httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Osipov <ossi...@inf.fu-berlin.de>
Subject Assuring Security by testing
Date Wed, 30 Apr 2008 11:07:52 GMT
Hi devs,

I've been investigating Apache HTTPd within my Bachelor's thesis
"Application
of security test tools in open source" at the Free University of Berlin
(FU Berlin) [1].
Basically, I am looking for security measures which have been taken to
prevent security leaks/vulnerabilities especially with security test
tools

Apache HTTPd is the #1 web server. The nature of the
application offers to compromise the web apps and reveal sensitive data.

I found some vague on the dev mailing list about security audit [2]. 
That's it unfortunately.
You do have designated testing component [3] which are not (necessarily) 
for security testing.

I am sure that you do anything you can to assure security.

Security advisories are taken up by a security team [4]. Does this team
or any other group/person take any measures to assure security with
testing tools, with a special test plan or functional requirements?

Thanks in advance,

Michael

[1] https://www.inf.fu-berlin.de/w/SE/ThesisFOSSSecurityTools
[2] http://www.mail-archive.com/dev@httpd.apache.org/msg15681.html
[3] http://httpd.apache.org/test/
[4] http://httpd.apache.org/security_report.html
-- 
<NO> OOXML - Say NO To Microsoft Office broken standard
http://www.noooxml.org

Mime
View raw message