azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-27 12:31:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
184cbd5459ee88dbbfade34c2220e97fc450f7c3
satellite-provider/_docs/05_security/owasp_review_cycle13.md
T
Oleksandr Bezdieniezhnykh 80ef5608f1 chore: WIP pre-implement cycle 14 baseline 
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-26 16:13:37 +03:00

1.3 KiB
Raw Blame History

OWASP Top 10 Review (Cycle 13)

Date: 2026-06-26 Framework: OWASP Top 10:2021 Mode: Delta review — AZ-1126 over cycle-10 baseline.

Category Cycle-10 status Cycle-13 delta
A01 — Broken Access Control PASS No change
A02 — Cryptographic Failures PASS No change
A03 — Injection PASS No change
A04 — Insecure Design PASS No change
A05 — Security Misconfiguration PASS No change
A06 — Vulnerable Components PASS_WITH_WARNINGS No new packages; D-AZ795-1 + D2-cy4 carry-overs unchanged
A07 — Auth Failures PASS No change
A08 — Data Integrity Failures PASS Improved time-handling integrity on UAV upload metadata
A09 — Logging / Monitoring Failures PASS_WITH_WARNINGS → improved F-AZ810-2 resolved; F-AZ795-1/2 + F-AZ810-1 remain resolved
A10 — SSRF N/A No URL-fetch changes

A08 / A09 detail

AZ-1126 eliminates ambiguous DateTimeKind.Unspecified handling on the UAV upload metadata input path. Offset-less client timestamps now fail fast with HTTP 400 instead of being interpreted against host local timezone in dev environments.

Verdict

PASS (cycle-13 delta).

Cumulative: PASS_WITH_WARNINGS — dependency carry-overs only (D-AZ795-1, D2-cy4).

Reference in New Issue View Git Blame Copy Permalink