Skip to content

Commit

Permalink
Deployed 88118dc with MkDocs version: 1.6.0
Browse files Browse the repository at this point in the history
  • Loading branch information
Unknown committed Jul 30, 2024
1 parent 2576868 commit 73b3d8c
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 61 deletions.
8 changes: 2 additions & 6 deletions guidelines/postman/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2725,11 +2725,6 @@ <h2 id="benefits-of-being-logged-in-with-an-user-account">Benefits of being logg
</thead>
<tbody>
<tr>
<td>Information disclosure</td>
<td>The API being tested has sensitive data in the responses - could be <code>restricted</code>, <code>confidential</code> or <code>personal</code> data - which would automatically be uploaded to the cloud</td>
<td>Understand the data classification of the information in requests and responses, and if unsure, avoid using Postman. When conducting automated testing, ensure that tests are executed against a "synthetic" test environment</td>
</tr>
<tr>
<td>Account takeover / session hijacking</td>
<td>The account is breached and malicious actors can log in to Postman using your account</td>
<td>Only use your Enterprise Account and SSO, as there are protective and preventive measures in place to avoid/detect malicious actors logging in</td>
Expand All @@ -2756,6 +2751,7 @@ <h2 id="benefits-of-being-logged-in-with-an-user-account">Benefits of being logg
</tr>
</tbody>
</table>
<p>Previously we also had an entry regarding <code>Information disclosure</code>, where we highlighted "The API being tested has sensitive data in the responses - could be <code>restricted</code>, <code>confidential</code> or <code>personal</code> data - which <em>could</em> automatically be uploaded to the cloud or being exposed in pipelines" and the recommendation "Understand the data classification of the information in requests and responses, and if unsure, avoid using Postman for these requests. When conducting automated testing, ensure that tests are executed against a "synthetic" test environment". As <a href="https://www.postman.com/trust/security-faq/">stated by Postman themselves</a>, <em>currently</em> the responses are <strong>NOT</strong> synchronized. However, be aware where the requests are being run from and assert that the responses are handled according to their data classification.</p>
<h2 id="best-practices">Best practices<a class="headerlink" href="#best-practices" title="Permanent link">&para;</a></h2>
<p>The automatic synchronization to the cloud imposes both security and regulationary concerns.
Following the best practices will mitigate some of those concerns.</p>
Expand Down Expand Up @@ -2865,7 +2861,7 @@ <h2 id="resources-to-read-more-on-postman">Resources to read more on Postman<a c
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1-2.1-2M12.5 7v5.2l4 2.4-1 1L11 13V7h1.5M11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2v1.8Z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">June 20, 2024</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 30, 2024</span>
</span>


Expand Down
2 changes: 1 addition & 1 deletion search/search_index.json
View file

Large diffs are not rendered by default.

108 changes: 54 additions & 54 deletions sitemap.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,272 +2,272 @@
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
<url>
<loc>https://equinor.github.io/appsec/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/about/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/about/privacy/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/guidelines/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/guidelines/authn-authz/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/guidelines/gh-actions-runners/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/guidelines/git-github/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/guidelines/git-signed-commits/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/guidelines/postman/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/guidelines/secret-scanning/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/guidelines/FAQ/pre-commit-faq/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/resources/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/resources/learning-material/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/resources/security_requirements/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/resources/security_testing/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/resources/tools/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/resources/stories/meet_the_appsec_team/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/1-new_security_champion/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/2-security_champion_activities/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/3-faq/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/4-learning-platform/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/5-merch/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/6-offboarding/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/7-about/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/8-useful-links/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/events/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/events/2022/1-sc-info-meeting/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/events/2022/sc-kickoff-agenda/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/events/2023/1-sc-meetup-2/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/events/2024/1-sc-meetup-3/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/security-champion/stories/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/2-about-snyk/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/3-snyk_support/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/4-vulnerabilities/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/curriculum/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/curriculum/1-snyk_products/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/curriculum/2-integrations/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/curriculum/3-projects/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/curriculum/4-scan_results/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/curriculum/5-advanced/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/snyk/curriculum/6-faq/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/resources/threat_modelling/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/resources/zgamified/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/1-about/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/2-next-steps/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/3-cheat-sheet/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/extention-EOP-cardgame/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/extention-explore/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/extention-privacy/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
<url>
<loc>https://equinor.github.io/appsec/threat-modeling/threat-modeling-101-workshop/extention-remote-tm/</loc>
<lastmod>2024-07-24</lastmod>
<lastmod>2024-07-30</lastmod>
<changefreq>daily</changefreq>
</url>
</urlset>
Binary file modified sitemap.xml.gz
View file
Binary file not shown.

0 comments on commit 73b3d8c

Please sign in to comment.