rbsec
rbsec
There's not really anything in the WSTG about how to test multi-factor authentication (MFA). Off the top of my head, some of the key areas to look at would be:...
If a certificate has multiple CNs, the output is incomplete. If the certificate is for: ```/C=UK/O=TestOrg/OU=Test/CN=foo/CN=bar``` Then the subject in the output will be `foo`, and the `bar` will be...
The protocol scan will show protocols as disabled if they return a warning, even if the handshake then completes successfully. The response to the initial `ClientHello` can have a content...
The check for TLS compression relies on OpenSSL library supporting it - so will not be available if building dynamically. This can be worked around with a static build -...
Add XML output for the OCSP info in #48
Initial draft of a guide on testing MFA (as per #949). I've not gone through for a wording/grammar/spelling check yet - at this stage the key questions are: - Does...
The [ascii.chr](https://github.com/openwall/john/commits/bleeding-jumbo/run/ascii.chr) file that's used by default for incremental mode hasn't been change since at least 2013 (apart from an accidental change that was subsequently reverted), and doesn't reflect many...
There are few areas of the guide that don't really take into account the current state of `SameSite` cookies: * The Testing Cookie Attributes guide says that "most" browsers" default...
If you #dip a potion into water (such as a fountain or moat), you create a diluted version of the potion (which functions mostly the same as the original), and...
### Description of the Issue The plugin manager has three tabs for plugins to appear in: * Available * Updates * Installed Plugins only ever appear in one of these...