Chapter 6 DXp SeCurity • Invalidate the session upon logout. For SSO scenarios, invalidate all sessions across logged-in enterprise applications. • Use secure cookie attributes such as HTTPOnly and secure and strict- transport- security header, to ensure secure data transmission. • Use the principle of least privilege for accessing secured resources. • Use CAPTCHA to minimize automated form submissions, bot based attacks, and password resets. DXP Network Communication Management Security Checklist • Establish end-to-end TLS and use SSL communication for all sensitive data communications. • Leverage firewalls and configure rules to block the packets and traffic that lead to denial of service attacks. • Establish a network monitoring infrastructure to identify any security incidents in real time. • Don’t allow unsecured protocols (such as HTTP) to sensitive resources such as sensitive web pages, URLs, data, and functions. • Use only valid SSL certificates signed from an authorized certification authority (CA). DXP Input Validation Security Checklist • Sanitize the user input data and remove and encode all special characters that lead to injection attacks and XSS attacks. This includes submitted form data, user-generated content (UGC) such as blog posts, review comments and such, and URL parameters. • Encode the HTML response especially for the UGC. • Use unique CSRF token with each request to prevent a CSRF attack. • Prevent upload of executable files and validate all the uploaded files. 198