I wrote an article to cover this security problem https://dzone.com/articles/regular-expressions-denial.

It is a good practice that developers do Unit Testing when using Regular Expressions.

What would be the best way to back up an Algo deployment? Just thinking about all the users and configs I have and if something were to happen, would not want to redeploy configs.

Any thoughts on this?

It looks like most of the advice from the OWASP REST Cheat Sheet is discussed in this API-Security-Checklist, but OWASP talks about the importance of CORS, which is not mentioned at all in this API-Security-Checklist. Probably good to make mention. Also, the OWASP REST Cheat Sheet provides a bit more guidance regarding validation that might be good to incorporate.

https://github.com/OWASP/Che

When you're viewing a cheatsheet on the https://cheatsheetseries.owasp.org website it isn't immediately obvious that the content is pulled from GitHub, or how you could contribute to the project on the cheatsheets themselves (although there is a note at the bottom of the homepage).

Making this more obvious in the sheets themselves will encourage people to contribute (or at least raise issues).

On step 2 of Secure /etc/ssh/sshd_config, a quick and dirty way to find any duplicate parameter is with:

awk '{print $1}' /etc/ssh/sshd_config | sort | uniq -c | grep -v ' 1 '

Would it make sense to add this project to the list of password managers on Wikipedia?

Which lab is it that you're having issues with?
Lab: Docker for Java Developers

Description

When deploying Java applications in production one usually specifies the amount of memory available to the JVM (-Xmx) and other assorted configuration settings. Unfortunately, this is (usually) static configuration and therefore fixed in the container image. When specifying memory constraints

They are currently declared as contract. I don't think this is a breaking change.

Just a documentation bug I noticed.

https://www.ory.sh/docs/next/hydra/sdk/api#introspect-oauth2-tokens contains the following text:

"To perform this operation, you must be authenticated by means of one of the following methods: basic, oauth2"

This endpoint is available on the admin port and doesn't require any authentication.