-
- This category can be summarized to "Check the OWASP Top 10 for API endpoints too". This isn't a category of vulnerability. This should be integrated through all the other vulnerabilities by speci…
-
A content security policy is missing in web.config. I believe it would be good to let [Nwebsec](https://github.com/NWebsec/NWebsec) handle setting a defense in depth.
-
Cross-site scripting is a special case of injection against the
interpreters (CSS, JavaScript, HTML) exposed by web browsers. It is an
interesting special case and certainly deserves its own name in…
-
Uplift accessrecord_development_html_implementation_guide
Tests for injection of malicious active scripting (e.g. JS) in HTML
Uplift pack with link to OWASP top ten vulnerabilities
-
via @charleshuang80 : https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
-
As a developer I will have a secret code so that my mailing list will be secure.
-
This is a drupal site.
Matches:
```
data "Matched Data: Remove-Item found within ARGS:ajax_html_ids[]: edit-field-links-und-0-field-remove-item"
data "Matched Data: Remove-Item found within ARGS:aj…
-
Hi,
When I try to bind a project in eclipse with SonarLint, with a SonarQube project, eclipse shows me the next error
![image](https://cloud.githubusercontent.com/assets/6850090/16649125/a8f85f6e-44…
-
https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet
-
Most JSON files are not flat. It would be great if testssl.sh would support this.
It seems to be also the output of the SSLlabs API, compare e.g. https://api.ssllabs.com/api/v3/analyze?host=ssllabs.c…