rbsec

They do say that naming things is one of the hardest problems in computing... I can see the benefit of a name like `favour3of4` as it makes it clear that...

> Taking [IDOR](https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/05-Authorization_Testing/04-Testing_for_Insecure_Direct_Object_References) as an example, while it's true that there is a summary section, there is no high-level description, no impact, no remediation recommendations and so on. The summary...

@kingthorin are you aware of any OWASP (or non-OWASP) projects that this might fit in? Or is it perhaps something that could/should be a new one?

@PFGimenez I can understand why it's nice to have the diluted state when you unintentionally get things wet, to stop falling into water being too devastating. But if I'm intentionally...

@copperwater while there are certainly quite a few potions that are of very limited value (and some that are outright harmful or useless), for me it's usually less a case...

@chcg thanks for looking into this so quickly. Updating does let you remove the plugin (and of course you can always just manually delete it if that didn't work for...

I've not gone through this in huge detail - but a few initial thoughts. The main one is that there seems to be quite a lot of duplication between this...

Certainly no objections here - although I'm afraid that sslscan isn't a project I have a huge amount of time for ATM. Proper support (i.e. the ability to make actual...

> Application allows changing email without password confirmation in authenticated session. This is definitely a good addition - perhaps expanding the current text about requiring re-authentication when changing passwords to...

Ah, that makes a bit more sense. So things like: * Weak information like dates of birth/etc. * Very short things like PINs * Security questions I'm not sure they...