Create Security Guideline about codeigniter4 HOT 10 CLOSED

@lonnieezell That will be no problem.

That is a very good start I like how its heavily aligned to OWASP, I'm an OWASP member.

I will give it a shot to flesh it out quite similar to the Rails guide with realistic examples with CI, that does lead me on to another question,
Does everything work so far in CI4 especially the sample app that's used in the documentation? as I would like to build on from that to help new and experienced devs to implement CIs security features with a little bit of a hands on approach to cement/back up the theory. I will get started this weekend.

I am very excited to help out in this community, I originally came over from hackerone to check out the CI bug bounty program which I am still planning on doing.

from codeigniter4.

I'm Interested to help with this. Although I have just a few questions. what format does the documentation need to be? Would you like any examples that could integrate into the getting started Application that could help show basic examples of the attacks where possible? and how to mitigate them with the supplied tools in CI. Sorry I am new to contributing on GitHub.

from codeigniter4.

@Bikerboi that would be awesome!

We have a first crack at the page but it's missing a lot of the things that I think would be helpful, like realistic examples of how to do this within a CI application, using CI tools. Ideally, I would love to see it fleshed out to something more like Rails' security guide.

The documentation is written in Sphinx's RST format. More info at their docs and in our own guidelines.

Love the fact that you're a first-time contributor! Always exciting to see new people helping out the community. Feel free to ask any questions you have as you move along.

from codeigniter4.

That's great to hear that you're an OWASP member! We look forward to any places you find that we're lacking in what we can provide.

The sample app should be working with the current state of CI4, yes. And I think expanding on that is a great idea! Look forward to seeing your work and advice.

from codeigniter4.

@Bikerboi Any update on this? We have an existing guideline (https://bcit-ci.github.io/CodeIgniter4/concepts/security.html), but I had the impression that this issue was intended to expand on that.

from codeigniter4.

@jim-parry What I have done so far is towards the Owasp top ten 2013 so I am adapting that slowly but surely to the Owasp top ten 2017 list. As it is only in release candidate phase I will have it ready to go when it is actually released which should be this month or next according to Owasp.

from codeigniter4.

Looking forward to it!

from codeigniter4.

@jim-parry @lonnieezell any update on this. Is anybody working on the same?

from codeigniter4.

No one is working on this currently.

from codeigniter4.

This won't happen for release. It's a large project to do it well. Closing for now.

from codeigniter4.