Skip to content
#

owasp

Here are 371 public repositories matching this topic...

Mobile-Security-Framework-MobSF

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

  • Updated Mar 4, 2021
  • Python
Stanislava27
Stanislava27 commented Feb 5, 2021

Describe the bug
I have been testing some test endpoints, where an xml file is returned. These tests get alert "A WSDL File has been detected.". I have been looking through the source code and found that Content-Type ".wsdl", "text/xml" or "application/wsdl+xml will trigger an alert (\zap\extension\soap\WSDLFilePassiveScanRule.java line 60-62). Some of the WSDL files will probably use text/xm

wstg
ThunderSon
ThunderSon commented Sep 12, 2020

What's the issue?
Overwritten test scenario, can be summarized and link to payload lists from other repos

How do we solve it?
Chop down the content to the required and needed information, link to payload lists instead of enumerating all possible usernames and passwords, provide further guidance on how to test.

If no one is up to handle it, I can take care of it

find-sec-bugs
h3xstream
h3xstream commented Oct 5, 2020

Description

BeanUtils is a library that is doing automatic mapping to Java object.
It can cause arm when the attack controls part of the list of properties being sets. BeanUtils does not blacklist properties like class, classloader or other objects that are likely to load arbitrary classes and possibly run code.

Code

import org.apache.commons.beanutils.BeanUtils;

public
dependency-track
stevespringett
stevespringett commented Nov 18, 2020

The current swagger definition is autogenerated. The automatically generated definitions rely on reflection and annotations to create the documentation. The reflection capabilities are poor at best and lead to missing API parameters. Annotations can help in some cases, but the only fix for Swagger is to create individual POJOs for every possible request. This will lead to unnecessary large number

Improve this page

Add a description, image, and links to the owasp topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the owasp topic, visit your repo's landing page and select "manage topics."

Learn more