Alejandro Gomez

Available: Openly available 5/18 through 5/21 ETA: 5/18 (pending merge team approval)

@neyaadeez message me on slack with any queries you have or if we need to pair on anything!

This looks great! If it has ballooned we can split up into smaller PRs if you prefer

We can use this checklist to track what's complete so far so can make it into smaller chunks. Can you mark the endpoints you have tested? I can make a...

@entrotech We had discussed removing obsolete and/or over-exposed endpoints and I wanted to see if we were still thinking of removing some of the "Rules" endpoints [See services in question...

We'll need to consider overall security standards and and security testing needs https://github.com/hackforla/tdm-calculator/issues/1364 Helpful Links: https://owasp.org/www-project-proactive-controls/ https://owasp.org/www-project-top-ten/ https://owasp.org/www-project-application-security-verification-standard/ https://github.com/OWASP/www-project-proactive-controls/blob/master/v3/OWASP_Top_10_Proactive_Controls_V3.docx https://github.com/OWASP/ASVS/tree/v4.0.3#latest-stable-version---403

@azajzon @entrotech I took a look at this. Here's some initial thoughts. Let me know if we're aligned. *** 1. I think the first step for now is to add...

PR to address this ready for review

### Possible Attacks: - Remote File Inclusion (RFI) - *Explanation*: Remote file inclusion vulnerabilities happen when a malicious actor can modify user input to include their own remote files. This...

Leaving this Open per conversation with John Darragh on 7/19