71 lines
1.7 KiB
Markdown
71 lines
1.7 KiB
Markdown
# OWASP Verification Evidence Log Template
|
|
|
|
## Run metadata
|
|
|
|
- Date:
|
|
- Environment: `local` | `staging` | `production`
|
|
- App/API version (git SHA):
|
|
- Operator:
|
|
|
|
## Environment flags
|
|
|
|
- `NODE_ENV`:
|
|
- `AUTH_DISABLED`:
|
|
- `ALLOW_INSECURE_AUTH_FOR_DEV`:
|
|
|
|
## Commands executed
|
|
|
|
1.
|
|
```bash
|
|
# command
|
|
```
|
|
Output summary:
|
|
|
|
2.
|
|
```bash
|
|
# command
|
|
```
|
|
Output summary:
|
|
|
|
3.
|
|
```bash
|
|
# command
|
|
```
|
|
Output summary:
|
|
|
|
## Results
|
|
|
|
- A01 protected route unauthenticated check: `pass` | `fail`
|
|
- A01 spoofed header check: `pass` | `fail`
|
|
- A01 admin rollover exposure check: `pass` | `fail`
|
|
- A01 automated suite (`auth` + `account-delete` + `admin-rollover`): `pass` | `fail`
|
|
- A02 dedicated suite (`security-misconfiguration`): `pass` | `fail`
|
|
- A03 dedicated suite (`software-supply-chain-failures`): `pass` | `fail`
|
|
- A04 dedicated suites (`cryptographic-failures*`): `pass` | `fail`
|
|
- A05 dedicated suite (`injection-safety`): `pass` | `fail`
|
|
- A06 dedicated suite (`insecure-design`): `pass` | `fail`
|
|
- A07 dedicated suites (`auth.routes` + `identification-auth-failures`): `pass` | `fail`
|
|
- A08 dedicated suite (`software-data-integrity-failures`): `pass` | `fail`
|
|
- A09 dedicated suite (`security-logging-monitoring-failures`): `pass` | `fail`
|
|
- A10 dedicated suite (`server-side-request-forgery`): `pass` | `fail`
|
|
- Non-DB security suite (`SECURITY_DB_TESTS=0`): `pass` | `fail`
|
|
- DB security suite (`SECURITY_DB_TESTS=1`): `pass` | `fail`
|
|
|
|
## Findings
|
|
|
|
- New issues observed:
|
|
- Regressions observed:
|
|
- Follow-up tickets:
|
|
|
|
## Residual Risk Review
|
|
|
|
- Reviewed `residual-risk-backlog.md`: `yes` | `no`
|
|
- Items accepted for this release:
|
|
- Items escalated/blocked:
|
|
|
|
## Sign-off
|
|
|
|
- Security reviewer:
|
|
- Engineering owner:
|
|
- Decision: `approved` | `blocked`
|