forked from OWASP/OpenCRE
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
854c58b
commit efc7479
Showing
369 changed files
with
15,460 additions
and
121 deletions.
There are no files selected for viewing
49 changes: 49 additions & 0 deletions
49
cres/ '__Host' prefix for cookie-based session tokens.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| doctype: CRE | ||
| id: 232-034 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 110-531 | ||
| name: Cookie-config | ||
| type: Contains | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x12-V3-Session-management.md | ||
| name: ASVS | ||
| section: V3.4.4 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: WSTG | ||
| section: WSTG-SESS-02 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: CWE | ||
| section: '16' | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| name: ' ''__Host'' prefix for cookie-based session tokens' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| doctype: CRE | ||
| id: 118-110 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 503-455 | ||
| name: Input and output verification | ||
| type: Contains | ||
| name: ' API/web services' |
27 changes: 27 additions & 0 deletions
27
cres/ Biometric autheticators only as seconday factors.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| doctype: CRE | ||
| id: 076-470 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 062-850 | ||
| name: MFA/OTP | ||
| tags: | ||
| - Cryptography | ||
| type: Contains | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x11-V2-Authentication.md | ||
| name: ASVS | ||
| section: V2.8.7 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: CWE | ||
| section: '308' | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| name: ' Biometric autheticators only as seconday factors' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| doctype: CRE | ||
| id: 166-151 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 724-770 | ||
| name: Authorized access | ||
| type: Contains | ||
| - document: | ||
| doctype: CRE | ||
| id: 141-555 | ||
| name: Fail securely | ||
| type: Related | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x12-V4-Access-Control.md | ||
| name: ASVS | ||
| section: V4.1.5 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: OPC | ||
| section: C10 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: WSTG | ||
| section: WSTG-ERRH-01 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: CWE | ||
| section: '285' | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Access_Control_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| name: Access control fail-safe |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| doctype: CRE | ||
| id: 650-560 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 724-770 | ||
| name: Authorized access | ||
| type: Contains | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x12-V4-Access-Control.md | ||
| name: ASVS | ||
| section: V4.1.1 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: WSTG | ||
| section: WSTG-ATHZ-02 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: CWE | ||
| section: '602' | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Access_Control_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Testing_Automation_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| name: Access control on trusted service layer | ||
| tags: | ||
| - Architecture |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| doctype: CRE | ||
| id: 751-176 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 586-842 | ||
| name: Secure user management | ||
| type: Contains | ||
| - document: | ||
| doctype: CRE | ||
| id: 270-568 | ||
| name: Authentication mechanism | ||
| type: Related | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x11-V2-Authentication.md | ||
| name: ASVS | ||
| section: V2.1.5 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: WSTG | ||
| section: WSTG-ATHN-07 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: CWE | ||
| section: '620' | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Credential_Stuffing_Prevention_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| name: Accessible password changing functionality |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| doctype: CRE | ||
| id: 551-400 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 258-115 | ||
| name: Re-authentication from federation or assertion | ||
| type: Contains | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x12-V3-Session-management.md | ||
| name: ASVS | ||
| section: V3.5.1 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: CWE | ||
| section: '290' | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/REST_Security_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/JSON_Web_Token_for_Java_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| name: Accompany OAuth with Referesh tokens |
33 changes: 33 additions & 0 deletions
33
cres/Additional authorization for lower and higher value application.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| doctype: CRE | ||
| id: 284-521 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 724-770 | ||
| name: Authorized access | ||
| type: Contains | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x12-V4-Access-Control.md | ||
| name: ASVS | ||
| section: V4.3.3 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: WSTG | ||
| section: Empty | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: CWE | ||
| section: '732' | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| name: Additional authorization for lower and higher value application |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| doctype: CRE | ||
| id: 152-725 | ||
| links: | ||
| - document: | ||
| doctype: CRE | ||
| id: 724-770 | ||
| name: Authorized access | ||
| type: Contains | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: https://github.com/OWASP/ASVS/blob/v4.0.2/4.0/en/0x21-V13-API.md | ||
| name: ASVS | ||
| section: V13.1.2 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: WSTG | ||
| section: WSTG-ATHZ-02 | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: CWE | ||
| section: '419' | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| - document: | ||
| doctype: Standard | ||
| hyperlink: '' | ||
| name: Cheat_sheets | ||
| section: https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html | ||
| subsection: '' | ||
| version: '' | ||
| type: Linked To | ||
| name: Admin only access to management funcitonality | ||
| tags: | ||
| - API/web services |
Oops, something went wrong.