bmt 0.2.0 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/bmt/step.rb +3 -2
  3. data/lib/bmt/version.rb +1 -1
  4. data/lib/data/0.1/methodologies/template.json +14 -0
  5. data/lib/data/0.1/methodologies/website_testing.json +23 -0
  6. data/lib/data/0.1/schema.json +5 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '040904fc39790bbaa2e13d8fcb1894d0bdb7f380ce08a7a776c375be21ba47d7'
4
- data.tar.gz: 7585f36949be01298afb26f799a0bcf991b7b699b8619a482e32289f3626d2c0
3
+ metadata.gz: 04a87568e5dfa59d4a18684155a94887ee5269d1c21616385ce597a61a02ed98
4
+ data.tar.gz: d7b6fc9115319bb9c2e81b2365142cb74f1c1da96464c29ea9e996c5e59e41e0
5
5
  SHA512:
6
- metadata.gz: f266fa46ced81e902c2be218b40b06cfcf4dc008a17446e0fbd795b964a11662cab74454c20d79473ebe35b7b2201cf6c84b2808d2a65d30fc4e19ccc541b2e6
7
- data.tar.gz: 9492beea14f985570dc4a002f851ea4fa976274497032de91c1f3ddff6af65b6fa2d87d80a343c141b316415da19abd12071d2b6bdccff51fe81de09abb0b037
6
+ metadata.gz: 59f5897bffa150a4d9aa10a833e63f1976220f8a8de160593586abd2cf19c0bc06fc9ec7fcb93838a0ef84a2786d34638d2681e4172fadfcadca834cb87c303e
7
+ data.tar.gz: e320d79c9bb6f845f34843b73d3ae08739db6339b3beb68e179a16dbc38d5bb189c7423cd927027b057902f99335888e7a3e479b5dd7bb4e8b0f702ba99c6e97
data/lib/bmt/step.rb CHANGED
@@ -1,13 +1,14 @@
1
1
  module BMT
2
2
  class Step
3
- attr_reader :key, :title, :description, :methodology
3
+ attr_reader :key, :title, :description, :methodology, :type
4
4
 
5
5
  def initialize(methodology:, attributes:)
6
6
  @methodology = methodology
7
7
  @key = attributes['key']
8
8
  @title = attributes['title']
9
9
  @description = attributes['description']
10
- @items_data = attributes['items']
10
+ @type = attributes['type']
11
+ @items_data = attributes['items'] || []
11
12
  end
12
13
 
13
14
  def items
data/lib/bmt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Bmt
2
- VERSION = '0.2.0'.freeze
2
+ VERSION = '0.3.0'.freeze
3
3
  end
data/lib/data/0.1/methodologies/template.json CHANGED
@@ -11,6 +11,7 @@
11
11
  "key": "koala",
12
12
  "title": "Check that you have a Koala",
13
13
  "description": "# Does it look like one?\nIt is easy to find out.\n",
14
+ "type": "checklist",
14
15
  "items": [
15
16
  {
16
17
  "key": "marsupial",
@@ -40,6 +41,7 @@
40
41
  "key": "kangaroo",
41
42
  "title": "Ensure you have a kangaroo",
42
43
  "description": "Does it look like one?",
44
+ "type": "checklist",
43
45
  "items": [
44
46
  {
45
47
  "key": "marsupial",
@@ -63,6 +65,18 @@
63
65
  "tools": "Field, Trampoline"
64
66
  }
65
67
  ]
68
+ },
69
+ {
70
+ "key": "upload_logs",
71
+ "title": "Upload logs",
72
+ "description": "This should include all associated traffic associated to the in-scope targets.",
73
+ "type": "large_upload"
74
+ },
75
+ {
76
+ "key": "executive_summary",
77
+ "title": "Executive summary",
78
+ "description": "The executive summary should be written with a high-level view of both risk and business impact. It should be concise and clear, therefore it is important to use plain English. This ensures that non-technical readers can gain insight into security concerns outlined in your report.",
79
+ "type": "executive_summary"
66
80
  }
67
81
  ]
68
82
  }
data/lib/data/0.1/methodologies/website_testing.json CHANGED
@@ -11,6 +11,7 @@
11
11
  "key": "information",
12
12
  "title": "Information gathering",
13
13
  "description": "",
14
+ "type": "checklist",
14
15
  "items": [
15
16
  {
16
17
  "key": "search_engine_discovery_and_reconnaissance",
@@ -91,6 +92,7 @@
91
92
  "key": "config_and_deploy_management",
92
93
  "title": "Configuration and Deploy Management Testing",
93
94
