bmt 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/bmt/step.rb +3 -2
  3. data/lib/bmt/version.rb +1 -1
  4. data/lib/data/0.1/methodologies/template.json +14 -0
  5. data/lib/data/0.1/methodologies/website_testing.json +23 -0
  6. data/lib/data/0.1/schema.json +5 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '040904fc39790bbaa2e13d8fcb1894d0bdb7f380ce08a7a776c375be21ba47d7'
4
- data.tar.gz: 7585f36949be01298afb26f799a0bcf991b7b699b8619a482e32289f3626d2c0
3
+ metadata.gz: 04a87568e5dfa59d4a18684155a94887ee5269d1c21616385ce597a61a02ed98
4
+ data.tar.gz: d7b6fc9115319bb9c2e81b2365142cb74f1c1da96464c29ea9e996c5e59e41e0
5
5
  SHA512:
6
- metadata.gz: f266fa46ced81e902c2be218b40b06cfcf4dc008a17446e0fbd795b964a11662cab74454c20d79473ebe35b7b2201cf6c84b2808d2a65d30fc4e19ccc541b2e6
7
- data.tar.gz: 9492beea14f985570dc4a002f851ea4fa976274497032de91c1f3ddff6af65b6fa2d87d80a343c141b316415da19abd12071d2b6bdccff51fe81de09abb0b037
6
+ metadata.gz: 59f5897bffa150a4d9aa10a833e63f1976220f8a8de160593586abd2cf19c0bc06fc9ec7fcb93838a0ef84a2786d34638d2681e4172fadfcadca834cb87c303e
7
+ data.tar.gz: e320d79c9bb6f845f34843b73d3ae08739db6339b3beb68e179a16dbc38d5bb189c7423cd927027b057902f99335888e7a3e479b5dd7bb4e8b0f702ba99c6e97
data/lib/bmt/step.rb CHANGED
@@ -1,13 +1,14 @@
1
1
  module BMT
2
2
  class Step
3
- attr_reader :key, :title, :description, :methodology
3
+ attr_reader :key, :title, :description, :methodology, :type
4
4
 
5
5
  def initialize(methodology:, attributes:)
6
6
  @methodology = methodology
7
7
  @key = attributes['key']
8
8
  @title = attributes['title']
9
9
  @description = attributes['description']
10
- @items_data = attributes['items']
10
+ @type = attributes['type']
11
+ @items_data = attributes['items'] || []
11
12
  end
12
13
 
13
14
  def items
data/lib/bmt/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Bmt
2
- VERSION = '0.2.0'.freeze
2
+ VERSION = '0.3.0'.freeze
3
3
  end
data/lib/data/0.1/methodologies/template.json CHANGED
@@ -11,6 +11,7 @@
11
11
  "key": "koala",
12
12
  "title": "Check that you have a Koala",
13
13
  "description": "# Does it look like one?\nIt is easy to find out.\n",
14
+ "type": "checklist",
14
15
  "items": [
15
16
  {
16
17
  "key": "marsupial",
@@ -40,6 +41,7 @@
40
41
  "key": "kangaroo",
41
42
  "title": "Ensure you have a kangaroo",
42
43
  "description": "Does it look like one?",
44
+ "type": "checklist",
43
45
  "items": [
44
46
  {
45
47
  "key": "marsupial",
@@ -63,6 +65,18 @@
63
65
  "tools": "Field, Trampoline"
64
66
  }
65
67
  ]
68
+ },
69
+ {
70
+ "key": "upload_logs",
71
+ "title": "Upload logs",
72
+ "description": "This should include all associated traffic associated to the in-scope targets.",
73
+ "type": "large_upload"
74
+ },
75
+ {
76
+ "key": "executive_summary",
77
+ "title": "Executive summary",
78
+ "description": "The executive summary should be written with a high-level view of both risk and business impact. It should be concise and clear, therefore it is important to use plain English. This ensures that non-technical readers can gain insight into security concerns outlined in your report.",
79
+ "type": "executive_summary"
66
80
  }
67
81
  ]
68
82
  }
data/lib/data/0.1/methodologies/website_testing.json CHANGED
@@ -11,6 +11,7 @@
11
11
  "key": "information",
12
12
  "title": "Information gathering",
13
13
  "description": "",
14
+ "type": "checklist",
14
15
  "items": [
15
16
  {
16
17
  "key": "search_engine_discovery_and_reconnaissance",
@@ -91,6 +92,7 @@
91
92
  "key": "config_and_deploy_management",
92
93
  "title": "Configuration and Deploy Management Testing",
93
94
