WebOffice security certificate

In recent years, WebOffice 10.9 SP1 has been subjected to very extensive penetration and security testing by external independent security companies for a large number of customers.

If a security risk was discovered during these penetration tests, VertiGIS always reacted with the highest priority and promptly implemented appropriate optimizations.


The 10 most critical security risks for web applications (OWASP Top 10) and how WebOffice 10.9 SP1 as a web application is protected against them will be listed in this chapter.



Security settings can be set in the WebOffice 10.9 SP1 application configuration. For more details, see chapter Content Security Directives.



An attacker can manipulate input data so that he can execute unintended commands or access data without authorization.



SQL injection is comprehensively prevented in WebOffice 10.9 SP1 because the input field validators recognize SQL syntax and prevent further processing.


Authentication error

An attacker can temporarily or permanently infiltrate the identity of other users.



Session hijacking attacks are prevented in WebOffice by a robust and well tested session management. As little session information as possible is disclosed to the referrer.


Loss of confidentiality of sensitive data

Confidential data can be compromised if it is not additionally protected by measures such as encryption of stored data and encrypted data transmission.



TLS connections are standard in WebOffice and are also enforced by the use of protocols such as SAML; WebOffice Administration provides a simple and efficient way to add and manage certificates in the web application's runtime trust store.


XML External Entities (XXE)

Outdated or poorly configured XML processors consider references to external entities within XML documents.



Inputs that result in parsing referenced XML documents that originate from untrusted sources, such as adding external WMS services, come with XXE Protection. This is done by preventing access to untrusted external DTDs, ENTITIES, and STYLESHEET references within a document. With the help of a whitelist of trusted references, which can be defined by the administrator, the risk of an XXE attack can be minimized.


Error in the access control

Access rights for authenticated users not correctly implemented or enforced.



By using standard protocols for authentication and authorization of users (e.g. SAML), as well as the use of a well-tested user administration in WebOffice in combination with ESRI identities, reliable access control can be assumed. Entries in the user database can only be made by authorized administrators.


Safety relevant misconfiguration

Misconfiguration of security settings is the most common problem. Causes are unsafe standard configurations, incomplete or ad-hoc configurations. Operating systems, frameworks, libraries and applications must be securely configured and receive patches and updates in a timely manner.



Customers are recommended to install the latest JDK with security patches or security patches from other third party software providers with every WebOffice deployment. Standard security settings of components are usually not changed. Necessary changes are always made by qualified personnel of the respective departments.


Cross-Site Scripting (XSS)

XSS allows an attacker to execute script code in a victim's browser to take over user sessions, display modified page content, or redirect the user to malicious pages.



XSS detection for client widgets has been implemented extensively; on the server, XSS attacks are additionally prevented for incoming requests using the OWASP library (com.googlecode.owasp-java-html-sanitizer).


Unsafe Deserialization

Unsafe deserializations, because they are insufficiently audited, can lead to remote code execution vulnerabilities.



Standard software components (e.g. GSON, JAX-WS-API, etc.) are used for the deserialization of objects/data that enter the application via external application interfaces; the declared fields, which can be filled with a deserialized value, are checked as far as possible.


Use of components with known vulnerabilities

Applications and APIs that use components with known vulnerabilities can undermine protection measures and thus cause attacks with serious consequences.



Client libraries are regularly updated with ESRI release cycles: ESRI Script API, DOJO, jQuery, etc.

Server libraries could be kept up to date without much effort with the help of the MAVEN Build Framework. This is also regularly performed by developers.

Customers are recommended to install the latest JDK with security patches or security patches from other third party software vendors with every WebOffice deployment.


Inadequate logging & monitoring

Many studies show that the time to detect an attack is about 200 days and is typically detected by third parties rather than by internal monitoring and control measures.



Logging is currently possible in many categories with different log levels. It can be configured as desired during the runtime of WebOffice Administrator.

MDC and NDC logging is used; log output is structured and partially reportable; incoming and outgoing communication with the web server is logged unfiltered; etc.