Giuseppe De Marco

icon company @teamdigitale icon location A hacker does for love what others would not do for money.

Results 152 issues of Giuseppe De Marco

Attestable and randomized redirect_uri and response_uri

22 comment

For increasing the security of the implementations, it is recommended that the RPs randomize their endpoints. This can be achieved appending random paths, as for example: https:/rp.example.org/request-uri/that-random-things however, there are...

verifier_attestation
security

Enhancing Privacy by Not Notifying Relying Party of Faulty Requests

5 comment

## Context The current OpenID4VP specification outlines various error responses that a Wallet Instance may return to the Relying Party (Verifier) in case of faulty requests (Section 6.4. Error Response)....

privacy

The future of spid-testenv2

spid-testenv2 will be rewritten above the django framework and [spid-sp-test](https://github.com/italia/spid-sp-test) such as to make it: - suitable for production - capable of managing different storage engines (via ORM) - capable...

help wanted
breakage

[Python3.8] Note di installazione

2 comment

Per chi tentasse di installare spid-testenv2 in un virtualenv costruito al di sopra di python3.8 e ottenesse l'errore `ImportError: cannot import name 'Feature' from 'setuptools' ` come segue: ```` Traceback...

enhancement

[Snyk] Security upgrade django from 3.2.25 to 4.2.15

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 4 vulnerabilities in the pip dependencies of this project. #### Snyk changed the following file(s): - `requirements.txt` ⚠️ Warning ``` pysaml2...

[Snyk] Security upgrade setuptools from 68.0.0 to 70.0.0

This PR was automatically created by Snyk using the credentials of a real user.![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this...

[Snyk] Security upgrade django from 3.2.25 to 4.2.14

This PR was automatically created by Snyk using the credentials of a real user.![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 4 vulnerabilities in the pip dependencies of this...

[Snyk] Security upgrade zipp from 3.15.0 to 3.19.1

This PR was automatically created by Snyk using the credentials of a real user.![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this...

[Snyk] Security upgrade sqlparse from 0.4.4 to 0.5.0

This PR was automatically created by Snyk using the credentials of a real user.![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this...

[Annex 2] Attestation Providers supposed to be trustworthy by default

1 comment

In https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework/blob/main/docs/annexes/annex-2/annex-2-high-level-requirements.md, ISSU_34, we read ``` PID Providers, QEAA Providers, and PuB-EAA Providers are supposed to be trustworthy by default. ``` What it is supposed to mean by default in...