PauloASilva

icon indicating a website link https://pauloasilva.com icon indicating an email [email protected]

icon location Portugal icon location Freedom enthusiast • FOSS - Free Open Source Software • WWW - World Wide Web • XC - Cross Country (MTB Raids)

Results 6 issues of PauloASilva

async callback

Hi, Do you consider to refactor the validate async callback to be according Node.js callback pattern as it would allow Promises? By now I'm using a workaround ``` JavaScript var...

Authorization issues should be under the same umbrella

6 comment

> Authorization: Why are there 6 of 10 issues related to authorization. 1, 3, 4, 5, 8, and 10 are all problems with authorization. Can we combine these? It doesn't...

2023RC

Unsafe Consumption of APIs

2 comment

> Why is this a separate item? Assuming an API consumes data from an untrusted API, isn't it only an issue if one of the other problems occurs? Put another...

2023RC

OWASP 2021 categories don’t apply to the new list

2 comment

> At a minimum, I would love to know why the following categories from the main OWASP T10 don't apply to APIs: > > * Injection > * Cryptographic Failures...

2023RC

Wrong attribute name validation

1 comment

Consider the following markup `` which is correctly handled by major browser's builtin DOM Parser. Due to this [validation on sax.js parser](https://github.com/jindw/xmldom/blob/master/sax.js#L529) when adding the attribute to the element object,...

OWASP API Security Top 10 2023 update

1 comment

Hi team, Any plans to include new flags to cover the new [OWASP API Security Top 10 2023 risks][1]? Cheers, Paulo A. Silva [1]: https://owasp.org/API-Security/editions/2023/en/0x11-t10/