Deployment Risks¶
The purpose of this document is to record known deployment risks of the entity service and our mitigations. References the 2017 Top 10 security risks - https://www.owasp.org/index.php/Top_10-2017_Top_10
Risks¶
Unauthorized user accesses results¶
A6 - Security misconfiguration.
A2 - Broken authentication.
A5 - Broken access control.
Authorized user attacks the system¶
A10 - Insufficient Logging & Monitoring A3 - Sensitive Data Exposure
An admin can access the raw clks uploaded by both parties.
However a standard user cannot.
User coerces N1 to execute attacking code¶
Insecure deserialization. Compromised shared host.
An underlying component has a vulnerability¶
Dependencies including anonlink could have vulnerabilities.