Skip to content

Latest commit

 

History

History
82 lines (47 loc) · 3.31 KB

SECURITY.md

File metadata and controls

82 lines (47 loc) · 3.31 KB

Security Policy for "Pencil Sketch"

Supported Versions

The "Pencil Sketch" project provides security updates for the following versions:

Version Supported
1.x.x
0.x.x

Reporting a Vulnerability

If you discover a security vulnerability in "Pencil Sketch", we encourage responsible disclosure. To report a vulnerability:

  1. Contact us via email at zouariomar20@gmail.com with the details.
  2. Please provide a detailed description of the issue, including steps to reproduce it and, if available, a proof of concept.
  3. We aim to respond within 48 hours and will work closely with you to resolve the issue.

We appreciate the security community's efforts in helping us maintain "Pencil Sketch"’s safety and integrity.

Security Practices

"Pencil Sketch" follows industry best practices for security to ensure safe transactions and protect user data:

1. Authentication and Authorization

  • "Pencil Sketch" uses secure methods for user authentication, including strong password hashing (e.g., bcrypt).
  • Access control is implemented to restrict unauthorized actions.

2. Data Encryption

  • All sensitive data is encrypted in transit (via HTTPS/TLS) and at rest, including user credentials and personal information.

3. SQL Injection Protection

  • Parameterized queries and prepared statements are used throughout to prevent SQL injection.
  • ORM (Object-Relational Mapping) is leveraged where possible.

4. Cross-Site Scripting (XSS) Prevention

  • User inputs are sanitized and validated to prevent XSS attacks, and user-generated content is escaped to avoid code injection.

5. Cross-Site Request Forgery (CSRF) Protection

  • CSRF tokens are included in forms and API requests to secure user actions.

6. Third-Party Dependency Management

  • Dependencies are regularly scanned for vulnerabilities with tools such as OWASP Dependency-Check.
  • Critical security patches for dependencies are applied promptly.

7. Secure Configuration

  • Default settings follow secure configurations, and sensitive data is stored securely (e.g., .env files for environment-specific settings).

8. Content Security Policy (CSP)

  • A strict CSP is enforced to limit content sources, reducing the risk of XSS and unauthorized resource loading.

9. Monitoring and Logging

  • Logs are maintained for key operations and monitored for abnormal patterns. Logs avoid storing sensitive information.

Security Contributions

Contributors can help enhance "Pencil Sketch"'s security by following these practices:

  • Adhere to secure coding standards and the above security practices when contributing.
  • Conduct thorough security testing before submitting a pull request.
  • Avoid including any sensitive data in code (e.g., passwords, API keys).

Resources

For additional guidance on secure development, refer to:

Thank you for helping us make "Pencil Sketch" secure for our users and the community!