In modern web application design, one of the most critical flaws occurs when developers confuse usability (the User Interface) and security (the Backend). In the field of cybersecurity, and especially for a SOAR platform capable of isolating machines or purging emails, this confusion can be fatal.
Hiding an “Isolate machine” button in the web interface if the user has not validated their double authentication (MFA) is absolutely not enough. A competent attacker will completely ignore your GUI. Discover why “client-side” security is an illusion, and how Akuity SOC's Middleware architecture guarantees an impenetrable shield for your API requests.
The illusion of client-side security (Frontend)
Many SaaS applications handle authentication this way: the user logs in, and the browser's JavaScript code checks to see if they have passed the MFA checkbox. If yes, the interface is displayed. If not, it is redirected to an error page.
This is called “Client-Side” security. The problem is that the attacker controls the client.
If he has the SOC analyst password, an attacker can:
- Disable JavaScript in your browser to bypass redirects.
- Open the development tools (DevTools), retrieve the basic AAL1 session token.
- Use a request interception tool likeBurp SuiteOrPostman.
- Directly forge an HTTP request
POST /api/remediate/isolate_deviceby attaching its basic token, thus completely bypassing the web interface.
If the backend server does not perform a rigorous check on the assurance level of the token, it will obey the request. The hacker has just executed a destructive command on your computer equipment without ever having validated the MFA.
The Middleware Shield: Interception on the fly
For a SOC orchestrator to be SOC 2 certified and meet the principles of a Zero Trust architecture, each API (Server Actions) endpoint must doubt the legitimacy of the caller.
Rather than coding MFA verification into each function (which increases the risk of human oversight on the part of a developer), the platform architectureAkuity SOCuses a centralized software component: theMiddleware Next.js.
The middleware acts as an inbound bouncer placed at the front door of the server. It intercepts all HTTP requests (whether from the legitimate web browser or a hacking tool like Postman)Beforethat they do not reach the business logic of the application.
Verification of Claim “AAL2”
Here is how the algorithmic validation of Akuity Middleware takes place:
- Interception:The middleware intercepts the incoming request pointing to a protected route (for example, the Cockpit or the execution of a KQL script).
- Cryptographic mining:It reads the secure session cookie generated by Supabase (
sb-access-token). - JWT decoding:It decodes the JSON Web Token (JWT) without trusting the caller and verifies its cryptographic signature.
- The golden rule (AAL2):It looks for the presence of the insurance field. If the token indicates
"aal": "aal1", this means that the user has only validated his password. - Rejection:The Middleware instantly blocks the request. If it's a web browser, it triggers a force redirection (
HTTP 302) to the page/login/mfa. If it's a direct malicious API call, it rejects the request with a status codeHTTP 403 Forbidden.
Demo mode: A secure simulation for testing
This architectural rigor can make testing a product complex for new users. How to evaluate the platform during the 14-day free trial if you do not want to link your own Google Authenticator?
Akuity includes a clever “Demo/Sandbox Mode”. During a simulation, the system generates a false QR Code. When the prospect enters a random 6-digit code, a specific Server Action intercepts this fake token (which begins withdemo.), virtually injects the claim"aal": "aal2"and place a cookiedemo-mfa-enabled = 'true'. The middleware recognizes this testing structure and allows the prospect to experience simulated end-to-end remediation, without ever weakening the drastic rules imposed on users in production.
Conclusion: Secure the engine, not the body
In cybersecurity, you don't protect a bank by simply painting the doors. Security must be intrinsic to the structure of the application. By handing over control of MFA privilege escalation (AAL2) to relentless Middleware, you eliminate interface vulnerabilities (Bypass Frontend) and ensure that your Microsoft Graph remediation APIs remain beyond the reach of basic identity theft.
Opt for a software architecture without compromise.> Explore the principles ofAkuity SOC API Security and MFA Managementto guarantee the watertightness of your operations.