Guide to secure web application built with 4D

You should also read 4D SECURITY GUIDE.

Only ORDA is taken into account in this read. 4D codes are verified via 4D v19.1 build 19.275122 on macOS.

Typical attack methods

Query Injection

Directory Traversal

Improper Session Management

Cross Site Scripting

Cross Site Request Forgery

HTTP Header Injection

Vulnerabilities not discussed in this article

• OS Command Injection
• Mail Header Injection
• Click Jacking
• Buffer Overflow

References

• How to Secure Your Web Site (JA) by IPA
• How to Secure Your Web Site (EN) by IPA