Cybersecurity (security) includes controlling physical access to hardware as well as protection from attacks that come via network access, data injection, and code injection.
Is your feature request related to a problem? Please describe.
It would be nice if gitleaks had a validate command that would validate examples found in the config rules. Introducing such a feature would speed up rule development and help with debugging.
Describe the solution you'd like
example entry in the rules tables
ex:
[[rules]]
id = "discord-client-secret"
des
Hi & welcome to Scapy's github ! This page lists issues that you can try to fix if you want to start contributing to Scapy.
This list includes wishes and things added by the maintainers based on the issues that we get, but also issues marked with TODO or XXX that already exist in Scapy's code base (layers). If you want to contribute to the project you might just take care one of the bugs.
RustScan has an accessible mode, rustscan --accessible which should promise not to have any weird ASCII text in it.
Write CI that runs RustScan with --accessible a few times, with different flags / options and check the terminal output to see if it contains one of these:
[!][~][>]| {}If any of these characters appear in any of the tests, fail the CI. E
We need Vagrant docs, you can find it here https://github.com/NullArray/AutoSploit/tree/dev-beta/Vagrant
The recommendation is to set Cache-Control: private, no-store on any endpoint with sensitive information. Because while you can protect the traffic with TLS, you also need to keep sensitive information out of a client's (unencrypted) HTTP cache. I'm not sure how relevant this is to the API context of step-ca though—I've never seen an HTTP client library that caches content. But I guess the poi
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
.bandit file with content:[bandit]
tests: B101,B102,B301
bandit -c .bandit -r module/[main] ERROR .bandit : Error parsing file.Expected behavior
working as described in readme
Bandit version
ba
Other security scanning tools (e.g. checkov and tfsec) have a --soft-fail flag or equivalent option that allows you to always exit with 0 status.
Extremely useful when running the tool without halting a pipeline for example.
I currently use a workaround, but something more concrete would be very desira
gives my list of factory logins and passwords that I could find on the Internet, including wifi spy cameras supporting RTSP using android lookcampro and hdsmartIPC applications
{
"usernames": [
"",
"666666",
"888888",
"Admin",
"admin",
"admin1",
"administrator",
"Administrator",
"aiphone",
"Dinion",
"guest",
"root",
"service",
"supervisor",
"ubnt",
"user"
],
"passwords":
Description
We have an air gapped environment without direct internet access. All necessary container images are mirrored to or proxied through an OnPrem registry (Artifactory). This registry uses a certificate from a private PKI. The vulnerability DB cannot be downloaded from this internal registry.
What did you expect to happen?
We expected that
--insecureignores the private PKI