Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⛏️ Write a test to check whether we can create/update an object with Host Header Manipulation #659

Open
5 tasks
arjun-akto opened this issue Oct 13, 2023 · 12 comments · Fixed by akto-api-security/tests-library#37
Assignees
Labels
hacktoberfest yaml requires yaml knowledge

Comments

@arjun-akto
Copy link
Contributor

💭 Introduction:

We want a test to check whether an attacker can create/update entity with Host Header Manipulation

🎯 Requirements:

  1. Filters - API with GET query parameter or JSON body parameter

  2. Execute - It should add or replace a value with

  1. Validation - If the application responds with a exception trace or error response strings, it is a vulnerability.

✅ Task summary:

  • Ask to be assigned to the issue.
  • Wait to be assigned. We will try to assign in less than 2 hours.
  • Signup for [Akto]
  • Fork the [tests-library] repository, create a new branch and commit the yaml file which will be called in your test.
  • Submit both the PR here.

📚 Reading

You can find a detailed documentation of test editor rules [here]

Find 100+ examples of YAML tests [here]

🙋🏼‍♂️ Questions:

If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord server].

@arjun-akto arjun-akto added yaml requires yaml knowledge hacktoberfest labels Oct 13, 2023
@newton0-0
Copy link

Hi @arjun-akto I would like to work on this kindly assign it to me.

@ishanpatil35
Copy link

assign to me

@arjun-akto
Copy link
Contributor Author

Hi @newton0-0 , @ishanpatil35 . I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.

@adarsh-jha-dev
Copy link
Contributor

Hi @arjun-akto , can you please assign this issue to me too?

@Nayansagar1326
Copy link

Hi @arjun-akto , i would like to work on this , can you please assign it to me.

@arjun-akto
Copy link
Contributor Author

Hi @Nayansagar1326 , @adarsh-jha-dev. I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts. Sorry for the late reply!

@parthrc
Copy link

parthrc commented Oct 24, 2023

Hey @arjun-akto I would like to work on this issue

@arjun-akto
Copy link
Contributor Author

Hi @parthrc ! I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts. Sorry for the late reply!

@adarsh-jha-dev
Copy link
Contributor

Hey @arjun-akto , I have raised a PR for this issue, I request you to please have a look at it and let me know if the changes are relevant.

ayushaga14 pushed a commit that referenced this issue Jan 3, 2024
@RaagaAkto
Copy link

Hi @adarsh-jha-dev Please fill out this form here so we can send you Akto swags. Will let you know ETA of swags soon, thanks for your contribution! 🚀

@adarsh-jha-dev
Copy link
Contributor

adarsh-jha-dev commented Jan 30, 2024

Hi @adarsh-jha-dev Please fill out this form here so we can send you Akto swags. Will let you know ETA of swags soon, thanks for your contribution! 🚀

Thanks a lot, but this form is asking for permission of the owner. Could you please resolve this?

@RaagaAkto
Copy link

Hi @adarsh-jha-dev, we've received your details, swags should reach you in a month!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
hacktoberfest yaml requires yaml knowledge
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants