Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replaced AC22 with AC23 and AC24 #243

Merged
merged 2 commits into from
May 28, 2024
Merged

Replaced AC22 with AC23 and AC24 #243

merged 2 commits into from
May 28, 2024

Commits on Apr 20, 2024

  1. Replaced AC22 with AC23 and AC24 

    As mentioned in OWASP#239 AC22 Credential Aging review the threat AC22
Credential Aging was not helpful.

This commit replaces AC22 with two new threats AC23 Credential
Disclosure and AC24 Hardcoded Credentials.

AC23 checks if the lifetime of the credentials is LONG, MANAUL, or
UNKNOWN.
Currently there is no way to resolve this threat by changing the model,
besides setting the a different lifetime.

AC24 warns against the use of hardcoded credentials.
    @raphaelahrens
    raphaelahrens committed Apr 20, 2024
    Configuration menu
    Copy the full SHA
    360c222 View commit details
    Browse the repository at this point in the history

Commits on Apr 26, 2024

  1. Added a DEPRECATED attribute 

    When a threat in `threats.json` has a `DEPRECATED` attribute the threat
will be ignored.
The value of `DEPRECATED` is irrelevant for pytm, but it can describe
the reason for the deprecation.
    @raphaelahrens
    raphaelahrens committed Apr 26, 2024
    Configuration menu
    Copy the full SHA
    283de31 View commit details
    Browse the repository at this point in the history