[ssproject1617.git] / report / reflection.testcms_code.tex

% About the TestCMS code: are there important aspects that could (or should)
% be changed to improve security? Or aspects that could be changed to
% facilitate doing a security review?

We found that the general design of the TestCMS codebase was pretty adequate.
Functionality was neatly grouped by in different modules in the \code{system}
directory. The code was very readable and commented. This made the security
audit easier to do than we had initially expected.

At the same time the TestCMS did not really do this in the case of security
critical components. Input sanitization happens all over the place (and in
some cases it does not happen at all). Middleware based design patterns could
make the processing of input and output a somewhat less cluttered.

Another thing that striked us about the TestCMS code is that all functionality
was written by the programmer theirself. Although it may make the application
a bit slower, using a template engine (like Twig\footnote{\url{http://twig.sensiolabs.org/}})
could make the application design clearer and more secure by design. While a
template engine is not necesarry, we think that using the new \code{MySQLi} API
and in combination with prepared statements is a good change to start with.