What are the security measures that we take?
At Combostrap, we are taking security very seriously and take the following measures to prevent any attack.
Below are the steps that we have taken to prevent the following attacks.
Cross-site request attack
Every form uses a token to prevent a cross-site request attack (CSRF))
To prevent an injection attack:
- every SQL input is passed through parameters to prevent SQL injection
- every SVG got the script node deleted.
- No HTML attribute is allowed with the exception of the class. Why? They allow code injections such as ClickJacking
Content Security Policy
We apply the Content Security Policy framework.
By default, we disallow:
- the framing of the website to prevent clickjacking.
- the use of http and https at the same time
We set the Referrer-Policy to not send private URL to external domain.
Dokuwiki follows also this rules (see devel%3Asecurity). We are making use of the CSRF token functionality.
Reporting Security Issues
For any security concern or issue, you can contact us at security [at] combostrap [dot] com