Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / OWASP/Top10 issues and pull requests

#787 - Update A01_2021-Broken_Access_Control.md

Pull Request - State: closed - Opened by bronsonavila 4 months ago

#100 - Some table content overlaps in the documentation. [2017]

Issue - State: closed - Opened by eryalparslan about 7 years ago - 1 comment
Labels: bug

#99 - A2: fine tuning the authentication section

Issue - State: closed - Opened by drwetter about 7 years ago - 1 comment
Labels: A2

#98 - Remove ESAPI references per issue #18

Pull Request - State: closed - Opened by Neil-Smithline about 7 years ago - 1 comment

#97 - QA for RC2

Issue - State: closed - Opened by vanderaj about 7 years ago - 1 comment
Labels: General, QA

#96 - Final Release of OWASP Top 10 2017

Issue - State: closed - Opened by vanderaj about 7 years ago - 2 comments
Labels: General, QA

#95 - Final QA for Golden Master

Issue - State: closed - Opened by vanderaj about 7 years ago - 1 comment
Labels: General, QA

#94 - Data analysis to be complete

Issue - State: closed - Opened by vanderaj about 7 years ago - 1 comment
Labels: enhancement

#93 - Logging

Issue - State: closed - Opened by drkknight about 7 years ago - 2 comments
Labels: General

#92 - Add Serialization Vulnerabilities to Top 10

Issue - State: closed - Opened by borischen about 7 years ago - 7 comments
Labels: General

#91 - Can anyone tell me what's the "A" stand for? What does A1 really represent?

Issue - State: closed - Opened by 0xzmz about 7 years ago - 10 comments
Labels: General

#90 - Proposal to merge A1 Injection and A3 XSS

Issue - State: closed - Opened by ekobrin about 7 years ago - 13 comments
Labels: A1, A3

#89 - Update Wording of "Using Components with Known Vulnerabilities"

Issue - State: closed - Opened by ossie-git over 7 years ago - 6 comments
Labels: A9

#88 - A4: Suggest a stronger emphasis on XXE vulnerabilities

Issue - State: closed - Opened by ghost over 7 years ago - 18 comments
Labels: A4

#87 - A3 [Cross-Site Scripting] - "How do I prevent XSS?"

Issue - State: closed - Opened by bchurchill over 7 years ago - 3 comments
Labels: A3

#86 - A4 [Broken Access Control] - "How do I prevent this?"

Issue - State: closed - Opened by bchurchill over 7 years ago - 3 comments
Labels: A4

#85 - Forward Looking Issues

Issue - State: closed - Opened by raesene over 7 years ago - 4 comments
Labels: General

#84 - Change to project scope.

Issue - State: closed - Opened by raesene over 7 years ago - 7 comments
Labels: General

#83 - A3 (XSS) - Prevention, link to Mozilla

Issue - State: closed - Opened by einsweniger over 7 years ago - 2 comments
Labels: A3

#82 - Proposal to Remove/Replace A7

Issue - State: closed - Opened by m1spl4c3ds0ul over 7 years ago - 20 comments
Labels: A7, General

#81 - A7: Feedback on A7 and suggestion for name change - maybe to "Insufficient Detection and Response"

Issue - State: closed - Opened by Neil-Smithline over 7 years ago - 2 comments
Labels: duplicate, A7

#80 - A5: Several modifications suggested

Issue - State: closed - Opened by Neil-Smithline over 7 years ago - 3 comments
Labels: A5, A6

#79 - OWASP Top 10 - 2017 RC1: +F-Details About Risk Factors

Issue - State: closed - Opened by sslHello over 7 years ago - 4 comments
Labels: +F

#78 - OWASP Top 10 - 2017 RC1: +R-Note About Risks

Issue - State: closed - Opened by sslHello over 7 years ago
Labels: +R

#77 - OWASP Top 10 - 2017 RC1: +O-What's Next for Organizations

Issue - State: closed - Opened by sslHello over 7 years ago - 2 comments
Labels: +O

#76 - OWASP Top 10 - 2017 RC1: +D-What's Next for Developers

Issue - State: closed - Opened by sslHello over 7 years ago - 2 comments
Labels: +D

#75 - OWASP Top 10 - 2017 RC1: A10 [Underprotected APIs]

Issue - State: closed - Opened by sslHello over 7 years ago - 2 comments
Labels: A10

#74 - OWASP Top 10 - 2017 RC1: A9 [Using Components with Known Vulnerabilities]

Issue - State: closed - Opened by sslHello over 7 years ago - 5 comments
Labels: A9

