1.7 KiB
1.7 KiB
OWASP Verification Evidence Log Template
Run metadata
- Date:
- Environment:
local|staging|production - App/API version (git SHA):
- Operator:
Environment flags
NODE_ENV:AUTH_DISABLED:ALLOW_INSECURE_AUTH_FOR_DEV:
Commands executed
# command
Output summary:
# command
Output summary:
# command
Output summary:
Results
- A01 protected route unauthenticated check:
pass|fail - A01 spoofed header check:
pass|fail - A01 admin rollover exposure check:
pass|fail - A01 automated suite (
auth+account-delete+admin-rollover):pass|fail - A02 dedicated suite (
security-misconfiguration):pass|fail - A03 dedicated suite (
software-supply-chain-failures):pass|fail - A04 dedicated suites (
cryptographic-failures*):pass|fail - A05 dedicated suite (
injection-safety):pass|fail - A06 dedicated suite (
insecure-design):pass|fail - A07 dedicated suites (
auth.routes+identification-auth-failures):pass|fail - A08 dedicated suite (
software-data-integrity-failures):pass|fail - A09 dedicated suite (
security-logging-monitoring-failures):pass|fail - A10 dedicated suite (
server-side-request-forgery):pass|fail - Non-DB security suite (
SECURITY_DB_TESTS=0):pass|fail - DB security suite (
SECURITY_DB_TESTS=1):pass|fail
Findings
- New issues observed:
- Regressions observed:
- Follow-up tickets:
Residual Risk Review
- Reviewed
residual-risk-backlog.md:yes|no - Items accepted for this release:
- Items escalated/blocked:
Sign-off
- Security reviewer:
- Engineering owner:
- Decision:
approved|blocked