search

sanyaade-speechtools / delphi-museum-project

Automatically exported from code.google.com/p/delphi-museum-project
0 stars 0 forks source link

Perform Security Audit #34

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
Need to ensure production version is safe from hacking, even though the 
data is largely read-only and safe to steal.
Includes server config, image access, script injection on user feedback 
forms, etc.

Original issue reported on code.google.com by LudicrousResearcher@gmail.com on 5 Oct 2007 at 10:50

GoogleCodeExporter commented 9 years ago 
Deferred to Release 1.1. No more time to set this up and run it, nor to respond.
Remains high priority

Original comment by LudicrousResearcher@gmail.com on 9 Aug 2008 at 4:45

GoogleCodeExporter commented 9 years ago 
Updated with new PM categories

Original comment by LudicrousResearcher@gmail.com on 6 Dec 2008 at 10:35

GoogleCodeExporter commented 9 years ago

Original comment by LudicrousResearcher@gmail.com on 6 Dec 2008 at 10:41

GoogleCodeExporter commented 9 years ago 
Kate Riley responded on 2008-12-08 that:

1. We can use AppScan Enterprise (ASE), a scanner that can traverse the 
pages/forms
of the Delphi collections browser application to attempt to find security
vulnerabilities, via a self-service model that uses generic scanning templates. 
 Kate
wrote "This can be set up very quickly and you can begin scanning immediately." 
Self-service scanning is offered at no cost.

2. We can use ASE with custom scanning templates that Kate can build for us.  
This
may involve a recharge cost, depending on the request. 

3. We can request a security audit, consisting of a "security review and threat
analysis of your architecture and the application."  This also may require a 
recharge
cost.

Kate would be pleased to meet with us to discuss our requirements.

Follow-ups can be sent to the generic contact address: ase_help at the host
lists.berkeley.edu. Kate Riley can be contacted at ktriley at the host/domain
berkeley.edu or by phone at 510-642-0141.

Original comment by aronrobe...@gmail.com on 9 Dec 2008 at 5:42

GoogleCodeExporter commented 9 years ago 
Patrick contacted Kate on 2008-12-09, indicating that we "want to get signed up 
to
run the [AppScan] scan ourselves."

Original comment by aronrobe...@gmail.com on 9 Dec 2008 at 5:46

GoogleCodeExporter commented 9 years ago 
Kate Riley has set up security scanning for the pahma-dev and pahma-qa hosts.  
(See
her correspondence of 2008-12-10 to Patrick and Aron for details.)

Original comment by aronrobe...@gmail.com on 10 Dec 2008 at 5:48

GoogleCodeExporter commented 9 years ago

Original comment by LudicrousResearcher@gmail.com on 3 Feb 2009 at 6:39

GoogleCodeExporter commented 9 years ago 
Pushing to 1.2, but bumping prio.

Original comment by LudicrousResearcher@gmail.com on 19 Feb 2009 at 10:48

GoogleCodeExporter commented 9 years ago

Original comment by michaelb...@gmail.com on 3 Jul 2009 at 7:21

GoogleCodeExporter commented 9 years ago

Original comment by michaelb...@gmail.com on 3 Jul 2009 at 7:24

GoogleCodeExporter commented 9 years ago

Original comment by michaelb...@gmail.com on 3 Jul 2009 at 7:41