Mahara

Checking security vulnerabilities when pushing new codes

Bug #1586867 reported by Son Nguyen on 2016-05-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Confirmed	Wishlist	Unassigned

Bug Description

Mahara master (16.10)

It would be good to check security vulnerabilities when pushing new codes.
Reference: OWASP Top Ten Cheat Sheet - https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet

Please feel free to update the list of items to check in Mahara code.

Tags:

Revision history for this message

Son Nguyen (ngson2000) wrote on 2016-05-30:

A1. Injection
- SQL Injection
   * Using {}
   * Validate inputs for execute_sql()
- PHP Injection
   * Validate the input data for unserialize()
- XSS
   * Escape $string for {$string|safe} in template files
- Should we clean input html strings before store them in DB?

Kristina Hoeppner (kris-hoeppner) on 2016-05-30

Changed in mahara:
status:	New → Confirmed
tags:	added: security

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.