Closed JLLeitschuh closed 8 months ago
ImproperPrivilegeManagement
owasp
JavaSecurityBestPractices
Signed-off-by: Jonathan Leitschuh Jonathan.Leitschuh@gmail.com
See above
The OWASP recipe had some problems, miss-labeling, and the inclusion of a recipe that doesn't actually fix the vulnerability.
Also, there were several recipes missing CWE's
Do the duration estimates make sense? Is it fine that I removed those recipes from the OWASP one.
@jkschneider
ImproperPrivilegeManagementfromowaspJavaSecurityBestPracticesSigned-off-by: Jonathan Leitschuh Jonathan.Leitschuh@gmail.com
What's changed?
See above
What's your motivation?
The OWASP recipe had some problems, miss-labeling, and the inclusion of a recipe that doesn't actually fix the vulnerability.
Also, there were several recipes missing CWE's
Anything in particular you'd like reviewers to focus on?
Do the duration estimates make sense? Is it fine that I removed those recipes from the OWASP one.
Anyone you would like to review specifically?
@jkschneider
Have you considered any alternatives or workarounds?
Any additional context
Checklist