Checkmarx scan: Source Code Analysis (SCA)
- only issues in the backend
Highest Risks:
- PHP Injections -> input validation
- XSS: Blind acces
- Filter_xss:
- Check_Plain: html encoding
- Check_url: url encoding
- drupal_set_error_message: secure / uniform error messages
- indirect references:
- NOK for drupal
- site can be crawled for hidden pages
- misconfiguration
- no ftp
- ssh
- insufficient Transport Layer protection
- Drupal config: full SSL (or mixed mode?)
Other:
- Make sure you update the modules
- Drupal 8: different approach Symphony framework
No comments:
Post a Comment