FAQ

Frequently Asked Questions - Security Related Topics

Risk Avoidance

LeZa structures permissions, policies and roles in a best-practice manner to ensure that no breaches can be created from omissions or misconfigurations. Roles are organized as a hierarchy, policies are overlapping and constrained depending on the use case.

If a broken access control configuration is created users will be notified before being able to commit the configuration.

The logging functionality that is performed on each request assists or team in identifying erroneous or malicious behaviours in order to continuously improve system resilience and reduce the resolution times.

WAF

LeZa proxy contains a Web Application Firewall that protects your application from malicious attacks like SQL injection, Cross-site scripting, Session hijacking, broken access control, Cross-site request forgery - Top 10 OWASP vulnerabilities. This does not mean that you should not take care and prepare your requests for SQL injection or use best practices to set up your URLs. Leza will block malicious requests in the majority of use cases.

Encryption

LeZa embeds encryption in all its communication and storage. We recommend you do the same when building your applications, however, this is something we can not control. We will always notify you and provide you with best-practice information on how to configure your applications.

Password Hashing

All passwords handled by LeZa are hashed using the bcrypt protocol for which the underlying hashing algorithm is blowfish.

Compliance Standards

LeZa is OWASP, PCI and GDPR compliant for its scope, this does not automatically mean that using LeZa makes your application compliant - there are other scopes to consider in terms of your application and application environment. Using LeZa will however make it much easier to achieve a level of compliance our team will always be available to support you and assist in advising you on the best way to configure your project in order to stay compliant.

Last updated