You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If we have integrated #508 we should think more about API security. This means we want to support our users to better understand the traffic of your API. Since we have all requests in our logs we could analyze those logs in the background and then create a security log to report suspicious calls to your API. A user could then view the security log to decide whether to block a specific IP or range through the firewall. We should look at the following things:
IP-Range is this maybe a TOR user
Look for SQLi in the request parameters or body
Look for path traversal ../../../ in the request parameters or body
Maybe also requests to a private endpoint without or a wrong Authentication header
In general calls the the authorization endpoint with wrong credentials
The text was updated successfully, but these errors were encountered:
If we have integrated #508 we should think more about API security. This means we want to support our users to better understand the traffic of your API. Since we have all requests in our logs we could analyze those logs in the background and then create a security log to report suspicious calls to your API. A user could then view the security log to decide whether to block a specific IP or range through the firewall. We should look at the following things:
../../../in the request parameters or bodyThe text was updated successfully, but these errors were encountered: