ATS Security can be configured to exports logs, metrics and traces via all available .NET OTel exporters:
OLTP
Console
Prometheus
Azure Monitor / Application Insight
SCIM is a standard for the integration of different identity management systems. It allows an SCIM client to provision users and groups to ATS Security. One application is used to synchronize Azure AD and ATS Security and Configuration users and roles.
Personal Access Tokens have an expiration date. The ATS Security & Configuration email functionality has been extended to send email notifications for PAT expiration.
All Docker images for Security & Configuration are multi-archectural and support AMD64 and ARM.
By default, ASP.NET Core’s cookie handler stores all user session data in a protected cookie. While this works very well, session information in cookies is seen more and more as a security concern.
The support for service side sessions reduces the use of cookies to the bare minimum. The session can be revoked server side and independently from the context of a browser interaction which increases security.
The feature enables future versions of ATS products to use server side sessions.
Users who did not login for a configurable number of days are disabled automatically unless the user account is configured otherwise.
SCA (Software Composition Analysis)
SAST (Static Application Security Testing)
DAST (Dynamic Application Security Testing)
Penetration testing via OWASP ZAP
Can we improve this topic?