Hi devs,
I've been investigating Apache HTTPd within my Bachelor's thesis
"Application
of security test tools in open source" at the Free University of Berlin
(FU Berlin) [1].
Basically, I am looking for security measures which have been taken to
prevent security leaks/vulnerabilities especially with security test
tools
Apache HTTPd is the #1 web server. The nature of the
application offers to compromise the web apps and reveal sensitive data.
I found some vague on the dev mailing list about security audit [2].
That's it unfortunately.
You do have designated testing component [3] which are not (necessarily)
for security testing.
I am sure that you do anything you can to assure security.
Security advisories are taken up by a security team [4]. Does this team
or any other group/person take any measures to assure security with
testing tools, with a special test plan or functional requirements?
Thanks in advance,
Michael
[1] https://www.inf.fu-berlin.de/w/SE/ThesisFOSSSecurityTools
[2] http://www.mail-archive.com/dev@httpd.apache.org/msg15681.html
[3] http://httpd.apache.org/test/
[4] http://httpd.apache.org/security_report.html
--
<NO> OOXML - Say NO To Microsoft Office broken standard
http://www.noooxml.org
