Review on Salt Security by Adewole Sherman
Gravity allows devs, non technical staff and auditors alike
I like that it is easy to add new rules for different types of attacks in my applications without having to create multiple policies/rulesets with unique attributes (e.g., URL prefixes). It's useful if you want one set of policy definitions across your entire application portfolio but don't have people who can write custom code or are willing to dedicate resources towards writing more complex rule sets by hand. We use this product as part of our SOC2 compliance monitoring process so we need the ability to easily manage both low-level security risks such as XSS as well as high level risk issues related to data privacy regulations - including GDPR requirements -- within an enterprise organization where there isn’t anyone capable of creating these kinds of solutions from scratch.
- Easy integration into existing infrastructure
- Rule syntax allows me do define exactly what i'm looking fo, not just "I think" something should happen when someone tries doing bad things.
- Great tooling support & documentation available via GitHub projects eithr directly connected developers OR customers could leverage at their own convenience through REST apis which also work over HTTPS making them very secure even against maninp
- Some little things
