Bonita BPM Security: video tutorials

ttoine's picture
ttoine
Blog Categories: 

With our first set of video tutorials , we introduced the new features in Bonita BPM 7.

So now that you have developed some interesting processes and applications, let's talk about how to secure your Bonita BPM 7. Already available on our corporate website, we have produced a complete video series:

You will find some additional information and links about the videos below.

Introduction :
As we all know, hacking attacks are increasing every day, and we live in a society in where our customers' data is more in danger then ever. For these reasons, here at Bonitasoft we are making a continual effort to improve our product security. Learn how you can configure your Bonita BPM security, in four main chapters: Changing passwords, API, CSRF and HTTPS.
https://www.owasp.org/index.php/Main_Page
http://documentation.bonitasoft.com/product-bos-sp/security-and-authentication

Part I - Changing passwords:
Change your tenant administrator default password and apply a password policy for your user passwords.
http://documentation.bonitasoft.com/enforce-password-policy-0

Part 2 - API:
Deactivate your HTTP API and tune your REST API authorization rules by applying dynamic business checks. Learn how to write you own rules and how to apply them.
http://documentation.bonitasoft.com/rest-api-authorization-0#activate
http://documentation.bonitasoft.com/rest-api-authorization-0

Part 3 - CSRF:
Learn to how apply Cross Site Request Forgery attack countermeasure. Enable the REST API security token by editing the proper configuration file. See a live demo.
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
http://documentation.bonitasoft.com/csrf-0
As a bonus, you can also see Fabio Lombardi's presentation at Eclipse Con Europe 2014

Part 4 - HTTPS:
To avoid Man in the Middle attacks, follow our documentation and encrypt your communication by configuring HTTPS in your architecture.
http://documentation.bonitasoft.com/ssl-1

Conclusion:
Remember to take security into account in your projects, especially in a production environment. Bad guys are out there but don't be scared, be knowledgeable! Put these countermeasures in place and we will make the bad guys' lives much harder ;-)

Thank you to Fabio Lombardi ( @lomba_fabio ) for this contribution !

Comments

Submitted by the.shirini on Thu, 02/16/2017 - 13:23

Thank you so much.

Notifications