Skip to content

Security: Denarzai/dizzy-walk-asm

Security

SECURITY.md

Security Policy

Most repositories under this account are educational and portfolio projects — university coursework, CTF labs, and learning exercises. They are not production systems, and some (like the Nmap/Wireshark lab) intentionally interact with deliberately vulnerable software in isolated environments.

That said, I'm a cybersecurity student and I take reports seriously — finding a real issue in my code is exactly the kind of thing I want to know about.

Reporting a vulnerability

  • Email: sdenarzai786@gmail.com
  • Please include the repository name, the commit or version affected, steps to reproduce, and the impact you believe it has.
  • If the issue is sensitive, say so in the subject line and I will treat the details as confidential.

I aim to acknowledge reports within a few days. Since these are personal projects there is no bug bounty, but you will be credited in the fix commit if you want to be.

Scope notes

  • Sample credentials committed in some repositories (e.g. verification.txt in the inventory system) are intentional demo data for console applications, not real accounts.
  • Lab write-ups target intentionally vulnerable systems (Metasploitable2, OverTheWire) in isolated environments and follow those projects' rules of engagement.

There aren't any published security advisories