-
-
-
- Security measures
- Security considerations
- Data encryption
- OTP
- Anonymization of personal data
- Using robots.txt
- Field properties concerning security
- Developing user groups securely
- Security considerations for user interface
- Secure file organization
- Securely using the request
- Cross Site Scripting (XSS)
- Scrambling of testdata
- Permission settings
Securely using the request
The following page is about securely using the request.
- Only use expected parameters from the request
We've seen scripts that iterates over all parameters in the request and made a variable for every value recovered from the request like this. This is very unsafe. Variables can be involuntarily overwritten. Only use expected parameters and parameter values from the request. - Use encrypted key values in the request
When using an id from the request in a .vm file, always make sure it is encrypted. Try to prevent the original and encrypted id to both be visible, this makes it possible to deduce the key being used to encrypt it. If this can't be prevented, add salt to the id before encrypting.