Edit in GitHubLog an issue


This section contains information that Adobe Commerce and Magento Open Source developers can use to improve the security of the components that they build.

Topics in this section include:

  • Authorization—Control access to pages using different authorization strategies.
  • Brute force attacks—Identify and protect component functionality vulnerable to brute force attacks.
  • Content security policies—Mitigate against cross-site scripting and related attacks with content security policies.
  • Cross-site request forgery—Leverage built-in cross-site request forgery (CSRF) protection when developing components.
  • Cross-site scripting—Implement cross-site-scripting (XSS) prevention strategies when developing components.
  • Denial of service (DoS) attacks—Identify and protect component functionality vulnerable to denial of service attacks.
  • File uploads—Use out-of-the-box abstraction to safely work with user-uploaded files.
  • Mass assignment—Prevent components from allowing bad actors to override user-editable properties with arbitrary values in HTTP requests.
  • Non-secure functions—Avoid using PHP functions in components that are known to be vulnerable and exploitable.
  • Sensitive information—Prevent components from exposing sensitive information, like customer passwords, addresses, and dates of birth
  • Server-side request forgery—Follow these strategies to prevent server-site request forgery (CSRF) vulnerabilities in components.
Was this helpful?
  • Privacy
  • Terms of Use
  • Do not sell my personal information
  • AdChoices
Copyright © 2022 Adobe. All rights reserved.