1.4 Security Impact
| SECURITY RISK | MITIGATION |
|---|---|
| SECURITY VULNERABILITIES | Input /output validations would be in place within the services, though it is INFRA component responsibility where ever required. |
| Broken Authentication & Session Management | Hard authorizations are introduced for each
REST service calls.
Session management is not applicable for REST services as they are stateless.
JWT token based authentication is used for UI to consume Web APIs only for the known Users / Roles OAuth is introduced for Channel Integration to access the services |
| API Security | All the API requests are authenticated and used the principle of least privilege |
| SQL INJECTION | Features would ensure only parameterized queries are used and follow general coding best practices as per SCS guidelines |
| Security configuration on servers | Proper configurations are in place on application server (Docker, WebLogic server, SOA server, etc.) |
| DATA TAMPERING | Application has proper server side validations in place |
Parent topic: Export Documentary Collection Booking