Security
This section contains information that Adobe Commerce and Magento Open Source developers can use to improve the security of the components that they build.
Topics in this section include:
- Authorization—Control access to pages using different authorization strategies.
- Brute force attacks—Identify and protect component functionality vulnerable to brute force attacks.
- Content security policies—Mitigate against cross-site scripting and related attacks with content security policies.
- Cross-site request forgery—Leverage built-in cross-site request forgery (CSRF) protection when developing components.
- Cross-site scripting—Implement cross-site-scripting (XSS) prevention strategies when developing components.
- Denial of service (DoS) attacks—Identify and protect component functionality vulnerable to denial of service attacks.
- File uploads—Use out-of-the-box abstraction to safely work with user-uploaded files.
- Mass assignment—Prevent components from allowing bad actors to override user-editable properties with arbitrary values in HTTP requests.
- Non-secure functions—Avoid using PHP functions in components that are known to be vulnerable and exploitable.
- Sensitive information—Prevent components from exposing sensitive information, like customer passwords, addresses, and dates of birth
- Server-side request forgery—Follow these strategies to prevent server-site request forgery (CSRF) vulnerabilities in components.
- Subresource integrity— Security feature that enables browsers to verify the resources that they fetch.
