Beside login authentication and user roles, do Cuba Platform implement other security measures based on OWASP top 10 vulnerabilities ?
We have no document explaining the measures against all security risks yet. But if you point out some concrete concerns, we will clarify how we address them.
In general, CUBA applications with the standard UI are more secure than an average web application because of two reasons:
- Vaadin framework with its server-side programming model is inherently more secure than a browser-side JS application;
CUBA application security model is advanced enough to provide full control over data access.
Of course, some rules must be followed on the application layer: use of HTTP transport, careful displaying of HTML in visual components (labels, notifications), etc.