Skip to content
This repository was archived by the owner on Aug 20, 2024. It is now read-only.

tntfx256/secure-coding

BranchesTags

Repository files navigation

Covered Topics

  • Header Security (DEV522.3, DEV522.6, DEV541.1, DEV544.1)
    • X-XSS-Protection
    • Secure Flag
    • Http Only Flag
    • PHP Header
    • MVC Header
    • Server Header
    • Other Security Flags
  • Authentication (DEV522.1, DEV541.2, DEV544.2)
    • Authentication Scenarios
    • Implementing form authentication
    • Password Control
    • CAPTCHA Mechanism
    • Mitigating brute force attacks
    • Authentication Protocols (OAuth, OpenId, SAML, FIDO)
  • Authorization (DEV522.1, DEV541.3, DEV544.3)
    • Authorization models
    • URL authorization
    • File authorization
    • Role Based Access Control (RBAC)
    • Discretionary Access Control (DAC)
    • Mandatory Access Control (MAC)
    • Permission Based Access Control
    • Working with identities
    • Claim based authorization
    • Role manager
    • MVC Authorization
  • Session Management (DEV541.2, DEV544.2)
    • Session management techniques
    • Avoiding session hijacking
    • Cookie based session management
    • Cookie information leakage
    • Cookie Attribute
    • Session Expiration
    • Session management common vulnerabilities
  • Input Validation (DEV541.1, DEV544.1)
    • Data Validation Strategies
    • Sanitize with Whitelist
    • Sanitize with Blacklist
    • Implement Validator
  • Output Encoding (DEV541.1, DEV544.1)
    • Preventing HTML injection
    • Preventing Cross Site Scripting (XSS)
  • Browser Manipulation (DEV541.1, DEV544.1)
    • Cross Site Request Forgery (CSRF)
    • Anti CSRF token
    • CSRF Protection for XHR
    • Preventing Open Redirection
    • Preventing ClickJacking
  • File Handling
    • Virtual path mapping
    • Sanitizing file names
    • File extension handling
    • Directory listing
  • Cryptography (DEV522.2, DEV541.3, DEV544.3)
    • Symmetric Encryption
    • Asymmetric Encryption
    • Hashing
  • AJAX and Web Services Security (DEV522.4)
    • Web services overview
    • Security in parsing of XML
    • XML security
    • AJAX technologies overview
    • AJAX attack trends and common attacks
    • AJAX defense
  • Error Handling (DEV541.3, DEV544.3)
    • Structured exception handling – Try, Catch, Finally
    • Creating custom error pages
    • HTTP error codes
    • Error handling strategies
  • Auditing & Logging (DEV541.3, DEV544.3)
    • Event message structure
    • Logging best practices

Setting up

  • Install composer
  • Install nodeJs
  • Install PHP
  • Open CMD and go to root directory of cloned project
  • Type composer install and press enter
  • Type npm install and press enter
  • Type npm run serve and press enter
  • Wait for browser to load your project

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages