23 lines
331 B
Markdown
23 lines
331 B
Markdown
# Security Rules
|
|
|
|
## Generell
|
|
|
|
- Nie Secrets in Git
|
|
- Input immer validieren
|
|
- Output immer escapen
|
|
|
|
## XSS
|
|
|
|
- HTML specialchars() für User-Input in HTML
|
|
- Content-Security-Policy Header setzen
|
|
|
|
## CSRF
|
|
|
|
- CSRF Token bei Forms
|
|
- SameSite=Cookie
|
|
|
|
## SQL Injection
|
|
|
|
- Prepared Statements immer nutzen
|
|
- Nie User-Input direkt in SQL
|