Comments (10)
@lonnieezell That will be no problem.
That is a very good start I like how its heavily aligned to OWASP, I'm an OWASP member.
I will give it a shot to flesh it out quite similar to the Rails guide with realistic examples with CI, that does lead me on to another question,
Does everything work so far in CI4 especially the sample app that's used in the documentation? as I would like to build on from that to help new and experienced devs to implement CIs security features with a little bit of a hands on approach to cement/back up the theory. I will get started this weekend.
I am very excited to help out in this community, I originally came over from hackerone to check out the CI bug bounty program which I am still planning on doing.
from codeigniter4.
I'm Interested to help with this. Although I have just a few questions. what format does the documentation need to be? Would you like any examples that could integrate into the getting started Application that could help show basic examples of the attacks where possible? and how to mitigate them with the supplied tools in CI. Sorry I am new to contributing on GitHub.
from codeigniter4.
@Bikerboi that would be awesome!
We have a first crack at the page but it's missing a lot of the things that I think would be helpful, like realistic examples of how to do this within a CI application, using CI tools. Ideally, I would love to see it fleshed out to something more like Rails' security guide.
The documentation is written in Sphinx's RST format. More info at their docs and in our own guidelines.
Love the fact that you're a first-time contributor! Always exciting to see new people helping out the community. Feel free to ask any questions you have as you move along.
from codeigniter4.
That's great to hear that you're an OWASP member! We look forward to any places you find that we're lacking in what we can provide.
The sample app should be working with the current state of CI4, yes. And I think expanding on that is a great idea! Look forward to seeing your work and advice.
from codeigniter4.
@Bikerboi Any update on this? We have an existing guideline (https://bcit-ci.github.io/CodeIgniter4/concepts/security.html), but I had the impression that this issue was intended to expand on that.
from codeigniter4.
@jim-parry What I have done so far is towards the Owasp top ten 2013 so I am adapting that slowly but surely to the Owasp top ten 2017 list. As it is only in release candidate phase I will have it ready to go when it is actually released which should be this month or next according to Owasp.
from codeigniter4.
Looking forward to it!
from codeigniter4.
@jim-parry @lonnieezell any update on this. Is anybody working on the same?
from codeigniter4.
No one is working on this currently.
from codeigniter4.
This won't happen for release. It's a large project to do it well. Closing for now.
from codeigniter4.
Related Issues (20)
- Bug: form_open with no URL supplied HOT 2
- Bug: `service('example')` null return if service is defined in the custom namespace in Manual Installation CI4.5.0 HOT 2
- Official User Guide is not updated HOT 1
- Bug: [Postgre] Unable to connect to the database HOT 5
- Bug: Failed to open stream: No such file or directory (root/index.php) HOT 4
- Bug: [QueryBuilder] join() with BETWEEN causes TypeError preg_quote(): Argument #1 ($str) must be of type string, false given HOT 7
- Bug: redirect()->back() caching issue HOT 2
- Bug: getInsertID is only returning 0 when using the Save() method HOT 3
- Bug: CI4 + Shield + Postgre Spark error HOT 3
- Bug: bootstrap on `preload` not updated to last v4.5.1 HOT 1
- Bug: [ErrorException] Undefined array key "opcache.enable" HOT 1
- Bug: [Model] when the query ($this->first()) result returns NULL we get TypeError HOT 2
- Bug: [OCI8] Argument #1 ($value) must be of type ?int, string given HOT 2
- Bug: Invalid date format for ORACLE database for created_at and updated_at HOT 2
- Bug: Entity::$dataCaster must not be accessed before initialization HOT 1
- How to add CI4 in a raw project and use the database class? HOT 2
- Bug: calling force_https() in 404 controller causes error HOT 8
- The lang function exposes the name of your language file if there is no record. HOT 1
- Bug: Error when run php spark cmd in testing env HOT 2
- Bug(SQLite3): Forge::dropColumn() seems to always return false HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from codeigniter4.