Topics that should be covered in :
- How to configure session timeout
- How to configure https only
- How to configure cookies domain
- BPMN (containing scripts) / Forms should be deployed by a "trustful" employee
- Forms: input validation (cross-site script attack)
- SQL Injection when using native queries -> (User builds his own app by using native queries)
- How to configure max post size in server (REST API)
- How to delete demo user
- The documentation should not contain a step by step description how to configure something.
- It should point out that these topics should be considered during the setup of Camunda.
- There should be a link to show for example how to configure session timeouts on tomcat.