Securing Cougar

Cougar is a security conscious framework, however, like anything, a little care needs to be taken to ensure it’s configured in the most secure manner. We’ll also cover the capabilities available to help you write your service implementations in a secure manner, and gotcha’s to look out for.

TODO

• Restricting certificate algorithms/strength
• Self-signed certs
• Don’t expose your admin port to the internet
• Don’t expose the binary transport to someone you don’t trust
• XSS protections on the admin console plugins
• Security strength factors
• Encrypted configuration
• Property overriding
• XFF headers