Open sastels opened 3 months ago
As a Notifiy owner, I need Notify to be secure against fuzzing attacks
Stop requests to invalid urls
Refine WAF rules. For example, instead of /services/* we could restrict to /services/[regex for uuid]/*
/services/*
Block more attacks. Have see requests to, for example, /services/<service_id>/service-settings
/services/<service_id>/service-settings
Given some context, when (X) action occurs, then (Y) outcome is achieved.
Description
As a Notifiy owner, I need Notify to be secure against fuzzing attacks
WHY are we building?
Stop requests to invalid urls
WHAT are we building?
Refine WAF rules. For example, instead of
/services/*
we could restrict to /services/[regex for uuid]/*VALUE created by our solution
Block more attacks. Have see requests to, for example,
/services/<service_id>/service-settings
Acceptance Criteria
Given some context, when (X) action occurs, then (Y) outcome is achieved.
QA Steps
/services/<service_id>/service-settings
are blocked