├── .github ├── CONTRIBUTING.md ├── FUNDING.yml ├── ISSUE_TEMPLATE.md ├── PULL_REQUEST_TEMPLATE.md └── stale.yml ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── LICENSE ├── README.md ├── ROADMAP.md └── data ├── cc.png ├── high.svg ├── low.svg └── medium.svg /.github/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribute 2 | 3 | ## Introduction 4 | 5 | First, thank you for considering contributing to chat-bot-checklist! It's people like you that make the open source community such a great community! 😊 6 | 7 | We welcome any type of contribution, not only code. You can help with 8 | - **QA**: file bug reports, the more details you can give the better (e.g. screenshots with the console open) 9 | - **Marketing**: writing blog posts, howto's, printing stickers, ... 10 | - **Community**: presenting the project at meetups, organizing a dedicated meetup for the local community, ... 11 | - **Code**: take a look at the [open issues](issues). Even if you can't write code, commenting on them, showing that you care about a given issue matters. It helps us triage them. 12 | - **Money**: we welcome financial contributions in full transparency on our [open collective](https://opencollective.com/chat-bot-checklist). 13 | 14 | ## Your First Contribution 15 | 16 | Working on your first Pull Request? You can learn how from this *free* series, [How to Contribute to an Open Source Project on GitHub](https://egghead.io/series/how-to-contribute-to-an-open-source-project-on-github). 17 | 18 | ## Submitting code 19 | 20 | Any code change should be submitted as a pull request. The description should explain what the code does and give steps to execute it. The pull request should also contain tests. 21 | 22 | ## Code review process 23 | 24 | The bigger the pull request, the longer it will take to review and merge. Try to break down large pull requests in smaller chunks that are easier to review and merge. 25 | It is also always helpful to have some context for your pull request. What was the purpose? Why does it matter to you? 26 | 27 | ## Financial contributions 28 | 29 | We also welcome financial contributions in full transparency on our [open collective](https://opencollective.com/chat-bot-checklist). 30 | Anyone can file an expense. If the expense makes sense for the development of the community, it will be "merged" in the ledger of our open collective by the core contributors and the person who filed the expense will be reimbursed. 31 | 32 | ## Questions 33 | 34 | If you have any questions, create an [issue](issue) (protip: do a quick search first to see if someone else didn't ask the same question before!). 35 | You can also reach us at hello@chat-bot-checklist.opencollective.com. 36 | 37 | ## Credits 38 | 39 | ### Contributors 40 | 41 | Thank you to all the people who have already contributed to chat-bot-checklist! 42 | 43 | 44 | 45 | ### Backers 46 | 47 | Thank you to all our backers! [[Become a backer](https://opencollective.com/chat-bot-checklist#backer)] 48 | 49 | 50 | 51 | 52 | ### Sponsors 53 | 54 | Thank you to all our sponsors! (please ask your company to also support this open source project by [becoming a sponsor](https://opencollective.com/chat-bot-checklist#sponsor)) 55 | 56 | 57 | 58 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/secxena/Chat-Bot-Security-Checklist/de4144c9afc67fb1bc6e6fdf3cadb02e5705a1f2/.github/FUNDING.yml -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 3 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 3 | 4 | **Fixes**: # 5 | 6 | 🚨 Please review the [guidelines for contributing](CONTRIBUTING.md) and our [code of conduct](../CODE_OF_CONDUCT.md) to this repository. 🚨 7 | **Please complete these steps and check these boxes (by putting an x inside the brackets) before filing your PR:** 8 | 9 | - [ ] Check the commit's or even all commits' message styles matches our requested structure. 10 | - [ ] Check your code additions will fail neither code linting checks nor unit test. 11 | 12 | #### Short description of what this resolves: 13 | 14 | 15 | #### Proposed changes: 16 | 17 | - 18 | - 19 | - 20 | 21 | 👍 Thank you! 22 | -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- 1 | daysUntilStale: 60 2 | daysUntilClose: 15 3 | exemptLabels: 4 | - pinned 5 | - security 6 | staleLabel: wontfix 7 | markComment: > 8 | This issue has been automatically marked as stale because it has not had 9 | recent activity. It will be closed if no further activity occurs. If you have any question, please contact me directly at thedaviddias@gmail.com. Thank you 10 | for your contributions to that project! 