owasp
Here are 312 public repositories matching this topic...
-
Updated
May 14, 2020
The rule would raise info alerts for each script it found along with the integrety hash, as per
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
This could just work on URLs that are in scope - it would just be useful when you're trying to create a CSP for a specific site.
-
Updated
Jun 8, 2020 - Python
-
Updated
May 5, 2020 - PHP
Maybe forging an event emission for a challenge that does not really exist but make the client pick it up nonetheless?
Want to back this issue? Post a bounty on it! We accept bounties via [Bount
-
Updated
Jun 8, 2020 - Ruby
Documentation
I would like to see documentation for using Astra with most popular authentication/token methods. So much work but just one page of documentation. Please update this so it gets more widely used and more feedback on the product this way. Thanks
https://staticcheck.io/docs/checks#SA6005
In file sanitize.go: if strings.ToLower(straw) == strings.ToLower(needle) { should be strings.EqualsFold(straw, needle)
or, even better, compile a regexp literal for needle and use it for the entire loop.
On running python setup.py develop a ModuleNotFoundError is thrown.
We have to manually install the following Modules Tornado, PyYAML, Six.
This issue is present in both manual and docker installation process
Expected Behavior
I'm just starting out in using DefectDojo, and am a bit confused on what the Tool Type and Tool Configuration sections inside Configuration. I know that documentation is something DefectDojo prides itself on, and I greatly appreciate the breadth of it... but I can't seem to find this documented anywhere.
Merge /Testing_for_Vertical_Bypassing_Authorization_Schema_WSTG-AUTHZ-00X.md into 4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md
Python Themis Docs
Hi, I love encryption, but I found the docs to be confusing for Python. Maybe it's just Themis in general, so please correct me if I'm wrong since this is my first time using Themis.
Here is the confusing part: https://github.com/cossacklabs/themis/wiki/Python-Howto#example-1
When you're unwrapping the message, you need to u
-
Updated
May 5, 2020
I did a basic line edit of the "Usage" section, but next it needs reorganization and more information.
Would anyone want to spend time on a call or two to help me understand some of the commands? Some of them aren't obvious to me from the command line help, so they might benefit from better explanation.
(I'll continue to work on this section, but having a technical expert to answer some of
-
Updated
Mar 9, 2020
-
Updated
May 20, 2020 - Perl 6
https://docs.dependencytrack.org/integrations/badges/
Current Behavior:
You need to hardcode version (or UUID - which changes by version (!)) in the url for the badge - it would be more convenient to have an url for latest version.
Proposed Behavior:
Just point at name and get semver latest version (or latest scanned version) - this way the url can be stable in READMEs etc.
-
Updated
May 9, 2020 - Python
The analyzer warns correctly, but the documentation for SCS0007 only has guidance for XmlReader and XmlDocument. The warning also appears for XmlPathDocument/XPathNavigator, which is also insecure by default on .NET version prior to 4.5.2. https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.md#xpathnavigator has guidance on an example fix
-
Updated
Dec 15, 2019 - CSS
Add dummy task
Create a simple dummy task, to make it easier to play with Glue and understand it's features. The task should generate some findings, with different levels.
-
Updated
Jun 16, 2019 - Perl
Improve this page
Add a description, image, and links to the owasp topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the owasp topic, visit your repo's landing page and select "manage topics."


If we use Spring MVC there is also something we can add in the model if we use Spring WebFlow. According to Spring Documentation and this SO article this is possible to specific bind the model.
I think this