Security

Security

Security is a very important aspect of any application. This section will cover the security aspects of the application.

Authentication

The application uses JSON Web Tokens (opens in a new tab) for authentication. The tokens are stored in the browser's local storage. The tokens are sent to the server in the Authorization header.

Authorization

The application uses JSON Web Tokens (opens in a new tab) for authorization. The tokens are stored in the browser's local storage. The tokens are sent to the server in the Authorization header.

CSRF

The application uses CSRF (opens in a new tab) tokens to prevent CSRF attacks. The tokens are stored in the browser's local storage. The tokens are sent to the server in the X-CSRF-Token header.

XSS

The application uses XSS (opens in a new tab) tokens to prevent XSS attacks. The tokens are stored in the browser's local storage. The tokens are sent to the server in the X-XSS-Protection header.

SQL Injection

The application uses SQL Injection (opens in a new tab) tokens to prevent SQL Injection attacks. The tokens are stored in the browser's local storage. The tokens are sent to the server in the X-Content-Type-Options header.

Content Security Policy

The application uses Content Security Policy (opens in a new tab) to prevent XSS attacks. The tokens are stored in the browser's local storage. The tokens are sent to the server in the Content-Security-Policy header.

HTTP Strict Transport Security

The application uses HTTP Strict Transport Security (opens in a new tab) to prevent MITM attacks. The tokens are stored in the browser's local storage. The tokens are sent to the server in the Strict-Transport-Security header.

HTTP Public Key Pinning

The application uses HTTP Public Key Pinning (opens in a new tab) to prevent MITM attacks. The tokens are stored in the browser's local storage. The tokens are sent to the server in the Public-Key-Pins header.

HTTP Public Key Pinning Report Only

The application uses HTTP Public Key Pinning Report Only (opens in a new tab) to prevent MITM attacks. The tokens are stored in the browser's local storage. The tokens are sent to the server in the Public-Key-Pins-Report-Only header.

References

• OWASP Top 10 (opens in a new tab)
• OWASP Cheat Sheet Series (opens in a new tab)
• OWASP Testing Guide (opens in a new tab)
• OWASP Security Knowledge Framework (opens in a new tab)