Injection-Prävention
SQL-Injection- und XSS-Erkennung und Path-Traversal-Prävention.
Anforderungsabdeckung
REQ-SEC-002
Prevent open redirect attacks
REQ-SEC-004
Prevent error information disclosure
REQ-SEC-005
Prevent HTTP request smuggling
Testbeispiele
INJ-001BLOCKIERT
SQL-Injection im State-Parameter blockiert
Beispiel-Request
curl 'https://keycloak-alg:8443/realms/myapp/protocol/openid-connect/auth?\
response_type=code&client_id=myapp&state=abc%27%20OR%201%3D1--'Erwartete Antwort
{"error":"access_denied","error_description":"Request blocked by security policy"}INJ-002BLOCKIERT
Path-Traversal blockiert
Beispiel-Request
curl 'https://keycloak-alg:8443/realms/myapp/../../admin/realms/master'Erwartete Antwort
{"error":"access_denied","error_description":"Request blocked by security policy"}