Kim Carter
Kim Carter
Would adding a feature somewhere else, that leverages/exhibits this defect be a better approach, rather than trying to overload (convolute) the login?
Yes please @jboyer2012 and please make sure to follow: https://github.com/OWASP/NodeGoat/#ways-to-contribute, and also run the security regression test before and after your work: https://github.com/OWASP/NodeGoat/wiki/NodeGoat-Security-Regression-tests-with-ZAP-API
Any more ideas around this @ckarande ? There are a bunch of ideas in my book here: https://leanpub.com/holistic-infosec-for-web-developers/read#process-and-practises-agile-development-and-practices , not sure that's what you mean though. Perhaps the Web Applications...
Thanks Snyk. We could turn this into a feature. My guess is that if and when NodeGoat depends on some tooling for mitigating the issues around consuming free and open...
Swig 1.4.2 is what we're using and is the latest but no longer maintained package, which depends on uglify-js 2.4.24. So in order to get out of this situation, an...
Yeah, in order for a project to be maintained, it needs to have up to date dependencies, otherwise maintainers will be forever struggling. I think it's intent is to be...
When Swig is replaced, we should probably implement a defense in depth solution using: 1. Validation 2. Filtering 3. Sanitisation It would be good to see this across the entire...
May be worth updating the checklist? [purpleteam](https://purpleteam-labs.com/) has been testing NodeGoat for several years now
Can you provide some more specifics on this @ckarande ?