PrestaShop Modules Security: Knowledge base

1. Prevent SQL injections
   1. Basic sample
   2. Array values sample
   3. Table name or field name protection
   4. OrderBy and orderWay protection
   5. Other cases like case/then, functions…
   6. PrestaShop object models natively protected against SQL injection
      
      
2. Prevent PHP injections
   1. Basic sample
      
      
3. Prevent sensitive data disclosure
   1. Logs, data export, …
   2. White reader, white deleter, …
   3. Deny any none-useful file extensions
      
      
4. Prevent Cross Script (XSS) vulnerability
   1. Reflexive XSS: Escape assigned variable on a Smarty templates
   2. Stored XSS from front to back
   3. Content Security Policies
   4. None secure svg files
      
      
5. Prevent logical weakness
   1. Standalone script without ModuleFrontController
   2. Weakness token in a front controller
   3. Callback of a wildcard method
   4. Wildcard data in the PrestaShop secures cookie
      
      
6. Prevent chain of vulnerability
   1. None obvious trusted data
   2. Sample with file_put_contents
      
      

back to the home page