Skip to content
GitLab
Explore
Sign in
Severin Kliegl
bac-django
Repository
Branches
Overview
Active
Stale
All
mitigation-a03-error-message-includes-sensitive-data
feb1d21b
·
feat(UserAdministrationPermission): generic error message
·
May 06, 2023
pitfall-a05-unadvertised-does-not-equal-secret
d1edd3f3
·
feat(UserViewSet): add users/all
·
May 06, 2023
mitigation-a05-unadvertised-does-not-equal-secret
f2888452
·
feat(settings): set debug=false to prevent information disclosure
·
May 06, 2023
pitfall-a06-different-field-user-writability
2b2148a6
·
feat(User): add different pitfalls to showcase
·
May 13, 2023
mitigation-a06-different-field-user-writability
c3de36f0
·
feat(UserSerializer): harden fields
·
May 13, 2023
pitfall-a06-injection-via-property
beee72a7
·
feat(User): insecure implementation of url_home_page for showcasing
·
May 14, 2023
mitigation-a06-injection-via-property
dd1bb331
·
feat(UserViewSet): add custom SafeURLValidator
·
May 14, 2023
pitfall-a06-faulty-bulk-action
43b4d121
·
feat(UserViewSet): implement faulty bulk update for vips
·
May 15, 2023
mitigation-a06-faulty-bulk-action
ff77f589
·
feat(UserViewSet): basic hardening for bulk update to vip
·
May 15, 2023
pitfall-a08-sql-injection
8b20c034
·
feat(UserViewSet): add search action vulnerable to SQL injections
·
May 18, 2023
mitigation-a08-sql-injection
8c1a7987
·
feat(UserViewSet): harden search endpoint
·
May 18, 2023
pitfall-a08-pitfall-command-injection
1c583449
·
feat(UserViewSet): add command that is valuable to command injection
·
May 19, 2023
mitigation-a08-command-injection
ecd08a13
·
feat(UserViewSet): harden ls command against injection
·
May 19, 2023
Prev
1
2
Next