Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Delete WAF bypass vulnerabilities (out of scope) #261

Merged
merged 3 commits into from
Dec 26, 2023
Merged

Delete WAF bypass vulnerabilities (out of scope) #261

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8b387fc
Delete vulnerabilities/azure-waf-bypass.yaml
korniko98 Dec 26, 2023
02fdba6
Delete vulnerabilities/aws-waf-sql-injection.yaml
korniko98 Dec 26, 2023
9fd9a66
Update about.md
korniko98 Dec 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion pages/about.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
# About
### Mission Statement

Security bugs in cloud services tend to [fall between the cracks](https://www.wiz.io/blog/security-industry-call-to-action-we-need-a-cloud-vulnerability-database/), as they don’t fit well into the current [shared responsibility model](https://cloudsecurityalliance.org/blog/2020/08/26/shared-responsibility-model-explained/) of cloud security. As a result, remediation of cloud security vulnerabilities often requires a joint effort between both the CSP and their customers.

Check failure on line 4 in pages/about.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`www` is not a recognized word. (unrecognized-spelling)

There is currently no universal standard for cloud computing vulnerability enumeration – CSPs rarely issue CVEs for security mistakes discovered in their services, there are no industry conventions for assessing severity of cloud vulnerabilities, no proper notification channels and no unified tracking mechanism – this leads to a great deal of inefficiency and confusion surrounding cloud vulnerability management.

Expand All @@ -17,15 +17,17 @@
4. And required remediation actions on either side of the shared responsibility model.

Examples include:
- Security issues in default misconfigurations
- Security issues affecting CSP-managed services
- Default misconfigurations of CSP-managed services
- Vulnerabilities in CSP-provided client software

We consider the following cases to be out of scope of this project:
- Cloud vulnerabilities or security issues about which there is no publicly available information
- CSP customer security incidents
- WAF bypass vulnerabilities

### History
This project was built on the foundations of [Scott Piper](https://twitter.com/0xdabbad00)’s [“Cloud Service Provider security mistakes”](https://github.com/SummitRoute/csp_security_mistakes), and as of June 28th, 2022, all content included here originally appeared in that repository.

Check failure on line 30 in pages/about.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`xdabbad` is not a recognized word. (unrecognized-spelling)

### Next Steps
Besides continuing to document newly discovered cloud vulnerabilities and security issues, we would also like to achieve the following:
Expand All @@ -36,12 +38,12 @@

### Project Maintainers
* [Scott Piper](https://twitter.com/0xdabbad00)
* [Amitai Cohen](https://twitter.com/amitaico)

Check failure on line 41 in pages/about.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`Amitai` is not a recognized word. (unrecognized-spelling)

Check failure on line 41 in pages/about.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`amitaico` is not a recognized word. (unrecognized-spelling)
* [Alon Schindel](https://twitter.com/41thexplorer)

Check failure on line 42 in pages/about.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`Schindel` is not a recognized word. (unrecognized-spelling)

Check failure on line 42 in pages/about.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`thexplorer` is not a recognized word. (unrecognized-spelling)

### Related Efforts
- [CSA Global Security Database](https://globalsecuritydatabase.org/)
- [Cloud Security Notification Framework](https://onug.net/blog/multi-cloud-security-gets-a-decorator/)

Check failure on line 46 in pages/about.md

View workflow job for this annotation

GitHub Actions / Check Spelling 

`onug` is not a recognized word. (unrecognized-spelling)

### Contact Us
* Join our [Slack group](https://join.slack.com/t/cloud-cve-db/shared_invite/zt-y38smqmo-V~d4hEr_stQErVCNx1OkMA)
Expand Down
29 changes: 0 additions & 29 deletions vulnerabilities/aws-waf-sql-injection.yaml
View file
Open in desktop

This file was deleted.

31 changes: 0 additions & 31 deletions vulnerabilities/azure-waf-bypass.yaml
View file
Open in desktop

This file was deleted.

Loading