This repository contains simple vulnerabilities based on OWASP Top 10 to teach software developers how to identify security vulnerabilities, used GitHub Advanced Security, and ultimately fix them.
Not applicable
There's no need to report a vulnerability. This code is only meant to run local host for quick atomic exploration of security vulnerabilities.
Typically this is where you suggest how to log vulnerabilities and contact the security team for more questions.
To enhance the security of our project, we have the following requirements:
We require that Dependabot is enabled for all repositories. Dependabot helps automatically keep your dependencies up-to-date by creating pull requests for outdated dependencies.
To enable Dependabot, please follow these steps:
- Go to the "Security" tab in your repository.
- Select "Dependabot" from the left navigation.
- Enable Dependabot for the desired package ecosystems.
Secrets Push Protection must be enabled to prevent accidental disclosure of sensitive information in your code.
To enable Secrets Push Protection, please follow these steps:
- Go to the "Settings" tab in your repository.
- Select "Secrets" from the left navigation.
- Enable Secrets Push Protection for your repository.
CodeQL must be enabled, blocking merges on Critical and High severity issues. This ensures that critical and high-risk vulnerabilities are addressed before merging changes.
To enable CodeQL Analysis, please follow these steps:
- Go to the "Security" tab in your repository.
- Select "Code scanning" from the left navigation.
- Enable CodeQL Analysis and configure it to block merges on Critical and High severity issues.
Thank you for contributing to the security of our project.