Potential BA Issue - Githubissues

SCWFoxy commented 1 year ago

I think there might be a broken authentication vulnerability in this code is that CWE_258 ?

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Insecure authentication (Detected by phrase)

Matched on "broken authentication"

Improper authentication happens when mechanisms intended to identify the user are flawed (easily tamperable or insufficient). This would allow an attacker to bypass access controls or to easily impersonate a user.

Try a challenge in Secure Code Warrior

Helpful references

OWASP Improper Authentication prevention cheat sheet - This article is focused on providing clear, simple, actionable guidance for preventing improper authentication flaws in your applications.

SCWFoxy commented 1 year ago

I think you mean CWE_250

secure-code-warrior-for-github[bot] commented 1 year ago

Micro-Learning Topic: Execution with Unnecessary Privileges (CWE 250)

Matched on "CWE_250"

What is this? (2min video)

The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

SCWFoxy / SCW_and_CodeQL_Demo

Potential BA Issue #33

Micro-Learning Topic: Insecure authentication (Detected by phrase)

Matched on "broken authentication"

Try a challenge in Secure Code Warrior

Micro-Learning Topic: Execution with Unnecessary Privileges (CWE 250)

Matched on "CWE_250"

Try a challenge in Secure Code Warrior