 Rodin
|
5b9f30e663
|
Add SSRF, race conditions, JWT security patterns
High-priority patterns from completeness review:
- ssrf.md: metadata endpoints, DNS rebinding, webhook validation
- race-conditions.md: TOCTOU, atomic operations, file/db races
- jwt-security.md: algorithm confusion, kid injection, refresh tokens
Now 16 patterns covering comprehensive web application security.
|
2026-05-10 23:17:54 -07:00 |
|
|
Rodin
|
8a94a08511
|
Add supply-chain, deserialization, cryptography, error-handling patterns
Now covers all OWASP Top 10:2025 categories:
- A03: supply-chain.md (SolarWinds, Bybit, npm worm examples)
- A04: cryptography.md (algorithm recommendations, key management)
- A08: deserialization.md (pickle, yaml, language-specific risks)
- A10: error-handling.md (fail closed, error messages)
|
2026-05-10 22:48:39 -07:00 |
|
|
Rodin
|
647928a0a1
|
Initial commit: 9 security patterns for code review
Fundamentals: secure-defaults, input-validation, credential-handling, audit-logging
Identity: authentication, authorization
Attack Prevention: injection-prevention, dos-prevention, prompt-injection
|
2026-05-10 22:45:03 -07:00 |
|