Checking security vulnerabilities when pushing new codes
Bug #1586867 reported by
Son Nguyen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
Mahara master (16.10)
It would be good to check security vulnerabilities when pushing new codes.
Reference: OWASP Top Ten Cheat Sheet - https:/
Please feel free to update the list of items to check in Mahara code.
Changed in mahara: | |
status: | New → Confirmed |
tags: | added: security |
To post a comment you must log in.
A1. Injection
- SQL Injection
* Using {}
* Validate inputs for execute_sql()
- PHP Injection
* Validate the input data for unserialize()
- XSS
* Escape $string for {$string|safe} in template files
- Should we clean input html strings before store them in DB?