Layman Security Architect

This contains vanilla security Architect framework or methodology to be tested to secure architecture

Authentication EndPoint

  • verify secure Redirects

  • Input Sanitization

  • Error handling

  • Rate limits

  • Account lockouts

  • Security Headers

  • Session Timeout

  • MFA submissions

Secret Management

  • Password Encryption

  • Password Reset

  • Token Security: Time Limits

MFA Management

  • Valid API Endpoints

  • Session Hijacking

  • URL tempering

  • Push notification : Rate Limit

API Authentication

  • Validate API tokens

  • CORS: untrusted origins

  • Test for privilege Escalation

Federated Login

  • Test provider Flaws : Identity provider (IdP) and service Providers , security Tokens : JWT/SAML/Oauth/OIDC

PreviousSIEM deployment best practiceNextTTP

Last updated