#73 - OWASP Top 10 - 2017 RC1: A8 [Cross-Site Request Forgery (CSRF)]

Issue - State: closed - Opened by sslHello over 7 years ago - 6 comments
Labels: A8

#72 - OWASP Top 10 - 2017 RC1: A7 [Insufficient Attack Protection] (+T10)

Issue - State: closed - Opened by sslHello over 7 years ago - 3 comments
Labels: A7, T10

#71 - OWASP Top 10 - 2017 RC1: A6 [Sensitive Data Exposure]

Issue - State: closed - Opened by sslHello over 7 years ago - 20 comments
Labels: A6

#70 - OWASP Top 10 - 2017 RC1: A5 [Security Misconfiguration]

Issue - State: closed - Opened by sslHello over 7 years ago - 3 comments
Labels: A5

#69 - OWASP Top 10 - 2017 RC1: A4 [Broken Access Control]

Issue - State: closed - Opened by sslHello over 7 years ago - 1 comment
Labels: A4

#68 - OWASP Top 10 - 2017 RC1: A2 [Broken Authentication and Session Management]

Issue - State: closed - Opened by sslHello over 7 years ago - 12 comments
Labels: A2

#67 - OWASP Top 10 - 2017 RC1: A1 [Injection]

Issue - State: closed - Opened by sslHello over 7 years ago - 2 comments
Labels: A1

#66 - OWASP Top 10 - 2017 RC1: RN [Release Notes]

Issue - State: closed - Opened by sslHello over 7 years ago - 1 comment
Labels: RN

#65 - OWASP Top 10 - 2017 RC1: I [Introduction]

Issue - State: closed - Opened by sslHello over 7 years ago
Labels: I, Introduction

#64 - OWASP Top 10 - 2017 RC1: O [About OWASP]

Issue - State: closed - Opened by sslHello over 7 years ago
Labels: O

#63 - Should unknown (undocumented?) services, applications or functionality be a top-level risk?

Issue - State: closed - Opened by psiinon over 7 years ago - 13 comments
Labels: +O, General

#62 - Feedback from Torsten Gigler

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: duplicate

#61 - A10 Feedback: include API-specific vulnerabilities in text - from Josh Grossman

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A10

#59 - A3 tweaks from Eelgheez

Issue - State: closed - Opened by vanderaj over 7 years ago - 3 comments
Labels: A3

#58 - A10: add examples to Am I Vulnerable and maybe increase impact

Issue - State: closed - Opened by vanderaj over 7 years ago - 4 comments
Labels: A10

#57 - A7 Seems out of place

Issue - State: closed - Opened by vanderaj over 7 years ago - 4 comments
Labels: A7

#56 - A2, A4, A7, A10: Enumerate 'bucket' categories

Issue - State: closed - Opened by psiinon over 7 years ago - 1 comment
Labels: A7, A10, A2, A4

#55 - A7 Colin Watson and Tin Zaw feedback

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: A7

#54 - Update references

Issue - State: closed - Opened by vanderaj over 7 years ago - 11 comments
Labels: bug, QA

#53 - A5: Reference suggestions

Issue - State: closed - Opened by vanderaj over 7 years ago - 4 comments
Labels: bug, A5

#52 - A7 Changes and general feedback - might need to split

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A7

#51 - +D: Update references to include more current projects

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: duplicate, +D

#50 - A7: Re-wording for "Am I vulnerable to attack?"

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A7

#49 - Should mentions of "TLS" be changed to "TLS 1.1/1.2"

Issue - State: closed - Opened by vanderaj over 7 years ago - 6 comments
Labels: A6, General

#48 - A9 Add mitigations

Issue - State: closed - Opened by vanderaj over 7 years ago - 3 comments
Labels: A9

#47 - A7, Risk: On "Risks"

Issue - State: closed - Opened by vanderaj over 7 years ago - 4 comments
Labels: A7, Risk

#46 - A10 Feedback

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A10

#45 - A7 Feedback

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A7

#44 - General: Daniel Miessler Blog Entry - may need to create many smaller issues

Issue - State: closed - Opened by vanderaj over 7 years ago - 4 comments
Labels: General

#43 - +F, +T: Move Appendix F & T to the front

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: +F, +R

#42 - General: Remove promotion of specific companies and products

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: General

#41 - A7 - rename to "Insufficient Detection and Response"

Issue - State: closed - Opened by vanderaj over 7 years ago - 3 comments
Labels: A7

#40 - A3: Should make "Incorrect Cryptography Usage" separate from "Sensitive Data Exposure"

Issue - State: closed - Opened by vanderaj over 7 years ago - 9 comments
Labels: A3

