-
Allstar has detected that this repository’s SECURITY.md security policy is out of compliance. Status:
Security policy not enabled.
A SECURITY.md file can give users information about what constitutes …
-
Is there a way to test field security profiles?
-
cross domain issues. XSS attacks. Form limitations and identity.
-
### Description
Dynamic penetration testing of the project
Tasks
- [ ] Assess authentication
- [ ] Assess authorization
- [ ] Assess input validation
- [ ] Find logic bugs
- [ ] Denial o…
-
## About
A ZK Orderbook Exchange for Ultimate Security and Efficiency
### **Responsibilities:**
1. **Design and execute comprehensive test strategies** for DEX platform stability, scalability, a…
-
What would you like to be added:
Fuzz testing or Fuzzing is a Black Box software testing technique, which basically consists in finding implementation bugs using malformed/semi-malformed data injecti…
-
Need to check:
- Inputs are sanitized/escaped (no xss)
- File uploads are restricted to safe formats
- CSP whitelist (only allow specific domains)
- User/admin permissions are correct, no holes
-…
-
It would be helpful for clients to have the ability to specify extra HTTP headers globally or for a specific set of browsing contexts. While custom HTTP headers can currently be set through network in…
-
We could extend the advisor's capabilities for static code analysis, esp. with a focus on security, like with any of these (alphabetical order):
- [Bearer](https://github.com/bearer/bearer)
- [Ecl…
-
The top `README.md` should have a clearer note about how this library has not had a security review and currently only be used for testing pruposes.
This does exist in the notes but it should be th…