2019-12-09
This document provides a basic security check list for web apps.
Plugins/tools can refer to this document and claim that they implemented all the items of this list, which we believe ensure a certain level of security which we like to refer to as the "minimum security" level.
Our checklist is composed of the following documents, which one must implement fully in order to be compliant with our "minimum security" level:
-
implement csrf protection for all forms and ajax actions. If you're using the Light framework, we recommend one of this plugins:
- Light_CsrfSession plugin (preferred because simpler to develop with)
- Light_CsrfSimple plugin
- Light_Csrf plugin
Or otherwise, some other tools might help you: