If you discover a security vulnerability within WebAppSec, please send an email to braintreemak@gmail.com. All security vulnerabilities will be promptly addressed.

Please do not report security vulnerabilities through public GitHub issues.

• Only use WebAppSec on systems you own or have explicit written permission to test
• Ensure compliance with all applicable local, state, federal, and international laws
• Do not use this framework for malicious or unauthorized activities
• Keep the framework updated with the latest security patches

• All contributions should be reviewed for security implications
• Never commit credentials, API keys, or sensitive information
• Follow secure coding practices
• Test all security-related changes thoroughly

WebAppSec includes several security features:

• Input validation for all user inputs
• Secure handling of payload files
• Safe file operations
• Protection against command injection in shell executions

We support responsible disclosure of security vulnerabilities. Please:

1. Report the vulnerability privately first
2. Allow reasonable time for patching before public disclosure
3. Provide detailed information to help us understand and fix the issue

This security policy applies to the WebAppSec framework itself. Users are solely responsible for the legal and ethical use of this tool in accordance with all applicable laws and regulations.