JWT
API login sonrasinda kullaniciya kisa omurlu access token verilir. Ornek: admin panel endpointleri sadece role=admin claim ile acilir.
Security Architecture
NEVASECURITY
Project Under Development
NEVASECURITY is a focused security project designed around modern protection standards and forward-looking cryptography. Authentication and authorization are structured with JWT, communication channels are secured by TLS, and sensitive payloads are protected using AES-256-GCM. Credential security is hardened with Argon2, while Rate Limiting and Audit Logging provide operational control, abuse resistance, and traceability. The platform also includes research/prototype tracks for ML-KEM and ML-DSA to evaluate post-quantum readiness in future security transitions.
JWTTLSAES-256-GCMArgon2Rate LimitingAudit LoggingML-KEM (research/prototype)ML-DSA (research/prototype)JWTTLSAES-256-GCMArgon2Rate LimitingAudit LoggingML-KEM (research/prototype)ML-DSA (research/prototype)JWTTLSAES-256-GCMArgon2Rate LimitingAudit LoggingML-KEM (research/prototype)ML-DSA (research/prototype)
Real Usage Examples
TLS
Tum trafik HTTPS uzerinden zorlanir. Ornek: mobil uygulama, API gateway ve internal servis arasi plain HTTP tamamen kapatilir.
AES-256-GCM
Hassas alanlar veritabanina sifreli yazilir. Ornek: entegrasyon API key degerleri plaintext tutulmaz, sadece decrypt-time okunur.
Argon2
Parolalar hashlenirken memory-hard ayarlar kullanilir. Ornek: eski kullanici hashleri login sirasinda yeni Argon2 parametreleriyle upgrade edilir.
Rate Limiting
Brute-force ve bot akislarini sinirlar. Ornek: /auth/login icin IP + kullanici bazli 5 deneme / 1 dakika politikasi uygulanir.
Audit Logging
Kritik islemler geri izlenebilir olur. Ornek: kim hangi saatte rol degistirdi, hangi IP’den geldi, hangi endpoint cagrildi kayit altindadir.
ML-KEM (research/prototype)
Post-quantum key exchange senaryolari test edilir. Ornek: hibrit handshake prototipinde klasik + ML-KEM anahtar mutabakati birlikte dogrulanir.
ML-DSA (research/prototype)
Post-quantum imza dogrulama akislarinda denemeler yapilir. Ornek: release artifact imzalama ve signature verification pipeline’inda PoC uygulanir.