--- /dev/null
+% About the TestCMS code: are there important aspects that could (or should)
+% be changed to improve security? Or aspects that could be changed to
+% facilitate doing a security review?
+
+We found that the general design of the TestCMS codebase was pretty adequate.
+Functionality was neatly grouped by in different modules in the \code{system}
+directory. The code was very readable and commented. This made the security
+audit easier to do than we had initially expected.
+
+At the same time the TestCMS did not really do this in the case of security
+critical components. Input sanitization happens all over the place (and in
+some cases it does not happen at all). Middleware based design patterns could
+make the processing of input and output a somewhat less cluttered.
+
+Another thing that striked us about the TestCMS code is that all functionality
+was written by the programmer theirself. Although it may make the application
+a bit slower, using a template engine (like Twig\footnote{\url{http://twig.sensiolabs.org/}})
+could make the application design clearer and more secure by design. While a
+template engine is not necesarry, we think that using the new \code{MySQLi} API
+and in combination with prepared statements is a good change to start with.
repositories / ssproject1617.git / blobdiff