(Created page with "= Configuring security= Web Services adheres to the standards described in the Open Web Application Security Project (OWASP) Top 10 — see the [http://www.owasp.org/index...") |
|||
| Line 15: | Line 15: | ||
==Next step== | ==Next step== | ||
* [[StartWSA|Starting and stopping Web Services and Applications]] | * [[StartWSA|Starting and stopping Web Services and Applications]] | ||
| + | [[Category:V:HTCC:9.0.0DRAFT]] | ||
Revision as of 13:30, January 28, 2020
Configuring security
Web Services adheres to the standards described in the Open Web Application Security Project (OWASP) Top 10 — see the OWASP website for details about the Top 10 — and has adopted several methods of ensuring security, for example:
- Errors are logged locally to prevent information leakage through API requests.
- User sessions have a timeout option.
- Cross Site Request Forgery Protection
Web Services includes additional security configurations that you can use with your installation:
- Transport Layer Security (TLS)
- Security Assertion Markup Language (SAML) authentication
- Cross-Site Request Forgery (CSRF) protection
- Cross-Origin Resource Sharing (CORS) filter
For details about how Web Services handles authentication, see Web Services authentication flow.
Next step
Comments or questions about this documentation? Contact us for support!