We prevent SQL injections by using special way for inserting variables into SQL.
CSRF attacks are prevented by using tokens for all requests that do something important on the server. Documentation for this available to Claromentis customers.
We disallow entering plain html with javascript wherever possible. And in places where we have to use html, it’s made safe with HTMLPurifier (http://htmlpurifier.org/) [^]
We use special error handler that prevents users (possible attackers) from seeing internal structure or the system, but still allows them to see that an error has happened.
In order to deal with session hijacking we bind each session to original IP address from where is was initiated.
Standard login script contains brute force protection - it locks account for some time after certain number of failed attempts to log in.
We always check user permissions on real access to objects, not only when publishing links to them. For example - direct links to documents. But in some less sensitive areas we sacrifice security for performance - in news and Publish images.
We encode our PHP files. Though original goal is intellectual property protection, this also gives some extra security as this doesn’t allow attacker to see source code even if managed to get access to some files.
Generally, our main guide for security was OWASP Top 10 - http://www.owasp.org/index.php/Top_10_2007
However we do pass user login name and password as open text from the standard login form, which should be placed behind SSH. It would be good to have at least javascript-based request-response challenge to pass credentials to the server.
Discussion