11 | # Comment to post when closing a stale issue. Set to `false` to disable 12 | closeComment: false 13 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/secxena/Chat-Bot-Security-Checklist/de4144c9afc67fb1bc6e6fdf3cadb02e5705a1f2/CHANGELOG.md -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to make participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation. 6 | 7 | ## Our Standards 8 | 9 | Examples of behavior that contributes to creating a positive environment include: 10 | 11 | * Using welcoming and inclusive language 12 | * Being respectful of differing viewpoints and experiences 13 | * Gracefully accepting constructive criticism 14 | * Focusing on what is best for the community 15 | * Showing empathy towards other community members 16 | 17 | Examples of unacceptable behavior by participants include: 18 | 19 | * The use of sexualized language or imagery and unwelcome sexual attention or advances 20 | * Trolling, insulting/derogatory comments, and personal or political attacks 21 | * Public or private harassment 22 | * Publishing others' private information, such as a physical or electronic address, without explicit permission 23 | * Other conduct which could reasonably be considered inappropriate in a professional setting 24 | 25 | ## Our Responsibilities 26 | 27 | Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. 28 | 29 | Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. 30 | 31 | ## Scope 32 | 33 | This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers. 34 | 35 | ## Enforcement 36 | 37 | Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at thedaviddias@gmail.com. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately. 38 | 39 | Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership. 40 | 41 | ## Attribution 42 | 43 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version] 44 | 45 | [homepage]: http://contributor-covenant.org 46 | [version]: http://contributor-covenant.org/version/1/4/ 47 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | CC0 1.0 Universal 2 | 3 | Statement of Purpose 4 | 5 | The laws of most jurisdictions throughout the world automatically confer 6 | exclusive Copyright and Related Rights (defined below) upon the creator and 7 | subsequent owner(s) (each and all, an "owner") of an original work of 8 | authorship and/or a database (each, a "Work"). 9 | 10 | Certain owners wish to permanently relinquish those rights to a Work for the 11 | purpose of contributing to a commons of creative, cultural and scientific 12 | works ("Commons") that the public can reliably and without fear of later 13 | claims of infringement build upon, modify, incorporate in other works, reuse 14 | and redistribute as freely as possible in any form whatsoever and for any 15 | purposes, including without limitation commercial purposes. These owners may 16 | contribute to the Commons to promote the ideal of a free culture and the 17 | further production of creative, cultural and scientific works, or to gain 18 | reputation or greater distribution for their Work in part through the use and 19 | efforts of others. 20 | 21 | For these and/or other purposes and motivations, and without any expectation 22 | of additional consideration or compensation, the person associating CC0 with a 23 | Work (the "Affirmer"), to the extent that he or she is an owner of Copyright 24 | and Related Rights in the Work, voluntarily elects to apply CC0 to the Work 25 | and publicly distribute the Work under its terms, with knowledge of his or her 26 | Copyright and Related Rights in the Work and the meaning and intended legal 27 | effect of CC0 on those rights. 28 | 29 | 1. Copyright and Related Rights. A Work made available under CC0 may be 30 | protected by copyright and related or neighboring rights ("Copyright and 31 | Related Rights"). Copyright and Related Rights include, but are not limited 32 | to, the following: 33 | 34 | i. the right to reproduce, adapt, distribute, perform, display, communicate, 35 | and translate a Work; 36 | 37 | ii. moral rights retained by the original author(s) and/or performer(s); 38 | 39 | iii. publicity and privacy rights pertaining to a person's image or likeness 40 | depicted in a Work; 41 | 42 | iv. rights protecting against unfair competition in regards to a Work, 43 | subject to the limitations in paragraph 4(a), below; 44 | 45 | v. rights protecting the extraction, dissemination, use and reuse of data in 46 | a Work; 47 | 48 | vi. database rights (such as those arising under Directive 96/9/EC of the 49 | European Parliament and of the Council of 11 March 1996 on the legal 50 | protection of databases, and under any national implementation thereof, 51 | including any amended or successor version of such directive); and 52 | 53 | vii. other similar, equivalent or corresponding rights throughout the world 54 | based on applicable law or treaty, and any national implementations thereof. 