Security

This section contains information that Adobe Commerce and Magento Open Source developers can use to improve the security of the components that they build.

Topics in this section include:

• Authorization—Control access to pages using different authorization strategies.
• Brute force attacks—Identify and protect component functionality vulnerable to brute force attacks.
• Content security policies—Mitigate against cross-site scripting and related attacks with content security policies.
• Cross-site request forgery—Leverage built-in cross-site request forgery (CSRF) protection when developing components.
• Cross-site scripting—Implement cross-site-scripting (XSS) prevention strategies when developing components.
• Denial of service (DoS) attacks—Identify and protect component functionality vulnerable to denial of service attacks.
• File uploads—Use out-of-the-box abstraction to safely work with user-uploaded files.
• Mass assignment—Prevent components from allowing bad actors to override user-editable properties with arbitrary values in HTTP requests.
• Non-secure functions—Avoid using PHP functions in components that are known to be vulnerable and exploitable.
• Sensitive information—Prevent components from exposing sensitive information, like customer passwords, addresses, and dates of birth
• Server-side request forgery—Follow these strategies to prevent server-site request forgery (CSRF) vulnerabilities in components.
• Subresource integrity— Security feature that enables browsers to verify the resources that they fetch.