danielan / DSVW

Damn Small Vulnerable Web

danielan/DSVW Issues

test
Updated 6 years ago
T21: Ensure confidential data is sent over an encrypted channel
Updated 6 years ago
T2: Secure the password reset mechanism
Closed 6 years ago1
T20: Generate unique session IDs and reset old IDs after authentication
Updated 6 years ago
T76: Do not hard code passwords
Updated 6 years ago
T207: Provide special data protection for children's personal information
Updated 6 years ago
T19: Restrict Application's Access to Database
Updated 6 years ago
T17: Avoid Client-Side Authorization
Updated 6 years ago
T15: Centralize authorization
Updated 6 years ago
T14: Enforce the principle of least privilege
Updated 6 years ago
T29: Use anti-Cross-Site Request Forgery (CSRF) tokens
Updated 6 years ago
T18: Make authorization decisions using full context
Updated 6 years ago
T32: Always perform input validation on a server
Updated 6 years ago
T42: Avoid relying on untrusted data for server-side selection
Updated 6 years ago
T36: Escape untrusted data in HTML, HTML attributes, CSS, and JavaScript like '"><video poster=javascript:alert(1)//></video>
Updated 6 years ago
T35: Fine-tune HTTP server settings
Updated 6 years ago
T50: Use indirect object reference maps if accessing files
Updated 6 years ago
T49: Disable and remove debug capabilities and code/data, and prepare application for release
Updated 6 years ago
T156: Validate certificate and its chain of trust properly
Updated 6 years ago
T151: Use cryptographically secure random numbers
Updated 6 years ago
T186: Use recommended settings and the latest patches for third party libraries and software
Updated 6 years ago
T176: Apply principles of privacy when handling personal information
Updated 6 years ago
T279: Avoid dynamically loading any code without proper security considerations
Updated 6 years ago
T253: Protect TLS/SSL communication
Updated 6 years ago
T374: Offload HTTP request handling to dedicated modules
Updated 6 years ago
T373: Design and regulate access to unauthenticated parts of the application
Updated 6 years ago
T558: Authenticate all other components before any network communication with them
Updated 6 years ago
T378: Authorize every request for data objects
Updated 6 years ago
T338: Control access to resources through user authentication and authorization
Updated 6 years ago
T340: Use an account and identity management system
Updated 6 years ago
T70: Implement account lockout or authentication throttling for system accounts
Updated 6 years ago
T335: Sanitize user input before passing to NoSQL operators
Updated 6 years ago
T66: Prevent web pages from being loaded inside iFrame
Updated 6 years ago
T69: Strong password requirements for server-to-server system accounts
Updated 6 years ago
T60: Use correct and approved cryptographic algorithms, parameters, and key lengths
Updated 6 years ago
T61: Disable default accounts or change all default passwords
Updated 6 years ago
T349: Protect audit information and logs against unauthorized access
Updated 6 years ago
T59: Use standard libraries for cryptography
Updated 6 years ago