Penetration Testing [Internal]

[Lucki2g]

Try to test for vulnerabilities in your project by using wmap, zaproxy, or any of the tools in the list of OWASP vulnerability scanning tools) Fix at least one vulnerability that you find; ideally one that is high in your prioritization cf. to your risk analysis

[DannyDelic]

Will run the web-app through OWASP ZAP and msfconsole random apps.

[ValarMarkhulis]

Here is a pdf report with the output from OWASP ZAP (zaproxy). ZAP Scanning Report.pdf I have tried to use wmap, but it bugged out and tried to look at the OWASP scanning tool links. The outcome has been described in https://github.com/DevelOpsITU/MiniTwit/wiki/Information-gathered-from-various-security-assesment-tools

[ValarMarkhulis]

@Zavir and I will use this information gathered to work on #154. We still need to decide which vulnerability we want to fix, so this issue is blocked by the risk analysis from #154.