The AgriGO project provides security updates for the following versions:

If you discover a security vulnerability in AgriGO, we encourage responsible disclosure. To report a vulnerability:

1. Contact us via email at zouariomar20@gmail.com with the details.
2. Please provide a detailed description of the issue, including steps to reproduce it and, if available, a proof of concept.
3. We aim to respond within 48 hours and will work closely with you to resolve the issue.

We appreciate the security community's efforts in helping us maintain AgriGO’s safety and integrity.

AgriGO follows industry best practices for security to ensure safe transactions and protect user data:

• AgriGO uses secure methods for user authentication, including strong password hashing (e.g., bcrypt).
• Access control is implemented to restrict unauthorized actions.

• All sensitive data is encrypted in transit (via HTTPS/TLS) and at rest, including user credentials and personal information.

• Parameterized queries and prepared statements are used throughout to prevent SQL injection.
• ORM (Object-Relational Mapping) is leveraged where possible.

• User inputs are sanitized and validated to prevent XSS attacks, and user-generated content is escaped to avoid code injection.

• CSRF tokens are included in forms and API requests to secure user actions.

• Dependencies are regularly scanned for vulnerabilities with tools such as OWASP Dependency-Check.
• Critical security patches for dependencies are applied promptly.

• Default settings follow secure configurations, and sensitive data is stored securely (e.g., .env files for environment-specific settings).

• A strict CSP is enforced to limit content sources, reducing the risk of XSS and unauthorized resource loading.

• Logs are maintained for key operations and monitored for abnormal patterns. Logs avoid storing sensitive information.

Contributors can help enhance AgriGO's security by following these practices:

• Adhere to secure coding standards and the above security practices when contributing.
• Conduct thorough security testing before submitting a pull request.
• Avoid including any sensitive data in code (e.g., passwords, API keys).

For additional guidance on secure development, refer to:

• OWASP Secure Coding Practices Checklist
• CWE Top 25 Most Dangerous Software Errors

Thank you for helping us make AgriGO secure for our users and the community!