  "description": "",
95
+ "type": "checklist",
94
96
  "items": [
95
97
  {
96
98
  "key": "network_and_infrastructure",
@@ -161,6 +163,7 @@
161
163
  "key": "identity_management",
162
164
  "title": "Identity Management Testing",
163
165
  "description": "",
166
+ "type": "checklist",
164
167
  "items": [
165
168
  {
166
169
  "key": "role_definition",
@@ -223,6 +226,7 @@
223
226
  "key": "authentication",
224
227
  "title": "Authentication Testing",
225
228
  "description": "",
229
+ "type": "checklist",
226
230
  "items": [
227
231
  {
228
232
  "key": "encrypted_credentials",
@@ -309,6 +313,7 @@
309
313
  "key": "authorization",
310
314
  "title": "Authorization Testing",
311
315
  "description": "",
316
+ "type": "checklist",
312
317
  "items": [
313
318
  {
314
319
  "key": "directory_traversal_and_file_include",
@@ -348,6 +353,7 @@
348
353
  "key": "session_management",
349
354
  "title": "Session Management Testing",
350
355
  "description": "",
356
+ "type": "checklist",
351
357
  "items": [
352
358
  {
353
359
  "key": "bypass_schema",
@@ -419,6 +425,7 @@
419
425
  "key": "data_validation",
420
426
  "title": "Data Validation Testing",
421
427
  "description": "",
428
+ "type": "checklist",
422
429
  "items": [
423
430
  {
424
431
  "key": "reflected_xss",
@@ -630,6 +637,7 @@
630
637
  "key": "error_handling",
631
638
  "title": "Error handling",
632
639
  "description": "",
640
+ "type": "checklist",
633
641
  "items": [
634
642
  {
635
643
  "key": "error_codes",
@@ -653,6 +661,7 @@
653
661
  "key": "cryptography",
654
662
  "title": "Cryptography",
655
663
  "description": "",
664
+ "type": "checklist",
656
665
  "items": [
657
666
  {
658
667
  "key": "transport_layer_protection",
@@ -684,6 +693,7 @@
684
693
  "key": "business_logic",
685
694
  "title": "Business Logic Testing",
686
695
  "description": "",
696
+ "type": "checklist",
687
697
  "items": [
688
698
  {
689
699
  "key": "data_validation",
@@ -761,6 +771,7 @@
761
771
  "key": "client_side",
762
772
  "title": "Client Side Testing",
763
773
  "description": "",
774
+ "type": "checklist",
764
775
  "items": [
765
776
  {
766
777
  "key": "dom_based_xss",
@@ -857,6 +868,18 @@
857
868
  "tools": "Chrome, Firebug, Burp Proxy, ZAP"
858
869
  }
859
870
  ]
871
+ },
872
+ {
873
+ "key": "upload_logs",
874
+ "title": "Upload logs",
875
+ "description": "This should include all associated traffic associated to the in-scope targets.",
876
+ "type": "large_upload"
877
+ },
878
+ {
879
+ "key": "executive_summary",
880
+ "title": "Executive summary",
881
+ "description": "The executive summary should be written with a high-level view of both risk and business impact. It should be concise and clear, therefore it is important to use plain English. This ensures that non-technical readers can gain insight into security concerns outlined in your report.",
882
+ "type": "executive_summary"
860
883
  }
861
884
  ]
862
885
  }
data/lib/data/0.1/schema.json CHANGED
@@ -78,6 +78,10 @@
78
78
  "description": {
79
79
  "type": "string"
80
80
  },
81
+ "type": {
82
+ "type": "string",
83
+ "enum": ["checklist", "large_upload", "executive_summary"]
84
+ },
81
85
  "items": {
82
86
  "type": "array",
83
87
  "items": {
@@ -89,7 +93,7 @@
89
93
  "key",
90
94
  "title",
91
95
  "description",
92
- "items"
96
+ "type"
93
97
  ]
94
98
  }
95
99
  },
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bmt
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Federico Tagliabue
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-25 00:00:00.000000000 Z
11
+ date: 2021-12-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler