From 37c1ce0fc9ce34e0629c0b4384edfbc1297f3e79 Mon Sep 17 00:00:00 2001 From: Daan Sprenkels Date: Fri, 25 Nov 2016 11:04:03 +0100 Subject: [PATCH] Add TestCMS specific code reflection --- report/reflection.testcms_code.tex | 20 ++++++++++++++++++++ report/reflection.tex | 3 +++ 2 files changed, 23 insertions(+) create mode 100644 report/reflection.testcms_code.tex diff --git a/report/reflection.testcms_code.tex b/report/reflection.testcms_code.tex new file mode 100644 index 0000000..08416e3 --- /dev/null +++ b/report/reflection.testcms_code.tex @@ -0,0 +1,20 @@ +% About the TestCMS code: are there important aspects that could (or should) +% be changed to improve security? Or aspects that could be changed to +% facilitate doing a security review? + +We found that the general design of the TestCMS codebase was pretty adequate. +Functionality was neatly grouped by in different modules in the \code{system} +directory. The code was very readable and commented. This made the security +audit easier to do than we had initially expected. + +At the same time the TestCMS did not really do this in the case of security +critical components. Input sanitization happens all over the place (and in +some cases it does not happen at all). Middleware based design patterns could +make the processing of input and output a somewhat less cluttered. + +Another thing that striked us about the TestCMS code is that all functionality +was written by the programmer theirself. Although it may make the application +a bit slower, using a template engine (like Twig\footnote{\url{http://twig.sensiolabs.org/}}) +could make the application design clearer and more secure by design. While a +template engine is not necesarry, we think that using the new \code{MySQLi} API +and in combination with prepared statements is a good change to start with. diff --git a/report/reflection.tex b/report/reflection.tex index 9b3f7d1..257f9b5 100644 --- a/report/reflection.tex +++ b/report/reflection.tex @@ -49,5 +49,8 @@ some components, like input escaping, are just not present. \subsection{On the code \& streamlining subsequent security audits} \input{reflection.code_and_auditing.tex} +\subsection{TestCMS code security} +\input{reflection.testcms_code.tex} + \subsection{On the general development of secure software} \input{reflection.secure_development.tex} -- 2.20.1