Skip to content

Commit

Permalink
Update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
odan committed Sep 16, 2023
1 parent 890b466 commit 1756476
Showing 1 changed file with 23 additions and 6 deletions.
29 changes: 23 additions & 6 deletions docs/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,23 +53,37 @@ are a very good tools to work with JSON Web Tokens.
* [Stop using JWT for sessions](http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/)
* [Swagger - OAuth 2.0](https://swagger.io/docs/specification/authentication/oauth2/)

## SameSite Cookies
## Cross-site Request Forgery (CSRF) Protection

* [SameSite Cookies](https://ko-fi.com/s/e592c10b5f) (Slim 4 - eBook Vol. 2)
* [selective/samesite-cookie](https://github.com/selective-php/samesite-cookie)

## CSRF protection
Cross-site request forgery (CSRF) is a web security vulnerability
that tricks a victim's browser into performing unwanted
actions on a web application where the user is authenticated,
without their knowledge or consent.

* [CSRF](https://ko-fi.com/s/e592c10b5f) (Slim 4 - eBook Vol. 2)
* [Slim Framework CSRF Protection](https://github.com/slimphp/Slim-Csrf)

**SameSite Cookies** can be used for security purposes
to prevent CSRF attacks,
by controlling whether cookies are sent along with cross-site requests,
thereby limiting the risk of third-party interference with
the intended functioning of web applications.

* [SameSite Cookies](https://ko-fi.com/s/e592c10b5f) (Slim 4 - eBook Vol. 2)
* [selective/samesite-cookie](https://github.com/selective-php/samesite-cookie)

## Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) is a security feature
implemented by web browsers that controls how web pages
in one domain can request resources from another domain,
aiming to safely enable interactions between different origins.

* [Setting up CORS](https://www.slimframework.com/docs/v4/cookbook/enable-cors.html)
* [CORS](https://ko-fi.com/s/5f182b4b22) (Slim 4 - eBook Vol. 1)
* [middlewares/cors](https://github.com/middlewares/cors)

## Cross Site Scripting Prevention
## Cross Site Scripting (XSS) Prevention

Cross-site Scripting (XSS) is a client-side code injection attack.
The attacker aims to execute malicious scripts in a web browser of the
Expand All @@ -81,13 +95,16 @@ or by using libraries that are specifically designed to sanitize HTML input:
* [laminas/laminas-escaper](https://github.com/laminas/laminas-escaper)
* [Cross Site Scripting Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html)
* [Cross-site Scripting (XSS)](https://www.acunetix.com/websitesecurity/cross-site-scripting/)
* [XSS - Cross-site Scripting Protection](https://ko-fi.com/s/3698cf30f3) (Slim 4 - eBook Vol. 3)

## More Resources

* [Spam Protection](https://ko-fi.com/s/5f182b4b22) (Slim 4 - eBook Vol. 1)
* [Symfony Rate Limiter](https://ko-fi.com/s/e592c10b5f) (Slim 4 - eBook Vol. 2)
* [XSS - Cross-site Scripting Protection](https://ko-fi.com/s/3698cf30f3) (Slim 4 - eBook Vol. 3)
* [Shieldon - Web Application Firewall](https://ko-fi.com/s/3698cf30f3) (Slim 4 - eBook Vol. 3)
* [Mezzio OAuth2 Server](https://ko-fi.com/s/e592c10b5f) (Slim 4 - eBook Vol. 2)
* [Symfony Rate Limiter](https://ko-fi.com/s/e592c10b5f) (Slim 4 - eBook Vol. 2)
* [middlewares/firewall](https://github.com/middlewares/firewall)
* [PSR-15 HTTP Middlewares](https://github.com/middlewares)
* [PHP Middleware](https://github.com/php-middleware)

0 comments on commit 1756476

Please sign in to comment.