How to secure your Bonita BPM bundle


With our first set of video tutorials, we introduced the new features in Bonita BPM 7. So now that you have developed some processes and applications, let's talk about how to secure your Bonita BPM 7.

This is a complete series of 6 videos.

Introduction
Learn how you can configure your Bonita BPM security, in four steps: Changing passwords, API, CSRF and HTTPS.

Part 1 - Change Passwords
Change your tenant administrator default password and apply a password policy for your user passwords.

Part 2 - API
Deactivate your HTTP API and tune your REST API authorization rules by applying dynamic business checks. Learn how to write your own rules and how to apply them.

Part 3 - CSRF
Learn to how apply Cross Site Request Forgery attack countermeasures. Enable the REST API security token by editing the proper configuration file. See a live demo.

You can also see this demonstrated in Fabio Lombardi's presentation at Eclipse Con Europe 2014.

Part 4 - HTTPS
To avoid Man in the Middle attacks, follow our documentation and encrypt your communication by configuring HTTPS in your architecture. http://documentation.bonitasoft.com/ssl-1

Conclusion
Here's a summary of good practices.


Testing
Notifications