This page relates to the Skill sets described in the open curriculum project, and tries to describe one of the skill sets. See this page as a collaborative notebook, and feel free to edit and improve it.
Someone with Writing secure code skills:
- knows how to handle user input securely (using check_plain() and t(), using filter_xss(), using filter_xss_admin(), ...)
- knows how to handle URLs securely
- is able to make queries secure against SQL Injection by using the database API: e.g. db_query(), adding the node_access tag
- knows how to use the node_access system to keep private nodes private with
- knows how to handle permissions, menu access arguments, menu access callbacks, and drupal_is_denied in page callbacks
- knows how to prevent Cross-Site Request Forgeries (CSRF)
- knows how to handle files securely
- knows how to encode mail headers
- knows how use SSL Support
- knows to handle Form API Security
- knows when/how to add account protections (e.g. password complexity requirements, password policy requirements)
- knows how to handle AJAX Security (Request Replay Attack)