@chain305/x-security 0.2.5 โ†’ 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +4 -4
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -111,22 +111,22 @@ Run `xsecurity <command> --help` for full flags.
111
111
 
112
112
  ### OWASP API Top 10 coverage per target
113
113
 
114
- How much of each class a target can **enforce natively**. ๐ŸŸข full ยท ๐ŸŸก partial ยท ๐Ÿ”ด gap ยท โšช not yet measured.
114
+ How much of each class a target can **enforce natively**. ๐ŸŸข full ยท ๐ŸŸก partial ยท ๐Ÿ”ด gap ยท โšช not yet measured. Authorization cells show **stateless โ†’ with a JWT identity wired**.
115
115
 
116
116
  | OWASP API class | Cloudflare | AWS API GW | BunkerWeb |
117
117
  | --- | :--: | :--: | :--: |
118
- | API1 ยท Broken Object Level Auth (BOLA) | ๐Ÿ”ด | ๐Ÿ”ด | ๐Ÿ”ด |
118
+ | API1 ยท Broken Object Level Auth (BOLA) | ๐Ÿ”ดโ†’๐ŸŸก | ๐Ÿ”ดโ†’๐ŸŸข | ๐Ÿ”ด |
119
119
  | API2 ยท Broken Authentication | ๐ŸŸก | ๐ŸŸก | ๐ŸŸก |
120
120
  | API3 ยท Broken Object Property Auth (BOPLA) | ๐ŸŸก | ๐ŸŸก | ๐ŸŸก |
121
121
  | API4 ยท Unrestricted Resource Consumption | ๐ŸŸข | ๐ŸŸก | ๐ŸŸก |
122
- | API5 ยท Broken Function Level Auth (BFLA) | ๐ŸŸก | ๐ŸŸก | ๐ŸŸก |
122
+ | API5 ยท Broken Function Level Auth (BFLA) | ๐ŸŸก | ๐ŸŸกโ†’๐ŸŸข | ๐ŸŸก |
123
123
  | API6 ยท Unrestricted Access to Business Flows | ๐ŸŸก | ๐ŸŸก | ๐ŸŸก |
124
124
  | API7 ยท Server-Side Request Forgery (SSRF) | ๐Ÿ”ด | ๐Ÿ”ด | ๐ŸŸข |
125
125
  | API8 ยท Security Misconfiguration | ๐ŸŸก | ๐ŸŸก | ๐ŸŸก |
126
126
  | API9 ยท Improper Inventory Management | ๐Ÿ”ด | ๐Ÿ”ด | ๐ŸŸก |
127
127
  | API10 ยท Unsafe Consumption of APIs | ๐ŸŸก | ๐ŸŸก | ๐ŸŸก |
128
128
 
129
- Only these three targets are independently **measured** today; Kong, Coraza, NGINX, Envoy and OpenAppSec compile the same policy but aren't yet published with a per-class measurement (โšช). Authorization classes (**API1**, **API5**) rise when JWT **identity** is wired โ€” with identity context API1 reaches ๐ŸŸก on Cloudflare and ๐ŸŸข on AWS, and API5 reaches ๐ŸŸข on AWS. Full per-field matrix (incl. the Writ-native injection / prompt-injection / audit classes): **[usewaf.com/coverage](https://usewaf.com/coverage)**.
129
+ Only these three targets are independently **measured** today; Kong, Coraza, NGINX, Envoy and OpenAppSec compile the same policy but aren't yet published with a per-class measurement (โšช). Cells like **๐Ÿ”ดโ†’๐ŸŸข** are the same control stateless vs. with a JWT identity wired โ€” ownership checks (BOLA/BFLA) need to know who the caller is, so a stateless WAF can't enforce them. A **๐ŸŸก** means the target enforces most of the class natively, not all. Full per-field matrix (incl. the Writ-native injection / prompt-injection / audit classes): **[usewaf.com/coverage](https://usewaf.com/coverage)**.
130
130
 
131
131
  ## License
132
132
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@chain305/x-security",
3
- "version": "0.2.5",
3
+ "version": "0.2.6",
4
4
  "description": "x-security CLI โ€” generate/validate/test/report/diff/init against multiple gateway targets",
5
5
  "license": "Apache-2.0",
6
6
  "homepage": "https://usewaf.com",