Did some web security testing in here - Promods Passed

Ask questions about the mod here. If useful they will be added to the Q&A / Development updates.
Forum rules
Please do not post any crashes, malfunctions or other issues with the mod in this forum. If you have any issues with the mod, please post them here. This forum is only for questions/feedback towards the team, not for solving crashes.
Post Reply
User avatar
AssassinLV
Posts: 205
Joined: 31 May 2014 14:14
Donation rank:
Location: Riga
Contact:

17 Jan 2018 16:17

I today did some voluntary web security testing on both types of XSS (Cross Site Scripting) attacks. The good thing is - ProMods passed it, and I can tell that no malicious user can do any type of XSS attacks. :)

What is XSS attack?
It's a form of attack when a malicious user sends with the message or any other type of input saves the JavaScript, JQuery or TypeScript code - and other users will get that code executed in their browsers. For example - It could be even a Crypto-Currency miner.

Edit 1:
Checked also fastly the sql injection with 1=1 in topic search, no problems found. :)

That's all from my side. :)
Mom says to son.
Hey son - can you go to the shop and buy the milk, if they have eggs - buy six.
Sure.
Son goes to the shop and buys six packs of milk and goes back home.
Why did you buy six packs of milk?
Because - they had eggs. And you told me to buy six - if they had eggs.

User avatar
michaelmurfy
Posts: 218
Joined: 24 Dec 2016 22:15
Donation rank:
Location: Wellington
Contact:

17 Jan 2018 19:38

We use both Cloudflare and ModSecurity on our platform and several other things I won't go in to. This helps mitigate any problems that phpBB / Wordpress / Our Scripts may have. Our platform has also been pen-tested by a few professionals in the industry with nothing showing up. Not saying it is completely "impossible to break" but I take security very seriously.
Promods Server Administrator

User avatar
AssassinLV
Posts: 205
Joined: 31 May 2014 14:14
Donation rank:
Location: Riga
Contact:

17 Jan 2018 19:47

That's actually good. :) Didn't even know that ProMods had a security audit. I simply know that many does not know about different types of security issues. I'm really surprised that ProMods or any Modding community in general takes security seriously. :)
I'm happy to be surprised.
Mom says to son.
Hey son - can you go to the shop and buy the milk, if they have eggs - buy six.
Sure.
Son goes to the shop and buys six packs of milk and goes back home.
Why did you buy six packs of milk?
Because - they had eggs. And you told me to buy six - if they had eggs.



Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 10 guests