Protection Against Denial of Service Attacks

Note: Spartacus 4.x is no longer maintained. Please upgrade to the latest version.

Note: Spartacus 4.x was tested with SAP Commerce Cloud versions 1905 to 2205. Spartacus 4.x has not been verified to work with (and is not guaranteed to work with) SAP Commerce Cloud 2211 or later releases.

Spartacus libraries do not offer any protection again Denial of Service (DOS) attacks. It is out of scope.

Third-party libraries that are used by Spartacus are scanned regularly. If vulnerabilities are found, library versions are updated, or their usage goes through an internal security review process.

Steps to prevent DOS attacks should be taken at the infrastructure level as part of deployment planning for SAP Commerce Cloud in a production environment. For more information, see SAP Commerce Security on the SAP Help Portal.

SAP Commerce Cloud also provides mechanisms for preventing brute force attacks on passwords. For more information, see User Account on the SAP Help Portal.

Maximum login attempts can also be set for the authentication service. For more information, see Oauth2 on the SAP Help Portal.

For more information about DOS attacks, see Denial of Service in the Open Web Application Security Project documentation.