Protection Against Denial of Service Attacks

Composable storefront does not offer any protection against Denial of Service (DOS) attacks, though you can take steps to prevent them during your deployment planning for SAP Commerce Cloud.

Composable storefront libraries do not offer any protection again Denial of Service (DOS) attacks. It is out of scope.

Third-party libraries that are used by composable storefront are scanned regularly. If vulnerabilities are found, library versions are updated, or their usage goes through an internal security review process.

Steps to prevent DOS attacks should be taken at the infrastructure level as part of deployment planning for SAP Commerce Cloud in a production environment. For more information, see Security Guide.

SAP Commerce Cloud also provides mechanisms for preventing brute force attacks on passwords. For more information, see User Account.

Maximum login attempts can also be set for the authentication service. For more information, see OAuth2 (JDK 17).

For more information about DOS attacks, see Denial of Service Information published on non-SAP site in the Open Web Application Security Project documentation.