Jump to: navigation, search
Line 5: Line 5:
 
*Cross Site Request Forgery Protection
 
*Cross Site Request Forgery Protection
  
Web Services includes additional security configurations that you can use with your installation:
+
==Transport Layer Security==
* [[SecuredConnections|Transport Layer Security (TLS)]]
+
 
* [[SecuredConnectionsSAML|Security Assertion Markup Language (SAML) authentication]]
+
 
* [[CSRFProtection|Cross-Site Request Forgery (CSRF) protection]]
 
* [[CORS|Cross-Origin Resource Sharing (CORS) filter]]
 
  
For details about how Web Services handles authentication, see [[SecuredConnectionsSAMLHTCCFlow|Web Services authentication flow]].
 
  
 
[[Category:V:HTCC:9.0.0DRAFT]]
 
[[Category:V:HTCC:9.0.0DRAFT]]

Revision as of 04:42, February 5, 2020

Configuring security

Web Services adheres to the standards described in the Open Web Application Security Project (OWASP) Top 10 — see the OWASP website for details about the Top 10 — and has adopted several methods of ensuring security, for example:

  • Errors are logged locally to prevent information leakage through API requests.
  • User sessions have a timeout option.
  • Cross Site Request Forgery Protection

Transport Layer Security

Comments or questions about this documentation? Contact us for support!