Skip to content

Latest commit

 

History

History
123 lines (62 loc) · 2.99 KB

SECURITY.md

File metadata and controls

123 lines (62 loc) · 2.99 KB
Raw

Security

In the development process of WorkAround, we try to implement a as secure system as possible.

Architecture Overview

WorkAround-Threat-Model

Threat Model

Weak Credentials

Users can create weak passwords for their authentication.

Protection:

  • Users can't create passwords shorter than 12 characters.

Action:

  • Inform users to use a strong password when they try use a weak one.

No Session Timeout

The session created after a user login has no reasonable timeout duration.

Protection:

  • Sessions timeout after 1 hour.

SQL Injection

An attacker could inject malicious SQL statements to retrieve sensitive data.

Protection:

  • Use of client library to not directly write SQL statements (ORM-like behavior).

Detection:

  • Regular checks of logs

Action:

  • Revert malicious changes

  • Inform users if sensitive data got stolen or publicly available.

Dependency Vulnerablities

Dependencies used by the application are vulnerable for misuse by an attacker.

Protection:

  • Use of only the most recent/secure versions possible (Sometimes not possible due to peer dependencies).

Detection:

  • GitHub Dependabot alerts when a dependency has known security vulnerabilities.

Action:

  • Update vulnerable dependencies to secure version.

Poor handling of secrets

Secrets are stored in plain text in VCS or can be read by malicious processes, like CI/CD.

Protection:

  • Secrets aren't stored in the VCS.

  • CI/CD Pipelines can just access repository secrets through an authorized user.

  • CI/CD Pipelines can't expose secrets through GitHubs policies.

  • Forks don't have access to repository secrets.

Verbose error messages

Error messages give too much information about the business logic of an application which can be used by an attacker.

Protection:

  • Error messages shown to the user do not expose business logic which could help to attack the system.

  • Auth related error message don't expose if the email or the password was wrong at a login try.

Broken Access Control

User can access data they should have no access to.

Protection:

  • Through the use of Postgres Policies users can't access data they should not access.

Detection:

  • OPEN: Log database actions

Action:

  • Inform users if sensitive data got stolen or publicly available.

Fails to prevent clickjacking

An attacker could implement an iframe with the application on another website to hijack users credentials or to perform actions in their names.

Protection:

  • Through the Content-Security-Policy directive frame-ancestors 'none'; the application can't be embedded in another website.

CSP configuration

An attacker can inject malicious code through a loosely configured CSP.

Protection:

  • WIP: A deny-by-default policy restricts executable sources to a minimum.

Resources