55 | 56 | 2. Waiver. To the greatest extent permitted by, but not in contravention of, 57 | applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and 58 | unconditionally waives, abandons, and surrenders all of Affirmer's Copyright 59 | and Related Rights and associated claims and causes of action, whether now 60 | known or unknown (including existing as well as future claims and causes of 61 | action), in the Work (i) in all territories worldwide, (ii) for the maximum 62 | duration provided by applicable law or treaty (including future time 63 | extensions), (iii) in any current or future medium and for any number of 64 | copies, and (iv) for any purpose whatsoever, including without limitation 65 | commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes 66 | the Waiver for the benefit of each member of the public at large and to the 67 | detriment of Affirmer's heirs and successors, fully intending that such Waiver 68 | shall not be subject to revocation, rescission, cancellation, termination, or 69 | any other legal or equitable action to disrupt the quiet enjoyment of the Work 70 | by the public as contemplated by Affirmer's express Statement of Purpose. 71 | 72 | 3. Public License Fallback. Should any part of the Waiver for any reason be 73 | judged legally invalid or ineffective under applicable law, then the Waiver 74 | shall be preserved to the maximum extent permitted taking into account 75 | Affirmer's express Statement of Purpose. In addition, to the extent the Waiver 76 | is so judged Affirmer hereby grants to each affected person a royalty-free, 77 | non transferable, non sublicensable, non exclusive, irrevocable and 78 | unconditional license to exercise Affirmer's Copyright and Related Rights in 79 | the Work (i) in all territories worldwide, (ii) for the maximum duration 80 | provided by applicable law or treaty (including future time extensions), (iii) 81 | in any current or future medium and for any number of copies, and (iv) for any 82 | purpose whatsoever, including without limitation commercial, advertising or 83 | promotional purposes (the "License"). The License shall be deemed effective as 84 | of the date CC0 was applied by Affirmer to the Work. Should any part of the 85 | License for any reason be judged legally invalid or ineffective under 86 | applicable law, such partial invalidity or ineffectiveness shall not 87 | invalidate the remainder of the License, and in such case Affirmer hereby 88 | affirms that he or she will not (i) exercise any of his or her remaining 89 | Copyright and Related Rights in the Work or (ii) assert any associated claims 90 | and causes of action with respect to the Work, in either case contrary to 91 | Affirmer's express Statement of Purpose. 92 | 93 | 4. Limitations and Disclaimers. 94 | 95 | a. No trademark or patent rights held by Affirmer are waived, abandoned, 96 | surrendered, licensed or otherwise affected by this document. 97 | 98 | b. Affirmer offers the Work as-is and makes no representations or warranties 99 | of any kind concerning the Work, express, implied, statutory or otherwise, 100 | including without limitation warranties of title, merchantability, fitness 101 | for a particular purpose, non infringement, or the absence of latent or 102 | other defects, accuracy, or the present or absence of errors, whether or not 103 | discoverable, all to the greatest extent permissible under applicable law. 104 | 105 | c. Affirmer disclaims responsibility for clearing rights of other persons 106 | that may apply to the Work or any use thereof, including without limitation 107 | any person's Copyright and Related Rights in the Work. Further, Affirmer 108 | disclaims responsibility for obtaining any necessary consents, permissions 109 | or other rights required for any use of the Work. 110 | 111 | d. Affirmer understands and acknowledges that Creative Commons is not a 112 | party to this document and has no duty or obligation with respect to this 113 | CC0 or use of the Work. 114 | 115 | For more information, please see 116 | 117 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 |
3 | Chat-Bot-Security-Checklist 4 |
5 |
6 |   Chat-bot Security Checklist 7 |  
8 |

9 | 10 |

The Chat-Bot Security Checklist is an exhaustive list of all elements you need to have before launching your chat-bot to production.

