Folks, >From time to time Unicon gets asked about 3rd party security audits of CAS...and it got me thinking that we could, as a community, perform/maintain our own security audit based on known guidance, attack vectors, etc.
Collaborating on this at the Unconference in January might be a fun and productive use of time. https://wiki.jasig.org/display/JCON/2013+Jasig-Sakai+Joint+Unconference I'm interested in gathering input on approaches, tools, references (like OWASP), what our outcomes might be (test suites, security reports, etc), and really any thoughts on this in general. Please let me know if you are interested in this activity. Best, Bill ps. If you know of any 3rd party or internal security audit, I'd love to hear about it. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
