diff --git a/developer_manual/security.rst b/developer_manual/security.rst
index 5dc249c85..d38ed540b 100644
--- a/developer_manual/security.rst
+++ b/developer_manual/security.rst
@@ -12,6 +12,21 @@ Blacklisted PHP functionality
 **!=** 
  Use !== instead
 **rand(), srand(), mt_rand()**
- Use openssl_random_pseudo_bytes() instead
+ If you need a cryptographical secure random number use OC_Util::generate_random_bytes() instead
 
-TBD
+CSRF protection
+-----------------------------
+Please add OC_Util::isCallRegistered() or OC_JSON::callCheck() at the top of your file to prevent Cross-site request forgery.
+
+See http://en.wikipedia.org/wiki/Cross-site_request_forgery
+
+Auth checks
+-----------------------------
+OC_Util::checkLoggedIn() or OC_JSON::checkLoggedIn()
+ Checks if the user is logged in
+OC_Util::checkAdminUser() or OC_JSON::checkAdminUser()
+ Checks if the user has admin rights
+OC_Util::checkSubAdminUser() or OC_JSON::checkSubAdminUser()
+ Checks if the user has subadmin rights
+
+TBD
\ No newline at end of file