0

We are working on a project which has a Spring website, Rest Web services for a third party customers and our own mobile applications. Architecture we are planning is to implement Resource owner grant type to Mobile app, Client Credential grant for Restful Web services. Now we want a make a decisions on using Spring security Oauth2 or traditional Spring security to the Spring website. As we are in health care we are more concern on security. Can any one please suggest me the best implementation for the web site to overcome the security risks mentioned in below link https://www.owasp.org/index.php/Top_10_2013-Top_10

Thanks a lot.

pratap komaravolu
  • 33
  • 3

1 Answers1

0

You can definitely go for Spring Security for addressing OWASP defects. You can write in a lot of Custom Filters which will be added in the springSecurityFilterChain.

Please see this post to get an idea on how to write Custom Filters.

How to write a custom filter in spring security?

Please see a list of OWASP defects below which Spring security module will address:

1.With this Custom filters you can deal with Cross Site Scripting issues in such a way that it will escape all the unwanted script tags.

2.Spring Security's crypto module provides necessary cryptography capabilities which will address OWASP's Sensitive Data Exposure defect.

3.with Spring security's authorization mechanism it will address OWASP's Insecure Direct Object References defect

Community
  • 1
  • 1
shankarsh15
  • 1,947
  • 1
  • 11
  • 16