isis-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Haywood <>
Subject Re: OWASP vulnerability test results
Date Wed, 12 Feb 2014 06:13:38 GMT
Thanks for sharing those results, David..

Of course, if you do subsequently find something that needs addressing,
raise a ticket.


On 12 February 2014 04:16, David Tildesley <> wrote:

> Hi,
> Good news: sonar owasp plugin picked up only 4 vulnerabilities (of 97
> active OWASP rules) and overall 0.1% OWASP risk factor score (the app under
> test based on 1.3.0 ISIS core and 1.3.1 wicket viewer) and those
> vulnerabilities may be attributable to the business code we wrote rather
> than ISIS core. Can't say any more than that so please don't ask.
> Similarly I ran an "out of the box" Arachni pen test (anonymous only) and
> it didn't pick up anything of note that wasn't caused by our own
> implemention
> However my advice is to always run your own tests - don't rely on the
> assertions of others but at least you may draw some comfort in terms of
> making an investment with ISIS (and Wicket etc) that it is unlikely to let
> you down in this area.
> David.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message