mirror of
https://github.com/azaion/satellite-provider.git
synced 2026-06-27 11:31:14 +00:00
Oleksandr Bezdieniezhnykh
29 lines
1.3 KiB
Markdown
29 lines
1.3 KiB
Markdown
# OWASP Top 10 Review (Cycle 13)
|
|
|
|
**Date**: 2026-06-26
|
|
**Framework**: OWASP Top 10:2021
|
|
**Mode**: Delta review — AZ-1126 over cycle-10 baseline.
|
|
|
|
| Category | Cycle-10 status | Cycle-13 delta |
|
|
|----------|-----------------|----------------|
|
|
| A01 — Broken Access Control | PASS | No change |
|
|
| A02 — Cryptographic Failures | PASS | No change |
|
|
| A03 — Injection | PASS | No change |
|
|
| A04 — Insecure Design | PASS | No change |
|
|
| A05 — Security Misconfiguration | PASS | No change |
|
|
| A06 — Vulnerable Components | PASS_WITH_WARNINGS | No new packages; D-AZ795-1 + D2-cy4 carry-overs unchanged |
|
|
| A07 — Auth Failures | PASS | No change |
|
|
| A08 — Data Integrity Failures | PASS | Improved time-handling integrity on UAV upload metadata |
|
|
| A09 — Logging / Monitoring Failures | PASS_WITH_WARNINGS → **improved** | F-AZ810-2 **resolved**; F-AZ795-1/2 + F-AZ810-1 remain resolved |
|
|
| A10 — SSRF | N/A | No URL-fetch changes |
|
|
|
|
## A08 / A09 detail
|
|
|
|
AZ-1126 eliminates ambiguous `DateTimeKind.Unspecified` handling on the UAV upload metadata input path. Offset-less client timestamps now fail fast with HTTP 400 instead of being interpreted against host local timezone in dev environments.
|
|
|
|
## Verdict
|
|
|
|
**PASS** (cycle-13 delta).
|
|
|
|
Cumulative: **PASS_WITH_WARNINGS** — dependency carry-overs only (D-AZ795-1, D2-cy4).
|