-
There are many malicious packages in NPM repositories, some clones of existing well known libraries and other the original project bought out by a party with malicious intentions, does this project ha…
-
## Introduction
_Talk a little about yourself:_
- [ ] _Who you are_: Exponential, previously EVM smart contracts auditor (found vulnerabilities in projects of MakerDAO, Sommelier); Bio: https:/…
exp7l updated
3 months ago
-
Add documentation and resources from the application security class.
**Topics:**
- [ ] Introduction to Secure Software Development Cycle
- [ ] SQL Injection
- [ ] MongoDb Query Injection
- [x]…
-
The tool is an excellent replacement for a screen reader for rapid a11y testing, except for one big problem: it ignores the contents of iframes. A lot of academic course content is enclosed in iframe…
-
# Feature Proposal
This request is inspired by the recent security feature that was added by NPM.
In May of 2018, NPM added automatic dependency auditing support. When you run `npm install` the to…
-
There is one more thing that it is increasingly gaining attention now in Intel with regards to security – CVE scanning for released binary components.This has been now escalated everywhere and constan…
-
There is one more thing that it is increasingly gaining attention now in Intel with regards to security – CVE scanning for released binary components.This has been now escalated everywhere and constan…
-
## Issue
**Impacted version**: 4.4
**Deployment mode**: Tomcat 8.5, nginx
**Problem description**:
- built-in-ssh-server config is pretty unsafe these times
- Reproduce: set-up gitbucket, use https…
-
Hi,
I wondered for a while why ChaCha20-Poly1305 was selected by GA4GH for data encryption and the closest I could find were notes on fixed blocksize giving possibility to jump into middle of a str…
-
We would like users to be able to log into Azkaban Web portal using social auth like Azure AD, Google, GitHub etc accounts w/o the need to pre-create the accounts and passwords by hand.
This would he…