righettod
commented
5 years ago Hi, seems very interesting, let's do this 😃
Closed ghost closed 4 years ago
righettod
commented
5 years ago Hi, seems very interesting, let's do this 😃
righettod
commented
5 years ago Ping me when you will start working on it in order that i pass the issue from the backlog to pending. Thanks you in advance 😃
rbsec
commented
4 years ago I'm a little unsure about the scope of something like this - obviously there's quite a bit of hardening/security in DNS, but I'm not sure how much of it should be part of the OWASP guides. Stuff like bind hardening seems a bit out of scope.
Initial thoughts would be to cover the following area:
Are there any other major things that are missing?
ThunderSon
commented
4 years ago It truly sounds more to do with IT than it does with AppSec. @jmanico care to chime in and give your input? I am totally okay with creating such a CS, we just need to be sure that it should be part of the project.
ThunderSon
commented
4 years ago The team deems this issue and the proposed CS to be out of scope for "developers". It can assist IT folks, and it requires some knowledge, yet not specifically for developers. This can be taken in at some later stages if the project is capable of handling IT issues. Since this was not picked up as well, the issue will be closed.
joubin
commented
4 years ago The team deems this issue and the proposed CS to be out of scope for "developers". It can assist IT folks, and it requires some knowledge, yet not specifically for developers. This can be taken in at some later stages if the project is capable of handling IT issues. Since this was not picked up as well, the issue will be closed.
I just want to add that this is not an IT only issue. With the move to cloud, more and more developers are being given control to mange underlying infrastructure. So a having proper DNS setup is part of the Application Security.
I think this should be removed from backlog and prioritized.
jmanico
commented
4 years ago +1 a developers guide to DNS security is right in line with OWASP’s mission.
-- Jim Manico @Manicode Secure Coding Education
On Jun 2, 2020, at 10:04 AM, Joubin Jabbari notifications@github.com wrote:
 The team deems this issue and the proposed CS to be out of scope for "developers". It can assist IT folks, and it requires some knowledge, yet not specifically for developers. This can be taken in at some later stages if the project is capable of handling IT issues. Since this was not picked up as well, the issue will be closed.
I just want to add that this is not an IT only issue. With the move to cloud, more and more developers are being given control to mange underlying infrastructure. So a having proper DNS setup is part of the Application Security.
I think this should be removed from backlog and prioritized.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
NOTE: In light of this recent event wanted to create the following DNS Cheat Sheet
Thanks you for proposing a new cheat sheet.
Please provides the following information about your proposal:
How do I secure my domain at the DNS level, which if not secure undermines everything else?Instruct the reader on which DNS records they need to set depending on their set-up, as well as other best DNS practices.One stop shop for DNS security best practices that currently require hours of Googling to effectively gather.Thanks you again for your contribution :smiley: