ConfigService);
+	const logger = new Logger("Bootstrap");
+
+	const sentryDsn = configService.get<string>("SENTRY_DSN");
+	if (sentryDsn) {
+		Sentry.init({
+			dsn: sentryDsn,
+			integrations: [nodeProfilingIntegration()],
+			tracesSampleRate: 1.0,
+			profilesSampleRate: 1.0,
+			sendDefaultPii: false, // RGPD
+		});
+	}
+
+	// Sécurité
+	app.use(helmet());
+	app.enableCors({
+		origin:
+			configService.get("NODE_ENV") === "production"
+				? [configService.get("DOMAIN_NAME") as string]
+				: true,
+		credentials: true,
+	});
+
+	// Validation Globale
+	app.useGlobalPipes(
+		new ValidationPipe({
+			whitelist: true,
+			forbidNonWhitelisted: true,
+			transform: true,
+		}),
+	);
+
+	// Filtre d'exceptions global
+	app.useGlobalFilters(new AllExceptionsFilter());
+
+	const port = configService.get<number>("PORT") || 3000;
+	await app.listen(port);
+	logger.log(`Application is running on: http://localhost:${port}`);
 }
 bootstrap();