Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create scripts to validade if an app is still vulnerable to the attack narrative #433

Closed
Krlier opened this issue Sep 29, 2020 · 0 comments · Fixed by #447
Closed

Create scripts to validade if an app is still vulnerable to the attack narrative #433

Krlier opened this issue Sep 29, 2020 · 0 comments · Fixed by #447
Labels
hacktoberfest2022 https://hacktoberfest.globo.com

Comments

@Krlier
Copy link
Contributor

Krlier commented Sep 29, 2020
edited by rafaveira3
Loading

Motivation

In order to validate if an app is still vulnerable to the steps described in the attack narrative, we must checkout the branch, manually run each command and check it's output to see if the new code fixes the vulnerability or not.

It would be great if

We could add a new target into the makefile of each app to automate this process by simply running make check-sec and validating whether the new code mitigates the vulnerability or not.

What we expect

  • Have a new target in the app's Makefile:
$ make check-sec 
Congrats! The app could not be exploited!
  • Have this functionality in two or more apps (mobile included).

Tips

  • Check if the app's attack narrative could be translated into an automated script.
  • Maybe have some inspiration on how it was done in this app.
@Krlier Krlier added the hacktoberfest2022 https://hacktoberfest.globo.com label Sep 29, 2020
@alexandreBN alexandreBN mentioned this issue Oct 16, 2020
Merged
@Krlier Krlier linked a pull request Oct 22, 2020 that will close this issue
Create scripts to validade if an app is still vulnerable to the attack narrative #447
Merged
@cyberhat121 cyberhat121 mentioned this issue Dec 20, 2023
Open
@sathishvjd sathishvjd mentioned this issue Dec 20, 2023
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
hacktoberfest2022 https://hacktoberfest.globo.com
Projects
None yet
Milestone
No milestone
1 participant
@Krlier