GlobaLeaks
main
Getting started
Setup
Security
Threat model
Application security
Encryption protocol
Penetration tests
User documentation
Developer documentation
GlobaLeaks
Docs
»
Security
Edit on GitHub
Security
¶
Threat model
Actors matrix
Anonymity matrix
Communication security matrix
Identity disclosure matrix
GlobaLeaks security matrix
Data security matrix
Threats to privacy and anonymity
Browser history and cache
Metadata
Environmental factors
Incorrect data retention policies
Human negligence
Data stored outside GlobaLeaks
Advanced traffic analysis
Application security
Key concepts
Report
Whistleblower interactions with the platform
Recipient interactions with the platform
Authentication
Authentication matrix
Authentication methods
Password security
Authentication security
Password storage
Password strength
Two factor authentication (2FA)
Password change on first login
Periodic password change
Proof of work on login
Slowdown on failed login attempts
Password recovery
Entropy sources
Web application security
Session management
XSRF prevention
Input validation (backend)
Input validation (client)
Security related HTTP headers
Strict-Transport-Security
Content-Security-Policy
Feature-Policy
Referrer-Policy
X-Content-Type-Options
X-XSS-Protection
Crawlers Policy
Web Browser Privacy
Cache-control and other cache related headers
Anchor tags and external URLs
Cookies
Form autocomplete OFF (client)
Fonts
Data encryption
DoS resiliency approach
Network sandboxing
Application sandboxing
Other measures
Encryption of temporary files
Secure file delete
Secure deletion of database entries
Exception logging and redaction
UUIDv4 Randomness
TLS for SMTP Notification
Encryption protocol
Encryption’s workflow
Encryption’s details
Algorithms
Users’ credentials
Users’ keys
Data encryption’s keys
Key recovery
Key escrow
Penetration tests
Read the Docs
v: main
Versions
latest
main
devel
Downloads
pdf
html
epub
On Read the Docs
Project Home
Builds
Free document hosting provided by
Read the Docs
.