Enable High Security Plugin [Updated in Security Center 1.3]
When you activate the High Security plugin, it creates or updates hundreds of different configurations to control the level of security on your instance. These configurations mitigate many of the top OWASP attacks by enabling strict access control, input validation, and output encoding.
- Access Control
- Business rules
- System properties
- UI policy action
- script actions
- script includes
Example
Refer to the examples for the following properties:
| Property | Topic |
|---|---|
| glide.ui.escape_all_script | Escape jelly script [Updated in Security Center 1.3 and 1.5] |
| glide.security.strict.actions | Check UI action conditions before execution |
| glide.security.csrf_previous.allow | Enable Anti-CSRF token [New in Security Center 1.3, updated in 1.5, and removed in 2.0] |
| glide.security.csrf.strict.validation.mode | Prevent Users From Accepting Warning To Bypass CSRF Validation [Updated in Security Center 1.3 and 1.5] |
More information
| Attribute | Description |
|---|---|
| Plugin Name | com.glide.high_security |
| Configuration type | System Definition > Plugins - Development |
| Category | Access control |
| Purpose | It is mandatory to activate this plugin. It increases the security level of an instance, which reduces the attack surface by mitigating owasp top 10 attacks, including CSRF, XSS, Securing Session Cookies, and File uploads. |
| Recommended value | Active |
| Security risk rating | 9.8 |
| Functional impact | This plugin enables several system security configurations, which may impact UI and functionality as well. |
| Security risk | (High) Many security configurations are unintentionally left open, which may open the door for some of the critical vulnerabilities. |
| References |
To learn more about activating a plugin, see Activate a plugin