Confirm
2,177
edits
Changes
→Security
=Security=
*Gone through httpsComplete the following (taken from [[WebAppSec/Secure_Coding_QA_Checklist]])** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Input Validation For User Controlled Data|Test:Input Validation For User Controlled Data]]** [[WebAppSec/Secure_Coding_QA_Checklist#Test: SQL Injection|Test: SQL Injection]]** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Output Encoding For User Controlled Data|Test: Output Encoding For User Controlled Data]]** [[WebAppSec/wiki.mozilla.orgSecure_Coding_QA_Checklist#Test: CSRF|Test: CSRF]]** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Account Lockout -- INACTIVE|Test: Account Lockout -- INACTIVE]]** [[WebAppSec/Secure_Coding_QA_Checklist and filed the appropriate bugs#Test: X-Frame-Options|Test: X-Frame-Options]]
*Runs on both HTTP / HTTPS? Mixed-content warnings? Cert set up?
**Should HTTP requests get automatically redirected to HTTPS, by default?
