Security
Table of Contents
About
In combostrap, we are taking security very seriously.
Prevention
Below are the steps that we have taken to prevent the following attack.
Cross-site request attack
Every form uses a token to prevent a cross-site request attack (CSRF))
Injection Attack
To prevent an injection attack
- every HTML output is escaped to prevent HTML/Javascript injection.
- every SQL input is passed through parameters to prevent SQL injection
- every SVG got the script node deleted.
Content Security Policy
We apply the Content Security Policy framework.
By default, we disallow:
- the framing of the website to prevent clickjacking.
- the use of http and https at the same time
No leak
We set the Referrer-Policy to not send private URL to external domain.
Dokuwiki
Dokuwiki follows also this rules (see devel:security). We are making use of the CSRF token functionality.
Reporting Security Issues
For any security concern or issue, you can contact us at security [at] combostrap [dot] com