azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-26 07:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ed780b0634eda3d8092f0c3e76cd865fde0fafb
satellite-provider/_docs/05_security/owasp_review_cycle9.md
T
Oleksandr Bezdieniezhnykh 7ed780b063
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
[AZ-1074] [AZ-1075] Cycle 9 closeout: security, tests, metrics 
Resolve F-AZ1074-1/2 (collection caps, generic gRPC internal errors).
Standalone integration compose stack, docs, security audit, perf and retro.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-25 17:32:14 +03:00

1.4 KiB
Raw Blame History

OWASP Top 10 Review (Cycle 9)

Date: 2026-06-25 Framework: OWASP Top 10:2021 Scope: Cycle-9 gRPC delta (AZ-1074/AZ-1075)

Category Status (cycle-9 delta) Notes
A01 — Broken Access Control PASS [Authorize] on gRPC service; anonymous calls rejected (integration tests cover JWT baseline)
A02 — Cryptographic Failures N/A TLS via Kestrel dev cert / production ingress — unchanged pattern from AZ-505
A03 — Injection PASS No new string-built SQL; tile coords validated before expand
A04 — Insecure Design PASS (post-follow-up) F-AZ1074-1 unbounded collections resolved — caps aligned with REST
A05 — Security Misconfiguration PASS gRPC message size limits set; test compose no longer publishes DB port to host
A06 — Vulnerable Components PASS_WITH_WARNINGS New Grpc.AspNetCore 2.71.0 clean; D-AZ795-1 + D2-cy4 carry-overs
A07 — Auth Failures PASS Same JWT contract as REST; gRPC metadata Authorization: Bearer
A08 — Data Integrity Failures N/A No CI/CD or signing changes
A09 — Logging Failures PASS_WITH_WARNINGS F-AZ1074-2 resolved; F-AZ795-1/F-AZ795-2 REST carry-overs still open
A10 — SSRF N/A No URL inputs in gRPC contract

Verdict

PASS_WITH_WARNINGS cumulative (REST carry-overs). Cycle-9 delta: PASS after Step-14 follow-up fixes.

Reference in New Issue View Git Blame Copy Permalink