Symantec Privileged Access Management

Expand all | Collapse all

Security of A2A - Protecting the API from attack

  • 1.  Security of A2A - Protecting the API from attack

    Posted 05-21-2020 10:30 AM
    Hello,

    First question: Is it accurate to state the security for an account with and A2A alias is dependent on three things:
    1. The correct Alias identifier used in the API call
    2. The path of the script making the API call
    3. The hostname of the server of the API call
    We have at least identified the possibility of a root user being able impersonate a legitimate API call.

    We would like to understand what a good implementation looks like that protects the A2A API from attack.


  • 2.  RE: Security of A2A - Protecting the API from attack

    Broadcom Employee
    Posted 06-25-2020 11:39 PM
    Hello Chris, Please review documentation page https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-4/implementing/protect-privileged-account-credentials/manage-credentials-between-applications-a2a/configure-a2a-authorization-mappings.html, specifically section "Request Validations".