#39 - A10 - "Underprotected APIs" is not a separate category

Issue - State: closed - Opened by vanderaj over 7 years ago - 13 comments
Labels: A10

#38 - A8: Mention server-side validation. Possibly rename to "Request Forgery" and include SSRF

Issue - State: closed - Opened by vanderaj over 7 years ago - 10 comments
Labels: A8

#37 - A7 Seems like it's promoting WAFs

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: A7

#36 - A7 Overly General

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A7

#35 - A10 Is out of place. Replace with deserialization bugs

Issue - State: closed - Opened by vanderaj over 7 years ago - 3 comments
Labels: A10

#34 - A6: No cryptographic risks

Issue - State: closed - Opened by vanderaj over 7 years ago - 5 comments
Labels: A6

#32 - A7 should be removed as it is promoting commercial interests

Issue - State: closed - Opened by vanderaj over 7 years ago - 3 comments
Labels: A7

#31 - A6: Access control - CORS misconfiguration

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: A6

#30 - +O: Add something about VAST managing vendors

Issue - State: closed - Opened by vanderaj over 7 years ago - 4 comments
Labels: +O

#29 - A10 Thoughts on Insufficient Attack Protection

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A10

#28 - What are the stats on SSRF and others?

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: General

#27 - A10 Unprotected API subject is vague and confusing

Issue - State: closed - Opened by vanderaj over 7 years ago - 3 comments
Labels: A10

#26 - A7: Insufficient Attack Protection – what is the definition for sufficient?

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A7

#25 - A1 - Perhaps adding template injection at least as a reference

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: enhancement, A1

#24 - A0, A7 - Feedback on Jeremiah Grossman's tweet

Issue - State: closed - Opened by vanderaj over 7 years ago - 3 comments
Labels: A7

#23 - pg. 19 "+T: What's Next for Security Testing"

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: +T

#22 - A7: pg. 14 - Insufficient Attack Protection

Issue - State: closed - Opened by vanderaj over 7 years ago - 4 comments
Labels: A7

#21 - pg. 12 - A6 Sensitive Data Exposure

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: A6

#20 - pg. 10 - A4 Broken Access Control

Issue - State: closed - Opened by vanderaj over 7 years ago - 3 comments
Labels: A4

#19 - A2 Mention use of framework in "How Do I Prevent This" section

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: enhancement, A2

#18 - drop ESAPI from all of Top 10

Issue - State: closed - Opened by vanderaj over 7 years ago - 7 comments
Labels: bug

#17 - A6 - Replace "browser" with "client"

Issue - State: closed - Opened by vanderaj over 7 years ago - 4 comments
Labels: A6

#16 - A4 - remove "authenticated"

Issue - State: closed - Opened by vanderaj over 7 years ago - 1 comment
Labels: A4

#15 - A7: Tweak wording for Insufficient Attack Protection

Issue - State: closed - Opened by vanderaj over 7 years ago - 2 comments
Labels: A7

#14 - RN: Tweak wording for Release Notes

Issue - State: closed - Opened by vanderaj over 7 years ago
Labels: RN

#13 - RISK: Definition of "Risk" (Summit A7 session - Tues PM1)

Issue - State: closed - Opened by tghosth over 7 years ago - 1 comment
Labels: General

#11 - Possibility of Rolling call for data? (Summit Process session, Mon AM1)

Issue - State: closed - Opened by tghosth over 7 years ago - 2 comments
Labels: General

#9 - What should be the basis for the top 10? (Summit Call for Data session, Mon PM1)

Issue - State: closed - Opened by tghosth over 7 years ago - 2 comments
Labels: question

#7 - Ratio of time to gather/analyse data (Summit Process session, Mon AM1)

Issue - State: closed - Opened by tghosth over 7 years ago - 2 comments
Labels: General

#6 - Early release of just the Top 10 list (Summit Process session, Mon AM1)

Issue - State: closed - Opened by tghosth over 7 years ago - 3 comments

#5 - A8: Angular instead of AngularJS (A8)

Issue - State: closed - Opened by binarious over 7 years ago - 1 comment
Labels: bug, A8

#4 - Make T10 entries unique and non-overlapping

Issue - State: closed - Opened by thesp0nge over 7 years ago - 12 comments
Labels: General

#3 - Consider merging with existing repo

Issue - State: closed - Opened by h3xstream over 7 years ago - 1 comment

#2 - Consider distributing in format with less vulnerabilities than PDF, preferably closer to text

Issue - State: closed - Opened by jrmithdobbs over 7 years ago - 24 comments
Labels: General