  "description": "",
95
+ "type": "checklist",
94
96
  "items": [
95
97
  {
96
98
  "key": "network_and_infrastructure",
@@ -161,6 +163,7 @@
161
163
  "key": "identity_management",
162
164
  "title": "Identity Management Testing",
163
165
  "description": "",
166
+ "type": "checklist",
164
167
  "items": [
165
168
  {
166
169
  "key": "role_definition",
@@ -223,6 +226,7 @@
223
226
  "key": "authentication",
224
227
  "title": "Authentication Testing",
225
228
  "description": "",
229
+ "type": "checklist",
226
230
  "items": [
227
231
  {
228
232
  "key": "encrypted_credentials",
@@ -309,6 +313,7 @@
309
313
  "key": "authorization",
310
314
  "title": "Authorization Testing",
311
315
  "description": "",
316
+ "type": "checklist",
312
317
  "items": [
313
318
  {
314
319
  "key": "directory_traversal_and_file_include",
@@ -348,6 +353,7 @@
348
353
  "key": "session_management",
349
354
  "title": "Session Management Testing",
350
355
  "description": "",
356
+ "type": "checklist",
351
357
  "items": [
352
358
  {
353
359
  "key": "bypass_schema",
@@ -419,6 +425,7 @@
419
425
  "key": "data_validation",
420
426
  "title": "Data Validation Testing",
421
427
  "description": "",
428
+ "type": "checklist",
422
429
  "items": [
423
430
  {
424
431
  "key": "reflected_xss",
@@ -630,6 +637,7 @@
630
637
  "key": "error_handling",
631
638
  "title": "Error handling",
632
639
  "description": "",
640
+ "type": "checklist",
633
641
  "items": [
634
642
  {
635
643
  "key": "error_codes",
@@ -653,6 +661,7 @@
653
661
  "key": "cryptography",
654
662
  "title": "Cryptography",
655
663
  "description": "",
664
+ "type": "checklist",
656
665
  "items": [
657
666
  {
658
667
  "key": "transport_layer_protection",
@@ -684,6 +693,7 @@
684
693
  "key": "business_logic",
685
694
  "title": "Business Logic Testing",
686
695
  "description": "",
696
+ "type": "checklist",
687
697
  "items": [
688
698
  {
689
699
  "key": "data_validation",
@@ -761,6 +771,7 @@
761
771
  "key": "client_side",
762
772
  "title": "Client Side Testing",
763
773
  "description": "",
774
+ "type": "checklist",
764
775
  "items": [
765
776
  {
766
777
  "key": "dom_based_xss",
@@ -857,6 +868,18 @@
857
868
  "tools": "Chrome, Firebug, Burp Proxy, ZAP"
858
869
  }
859
870
  ]
871
+ },
872
+ {
873
+ "key": "upload_logs",
874
+ "title": "Upload logs",
875
+ "description": "This should include all associated traffic associated to the in-scope targets.",
876
+ "type": "large_upload"
877
+ },
878
+ {
879
+ "key": "executive_summary",
880
+ "title": "Executive summary",
881
+ "description": "The executive summary should be written with a high-level view of both risk and business impact. It should be concise and clear, therefore it is important to use plain English. This ensures that non-technical readers can gain insight into security concerns outlined in your report.",
882
+ "type": "executive_summary"
860
883
  }
861
884
  ]
862
885
  }
data/lib/data/0.1/schema.json CHANGED
@@ -78,6 +78,10 @@
78
78
  "description": {
79
79
  "type": "string"
80
80
  },
81
+ "type": {
82
+ "type": "string",
83
+ "enum": ["checklist", "large_upload", "executive_summary"]
84
+ },
81
85
  "items": {
82
86
  "type": "array",
83
87
  "items": {
@@ -89,7 +93,7 @@
89
93
  "key",
90
94
  "title",
91
95
  "description",
92
- "items"
96
+ "type"
93
97
  ]
94
98
  }
95
99
  },
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bmt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Federico Tagliabue
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-25 00:00:00.000000000 Z
11
+ date: 2021-12-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler