Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As a secure system it shall protect RESTful API based service endpoint against mal-requests #4

Open
greenlaw110 opened this issue Dec 14, 2017 · 0 comments
Open

As a secure system it shall protect RESTful API based service endpoint against mal-requests #4

greenlaw110 opened this issue Dec 14, 2017 · 0 comments
Assignees
@greenlaw110
Labels
non-functional

Comments

@greenlaw110
Copy link
Contributor

Description

    1. When an API is exposed to public user registration, it shall be protected against bulk requests that are initialized by robot agent. Possible protection tool could be
    • 1.1 capcha
    • 1.2 CSRF token
    • 1.3 IP based flow control
    1. When an API is provided for external service endpoint, it shall be protected by
    • 2.1 application id/secret token exchange mechanism
    1. When an API is provided for HTTP based admin tool, it shall be protected by
    • 3.1 capcha
    • 3.2 CSRF token
    • 3.3 IP restriction
    1. When an API is provided for CLI based admin tool, it shall be protectd by
    • 4.1 IP restricted SSH

Implementation

  • CSRF shall be turned on globally in app configuration
  • capcha shall be implemented in application
  • IP based flow controll shall be turned on globally in app configuration
  • IP restriction for HTTP/HTTPS/SSH access shall be implemented in live system
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@greenlaw110 greenlaw110

Labels
non-functional
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@greenlaw110