Security audit

Roney_Dsilva · February 10, 2023, 7:32am

A CLI or API, that would carry out a security audit on the Wappler project to detect common security issues, such as:

Missed security restricts for API
Missing Permission and Validations
Credentials hard coded in API steps instead of env variables,
etc,etc

This would be helpful when Integrating the CI/CD pipelines in DevSecOps or NoOps

Roney_Dsilva · February 23, 2023, 9:45am

Adding a couple of more checks that can be included here:

Debug flag on
Outputs on for Insert or Update Operations (Warnings)
Cookies not set to Strict, samesite
DB connections not using SSL
Passwords not using hashing
Comments in Pages

Roney_Dsilva · April 19, 2023, 3:31am

Bump!!!

Roney_Dsilva · May 4, 2023, 5:28pm

Bump!

Roney_Dsilva · June 12, 2023, 5:18am

Bump!

Roney_Dsilva · January 4, 2024, 4:00am

Bump!!!

Cheese · January 4, 2024, 1:02pm

When you realise at 3am that you forgot you enabled debug…

UyHrWY1

Roney_Dsilva · January 17, 2024, 4:45am

Hi @George @patrick,
any update on this feature?

Roney_Dsilva · March 2, 2024, 9:02am

Bump!!!

TMR · March 2, 2024, 9:11am

I voted on this a while ago, if this is possible it would be a great help so securing our work. I’ve just been through some stuff I did a good while ago and a lot of it had missing security on APIs - it was easy enough to sort out but having an overview given by an audit facility would be way clearer.

kfawcett · March 28, 2024, 2:16pm

Bump!!!

Roney_Dsilva · April 19, 2024, 5:42am

Bump!!!

George · April 19, 2024, 6:37am