Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security (Security Architecutre (14-Configuration Architectural…
Security
Security Architecutre
14-Configuration Architectural Requirements
13-API Architectural Requirements
12-Secure File Upload Architectural Requirements
11-Business Logic Architectural Requirements
10-Malicious Software Architectural Requirements
9-Communications Architectural Requirements
8-Data Protection and Privacy Architectural Requirements
7-Errors, Logging and Auditing Architectural Requirements
6-Cryptographic Architectural Requirements
5-Input and Output Architectural Requirements
4-Access Control Architectural Requirements
3-Session Management Architectural Requirements
2-Authentication Architectural Requirements
1-Secure Software Development Lifecycle Requirements
REST_Security
HTTPS
Access Control
JWT
API Keys
Restrict HTTP methods
Input validation
Validate content types
Validate request content types
Send safe response content types
Management endpoints
Error handling
Audit logs
CORS
Sensitive information in HTTP requests
Authentication General Guidelines
Store Passwords in a Secure Fashion
Compare Password Hashes Using Safe Functions
Transmit Passwords Only Over TLS or Other Strong Transport
Require Re-authentication for Sensitive Features
TLS Client Authentication
Authentication and Error Messages
Protect Against Automated Attacks
Multi-Factor Authentication
Logging and Monitoring
OAuth
OpenId
SAML
FIDO
Cryptographic_Storage
Key exchange
Diffie–Hellman
Message Integrity
HMAC-SHA2
Message Hash
SHA2 256 bits
Asymmetric encryption
RSA 2048 bits
Symmetric encryption
AES 128 bits
Password Hashing
Argon2
Denial_of_Service
Application attacks
Network attacks
Access Control
Access Control Policy
Role Based Access control (RBAC)
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Permission Based Access Control
Clickjacking_Defense
Content_Security_Policy
Cross-Site_Request_Forgery_Prevention
Cross_Site_Scripting_Prevention
Forgot_Password
Error_Handling
Injection_Prevention
JWT
Key_Management
Logging
Microservices_based_Security