11 | 12 |

13 |   14 |     PRs Welcome 15 |   16 |     17 |     Contributors 18 |   19 |       20 |     Chat‑bot_Checklist followed 21 | 22 |     23 |     CC0 24 |   25 |

26 | 27 |

28 |   How To UseContributing 29 |

30 | 31 | It is based on Chat-bot developers' years of experience, with the additions coming from some other open-source checklists. 32 | 33 | ## Table of Contents 34 | 35 | 1. **[CLient Side Security](#Client-Security)** 36 | 1. [OS Platform](#OS-Platforms) 37 | 2. [Messaging Platforms](#Messaging-platforms) 38 | 3. [Custom-Website Platform](#Custom-Web-Platform) 39 | 2. **[NLP Technology Secuirty](#NLP-security)** 40 | 1. [Intent Classifiers](#Intent-Classifiers) 41 | 2. [Dialog Mangement System](#Dialog-Management-System) 42 | 3. [Conversation Records](#Conversation-Records) 43 | 3. **[Backend + Infrastructure](#Back-end-Infrastructure)** 44 | 1. [OWASP Top 10](#OWASP-Top-10) 45 | 2. [Licensing](#Licesnsing) 46 | 47 | --- 48 | 49 | ## How to use? 50 | 51 | All items in the **Chat-bot Security Checklist** are must for the majority of the projects.exception only be made for a regulatory reason. you can use this checklist to implement three-layered defense to your Chat-bot product. Each point in the list is marked as low medium and high. 52 | 53 | * ![Low][low_img] means that the item is **recommended** but can be omitted in some particular situations. 54 | * ![Medium][medium_img] means that the item is **highly recommended** and can eventually be omitted in some really particular cases. Some elements, if omitted, can have bad repercussions. 55 | * ![High][high_img] means that the item **can't be omitted** by any reason. You may leave a huge vulnerability open to the world. The testing priority needs to be on these elements first. 56 | 57 | 58 | --- 59 | 60 | Before diving right into the checklist, let's ask a question why Chat-bot needs security 61 | and what's different with them? And the answer is, most of the components are same like your Infrastructure, Back-end, your middleware and dev-ops practices all are same, the only thing that differs is Language and conversational components of the chat-bot which isn't common in mainstream applications that's where the focus of this checklist. 62 | 63 | # Client-Security 64 | 65 | You might need to deploy your chat-bot to a social platform or you might need a dedicated mobile app or a web SDK that can be used to use your chat-bot in other businesses. In any case, When you are running your code in a machine you have no control, you need to take some measures to ensure few things. 66 | Here are some pointers according to their platforms that you need to think about when deploying your Chat-bot - 67 | 68 | ## OS-Platforms 69 | * [ ] **Data:** ![Medium][medium_img] You need to make sure that your customers Data is not available to other apps. and you should also encrypt the data so that it can't be stolen even under physical access. 70 | * 📖 [Securing Data on Android](https://www.futurelearn.com/courses/secure-android-app-development/0/steps/21592) 71 | * 📖 [Securing Data on iOS](https://medium.com/ios-os-x-development/securing-user-data-with-keychain-for-ios-e720e0f9a8e2) 72 | 73 | 74 | * [ ] **Authentication:**![High][high_img] 75 | There are two types of authentication that You might need. 76 | * You want to make sure that No, Non-user can access your platform. 77 | * 📖 [Here's how you can choose good authentication ](https://www.freecodecamp.org/news/evaluating-authentication-as-a-service-providers-6903895a8450/) 78 | * When your users' device requesting private information you must ensure that your user is requesting the information instead of malicious user with device access. 79 | You can do this using FaceID and TouchID they are becoming more and more common with new smartphones. 80 | 81 | * 📖 [biometric authentication on Android App](https://proandroiddev.com/5-steps-to-implement-biometric-authentication-in-android-dbeb825aeee8) 82 | 83 | * 📖 [biometric authentication on iOS App](https://medium.com/we-talk-it/face-id-and-touch-id-biometric-authentication-ca1678fc338) 84 | 85 | * 📖 [biometric authentication on Cross Platform App](https://medium.com/react-native-training/integrate-touch-id-and-face-id-to-your-react-native-app-707e7db17edc) 86 | 87 | * Developing in-house authentication Management system can be vulnerable at times considering you haven't got it pentested yet. So if possible for your organization you can go for an AaaS Provider. 