RA-5 VULNERABILITY SCANNING

DataBiosphere / azul

Metadata indexer and query service used for AnVIL, HCA, LungMAP, and CGP

Apache License 2.0

7 stars 2 forks source link

RA-5 VULNERABILITY SCANNING #3736

Open theathorn opened 2 years ago

theathorn commented 2 years ago

NIST 800-53 Rev 4.0 RA-5.

nolunwa-ucsc commented 2 months ago

RA-5(5) weakness was identified during the 2024 Annual Security Control Assessment. USCS does not perform authenticated web-scans. All web-scans are unauthenticated

nolunwa-ucsc commented 2 months ago

3 solution the Dockstore team is currently reviewing

Burp Suite
OWASP ZAP
Tenable.io

Hannes shares he will be ok with the result from the Dockstore team and will ask for a quick meeting for David to share insight on why he picked the solution, the pros and cons.