CheatSheetSeries
CheatSheetSeries copied to clipboard
OWASP
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
## What is missing or needs to be updated? My colleague Polčák and I have been conducting research on Network Error Logging (NEL) and its (in)security aspects. Please refer to...
## What is missing or needs to be updated? The Secure Product Design Cheat Sheet is a good start at describing how to incorporate some secure design principles into the...
Suggest a new logging vocab entry to detect SQL errors (potential SQLi)
When validation discrete list items (like a yes/no control or a list of countries) and someone tries to select an item that is not on the list, that input validation...
## What is missing or needs to be updated? Cross-Site Request Forgery attacks occur because untrusted browser code can cause requests to be sent to a vulnerable server that are...
## What is missing or needs to be updated? It is still pointing to Pod Security Policies, but they were removed in 1.25 and replaced with [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) ##...
Steps: - Load https://wave.webaim.org/report#/https://cheatsheetseries.owasp.org/index.html Actual results: - 11 Errors - 9 Contrast Errors - 7 Alerts - 9 Features - 16 Structural Elements - 15 ARIA Expected results: The website...
## What is missing or needs to be updated? [OWASP Double Submit cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie) doesn’t mention whether the token should be generated server or client side. However, it does so for...
## What is missing or needs to be updated? Modern browsers generally ignore `javascript:` in `` `src` attributes. Most of the examples listed which would execute javascript within an ``...
https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html#rule-5-be-mindful-of-inter-container-connectivity contains: ``` For detailed guidance on configuring Docker networks for container communication, refer to the [Docker Documentation](https://docs.docker.com/network/#communication-between-containers). ``` That link resolves to a new content. The original target, and...
