Security can mean a lot of things, but in this day and age everyone needs to do their best to keep their own data, their customers’ data and their partners’ data safe from anyone who’s not explicitly authorized access to that data. Building a secure system is not obvious, nor is it an absolute state of any existing system. We aim to be biased for security, even if it means we have to compromise usability or performance.
This document lists a couple of ways we find generally important, but keep in mind that actual implementations (like AbterPHP) may provide even more security features in some cases.
Obviously the above list says little about how AbterCMS is supposed to help you defend against SQL injection, Cross-Site Scripting (XSS), Insecure deserialization and many other threats. It’s mainly because we consider these threats to be something the actual implementations will have different solutions for. Underlying frameworks and language best practices are likely to take care of most of them.
There’s one obvious exception to this: Insufficient Logging and Monitoring. This one is not covered here because it is mostly outside of the scope of AbterCMS. We will however try to provide you with guides how to operate AbterCMS in a handful of environments that affect this topic.