Security - Fabians small Magento world

array_diff(array, string) does(n't) work as expected

This is an old problem, quite a few security researchers already wrote about. But repeating things, helps learning them (especially me). In MageSetup we read posted agreements (terms and conditions) and compare them with all the agreements we expect. This looks like that: $requiredAgreements = $this->_getCustomerCreateAgreements(); $controller = $observer->

Magento

SSL Everywhere or HSTS

We have to secure all the data of our users, not only registration, checkout and login. We need to secure the session data too. SSL Everywhere or HTTP Strict Transport Security (I hope) Everyone knows, that it is important to secure (read as encrypt) our customer’s data. Because of

Security

German OWASP Day 2012

Ich war gestern auf dem German OWASP Day 2012. Die OWASP ist das "Open Web Application Security Project". Eine offene, kostenlose Organisation, die Security in der IT voranbringen will. Es folgen Notizen. Keynote: Volkmar Lotz (SAP) Part 1: Build Knowledge Auch mit Frameworks kann man Sicherheit nicht ohne