If you are wondering where the data of this site comes from, please visit GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Isaac Lewis ike SIGN Fracture Care "><script>alert('landback')</script> ike ' or 1 != " is a software developer and application security champion with experience building robust migration plans for legacy code bases

HenrikJoreteg/webrtc.js 155

WebRTC abstraction for managing it simple to manage multiple peer connections of various types.

HenrikJoreteg/human-javascript 77

Book on building sanely architected JS apps

HenrikJoreteg/humanjs-sample-app 70

Sample app for human javascript book

HenrikJoreteg/human-view 34

A smart base view for Backbone apps, to make it easy to bind collections and properties to the DOM.

HenrikJoreteg/humanjs 32

Application scaffolding and documentation repo for Human JavaScript Apps

adamavenir/ 12

Forget massive corporate social networks. Let's build villages.

fritzy/xmastruck 1

xmas truck

ike/contain-netflix 1

Netflix Container prevents Netflix from tracking you outside of the Netflix website via third party cookies.

ike/FutureFly 1

A simple responsive images javascript library.

ike/Hailstorm 1

Brainstorming and idea generation app build using node.js and Express.

issue commentOWASP/ASVS

Links in PDF that include a fragment are broken

@avioli -- perhaps it's the owasp-makefile branch on @lfservin's fork?


comment created time in 16 hours

delete branch ike/ASVS

delete branch : 1053-subscriber-reference-refactor

delete time in 16 hours

push eventike/ike

Isaac Lewis

commit sha 33ceb3cf4b4146ea17581a86b012faad238eea21

talks in a table

view details

push time in 6 days

push eventike/ike

Isaac Lewis

commit sha aff62ef42b943ef0db254ac8abee63d6f0868e60

add favorite talks

view details

push time in 6 days

push eventike/ike

Isaac Lewis

commit sha afe1ad7d468e77fca0a392f5531fb1704524f294

New reamde

view details

push time in 6 days

create barnchike/ike

branch : main

created branch time in 6 days

created repositoryike/ike

created time in 6 days

issue commentOWASP/ASVS

2.2.2 allows email authenticators while NIST 800-63 does not

I found issue which does talk about the optional notation and the context around removing it. I wonder if there are other ways to convey the graduated optionality of these AAL1 -> AAL2 requirements.


comment created time in 7 days

issue commentOWASP/ASVS

2.2.2 allows email authenticators while NIST 800-63 does not

Perhaps something like the legend that used to be used in the Authentication section V2.1 could help make this distinction? I don't have the historical context for the change that removed this, so it may have been determined to be an anti-pattern.

Mark Description
Not required
o Recommended, but not required

In the requirements, it looked like this:

| 2.8.6 | Verify physical single-factor OTP generator can be revoked in case of theft or other loss. Ensure that revocation is immediately effective across logged in sessions, regardless of location. | | ✓ | ✓ | 613 | 5.2.1 | | 2.8.7 | Verify that biometric authenticators are limited to use only as secondary factors in conjunction with either something you have and something you know. | | o | ✓ | 308 | 5.2.3 |


comment created time in 7 days

issue commentzurichat/zc_plugin_company_files

Folder Card (grid)

Hey, just FYI -- I am a different @ike from @jsxike. Best of luck y'all!


comment created time in 7 days


Subscriber renamed to User

This Pull Request relates to issue #1053.

This change renames "subscriber" to "user" in both occurrences in 4.0.x. It appears that "subscriber" is preferred in NIST 800-63, but since "user" is used throughout the ASVS, it makes sense to conform to the established convention.

+2 -2

0 comment

2 changed files

pr created time in 7 days

create barnchike/ASVS

branch : 1053-subscriber-reference-refactor

created branch time in 7 days

fork ike/ASVS

Application Security Verification Standard

fork in 7 days

issue openedOWASP/ASVS

3.6.1 "Subscriber" is not defined

Hi there! This is my first issue, and I am new to application security as well as standards development in general. I would love to have any critical feedback on how to be useful.

I think that 3.6.1 could be updated to more clearly state the requirement. Does "subscriber" refer to the end user, or the RP? I realize that since I don't work on Federated CSPs this may be standard language that I am just unfamiliar with.

3.6.1 - Verify that relying parties specify the maximum authentication time to Credential Service Providers (CSPs) and that CSPs re-authenticate the subscriber if they haven't used a session within that period.

I would be happy to submit a PR with some updated language if that's helpful.

Thanks, Isaac Lewis

created time in 8 days



started time in 3 months