88 | * 📖 [Auth as a service providers](https://www.freecodecamp.org/news/evaluating-authentication-as-a-service-providers-6903895a8450/) 89 | * [ ] **Hard-coding:**![High][high_img] Make sure you are not storing your secrets on your code. 90 | Any API access token with admin privilege should not be hard-coded in your App. 91 | * 📖 [Hard-coded credentials case study](https://www.zdnet.com/article/tens-of-thousands-of-cars-left-exposed-to-thieves-due-to-a-hardcoded-password/) 92 | 93 | 94 | ## Messaging-platforms 95 | 96 | * [ ] **Channel Authorization:** ![Medium][medium_img] Chat-bots have this unique feature of being available to everyone by deploying the bot on multiple channels like Skype for Business, Microsoft Teams, Facebook, Slack, etc. So If you are planning to deploy your chat-bot in any of the platforms your organization must make sure to restrict features which shouldn't be available to all. 97 | 98 | * [ ] **Channel Authentication:** ![Low][low_img] You should check if your customer is using your platform instead of someone else from his/her account.you can do this using 2-Factor Authentication like OTP SMS or Email, Google Authenticator. 99 | 100 | * [ ] **regulatory Data Protection:**![High][high_img] Every regulation restricts customer data ownership to yourself so if you are asking PII(Personally identifiable information) or ePHI(Electronic protected health information) from your customer you must restrict that particular intent to your native channel only. 101 | Because you don't have custom SLAs to any of these channel provider, you can't solely own the private data it'll be shared with them. 102 | 103 | ## Custom-Web-Platform 104 | * [ ] **Front-end Security**![High][high_img] 105 | If you are a chat-bot as a service company than you must think of secure deployability. for that reason you might SDK for a platform like a web, Android, iOS, etc. then you need your Client Technology secure and tested. you will also need a VAPT in order to work in B2B.This c 106 | * [Secure your API's](https://restfulapi.net/security-essentials/) 107 | * [Secure your Android Client](https://proandroiddev.com/developing-secure-android-apps-8edad978d8ba) 108 | * [Secure your iOS Client](https://medium.com/swift2go/application-security-musts-for-every-ios-app-dabf095b9c4f) 109 | 110 | 111 | # NLP-Security 112 | 113 | ## Intent-Classifiers 114 | * [ ] **Intent Segregation:**![High][high_img] The intent of your chat-bot should be different for a different class of users. since NLP is a probabilistic system instead of being a deterministic system 115 | you should not differ response based on user class. you should all together create another intent/instance for a different class of users. 116 | 117 | * [ ] **Permissioned Intent:**![High][high_img] You must verify identity then channel and role of your customers before passing it to the intent.you should also check if the intent is there for that particular role or not. 118 | 119 | 120 | 121 | ## Dialog-Management-System 122 | * [ ] **Authorization:** ![medium][medium_img] You must check who is the user. 123 | Role Management 124 | 125 | * Customer 126 | * Unauthenticated customer 127 | * Authenticated Non-Premium customer 128 | * Premium customer 129 | 130 | If your chat-bot also has functionality for Internal users then you should have these roles. 131 | 132 | * Internal Roles 133 | * Developer/tester/federated Identities 134 | * Admin 135 | these roles will help you in intent Segregation, logging and for audit purpose. 136 | 137 | 138 | * [ ] **Language generation Constraint:** 139 | ![high][high_img] you should not directly use your customer input. Because if a malicious user sent you a malformed input it could be dangerous for the system. although it is a very common practice to sanitize input here because of multiple contexts in play. developers forget to sanitize. 140 | 141 | * [ ] **Rate Limiting queries:** ![medium][medium_img] 142 | Considering the speed of typing of a mobile user ranges 30–75 wpm and reading speed is 250 wpm. 143 | if one user takes 5 seconds to read the text and 10 seconds with other UIs then we can assume that on an interactive Bot no. of user calls can be 10 +-5 = max-15 so we can limit our bot API call rate to 15 Per/Minute. By doing this we mitigate the risk of a DOS attack. 144 | 145 | ## Conversation-Records 146 | * [ ] **Life Cycle Management:**![High][high_img] You should create a system where you mark Conversation as stale and send them to archive. and also if you need to delete them or not. 147 | backup should be in place for all the chats. 