Uploaded image for project: 'Minimal Marketable Features'
  1. Minimal Marketable Features
  2. MMF-422

Protect SonarQube.com from brute force attack a minima

    Details

    • Type: MMF
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Do
    • Labels:

      Description

      As operators, we wan't to prevent any brute force attack on SonarQube.com.

      With SonarQube 6.0, we can know detect if there is many 401 on login from the same IP.
      We have several technical ways to protect SonarQube.com :

      From our point of view the best solution is to use mod_security to protect the login page.

      OAuth can also be attacked, so we must check that OAuth implementation is not affected by classics attacks (https://www.sans.org/reading-room/whitepapers/application/attacks-oauth-secure-oauth-implementation-33644) but this out of the scope for the MMF

      With MMF-366, we'll be able to have a more fine-grained detection.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                eric.hartmann Eric Hartmann
                Reporter:
                eric.hartmann Eric Hartmann
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: