 Rodin
|
1eac5d3bcc
|
Add CSP, file upload, open redirect, clickjacking patterns
Complete security patterns collection (23 total):
- csp.md: nonces, hashes, strict-dynamic, reporting
- file-upload.md: content validation, path traversal, malware scanning
- open-redirect.md: URL validation, OAuth redirect URI, bypass techniques
- clickjacking.md: X-Frame-Options, frame-ancestors CSP
Comprehensive coverage for web application security review.
|
2026-05-10 23:24:52 -07:00 |
|
|
Rodin
|
17c535bc61
|
Add session management, CORS, XXE patterns
Complete the security patterns collection:
- session-management.md: fixation, hijacking, secure cookies, concurrent sessions
- cors.md: origin validation, reflected origin attacks, preflight caching
- xxe.md: external entities, DTD attacks, language-specific fixes
Now 19 patterns covering comprehensive web application security.
|
2026-05-10 23:20:36 -07:00 |
|
|
Rodin
|
5b9f30e663
|
Add SSRF, race conditions, JWT security patterns
High-priority patterns from completeness review:
- ssrf.md: metadata endpoints, DNS rebinding, webhook validation
- race-conditions.md: TOCTOU, atomic operations, file/db races
- jwt-security.md: algorithm confusion, kid injection, refresh tokens
Now 16 patterns covering comprehensive web application security.
|
2026-05-10 23:17:54 -07:00 |
|
|
Rodin
|
8a94a08511
|
Add supply-chain, deserialization, cryptography, error-handling patterns
Now covers all OWASP Top 10:2025 categories:
- A03: supply-chain.md (SolarWinds, Bybit, npm worm examples)
- A04: cryptography.md (algorithm recommendations, key management)
- A08: deserialization.md (pickle, yaml, language-specific risks)
- A10: error-handling.md (fail closed, error messages)
|
2026-05-10 22:48:39 -07:00 |
|
|
Rodin
|
647928a0a1
|
Initial commit: 9 security patterns for code review
Fundamentals: secure-defaults, input-validation, credential-handling, audit-logging
Identity: authentication, authorization
Attack Prevention: injection-prevention, dos-prevention, prompt-injection
|
2026-05-10 22:45:03 -07:00 |
|