CheatSheetSeries
CheatSheetSeries copied to clipboard
OWASP
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
enable dark / light mode switch   - [x] I tested to build the website locally - [x] The CI build of your PR pass, see the build status...
Hi. Congrats on the fantastic work on this project. wantke to suggest [enabling i18n](https://squidfunk.github.io/mkdocs-material/setup/changing-the-language/#site-language-selector) support on mkdocs-material, and uscommunity-baseded translations for documents. Seems the actual fallbacks options available, provide a...
In my test, XmlDocument (4.5.2 -/+), and xmlreader will not have bill laugh vulnerability by default. In the absence of other settings, can I assume that this attack will not...
## What is missing or needs to be updated? Wikipedia is currently being used as a resource to describe personal data/PII in the session management cheat sheet. The Wikipedia page...
## What is missing or needs to be updated? The "Bean Validation" Cheat Sheet mentions `@SafeHtml` as an additional constraint provided by the Hibernate validator: see https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Bean_Validation_Cheat_Sheet.md?plain=1#L451 . However, this...
## What is missing or needs to be updated? The [HTML5 security cheat sheet](https://cheatsheetseries.owasp.org/cheatsheets/HTML5_Security_Cheat_Sheet.html) currently says > Keep in mind that CORS does not prevent the requested data from going...
## What is missing or needs to be updated? The following tasks require to be executed post-mvp of the cheatsheet as agreed with various team-members: - [ ] Further extend...
## What is missing or needs to be updated? The section "Validating free-form Unicode text" describes the following as one of the primary means of validating free-form text input: >...
## What is missing or needs to be updated? Can we add a diagram showing how the CVE List and NVD are related and how the vendor and/or a coordinator...
## What is missing or needs to be updated? The "Cryptographic Storage Cheat Sheet" has a couple of things I would like to help improve. 1. The "Cryptographically Secure Functions"...
