Skip to content

Security: aztr0nutzs/NET_NiNjA.v1.2

Security

SECURITY.md

Security Policy

Responsible disclosure:

  • Report security issues by opening an email to security@netninja.local or create a private issue including reproducible steps and impact.
  • Do not post public details until patched or coordinated disclosure is agreed.

Supported scope:

  • server binary and REST API
  • Android local server packaging and interactions
  • web UI and any included third-party libs

Response:

  • We will acknowledge within 72 hours and provide a mitigation timeline.

Hardening guidance for contributors:

  • Prefer secure defaults (CORS restricted, CSP headers, do not allow anyHost() in production).
  • Validate inputs server-side. Use parameterized queries for DB interactions.
  • Hash passwords with bcrypt/Argon2. Use secure storage for tokens.

There aren't any published security advisories