On 08/13/2012 04:33 PM, Mo Morsi wrote:
I created a feature in redmine to track the remaining work on the
security backlog generated from the last audit. It can be found here:
https://www.aeolusproject.org/redmine/issues/3693
By this point the process should be fairly established, the remaining
work is largely a continuation / repetition of the work already done to
cover the remaining controllers / models (plus a few specific things
that need to be taken care of). The patches that have been pushed to the
codebase so far should serve as a good example on how to proceed on this
front.
As always I'm looking for assistance w/ the security backlog so things
move along faster. Appreciate it.
-Mo
This is timely. From an integration QE perspective I'm developing plans
to test CloudForms vulnerabilities as a system. I was just going to
reach out to the list to determine what has been done. I believe our
approach will include some black box pen testing but I don't know where
the priorities are.
I'm reviewing the wiki page on hardening the app and related links.[1]
This is good to see! Do you know what, if any, security testing is
planned outside of this?
I would enjoy working with anyone who has an interest in this effort.
Thanks!
[1]
https://www.aeolusproject.org/redmine/projects/aeolus/wiki/Hardening_the_app
