Configuring security
Web Services adheres to the standards described in the Open Web Application Security Project (OWASP) Top 10 — see the OWASP website for details about the Top 10 — and has adopted several methods of ensuring security, for example:
- Errors are logged locally to prevent information leakage through API requests.
- User sessions have a timeout option.
- Cross Site Request Forgery Protection
Web Services includes additional security configurations that you can use with your installation:
- Transport Layer Security (TLS)
- Security Assertion Markup Language (SAML) authentication
- Cross-Site Request Forgery (CSRF) protection
- Cross-Origin Resource Sharing (CORS) filter
For details about how Web Services handles authentication, see Web Services authentication flow.
Next step
This page was last edited on March 25, 2016, at 18:22.
Comments or questions about this documentation? Contact us for support!