You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Backend pods & Elevation of privilege & Elevation of privilege is a security exploit where an attacker gains higher-level access or permissions than originally authorized, typically allowing them to execute actions or access resources beyond their intended scope. & Since the API uses HTTPS, and if the user's machine is not compromised, it is not possible to tamper with the traffic in a useful manner because it is encrypted. \\
\hline
API Gateway & JWT spoofing & Deceptive practice of forging or altering JSON Web Tokens to impersonate legitimate users or gain unauthorized access to systems and resources. & Since our authentication token only lasts 5 minutes, we limit the time someone who stole a token can impersonate. \\
API Gateway & JWT spoofing & Deceptive practice of forging or altering JSON Web Tokens to impersonate legitimate users or gain unauthorized access to systems and resources. & Our OIDC access token is signed by Keycloak, and the API gateway checks that the signature is correct on the token provided by the user. Therefore, this kind of attack is not possible. \\
\hline
Relational database & SQL injection & Exploiting SQL vulnerabilities to execute arbitrary SQL code on a database. & Proper input validation and parameterized queries can prevent SQL injection attacks. Regular security audits and updates are also crucial. \\
