-
```
Our project supports UTF-8 and after integrating with OWASP ESAPI, it is not
working. We mainly used it to fix XSS and Blind sql injection.But this did not
fix the XSS issue.
What steps will rep…
-
-
```
Reported by unixaddict on SourceForge:
Hello OWASP BWA Devs,
I tried the owaspbwa-update-all.sh command but no matter what option I chose to
apply the change diffs from what I have in the VM to…
-
Sites can set headers to ensure that they never share a browser process with another site. This prevents an attacker from loading sensitive data into memory and then reading it with a side-channel att…
Sjord updated
15 hours ago
-
Create a new MASTG v2 test covering for":
- **Title:** Testing Jailbreak Detection
- **ID:** MASTG-TEST-0088
- **Link:** https://mas.owasp.org/MASTG/tests/android/MASVS-RESILIENCE/MASTG-TEST-0088/
-…
-
LDAP Injection
FP
* [ ] file 138:
`If statement` that always resolves to true tricks the taint engine into tainting a variable:
https://semgrep.dev/s/z1AW
* [ ] file 530:
‘Switch statement’ th…
-
It could be useful for AppSensor to log via the OWASP Security Logging framework : https://github.com/javabeanz/owasp-security-logging.
-
- Site: [https://alcs-dev-api.apps.silver.devops.gov.bc.ca](https://alcs-dev-api.apps.silver.devops.gov.bc.ca)
**New Alerts**
- **A Server Error response code was returned by the server** [10000…
-
Hi,
Do you have a dockerfile that runs zap baseline in OpenShift without the Jenkins integration?
Thanks
-
OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Sho…