1 About this guide

This Secure Development Guide provides assistance in mitigating common security risks for developers using the Oracle Life Sciences IAMS Inbound User Provisioning Service API, developed based on the SCIM standard and REST framework.

This guide describes how to prevent the main security risks, as identified by the Open Web Application Security Project (OWASP) in their top 10 critical web application security vulnerabilities for 2017, and provides insights for software developers into how the API was created and can be used while addressing these vulnerabilities.

Since in-depth defense is an important strategy for a secure product, do not exclusively rely on the techniques documented in this guide. Implement and extend these techniques in your own code as you develop your interface to the API specification.

Note:

The recommendations in this guide are not exhaustive and no guarantee is offered that implementing all the suggestions provides sufficient protection against all security threats. You cannot delegate responsibility for secure application development to a third party or a single document.

The purpose of this document is to support developers in knowing the security tools and features that they can use to implement application security when using Oracle Life Sciences IAMS APIs. This document does not replace a formal review process.

• About the OWASP Top 10 Security Vulnerabilities for 2017
  
• About Security Awareness and Education
  
• About the Risk Associated with "Build Your Own Security"
  
• Addressing the Top Security Risks for Oracle Life Sciences IAMS APIs
  
• Other Aspects of Security
  
• Recommended Reading
  
• Related Documents