Security

About

In combostrap, we are taking security very seriously.

Prevention

Below are the steps that we have taken to prevent the following attack.

Cross-site request attack

Every form uses a token to prevent a cross-site request attack (CSRF))

Injection Attack

To prevent an injection attack

  • every HTML output is escaped to prevent HTML/Javascript injection.
  • every SQL input is passed through parameters to prevent SQL injection
  • every SVG got the script node deleted.

Content Security Policy

We apply the Content Security Policy framework.

By default, we disallow:

  • the framing of the website to prevent clickjacking.
  • the use of http and https at the same time

No leak

We set the Referrer-Policy to not send private URL to external domain.

Dokuwiki

Dokuwiki follows also this rules (see devel:security). We are making use of the CSRF token functionality.

Reporting Security Issues

For any security concern or issue, you can contact us at security [at] combostrap [dot] com

Powered by ComboStrap