sindre
/
Beelance
關註 1
收藏 0
複製 0
程式碼 問題管理 6 合併請求 0 版本發佈 0 Wiki Activity
標籤 里程碑
建立問題

#21 File hosting

開啟中
sindre5 年之前建立 · 0 條評論
sindre 評論 5 年之前

Although not an OWASP v4 code, File Hosting is a major part of modern intelligent threat actors. If your server hosts files instead of just letting users download them they can be used as part of spear-phishing attacks or as part of reconnaissance. This webpage should default to always downloading a file, even if accessed directly, or alternatively, deny access if a file is access directly.

Although not an OWASP v4 code, File Hosting is a major part of modern intelligent threat actors. If your server hosts files instead of just letting users download them they can be used as part of spear-phishing attacks or as part of reconnaissance. This webpage should default to always downloading a file, even if accessed directly, or alternatively, deny access if a file is access directly.
sindre 新增至Optional vulnerabilities 里程碑 5 年之前
sindre added the
webpy
label 5 年之前
sindre added the
bug
label 5 年之前
sindre added the
security misconfiguration
label 5 年之前
sindre 5 年之前 修改了里程碑 Optional vulnerabilitiesRequired fixes
sindre 5 年之前 修改了里程碑 Required fixesOptional vulnerabilities
登入 才能加入這對話。
No Branch/Tag Specified
分支列表 標籤列表
標籤
清除已選取標籤
broken access control
Broken access control vulnerability broken authentication
Broken authentication vulnerability bug
Something is not working csrf
Cross site request forgery vulnerability enhancement
New feature injection
Injection vulnerability insecure deserialization
Insecure deserialization vulnerability known vulnerability
Using components with known vulnerabilities logging
Insufficient logging vulnerability nginx
Concerns nginx security misconfiguration
Security misconfiguration vulnerability sensitive data exposure
Sensitive data exposure vulnerability webpy
Concerns the webpy framework
未選擇標籤
broken access control
broken authentication
bug
csrf
enhancement
injection
insecure deserialization
known vulnerability
logging
nginx
security misconfiguration
sensitive data exposure
webpy
里程碑
清除已選取里程碑
未選擇里程碑
Optional vulnerabilities
Assignees
Clear assignees
No Assignees
1 參與者
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
取消
儲存
尚未有任何內容
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

取消操作
確認操作