Where to hire a smart security specialist for CMF?

D

dreamerz2019-02-18 01:28:59

symfony

dreamerz, 2019-02-18 01:28:59

Where to rent a smart security specialist for CMF (in particular, Siphonia).
Briefly the crux of the problem is
sql > update roles = "ROLES_ADMIN" where username = 'hacker';
site.com/admin
Welcome admin Hacker! Whatsup.
And this is apparently just the tip of the security iceberg for CMF.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

TyzhSysAdmin, 2019-02-18
@POS_troi

And what about CMF?
The CMF is nothing more than a skeleton for a web application, and the holes that are created as a result depend on the directness of the developer of the application.
If you need an audit READY! WEB applications then look for companies providing such services - expensive, long, works until the first intervention of crooked hands in the code.

D

Denis, 2019-02-18
@sidni

As has been said, this is not Symphony's problem, practically the protection of any site flies `to hell` when an attacker has access to the database or to the code. If you want to get confused, create another hash field that will confirm the current role and make a subscriber that will work on every request to the site. Symphony is primarily a development tool that provides basic capabilities, and you (the programmer), based on the mania of persecuting the customer and the global conspiracy, implement your ideas.