| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 25 Dec 2025 16:08:00 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"afff6b883f68c1eab4d646256a2d00b7"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com github.githubassets.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com marketplace-screenshots.githubusercontent.com/ copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=pWpCZBEWWgoP7QeHu20dsttd%2F8oWem4Tflm%2FLA%2B1B3UfAJz7aQ80WisRfVEQ2SFukfY4mAcdRg3F%2FOCesQDOIoWjv7iKcfjPOEZcpFgRlC2qUwiJ06MTZaICJ9W1lvDZBITtWcda%2B7TKOhHQTCPyLD8fPELz3IQ%2FK39N5WH8iCNYxbUY4cFH%2FBa8kEG9pCCOb95QV5Wzxku1Q6eWqA7u3qSPf0rG5%2FUtGT4sfaIqBln0njojb0t2djqupjHb7P5dGEJM1X0wnpZ%2BrL1rap5d%2Bg%3D%3D--xMF1OfbDcIkeSUQm--ELvTcyb5KVRm7HX%2FAThQNw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.1785184436.1766678879; Path=/; Domain=github.com; Expires=Fri, 25 Dec 2026 16:07:59 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 25 Dec 2026 16:07:59 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: EBAE:292CC8:2D5E6A8:360B755:694D615F
GitHub · Where software is built
Search
Skip to content
Navigation Menu
{{ message }}
-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
- #1165 · J0n-H4rr150n opened
on Nov 19, 2024 5
Issues
is:issue state:open
is:issue state:open
Search results
Add Appendix: Architectural Threat Modeling Checklist for Workflow & State Transition Abuse
newNew content to writeNew content to writeStatus: Open.#1266 In OWASP/wstg;WSTG-ARCH-XX: Testing for Security Control Bypass During Feature Flag Transitions
newNew content to writeNew content to writeStatus: Open.#1265 In OWASP/wstg;WSTG ID for Text Injection / Content Spoofing
newNew content to writeNew content to writeStatus: Open.#1264 In OWASP/wstg;Proposed New Test Case: Detecting Workflow and State Transition Abuse
newNew content to writeNew content to writeStatus: Open.#1262 In OWASP/wstg;[Suggestion] 4.7.21 Testing for Parameter Input Handling
enhancementA new or improved feature for the WSTG or repoA new or improved feature for the WSTG or repoStatus: Open.AI Crawlers
newNew content to writeNew content to writeStatus: Open.v5.0 Release
questionBlocked: information required before proceedingBlocked: information required before proceedingStatus: Open.#1186 In OWASP/wstg;- Status: Open.#1165 In OWASP/wstg;
Review and update subdomain takeover content
enhancementA new or improved feature for the WSTG or repoA new or improved feature for the WSTG or reporeviseNeeds quality review, updates, or revisionNeeds quality review, updates, or revisionStatus: Open.#1145 In OWASP/wstg;Check List Translation to french and arabic
enhancementA new or improved feature for the WSTG or repoA new or improved feature for the WSTG or repoTranslationIssue or PR related to transation of WSTG content into another languageIssue or PR related to transation of WSTG content into another languageStatus: Open.#1122 In OWASP/wstg;Adding "How to Test" for the WSTG Checklist [Work in Progress]
enhancementA new or improved feature for the WSTG or repoA new or improved feature for the WSTG or repoStatus: Open.#1109 In OWASP/wstg;Ambiguity in the summary related to the test case Testing for Bypassing Authorization Schema
reviseNeeds quality review, updates, or revisionNeeds quality review, updates, or revisionStatus: Open.#1089 In OWASP/wstg;
You can’t perform that action at this time.