-
Its not a good idea to print the current server PHP version to everyone accessing the site.
You should set this in a log. This issue is part of [OWASP top ten vulnerabilities](https://www.owasp.org/i…
-
👋 This dashboard summarizes my activity on the repository, including available improvement opportunities.
## Recommendations
_Last analysis: Feb 09 | Next scheduled analysis: Feb 13_
### Open
- h…
-
- [ ] Compile list of threat libraries we could use.
- [ ] Provide link to Common Vulnerability Scoring System v3.1
- [ ] Update template accordingly
- [ ] Security design review completed; the…
-
Vulnerable Library - gradio-3.4b2-py3-none-any.whl
Python library for easily interacting with trained machine learning models
Library home page: https://files.pythonhosted.org/packages/72/63/197bb7a…
-
I would be a nice addition to have pre-defined filters for certain things. For example, the OWASP Top Ten specifies 'Broken Authentication and Session Management'. This category of vulnerability has m…
-
**Describe the bug**
It would appear that `semgrep scan --validate` is not invoking semgrep-core correctly.
`semgrep scan --validate --config="p/owasp-top-ten" --debug`
```
[00.00][DEBUG]: s…
-
We should perform a quick security audit for our application. Including manual and automated testing (e.g. [Vega Report](https://subgraph.com/vega/index.en.html)).
The servers are already being sca…
-
- [x] What is the OWASP Top 10
- [x] What tools can be used to test the security
-
Tracking issue for:
- [ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/74
-
Is this something that's been thought of yet? Maybe sanitising all query and params on the way in. May need discussion
- Wanted XS scripts
- Wanted JS data
- Special characters