Iman
Iman
There could be a case that you can add to [this document](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/05-Authorization_Testing/01-Testing_Directory_Traversal_File_Include). There was a situation that my target was not vulnerable against Directory Traversal Attack in a normal way,...
There was a situation that my target was not vulnerable against Directory Traversal Attack in a normal way, but it was allowing me to upload a compressed folder, I was...
I was testing a fuzzer on your repo and I found some 500 Internal Server Errors in the first few runs, just wanted to let you know. Screenshots are from...
I was checking [this](https://hackerone.com/reports/1439593) HackerOne report with a $29000 bounty and I found it very interesting. This is different than Zip Slip. In case of Zip Slip we can inject...
Currently, ASVS item 2.1.12 (under Category 2: Authentication) states: "Verify that the user can choose to either temporarily view the entire masked password, or temporarily view the last typed character...
Sensitive applications often store customer or user data that, in the wrong hands, can have profound implications for user privacy and security. While ASVS does touch upon data protection in...
In light of enhancing ASVS cryptographic key management practices, it's advisable to consider aligning our cryptoperiods with the recommendations provided by the National Institute of Standards and Technology (NIST). [NIST...
_(Ed note, original issue title was: **Prevention of Prompt Injection in Applications Using Large Language Models (LLM)**)_ The popularity of Large Language Models (LLM) like GPT variants from OpenAI has...
One of the most critical security issues that can exist in high-value sensitive systems (for example, banking systems) is the lack of dual authorization for sensitive operations or transactions. This...
I've noticed that the current version of ASVS does not have an item covering the implementation of the Feature-Policy header (also known as Permissions-Policy in its latest iteration). This header...