Jim Manico
Jim Manico
forURL ? No one really uses URI anymore that was just Jeff :)
cc @jeremylong cc @kwwall help?
Go for it :) -- Jim Manico @Manicode > On Jan 16, 2021, at 3:19 AM, Akshay Mall wrote: > > > Can I try this? > > —...
Maybe this will point you in the right direction? https://phppot.com/php/php-json-encode-and-decode/#:~:text=In%20PHP%2C%20json_encode()%20is,reflect%20effects%20on%20encoding%20behavior. or https://github.com/yahoo/serialize-javascript ?
Astute observation, I like it @roelstorms
The problem with 11.1.1 is that many workflows are not sequential, but are conditional based on user input. Perhaps? [MODIFIED] Verify that all application flows including authentication, session management, and...
From https://github.com/OWASP/ASVS/blob/master/5.0/en/0x19-V11-BusLogic.md 11.1.1 | Verify that the application will only process business logic flows for the same user in sequential step order and without skipping steps. | ✓ | ✓...
> 1. onfigures the DNS of attacker.com to resolve to 192.168.1.123, routing the request to the server on the local network as the application server. URL validation is not enough...
> There is no meaningful allow list of domains in this case, since any host on the internet is permissable. I see your scenario. But if you allow a server...
And @elarlang since 5.0 is going to be such a massive change, I am not opposed to releasing a 4.0.4 release as well if we note any mistakes there.