fusionauth-site icon indicating copy to clipboard operation
fusionauth-site copied to clipboard

Published 20 hours ago verified publisher icon FusionAuth

Write a guide for advanced threat detection

Open mooreds opened this issue 10 months ago • 0 comments

Right now all we have is this: https://fusionauth.io/docs/v1/tech/advanced-threat-detection/

Things it would be good to add:

  • what the experience is with custom rate limiting (for the end user)
  • best practices around rate limiting
  • diagrams around rate limiting
  • what captcha looks like to the end user
  • when captcha is applied
  • example of email/webhook sent on location aware event
  • talk more about ip acl ranges
  • mention limits of ip acl (spoofing of x-forwarded-for header
  • talk about what you could do with the webhook events, include an example: if the forgot password flow has been started 4 times without success, lock the account for a day.
  • have an example of a security email.
  • talk about the differences between using a webhook and a security email.

Internal: https://inversoft.slack.com/archives/C026DDDPQRY/p1695842609912249

mooreds avatar Sep 28 '23 14:09 mooreds