isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Haywood <...@haywood-associates.co.uk>
Subject Re: OWASP vulnerability test results
Date Wed, 12 Feb 2014 06:13:38 GMT
Thanks for sharing those results, David..

Of course, if you do subsequently find something that needs addressing,
raise a ticket.

Cheers
Dan


On 12 February 2014 04:16, David Tildesley <davotnz@yahoo.co.nz> wrote:

> Hi,
>
> Good news: sonar owasp plugin picked up only 4 vulnerabilities (of 97
> active OWASP rules) and overall 0.1% OWASP risk factor score (the app under
> test based on 1.3.0 ISIS core and 1.3.1 wicket viewer) and those
> vulnerabilities may be attributable to the business code we wrote rather
> than ISIS core. Can't say any more than that so please don't ask.
>
>
> Similarly I ran an "out of the box" Arachni pen test (anonymous only) and
> it didn't pick up anything of note that wasn't caused by our own
> implemention
>
>
> However my advice is to always run your own tests - don't rely on the
> assertions of others but at least you may draw some comfort in terms of
> making an investment with ISIS (and Wicket etc) that it is unlikely to let
> you down in this area.
>
> David.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message