Update 3/28: The devs have announced that the auth system is to be deprecated. See details below. About a month ago, I went looking for a dashboard for my homelab—something to help visualize the services I run. I found Dashy, a popular (14.6k GitHub stars) dashboard designed for self-hosters. I deployed it and started configuring it, but noticed that something about its authentication felt off. I started digging and quickly found its security to be borderline useless, permitting unauthentic...| subract.dev
Microsoft Vulnerability Severity Classification for Online Services | www.microsoft.com
OWASP Top 10:2021| owasp.org