Open mbiuki opened 1 year ago
We would have to make sure that our security tests are OWASP Top 10 relevant: https://owasp.org/www-project-top-ten/
I'm worried about this...
In this case we add the test, but in case that we catch an XSS pattern, we are allowing to create the content ir template. We are just getting the error in the test but the functionality allow to create the content without problems.
I'm worried about this...
In this case we add the test, but in case that we catch an XSS pattern, we are allowing to create the content ir template. We are just getting the error in the test but the functionality allow to create the content without problems.
This is also true for container. I think this test is not needed as admin is allowed to put whatever he wants.
Security team is going to add security tests to Postman collections located here: core/dotCMS/src/curl-test Plus every time there is a new PR related to Postman change (like adding a new resource or so), we check if there must be new security tests added