Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security review of all authentication endpoints #74

Open
devraj opened this issue May 7, 2023 · 0 comments
Open

Security review of all authentication endpoints #74

devraj opened this issue May 7, 2023 · 0 comments
Assignees
@devraj

Comments

@devraj
Copy link
Member

devraj commented May 7, 2023

Is your feature request related to a problem? Please describe.
The feature request is to conduct a security review to harden all authentication related endpoints.

There are various approaches which involve:

  • Not revealing data that would go towards identifying if a user exists on the system
  • Throttling endpoints like reset or otp requests which could lead to large scale abuse of a system, this is particularly important as the endpoints can be triggered outside of a user interface
  • Working with infrastructure providers to prevent large or Web Application Firewalls to prevent attacks on the API layer

The aim here is to harden these endpoints so they are as secure as possible for applications around the Anomaly ecosystem.

Describe the solution you'd like
A better reviews set of endpoints for authentication

Describe alternatives you've considered
NA

Additional context
NA
@devraj devraj self-assigned this May 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@devraj devraj

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@devraj