Skip to content
GitLab
Explore
Sign in
Severin Kliegl
bac-django
Repository
Branches
Overview
Active
Stale
All
mitigation-a08-command-injection
ecd08a13
·
feat(UserViewSet): harden ls command against injection
·
May 19, 2023
pitfall-a08-pitfall-command-injection
1c583449
·
feat(UserViewSet): add command that is valuable to command injection
·
May 19, 2023
mitigation-a08-sql-injection
8c1a7987
·
feat(UserViewSet): harden search endpoint
·
May 18, 2023
pitfall-a08-sql-injection
8b20c034
·
feat(UserViewSet): add search action vulnerable to SQL injections
·
May 18, 2023
mitigation-a06-faulty-bulk-action
ff77f589
·
feat(UserViewSet): basic hardening for bulk update to vip
·
May 15, 2023
pitfall-a06-faulty-bulk-action
43b4d121
·
feat(UserViewSet): implement faulty bulk update for vips
·
May 15, 2023
mitigation-a06-injection-via-property
dd1bb331
·
feat(UserViewSet): add custom SafeURLValidator
·
May 14, 2023
pitfall-a06-injection-via-property
beee72a7
·
feat(User): insecure implementation of url_home_page for showcasing
·
May 14, 2023
mitigation-a06-different-field-user-writability
c3de36f0
·
feat(UserSerializer): harden fields
·
May 13, 2023
pitfall-a06-different-field-user-writability
2b2148a6
·
feat(User): add different pitfalls to showcase
·
May 13, 2023
mitigation-a05-unadvertised-does-not-equal-secret
f2888452
·
feat(settings): set debug=false to prevent information disclosure
·
May 06, 2023
pitfall-a05-unadvertised-does-not-equal-secret
d1edd3f3
·
feat(UserViewSet): add users/all
·
May 06, 2023
mitigation-a03-error-message-includes-sensitive-data
feb1d21b
·
feat(UserAdministrationPermission): generic error message
·
May 06, 2023
pitfall-a03-error-message-includes-sensitive-data
46e92c35
·
feat(UserViewSet): check object level permission
·
May 06, 2023
mitigation-a03-excluding-instead-of-filtering
d8e79ad3
·
fix(UserSerializer): replace exclision with fields
·
May 06, 2023
pitfall-a03-excluding-instead-of-filtering
9ce41722
·
feat(User): extend User model by address
·
May 06, 2023
mitigation-a03-different-user-different-serializer
e8aab5e9
·
feat(UserViewSet): harden view set
·
May 05, 2023
pitfall-a03-different-user-different-serializer
4cd08636
·
feat(UserSerializer): extend fields for showcasing, add details to user
·
May 05, 2023
pitfall-a02-unsafe-password-recovery
c29a30d9
·
feat(password): showcase reset pw functionality
·
May 01, 2023
mitigation-a01-nested-objects-missing-olp-check
f4513da6
·
fix(GroupViewSet): harden endpoint, add second serializer
·
Apr 29, 2023
Prev
1
2
Next