[bluepnume]

The thing that I find difficult with OWASP: there doesn't always seem to be comprehensive examples provided for what these attack surfaces could be used for. That makes it difficult to both understand the impact of a particular issue, and test for it.

As an example: https://cheatsheetseries.owasp.org/cheatsheets/AJAX_Security...

I'm fascinated to know how this could actually be exploited. But there's no hint or reference to that. It's just "don't do this".

[brennebeck]

Here you go: https://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-j...

[Boulth]

The biggest pain point in these security guidelines is context. For example this Array override issue has been fixed in major browsers 11 years ago [0]. Unless someone codes for IE6 I'd consider this not a real problem.

[0]: https://johnresig.com/blog/re-securing-json/