Joders/SkyMoney
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9df9b0fe43c966bd35598b52fe039575db55f44
SkyMoney/tests-results-for-OWASP/evidence-log-template.md
Ricearoni1245 d9df9b0fe4
Some checks failed
Security Tests / security-non-db (push) Successful in 18s
Details
Security Tests / security-db (push) Successful in 23s
Details
Deploy / deploy (push) Has been cancelled
Details
fix: adding db recovery practices (bye bye db)
2026-03-02 11:16:52 -06:00

2.3 KiB
Raw Blame History

OWASP Verification Evidence Log Template

Run metadata

  • Date:
  • Environment: local | staging | production
  • App/API version (git SHA):
  • Operator:
  • Incident/reference ticket (if recovery event):

Environment flags

  • NODE_ENV:
  • AUTH_DISABLED:
  • ALLOW_INSECURE_AUTH_FOR_DEV:
  • COMPOSE_PROJECT_NAME:
  • EXPECTED_PROD_DB_HOST:
  • EXPECTED_PROD_DB_NAME:

Commands executed

# command

Output summary:

# command

Output summary:

# command

Output summary:

# command

Output summary:

Recoverability Evidence

  • Current Postgres container:
  • Mounted volume(s):
  • Candidate old volume(s) inspected:
  • Recoverable artifact found: yes | no
  • Artifact location:
  • Recovery decision:

Backup/Restore Drill Evidence

  • Latest backup file:
  • Latest checksum file:
  • Checksum verified: yes | no
  • Restore test DB name:
  • Restore succeeded: yes | no
  • Row count checks performed:

Results

  • A01 protected route unauthenticated check: pass | fail
  • A01 spoofed header check: pass | fail
  • A01 admin rollover exposure check: pass | fail
  • A01 automated suite (auth + account-delete + admin-rollover): pass | fail
  • A02 dedicated suite (security-misconfiguration): pass | fail
  • A03 dedicated suite (software-supply-chain-failures): pass | fail
  • A04 dedicated suites (cryptographic-failures*): pass | fail
  • A05 dedicated suite (injection-safety): pass | fail
  • A06 dedicated suite (insecure-design): pass | fail
  • A07 dedicated suites (auth.routes + identification-auth-failures): pass | fail
  • A08 dedicated suite (software-data-integrity-failures): pass | fail
  • A09 dedicated suite (security-logging-monitoring-failures): pass | fail
  • A10 dedicated suite (server-side-request-forgery): pass | fail
  • Non-DB security suite (SECURITY_DB_TESTS=0): pass | fail
  • DB security suite (SECURITY_DB_TESTS=1): pass | fail

Findings

  • New issues observed:
  • Regressions observed:
  • Follow-up tickets:
  • Data recovery status:
  • Admin user bootstrap status:

Residual Risk Review

  • Reviewed residual-risk-backlog.md: yes | no
  • Items accepted for this release:
  • Items escalated/blocked:

Sign-off

  • Security reviewer:
  • Engineering owner:
  • Decision: approved | blocked
Reference in New Issue View Git Blame Copy Permalink