Version 1.6.2

The knowledge base library for dawnscanner version 1.6.2 contains 229 security checks.

For example: http://www.example.com/redirect?url=http://www.example_commerce_site.com/checkout

The above request would redirect the user to http://www.example.com/checkout.

The security concern associated with this functionality is leveraging an organization’s trusted brand to phish users and trick them into visiting a malicious site, in our example, “badhacker.com”.

Example: http://www.example.com/redirect?url=http://badhacker.com

The most basic, but restrictive protection is to use the :only_path option. Setting this to true will essentially strip out any host information. * Owasp Ror CheatSheet: Sensitive Files: Many Ruby on Rails apps are open source and hosted on publicly available source code repositories. Whether that is the case or the code is committed to a corporate source control system, there are certain files that should be either excluded or carefully managed. * Not revised code: Analyzing comments, it seems your code is waiting from some review from you. Please consider take action before putting it in production. This check will analyze the source code looking for the following patterns: XXX, TO_CHECK, CHECKME, CHECK and FIXME

Last updated: Tue Mar 1 23:29:58 CET 2016