Security
API AutoFlow provides both data security and access control.
HTTPS TLS (formerly SSL)
Refer to HTTPS for more detail.
Data Encryption
API AutoFlow provides data security actions to encrypt and decrypt data.
Refer to Security Actions for more detail.
- Decrypt
- Encrypt
- Hash
- Mac
Access Control
UserID based access control can be managed from the Administrator section.
Refer to Administration Section for more detail.
OWASP Top 10
A1:2017-Injection
SQL Injection safety in API AutoFlow is supported by underlying library. Solution creators are also encouraged to add additional checks before using user input in SQL queries.
A2:2017-Broken Authentication
Support for multiple authentication methods is provided to ensure correct implementation of authentication is just a few clicks aways.
A3:2017-Sensitive Data Exposure
Refer to Security Actions for data security actions
A4:2017-XML External Entities (XXE)
Support for XML encode/decode is provided as actions. Take care to only allow controlled and known XML documents for processing.
A5:2017-Broken Access Control
Flexible Access Control may be implemented based on various data sources. Solution creators are encouraged to implement a level of access control right for the solution being created.
A6:2017-Security Misconfiguration
Empty body is returned by default. Solution creators has control over what gets returned on each request.
A7:2017-Cross-Site Scripting XSS
Data is not shared between users.
A8:2017-Insecure Deserialization
There is no default serialization of user data. Solution creators are encouraged to take care when using user data for serialization.
A9:2017-Using Components with Known Vulnerabilities
External components may not be used with API AutoFlow.
A10:2017-Insufficient Logging & Monitoring
Refer to Logging Refer to Data