forked from globocom/secDevLabs
-
Notifications
You must be signed in to change notification settings - Fork 1
Pull requests: ZeroPathAI/secDevLabs
Author
Label
Projects
Milestones
Reviews
Assignee
Sort
Pull requests list
Sanitize audit logs by removing user-supplied username from Logger.Info messages in GetUser handler.
#11
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Add integrity-protected audit logging for user registration events in NewUser handler.
#10
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Increase PBKDF2 iteration count in crypto.hash to 100,000 for stronger password hashing security.
#9
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Replace insecure SHA256 password hashing with PBKDF2-HMAC and random salt for secure password storage.
#8
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Prevent exposure of sensitive user keys by blocking plaintext key access in GetUserKeyV2 handler.
#7
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Add CSRF token to login form to prevent CSRF attacks on /login endpoint
#6
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Add authentication event logging for login endpoint to enable security auditing and monitoring.
#5
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Use PBKDF2 with per-password salt for secure password hashing instead of unsalted SHA-256.
#4
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Add audit logging for successful and failed user registrations in newuser function to ensure security event tracking.
#3
opened Aug 5, 2025 by
zeropath-ai-dev
bot
Loading…
Replace insecure pickle-based session serialization with safe JSON serialization to prevent arbitrary code execution vulnerability.
#2
opened Jul 10, 2025 by
zeropath-ai-dev
bot
Loading…
Replace insecure pickle deserialization of cookies with safe JSON deserialization to prevent arbitrary code execution.
#1
opened Jul 10, 2025 by
zeropath-ai-dev
bot
Loading…
ProTip!
Exclude everything labeled
bug with -label:bug.