148 | 149 | * [ ] **PII and PHI Redaction:**![High][high_img] You should implement a solution to redact or encrypt the Personally identifiable data. you can do this by storing a key on the user's device. so the user can decrypt and read their Conversation and no one else will be able to read it. but you will be needing these logs for audit purposes. 150 | 151 | * [ ] **Administration:** ![High][high_img] Create a system where there should be clear access on who can access the conversational data. and also log the data accessing activity to another server where you have the access. 152 | 153 | 154 | # Back-end-Infrastructure 155 | 156 | ## OWASP-TOP-10 157 | * [ ] **Injection:** 158 | * [ ] **Broken Authentication:** 159 | * [ ] **Sensitive data exposure:** 160 | * [ ] **XML External Entities:** 161 | * [ ] **Broken Access control:** 162 | * [ ] **Security misconfigurations:** 163 | * [ ] **Cross Site Scripting (XSS):** 164 | * [ ] **Insecure Deserialization:** 165 | * [ ] **vulnerabilities:** 166 | * [ ] **Insufficient logging and monitoring:** 167 | 168 | ## Licensing 169 | * [ ] **SLAs:** Check service level agreement for bot usage. There would be problems if a vendor doesn't support bot accessing their service. It will be no use for you to buy some software which doesn't allow bot access to their service. 170 | 171 | ## Regulation 172 | * [ ] [GDPR](https://blog.rasa.com/how-gdpr-affects-your-chatbot-and-voice-assistant/) 173 | * [ ] [PCI-DSS](https://usa.visa.com/dam/VCOM/global/support-legal/documents/visa-security-alert-july-2018.pdf) 174 | 175 | 176 | --- 177 | 178 | ## Chat-bot Security Checklist Badge 179 | 180 | If you want to show you are following the rules of the Chat-Bot Checklist, put this badge on your README file! 181 | 182 | ➔ [![Chat_Bot_Security_Checklist followed](https://img.shields.io/badge/Chat_Bot_Security_Checklist-followed-brightgreen.svg)](https://github.com/apoorvrajsaxena/Chat-Bot-Security-Checklist) 183 | 184 | ```md 185 | [![Chat‑Bot_Checklist followed](https://img.shields.io/badge/Chat_Bot_Security_Checklist-followed-brightgreen.svg)](https://github.com/apoorvrajsaxena/Chat-Bot-Security-Checklist) 186 | ``` 187 | 188 | **[⬆ back to top](#table-of-contents)** 189 | 190 | --- 191 | 192 | ## Contributing 193 | 194 | **Open an issue or a pull request to suggest changes or additions.** 195 | 196 | ### Guide 197 | 198 | The **Chat-Bot Security Checklist** repository consists of two branches: 199 | 200 | #### 1. `master` 201 | 202 | This branch consists of the `README.md` file. 203 | 204 | #### 2. `develop` 205 | 206 | This branch will be used to make some significant changes to the structure, content if needed. It is preferable to use the master branch to fix small errors or add a new item. 207 | 208 | ## Support 209 | 210 | If you have any question or suggestion, don't hesitate to use Twitter: 211 | 212 | * [Twitter](https://twitter.com/secxena) 213 | 214 | ## Author 215 | 216 | **[Apoorv Raj Saxena](https://github.com/apoorvrajsaxena)** 217 | 218 | 219 | ## License 220 | 221 | [![CC0](https://i.creativecommons.org/p/zero/1.0/88x31.png)](https://creativecommons.org/publicdomain/zero/1.0/) 222 | 223 | **[⬆ back to top](#table-of-contents)** 224 | 225 | [low_img]: data/low.svg 226 | [medium_img]: data/medium.svg 227 | [high_img]: data/high.svg 228 | -------------------------------------------------------------------------------- /ROADMAP.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/secxena/Chat-Bot-Security-Checklist/de4144c9afc67fb1bc6e6fdf3cadb02e5705a1f2/ROADMAP.md -------------------------------------------------------------------------------- /data/cc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/secxena/Chat-Bot-Security-Checklist/de4144c9afc67fb1bc6e6fdf3cadb02e5705a1f2/data/cc.png -------------------------------------------------------------------------------- /data/high.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | high 5 | Created with Sketch. 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /data/low.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | low 5 | Created with Sketch. 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /data/medium.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | medium 5 | Created with Sketch. 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | --------------------------------------------------------------------------------