Padi-owasp
commented
1 month ago Thank you Tomáš. Will look into this. May take quite some time, as we're having "busy season" right now. If I may ask: How are you using OAG?
Open tommathee opened 1 month ago
Padi-owasp
commented
1 month ago Thank you Tomáš. Will look into this. May take quite some time, as we're having "busy season" right now. If I may ask: How are you using OAG?
tommathee
commented
1 month ago Hi, I was using OAG as a part of my semester work. My job was to install oag and test it's basic functionalities on local server, which led to some issues during this phase. So I decided to contribute to community by reporting them and give meaningful suggestions :)
The current documentation for configuring security profiles within the OWASP Application Gateway lacks detailed explanations and examples, making it challenging for new users to understand and correctly implement the necessary security functionalities. This issue proposes significant enhancements to the documentation to provide clear guidance and practical examples, ensuring users can effectively configure and customize the security profiles to meet their specific requirements.
Current Documentation Shortcomings:
Suggested Enhancements:
Configuration Descriptions:
Provide exhaustive documentation for each configuration parameter, including the expected values, default settings, and the security implications of different settings.
Practical Configuration Examples:
Include practical, annotated examples that show how to configure the security profiles for various typical scenarios, such as a public-facing web application, an internal API, and services requiring enhanced user authentication.
Security Best Practices:
Develop a section dedicated to best practices in configuring security profiles, offering advice on how to achieve the highest levels of security based on different threat models.
Interactive Documentation Tools:
Consider implementing interactive documentation features, such as a configuration simulator, where users can experiment with different settings and see a preview of how those settings would impact the behavior of the gateway.