User:CSteipp (WMF)/ServiceSecurity
This page is currently a draft.
|
Some of this will change based on the outcome of the SOA Auth RFC
When designing your service
edit- Use libraries that support parameterizing / sanitation (if sqli/shell is really needed); also for session management if state is needed; html templating and sanitization
- TODO: <someone> should come up with a list of recommended libraries in the to-be-determined standard language list
- IN PROGRES: SOA Auth might provide session management-aaS
- TODO: Libraryize SVG and CSS sanitization; maybe the entire UploadBase::verifyFile()?
- (in)security should be configurable, and default to the more secure option
- Be careful about the private data your service exposed
- Don't show internal ip's
- Sanitize errors / exceptions
- User contributed data must be able to be deleted / suppressed
- This might require an authorization framework for adminstrators / oversighters
- Use libraries supported by a security team, that has released security updates
- Ensure someone on your team is alerted to security issues
- Have a documented process for releasing security updates to your service to third parties
- We should try to have a standard process across the organization
When implementing your service
edit- Use headers that prevent XSS: utf8 content-type, no-sniff, restrictive Content Security Policy
- Be cautious about direct object references / serialization (use JSON)
- Prevent CSRF on all state-changing requests
- Prevent directory traversal attacks
- Don't proxy requests, or whitelist URLs when you need to
- Prevent open-redirects / javascript url XSS vectors
- Prevent XXE attacks when processign XML
When deploying your service
edit- Service endpoints and parameters need to be discoverable so we can setup automated, dynamic security scanning