Configuring Security Parameters
This section describes the various security configurations required for the Temenos Transact browser application.
Configuring a strong password enables better protection reducing the possibility for a brute-force attack and security misconfiguration. This section outlines the password policy and helps you to configure a password.
Browser encoding is implemented to sanitise malicious user input data and provide protection against injection vulnerabilities. This section helps to perform core browser encoding.
HTTP headers are balanced between usability and security. The source code that is implemented through headers makes applications more versatile and secure. As a best practice, headers should be configured to minimise the attack surface. This section helps to configure the various security headers to minimise security threats.
Configuring host header prevents an attacker from using this header to redirect the application to a different website or application.
The Cross-Site Request Forgery (CSRF) protection method is called synchronizer token pattern, which protects the form against cross-site request forgery attacks. The token should be invalidated after some time and/or after the user logs out. Anti-CSRF tokens are often exposed through AJAX, that is, sent as headers or request parameters with AJAX requests. This section helps you to enable the form token filter that mitigates CSRF protection method.
Cookies are pieces of information stored on the client side and are sent to the server with every request made by the client. Cookies are primarily used for authenticating and maintaining sessions. Hence, securing a cookie effectively means securing a user's identity. This section enables you to configure cookie attributes for the Temenos Transact browser.
Preventing Malicious File Upload
The file type restriction mitigates threats like exploiting the vulnerabilities in the file parser using the file for phishing, overwriting an existing file on the system, client-side attacks like XSS, CSRF, and so on. This section helps to configure parameters to prevent any malicious file upload.
This sections helps to configure parameters to prevent accessing the web pages without authentication and provide protection against predictable resource location, file enumeration, directory enumeration, and resource enumeration.
Preventing Full Path Disclosure
Full Path Disclosure (FPD) vulnerabilities allow the attacker to see the path to the web root or file. If the web root is leaked, attackers may abuse the knowledge and use it in combination with file inclusion vulnerabilities to steal configuration files regarding the web application or the operating system. To avoid this, the full path of the file must not be disclosed. This section enables you to configure parameters against FPD vulnerabilities.
Preventing Server Information Disclosure
This configuration helps prevent an attacker from using the disclosed server information to harvest specific security vulnerabilities for the name and version identified. This section enables you to configure parameters to prevent security vulnerabilities that may occur due to disclosed server information.
In this topic